PRIVACY POLICY

PRIVACY POLICY
INFORMATION POLICY ON THE PROCESSING OF PERSONAL DATA OF WEBSITE VISITORS

Introduction

With this Privacy Policy – Information Policy on the Processing of Personal Data of Website Visitors (hereinafter “Policy”, “Privacy Policy”), our Company under the name “MENNE SA” (hereinafter “Company”, “we”, “us”, “Data Controller”), respecting the privacy of users and visitors of this website (hereinafter “visitors”, “you”) and remaining vigilant in ensuring the security of their personal data, provides the necessary information and notification regarding the processing of personal data.

In order to make the manner of collection, use, processing and storage of personal data transparent, the Company encourages visitors to its website and any interested party to read this Policy, in order to receive the following information:

Legislative framework

The processing of your personal data is governed by the relevant provisions of the applicable legislation on the protection of personal data (Law 4624/2019), the Directives and Regulations of the European Union (in particular the General Data Protection Regulation (EU) 2016/679 – GDPR, hereinafter “GDPR”), as well as by the relevant decisions, guidelines and regulatory acts of the Hellenic Data Protection Authority, and is subject to the legal formalities and restrictions they define.

Definitions

“Data Subject”: The visitor of the website, the customer / consumer of the online store who places an order and purchases a product, the registered user and any other natural person who comes into contact with our website.
“Personal data”: Any information that can directly or indirectly identify a natural person (the “Data Subject”), such as their full name, postal address, contact details (telephone, mobile), their electronic address (e-mail), etc.
“Processing”: Any operation or set of operations performed with or without the use of automated means on personal data or on sets of personal data, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or any other form of making available, alignment or combination, restriction, erasure or destruction of personal data that have come or will come to the knowledge of the Company, either directly from you through the website, or in the context of your transactional relationship with it.
“Data Controller”: The Company under the name “MENNE SA”, which determines the purposes and the manner of processing personal data.
“Processor”: The natural or legal person, public authority, agency or other body which processes personal data on behalf of the data controller.
“Recipient”: The natural or legal person, public authority, agency or other body to which personal data are disclosed, whether or not a third party.
“Third party”: Any natural or legal person, public authority, agency or body other than the data subject, the controller, the processor and the persons who, under the direct authority of the controller or the processor, are authorised to process personal data.
“Consent” of the data subject: Any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which they, by a statement or by a clear affirmative action, signify agreement to the processing of personal data relating to them.
“Data Protection Officer” (DPO): The Data Protection Officer appointed by the Company, as Data Controller, who holds the position and duties defined by the applicable legislative framework on the protection of personal data.

Personal data collected and processed, and lawfulness of processing (legal basis and purpose of processing)

We collect data and information that you provide to us upon entering and navigating the Company’s website, as well as when using our services.

Data we collect and cases of processing
1. Upon your entry to the website, we collect:
IP address
Date and time of access
Geographic time zone
Operating system and its version
Browser and its version
Terminal device name and/or username

Purpose of processing: The provision of personalised services, proper connection operation, ensuring the security and stability of the system.

Legal basis: The Company’s legitimate interest in making the website available to the public and providing services (Article 6(1)(f) GDPR).

When you contact us via e-mail, we collect:

E-mail address

Full name (where required)

Content of the message

Purpose of processing: Management, handling or resolution of your request, query or complaint.

Legal basis:

If the communication concerns an existing contract, the legal basis is the performance of the contract (Article 6(1)(b) GDPR).

In other cases, the processing is based on the Company’s legitimate interest in serving and providing services to the public (Article 6(1)(f) GDPR).

Company presence on Social Media

Our Company maintains official pages on social media platforms such as Facebook, Instagram and YouTube. With this section, in conjunction with our Privacy Policy, we provide you with information regarding the processing of your personal data through these platforms.

Through social media, we give you the opportunity to submit comments, send us messages and stay informed about our news. In these cases, both our Company and the respective administrator of each social media platform (Facebook, Instagram, etc.) are joint Data Controllers of your personal data, in accordance with Article 26 GDPR.

Due to the independent management of data by social media platforms, it is not always possible for us to have full knowledge of the type and extent of the data being processed. However, we make every possible effort to configure our pages in a manner that ensures the protection of your personal data, in accordance with the options provided to us by the platform administrators and the applicable legislative framework.

For more information regarding the processing of your personal data by social media administrators, you may refer to their respective privacy policies:

Facebook: www.facebook.com/privacy/explanation

Instagram: help.instagram.com/519522125107875

YouTube: www.youtube.com/yt/about/policies/

Purpose and Legal Basis of Processing

When you interact with us through social media, the processing of your personal data is carried out for the purposes of serving you, such as responding to messages and comments.

When you contact us through the above platforms, the legal basis of the processing is the legitimate interest of our Company, in the context of serving you and managing your requests or queries (Article 6(1)(f) GDPR).

Processing of special categories of personal data

Our Company does not process or collect “sensitive” personal data (special categories of data) through its website, such as data relating to your racial or ethnic origin, religious or philosophical beliefs, health data or data concerning your sexual life or sexual orientation, given that the above data are not necessary for us and the aforementioned processing purposes.

The visitor of the website must refrain from providing, making available, disclosing, etc. special category personal data relating to themselves and/or third parties. In the event that the provision of such data is identified, the data are immediately deleted in a secure and non-recoverable manner. The Company bears no responsibility for any provision and/or processing resulting from their acts and/or omissions, in breach of the above obligation.

Data relating to minors

For the purposes of this Policy, minors are considered to be individuals who have not reached the eighteenth (18th) year of age. Our Company does not process, through its website, personal data of minors. We reserve the right, in the event that we identify that a minor has provided, made available, etc. their data to us without the consent of their legal representative, to proceed with the deletion of such data. If you become aware that a minor has provided their data to us without the consent of their legal representative, please contact us. If you are a parent or guardian and you have become aware that your minor child has provided their personal data to our Company, please contact us immediately. On our part, if we become aware that personal data we are processing belong to a minor without the consent of their parent or guardian, the Company takes appropriate measures for the immediate deletion of such data and to prevent similar incidents in the future.

Recipients of personal data

Our Company safeguards the confidential nature of your personal data and, as a rule, does not transmit them to any third party (natural or legal person), except when and to the extent required and/or permitted by law. The data we collect from you in the context of our relationship are processed by:

the authorised and appropriately trained competent personnel of our Company, who are bound by confidentiality and non-disclosure clauses,
where applicable, partners of our Company to whom the Company, in accordance with Article 28 GDPR, entrusts the performance of specific tasks on its behalf (processors) and with whom it has ensured GDPR-compliant processing for the protection of your data, through the signing of agreements and commitment to maintaining adequate measures in accordance with the relevant provisions of the GDPR (Articles 28, 32 GDPR), such as, by way of example and not limitation, partner transport companies for the dispatch of your orders, third-party partners – technical companies in the context of website management and service provision, support of our applications, companies providing promotional services (e.g. sending newsletters, conducting customer surveys for the evaluation of the Company’s services),
public bodies and authorities, such as public services and agencies, independent regulatory authorities, the police, competent authorities, public prosecutors, other administrative services, etc., when we are required to do so by the applicable legislative framework.

Retention period of personal data

The retention of your personal data takes place for the specific aforementioned purposes and lasts for a reasonable period of time, with the aim of fulfilling each respective purpose (limitation of processing).

Your personal data are retained by our Company, in printed and/or electronic form as the case may be, throughout the duration of your contractual relationship with the Company and its individual contractual obligations, depending on the nature thereof, taking into account the Company’s legal obligations and any legal claims that may arise therefrom, so as to justify, accordingly, the retention period of the personal data.

Furthermore, where applicable, data received and processed during the pre-contractual stage are retained for a period of five (5) years, subject to applicable legislation providing for an extension of this period.

In any case, the Company applies a maximum retention period of twenty (20) years for personal data, with the possibility of extending the above period in the event of a claim being raised, pending litigation, or an indication of an audit by public (tax, etc.) authorities.

In cases where the processing of personal data is based on the consent provided, the data are retained by the Company for the period provided for by legislation, depending on the purpose and type of processing, including the Company’s legal obligation to retain them.

Technical and organisational measures

The Company takes all appropriate technical and organisational measures to safeguard technological and physical security, in accordance with the applicable legislation (Article 32 GDPR).

In general, the Company exercises, to the extent possible, due diligence in ensuring the integrity, confidentiality and availability of personal data. It therefore remains on standby with the aim of effectively and promptly addressing any potential personal data breach. To this end, it adopts, updates and implements appropriate internal Policies and Procedures, in line with best practices and international standards.

In addition, our Company maintains an updated record of processing activities, with the information required by Article 30 GDPR, has appointed a Data Protection Officer (DPO) pursuant to Articles 37 et seq. GDPR, and trains and raises awareness among its staff on matters of security and personal data protection.

Cookie collection

For the proper operation of this website, cookies are used. For more information about cookies, you may refer to our Company’s Cookie Policy, published on our website.

Your rights under the GDPR

As data subjects, you retain all your rights as provided for in the applicable legislative framework on the protection of personal data, namely:

The right to transparent information and communication regarding the exercise of your rights (Articles 12, 13, 14 GDPR), before and during processing, i.e. the right to be informed about the processing of your personal data (as is carried out in detail by this Policy).
The right of access (Article 15 GDPR) to your personal data being processed by the Company as Data Controller, i.e. the ability to obtain knowledge of and receive a copy of the data relating to you.
The right to rectification of inaccurate data and completion of incomplete data (Article 16 GDPR), i.e. the right to correct the details and information relating to you that our Company holds.
The right to erasure of personal data / “right to be forgotten” (Article 17 GDPR). This right is subject to conditions and to the reservation of the Company’s obligations and any legal claims to retain data, based on the provisions of the applicable legislation. The request for the deletion of some or all personal data may be satisfied under specific circumstances and subject to legitimate grounds for retention and continuation of processing by the Company, and provided that the Company’s interests are not affected.
The right to restriction of processing of personal data where either the accuracy thereof is disputed, or the processing is unlawful, or the purpose of processing has ceased to exist, and provided that there is no legitimate ground for processing but the data cannot be deleted (Article 18 GDPR).
The right to data portability, i.e. you are entitled to request the receipt of your personal data in a structured, commonly used and machine-readable format, as well as their transmission, under the applicable legal conditions and terms, to another data controller, provided that this does not adversely affect the rights and freedoms of others, in accordance with the provisions of legislation (Article 20 GDPR).
The right to object to the processing of personal data, subject to the Company’s legal obligations or where the processing is carried out in the context of fulfilling the Company’s overriding legitimate interest, such as objection to profiling or direct marketing (Article 21 GDPR).
The right to withdraw consent already given, which concerns the ability to withdraw consent at any time for processing that is based on consent (Article 7(3) GDPR). It is noted that, in this case, the lawfulness of the processing of personal data is not affected by the withdrawal of consent up to the point at which it was withdrawn.
The right to human intervention (Article 22 GDPR), i.e. the data subject has the right not to be subject to a decision taken solely on the basis of automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them. In such cases, the Company applies appropriate measures and safeguards to protect the rights, freedoms and legitimate interests of the data subject and provides them with the right to human intervention, so as to receive clarifications and a reasoned response regarding the relevant decision taken in the context of the above assessment.

You also have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of your personal data infringes the GDPR (Article 77 GDPR). The competent Supervisory Authority is the Hellenic Data Protection Authority (www.dpa.gr).

How to exercise your rights

Any request regarding your personal data and the exercise of your rights, in accordance with the provisions of the applicable legislative framework on the protection of personal data, should be submitted in writing by completing the Rights Exercise Form published on our website and sending it to the Data Protection Officer (DPO) appointed by our Company, at the following e-mail address: dpo@mennefoods.gr. You may also send it to our postal address or submit the request in person at our Company’s address. For information purposes, the role of the Data Protection Officer is purely advisory and consists in mediating between our Company and data subjects.

Our Company undertakes to make every possible effort to carry out the required actions within thirty (30) days of receipt of each request, unless the tasks involved in fulfilling it are characterised by particularities and/or complexities, on the basis of which the Company reserves the right to extend the period for completion of the actions by a further sixty (60) days. Of course, in this case, the data subject will be informed of the above extension within the thirty (30) day period.

Specific declarations of the Company

The Company declares that it bears no responsibility for any damage (direct, indirect, actual, consequential) that may be caused to the visitor in connection with the website or its use. The visitor is solely responsible for protecting their system against viruses and other malicious software.
This Policy may be amended at any time. The user will be informed of all significant changes, and the updated version will always be posted on the website. For this reason, the visitor must regularly check and refer to this policy.
The Company will not make any other use of the visitor’s personal data for purposes other than those referred to in this Policy, without prior notification and, where required, their consent.
The user of the website, by reading this Policy, becomes aware of the above processing