With the current policy on personal data protection regulation (“Policy”) information is provided regarding processing of your personal data.
The company operating as «Medbest SA», located in 282 Kifissias Avenue and 2 Ydras Street, post code 15232, Halandri, tel.nr. 2106856191, VAT Nr. 999399686, Tax Office FAE Athinon, (called “the Company” or “We”) acting as Data Controller, is collecting, saving, using and processing your personal data.
Who we are
Our website address is: https://medbest.gr.
What is personal data?
Any data that pertains to an individual (referred to as the Subject of Personal Data) and can be utilized, directly or indirectly, to identify them constitutes Personal Data under the law. This includes, but is not limited to, names, phone numbers, home addresses, bank accounts, email addresses, internet protocol (IP) addresses, etc. When in doubt about whether something qualifies as personal information, it’s best to err on the side of caution and treat it as such.
What is sensitive personal data?
Personal data is considered sensitive when it pertains to the following categories:
- Racial or ethnic origin.
- Political opinions or participation to a labor union.
- Religious or philosophical beliefs.
- Health related, medical or genetical data.
- Social security data or data concerning a person’s sex life.
- Criminal claims and convictions of a person.
What does processing personal data entail?
Processing encompasses various actions, whether automated or not, carried out on personal data or extensive sets of personal data. These actions include, but are not limited to, collection, input, recording, modification, organization, structuring, storage, retrieval, adaptation, alteration, consultation, use, transmission-based disclosure, dissemination through any means, correlation or combination, restriction, erasure, or destruction of data.
What data do we gather?
We carefully collect only the personal data necessary for their specific purpose and use them exclusively for that purpose. With the exception of the personal data gathered by Cookies, the personal data we collect are strictly limited to what you have provided and are utilized solely for the specific purpose for which you have consented.
- Identification Data: This includes information such as name, surname, VAT number, IP address, etc.
- Communication Data: This encompasses details like address, phone number, webmail, etc.
- Photo Gallery: This comprises photos and videos.
- Data essential for the provision of our company’s services, including quality control, participation in exhibitions, promotion of products/services, invoicing, and product shipment, are also collected.
How do we utilize your personal data?
Your personal data is processed either by specifically authorized personnel of our company or by the software and hardware of our company, and only in exceptional circumstances by third parties. These third parties are contractually obligated to our company to maintain the confidentiality and protection of your data while processing it strictly for their authorized purposes.
In general, your data is processed to provide you with the following services:
-
Communication: Your data is used by the company to respond to claims or questions submitted via email or other communication channels.
-
Quality control: Your data is utilized by the company for regular quality checks.
-
Offer submission: Your data is processed by the company to submit an offer.
-
Shipment/invoicing: Your data is processed by the company to place and ship your order according to the products you have selected.
-
Participation in exhibitions: Your data is processed by the company to inform and invite you to exhibitions in which it participates.
-
Sending of newsletters: The company provides you with the choice to receive information regarding its promotional efforts (e.g., new products, special offers) via newsletters.
-
Job search: Your data is processed by the company to assess your skills and attributes for the position for which you have applied or for any other job opening within the company. This is also used to communicate with you for the aforementioned purposes.
Who we share your data with
Our company ensures that your data will not be disclosed, transmitted, etc., for any purpose or use unless mandated by the prevailing legal framework or required by public or judicial authorities.
Access to your data is restricted to essential personnel of the company who are bound by confidentiality agreements. Additionally, affiliated companies may have access to your data as either joint or delegated data controllers, operating under our instructions.
How do we guarantee that data processors uphold your data?
The data processors, acting on behalf of our company, have consented to and are contractually obligated to:
- Maintain confidentiality.
- Refrain from disclosing your data to third parties without our company’s permission.
- Implement all necessary precautionary measures.
- Adhere to all legal frameworks concerning the protection of personal data, particularly Regulation 679/2016/EU (GDPR).
When is your data erased?
We retain your data only for the duration necessary to fulfill the purpose for which they were provided, in accordance with applicable legal requirements.
Your consent is utilized solely for the duration during which newsletters are sent to you, unless you opt to unsubscribe from the newsletter.
Curriculum vitae data submitted via email for job applications within the company is retained for three (3) years, unless you request a shorter retention period or request deletion.
Is your data secure?
Our company is committed to safeguarding your data.
Recognizing the critical importance of protecting your personal data, we have implemented comprehensive organizational and technical measures. These measures are continuously enhanced in line with technological advancements to ensure that your data remains secure and protected against unauthorized or unintended processing.
What rights do you have concerning your data?
You have the following rights:
- Right to access your data: This includes the right to know if your data is being processed, how it is being processed, and for what purpose.
- Right to rectification: You have the right to request the correction of any inaccuracies or incompleteness in your personal data.
- Right to erasure (right to be forgotten): You can request the deletion of your personal data under specific circumstances and after the expiration of the aforementioned period.
- Right to restriction of processing of your data: You can request the limitation of the processing of your personal data under specific circumstances.
- Right to data portability: You have the right to request that your data be transferred to a third party (e.g., another company).
- Right to data transfer: You can request the transfer of your data to another party.
- Right to withdraw your consent for the use of certain or all cookies and, therefore, the processing of your personal data.
How can you exercise your rights?
To exercise the rights mentioned above, you can send your request to our company’s address at 282, Kifissias Av. & 2 Ydras Str., Halandri, or contact us via telephone at 210 6856 191 or email at marketing@medbest.gr.
Alternatively, you may submit a complaint to the Data Protection Authority at 1-3, Kifissias Av., post code 115 23, Athens, or contact them via telephone at 210 6475600 or webmail at contact@dpa.gr.
If you are under 16 years old
If you are under the age of 16, please ensure that you obtain parental or guardian consent before providing us with any of your personal data.
We do not permit individuals under the age of 16 to submit their personal information to us without such consent.
Changes to GDPR
The General Data Protection Regulation (GDPR) may be amended at any time. Therefore, we recommend that you regularly review the current regulation. The GDPR came into effect on May 24, 2018, and was amended on September 1, 2019. If there are any changes, the date of the amendment will be specified. The most recent version of the GDPR is always applicable.
When do we respond to your requests?
We aim to respond to your requests promptly and free of charge, within one (1) month from the date we receive your request. However, if your request is complex or if there is a high volume of requests, we may inform you within the month if we require an extension of up to two (2) months to respond.
If your requests are obviously unfounded or excessive, such as being repetitive in nature, the company may choose to either charge a reasonable fee, taking into account administrative costs for processing the requests, or deny the request.
Where can you find updates on the progress of your requests?
For updates on the progress of your request, please contact us at 2106856191 or via our email at marketing@medbest.gr.