• Ελληνικά
  • English

Privacy Policy

February 2019

PRIVACY POLICY
“ELMI SYSTEMS Hellenic IT Systems S.A. Public Limited Company”, with distinctive title “ELMI SYSTEMS”, Commercial Registry Nr. 000309601000, Tax Identification Number 094075071, seated at 165, Athinon Avenue, Haidari Attiki

ELMI SYSTEMS is active in three areas of technology: the distribution of consumer products of microelectronics (with emphasis on CASIO products), the distribution and installation of retail management systems and the provision of Integrated IT Solutions to businesses. Our company has many years of business experience in the Greek market in the field of modern technology and the provision of IT Solutions, contributing to the wide adoption of the use of technologically advanced products and applications of microelectronic technology.
Our company conducts its business activities in accordance with the principles of privacy by applying responsible market practices.
The current legislation sets our standards for the management and protection of your Personal Data, so as to provide you with the utmost security. These principles that ensure the protection of your personal information, are applied to all types of our activities that include collection and processing of information about individuals, including but not limited to the Research, corporate support and data transfer.
Indicatively, this Policy applies to:

1. Corporate Support: personnel recruitment, management and compensation/conducting evaluations of employees’ performance and skills/provision of training /management of market practice and privacy issues/management and safeguard of our assets and infrastructure/supply and payment for products and services/fulfillment of our commitments related to the environment, health and safety/communication with the media.

2. Web presence: For the use of our website “elmisystems.gr” (“website”), according to the mechanisms described in the relevant chapter and to the features relating to confidentiality.

This Policy applies to all individuals whose data we process. Accordingly, every employee of the Company and third party persons who process data for our company are responsible for understanding and fulfilling their obligations against this Policy and the existing laws.

Principles followed
The privacy principles outlined below summarize the standards and basic prerequisites for the collection and processing of personal data of individuals by our company.

Personal data are:
(a) Subject to lawful and fair processing in a transparent manner in relation to the data subject (“lawfulness, fairness and transparency”);
(b) Collected for specified, explicit and lawful purposes and are not further processed in a manner incompatible with those purposes (“purpose limitation”);
(C appropriate, relevant and limited to the necessary for the purposes for which they are processed (“data minimization”);
(d) Accurate and, where necessary, updated (“accuracy”);
(e) Retained in a form which allows identification of data subjects t only for the period required for the purposes of processing personal data; (“limitation of storage period”),
(f) Processed in a manner which guarantees the appropriate security of personal data, including their protection against unauthorized or unlawful processing and accidental loss, destruction or damage, by using appropriate technical or organizational measures (“integrity and confidentiality”).

1. Lawfulness, Fairness and Transparency
We do not process personal data in ways that are unfair to people to whom personal data are related to.
We determine whether the proposed collection, use or other form of Personal Data processing constitutes a risk for actual or unspecified damage to individuals, always aiming at their prevention.
If the nature of the data, the types of people or activity contain an inherent risk of actual or undefined damage, we ensure that this risk is not outweighing the corresponding and unquestionable benefits for those persons.

In cases where it is necessary to process personal data of special categories (“sensitive”), this is done only with the explicit consent of the individuals or as required or expressly permitted by the existing legislation.

We record the risk analysis and elaborate the necessary mechanisms for obtaining and recording evidence of consensus in supportive technologies.
We do not process personal data in ways or purposes that are not transparent.
All persons whose personal data are processed in accordance with this Policy will have the right to a copy of this Policy which is posted on our website on the Internet. The Data Controller will provide digital and/or physical copies of this Policy upon request to the addresses listed below.

2. Data Collection for specified, explicit and lawful purposes
When personal data are collected directly from individuals, we inform them through a distinct and easily accessible privacy notice or by similar means, providing them with the following information:

-the identity and contact details of the controller -the purposes of the processing -If the processing is based on the legitimate interests of the controller, what are those interests. -the recipients of the Personal Data -any transfer of data -the period of which the data will be stored
-the existence of the right to submit a request to the Controller for access to and rectification or erasure of personal data or restriction of processing -when the processing is based on the subject’s consent, the existence of the right to revoke their consent at any time, without thereby affecting the lawfulness of the processing based on consent prior to its revocation -The right to lodge a complaint with the Personal Data Protection Authority -The legal nature of the provision -the possibility of automated decision- making
If new plausible corporate purposes are identified for the personal data already collected, either we ensure that the new corporate purpose (including a substantially similar purpose) is compatible with the purpose described in Privacy Notice or in other transparency mechanism provided previously to the individual, or we obtain the individual’s consent for the new use of his/her personal data.

We are responsible for maintaining the security of privacy of personal data when transferred to or from other organizations-companies.
We transfer Personal Data or allow their processing by third parties only if the following conditions are met and we are responsible for their safeguard.

If the role of the third parties is to process personal data on behalf of the company or to secure the company’s vital interests, then, before the personal data are received by the third parties:
(a) We complete the legal review to assess the privacy practices and risks associated with these third parties;
(b) We attempt to obtain guarantees through written agreement from these third parties that they will process personal data in accordance with the instructions of our company, and in agreement with this policy.
(c) We ensure that they inform us promptly of any security incident and that they agree to cooperate when deemed necessary.
(d) If the role of the third person is to provide personal data to our company before we obtain personal data from the third party, we ensure that the conditions of transparency for the collection of personal data from other sources are met; And not specifically under the supervision of our company, and we obtain warranties through
a document of agreement from the third party that it does not violate any law or the rights of any third party by providing personal data to our company.
(e) If the role of the third person is to obtain from our company data for processing that is not specifically under the supervision of our company, before we deliver the data to the third person, we ensure that the third party will use the Data only for the operational purposes defined by the Agreement and in accordance with the existing legislation.

3. Necessity – minimization of data-storage period limitation
Before the collection, use or distribution of personal data, we determine, and we record the specific, legitimate business purpose served.
We determine and record the period for which personal data are used for the specified operational purposes, which is defined per case according to the nature and type of activity.
We do not collect, use or share more personal data than necessary, and we do not withhold personal data in a recognizable form for a period of time longer than necessary for the specified Operational purposes.
We anonymize the data when the business or legal requirements make this necessary, and when information about the activity or process is required to be retained for a longer period.

We ensure that these necessary requirements are incorporated into any assistive technologies and that third parties supporting the activity or processing have been informed.We keep your Personal Data for as long as it is necessary in order to fulfill the purposes defined from the present Privacy Policy unless longer period is required by the in force legislation. Your Personal Data related to product purchases are retained for longer period of time so as to comply with our legal obligations, fiscal and commercial legislation as well as to satisfy reasons for the provision of warranty. At the end of this period of retaining data, they will be erased fully or anonymously, for example with the collection of other data, so as to be used with a non-recognizable way for statistical analysis and business planning. If your order included a warranty, the relative personal data will be kept until the end of the warranty period.
In order to protect confidentiality of information, we will ask from you to confirm your ID card before you proceed to any kind of request based on the present Privacy Policy. If you have authorized a third party to submit a request on your behalf, we will ask from the third party to prove that is granted with your permission to act for this purpose.

4. Accuracy, integrity and confidentiality of data
We keep personal data accurate, intact and up- to- date in accordance with the desired use.

We ensure that periodic data control mechanisms are integrated into supportive technologies so as to validate the accuracy of the data.
We ensure that Sensitive Data are validated as accurate and updated prior to use, evaluation, analysis, reporting or other processing, which carries the risk of injustice for individuals if inaccurate or non-updated data are used.
In the event of a change of personal data, the subject is responsible of informing our company in order to make the necessary modifications.
We incorporate safeguards to protect Personal Data and Sensitive Data.
We have implemented a detailed information security program and security controls based on the sensitivity of information and the magnitude of the risk of activity, using the best practices of modern technology.

Protection policies against loss, misuse, unauthorized access, disclosure or destruction, include, but are not limited to, business continuity and disaster recovery standards, identity and access management, sorting information, managing information security incidents, controlling network access, physical security, and managing risks.
We clarify that the provision of Data to our Company either may be necessary so as to achieve goals that are defined in the present Privacy Policy or may be optional. If you refuse to provide data marked as obligatory, it would be impossible to achieve the main goal of collection of specific Data and for example it could be impossible for our Company to fulfill sale contract or the provision of other services that are available. The provision of additional Data to our Company, apart from those defined as mandatory, is optional and does not imply any consequences related to its main
purposes for data collection, however, it is useful for optimizing the quality of the provided services.

Also, you may be asked to provide copies of documents in order to prove your age or identity when required by the law (such as copy of your identity card or student card). For example, these copies may include details on your full name, address, date of birth as well as your photo. If you provide a passport, then, the data will also include place of birth, gender, and nationality. Please keep in mind that if you choose not to share the Data with us or if you refuse certain contact rights, we may not be able to provide certain services requested. For example, if you ask from us to inform you when a product will be available, we cannot provide you with that service if you have withdrawn your general consent to receive information from us.

Our Company processes you Data so as to fulfill its contractual obligation, to execute the orders of products or/and services, to provide services to customers, comply with legal obligations, to deal with, raise or proceed to legal obligations. If we would not collect your Data during the order execution either from our natural shops or from our e-shop, we would not be able to process your order and to comply with our legal obligations. It is possible that your data may be transferred to third parties for the supply or delivery of a product or service ordered. Additionally, we may keep your Data for a reasonable period of time so as to fulfill our contractual obligations such as return of products as foreseen in the relevant legislation.

Our Company uses your Data to answer to your requests/questions submitted, requests for refund or/and complaints. The information that you share with us provide us with the possibility to manage your requests and to answer to you with the best possible way. Also, we can keep records of your questions/requests so as to respond better to any future communication. This is compliant to our contractual obligations to you, our legal obligations but also to our legitimate interests so as to provide the best possible service and to improve our services based on your personal experience.

Sometimes, it may be required to share your Data with a third person who provides a service (such as courier delivery or a technician who visits your house).
Rights of data subjects (access, rectification, erasure, portability, restriction of processing and objection to processing)
-You have the right to access your personal data.

This means that you have the right to be informed by us if we process your Data. If we process your data you can ask to be informed about the purpose of the processing, the type of data we keep, who we give access to, how long we store it, whether there is an automated decision- making, and to be informed for the rest of your rights, such as rectification, erasure of data, restriction of processing and submission of a complaint to the Personal Data Protection Authority.
-You have the right to rectify inaccurate personal data.

If you find that your data is wrong, you can apply to us to correct it (e.g. correct name or update address change).
-You have the right to erasure/right to oblivion.

You can ask us to erase your data if they are no longer necessary for the above-mentioned processing purposes
-You have the right to data portability.

You can ask from us to provide you in a readable form the data you have provided or ask us to transmit them to another controller
-You have the right to restrict the processing

You can ask from us to restrict the processing of your data for as long as the examination of your objections referring to data processing is pending.
-You have the right to object to the processing of your data.

You may object to the processing of your data or to waive your consent and we will stop processing your data if there are no compelling and legitimate reasons that prevail over your right.
To exercise your rights you can send us a request, describing the right you want to exercise either at the company’s mailing address (165, Athinon Avenue, Haidari Attiki, P.O.box 12461) with the indication “Exercising the right of access/rectification/erasure/restriction/objection”, or through the contact form found on our website (https://elmisystems.gr/epikoinonia), entitled” Exercising the right of access/rectification/erasure/restriction /objection”, with a description of your request and we will ensure that we examine it and respond to you as soon as possible.
We reply to your requests free of charge without delay and in any case within one (1) month after we receive your request. If, however, your request is complex or there
is large number of requests, we will notify you within the month if we need to receive an extension of another two (2) months, within which we will reply to you.

If your requests are manifestly unfounded or exaggerated, particularly because of their repetitive character, ELMI SYSTEMS may impose a reasonable fee, considering the administrative costs of providing the information or performing the requested action or to refuse to follow up on the request. You have the right to lodge a complaint with the Personal Data protection authority (postal address 1-3 Kifisias Ave., Athens/www.dpa.gr), if you believe that the processing of your personal data violates the applicable national and regulatory framework for Protection of personal data.

Website usage
Below we will inform you about the way and the purposes we manage your personal data on the above-mentioned website of our company.
The controller of personal data management is “ELMI SYSTEMS Hellenic IT Systems S.A. Public Limited Company”, with distinctive title “ELMI SYSTEMS”, Commercial Registry Nr. 000309601000, Tax Identification Number 094075071, seated at Athinon Avenue 165, Chaidari Attikis.
This site uses the SSL (Secure Sockets Layer) protocol that uses encryption of data exchanged between two devices (most commonly computers), establishing a secure connection in between, through the Internet, which results in the protection of your personal data, as well as other sensitive data (e.g., commands or inquiries of the controller). You can recognize that you are in a protected connection by seeing the https:// characters and the lock symbol that appears in the address bar of your browser.

A) Data Collection
When you visit the website only for information, that is, you do not give any of your personal data (e.g. contact form), then the only data we collect are those that the browser transfers to our server, the so-called server log files, namely:

  • Date and Time at the moment of entry to the website.
  • The volume of data sent ion bytes.
  • The browser you used when you entered the website.
  • The operating System you used when entering the website.
  • Your Internet Protocol address when entering the website.

The processing of the data shall be carried out in accordance with article 6 para.1. (f) of the General Data Protection Regulation (GDPR) based on our legitimate interest in improving the stability and functionality of our website. The data will not be transferred or used in any other way. However, we reserve the right to check server log files if certain indications of illegal use are detected.

B) Cookies
Cookies are small text files that are sent to your device when you visit a webpage. Cookies are then sent to the source website on each subsequent visit or on another website that recognizes this cookie. Cookies act as a memory on a webpage, allowing that webpage to remember your device during subsequent visits. Cookies can also remember your preferences, improve your user experience, and tailor the ads you see depending on what you care about.
For more information about cookies, including how you can view the cookies set on your device and how to manage and delete them, visit www.aboutcookies.org .

Types of Cookies
-Temporary and persistent Cookies
We may temporarily use them until you close your browser. We may use persistent cookies, which are retained for a longer period of time.
-Third party Cookies
Our website may allow the installation of third party cookies appearing on our website. These third-party cookies are not under our control. For further information on their use, you can visit the relevant third party website for further information. Details of potential third party cookies are shown in the table below.

Cookies used on this website

Below is a summary of the cookies used on our website.

Cookie Name Login Session cookie
Purpose Requirement for user browsing Validity
Validity Period Until the exit from the web page of elmisystems.gr
Cookie Name Google Analytics and Google Tag Manager
Purpose Collects statistics for the site
Validity Period More info at https://policies.google.com/technologies/types

 

You can set up your browser in such a way that you are informed about the setting of cookies, and you can either decide individually to accept them or altogether, or exclude the acceptance of cookies in certain circumstances. Each browser differs depending on how it manages cookie settings. This is described in the Help menu of each browser, which explains how to change your cookie settings. Follow the links below depending on the browser you are using:
Internet Explorer: https://support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-manage-cookies
Firefox: https://www.mozilla.org/en-US/privacy/websites/#cookies
Chrome:https://support.google.com/accounts/answer/61416?co=GENIE.Platform%3DDesktop&hl=en
Safari: Https://support.apple.com/en-gb/guide/safari/manage-cookies-and-website-data-sfri11471/mac
Opera: http://help.opera.com/Windows/10.20/en/cookies.html
Please note that the operation of our website may be limited if cookies are not accepted.

C) Contact Form
As part of our communication (e.g. through the contact form or email), personal data are collected. In this case, the data collected are exactly those that you fill in this form. These data are stored and used solely to respond to your request or contact and technical management by us. The legal basis for processing this personal data is our legitimate interest in responding to your request, which applies to article 6 par.1 of the General Data Protection Regulation (GDPR). If the communication is aimed at concluding a contract, then the supplementary legal basis is based on article 6 par.1(b) of the General Data Protection Regulation (GDPR). Your data will be erased after the final processing of our communication. This will happen if it is concluded by the circumstances that communication has been completed, provided that there are no legal claims to store such data.

D) Web Analysis Services
Google Analytics
Our website uses Google Analytics, a Web analytics service of Google LLC, 1600 amphitheater PARKWAY, Mountain View, CA 94043, USA (“Google”). Google Analytics uses so-called “cookies”, as explained above, which are text files stored on your computer, to help our website analyse how users use it. The information generated from cookies on the use of this website (including the IP address) are generally transmitted to a Google server in the USA and stored there.
On our behalf, Google will use this information to evaluate the use of the website, to compile reports on website activity and to provide us with other services related to the use of the website and the Internet. The IP address transmitted by your browser under Google Analytics is not merged with other Google data.
You may refuse the use of cookies by selecting the appropriate settings in your browser, as listed above. However, we should point out that in this case, you may not be able to use the full functionality of this site. You can permanently refuse Google to collect data generated by cookies on your use of the website (including your IP address) and process it. You can download and install the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en=GB
More information about how the above service works can be found here: https://support.google.com/analytics/answer/6004245?hl=eneration of CCTV Systems
In order to protect our customers, our premises, our assets and our collaborators from incidents of criminality, we use CCTV systems in our shops recording images for security reasons.
If there is a suspicion of any criminal activity or possibility of criminal activity concluded through the use of CCTV, observation of fraud and surveillance of suspicious transactions, we will process these Data for reasons of prevention or detection of illegal actions. Our goal is to protect our customers, employees and collaborators from criminal activities.

Terms you should know:

  • Legislation: All laws, rules, regulations and opinions that bear the force of law.
  • Personal data: All data for a recognized or unrecognized person, including data that identify the person or could be used to locate, track, or communicate with that person. Personal data also include direct identification information such as name, identification number or job title, and indirect identification information such as date of birth, telephone number and encoded data.
  • Sensitive data: Any type of data about people that contain an inherent risk of potential harm to individuals, including data defined by law as sensitive, including but not limited to, Data relating to health, heredity, race, ethnic origin, religion, political or philosophical beliefs, or beliefs, criminal records, precise geographic location information, bank or other financial account numbers; Registry numbers issued by the state, minors, sex life, relations with trade unions, security, social security and other employer or government benefits.
  • Processing: The conduct of any process or series of processes to data relating to people, with or without the use of automated means, including, but not limited to, the collection, recording, organization, storage, access, adaptation, conversion, retrieval, use, evaluation, analysis, report, distribution, disclosure, transfer, disposal, alignment, restriction, erasure or destruction.
  • Anonymization: The alteration, cutting, elimination or other restriction or conversion of personal data to make it impossible to use them to identify, identify or communicate with the individual.
  • Privacy Event: Data breach or a significant violation of this policy or a privacy or data protection law.
  • Security Event: Access by an unauthorized person to personal data or disclosure of personal data to an unauthorized person or the reasonable suspicion of our company that such an event has happened. Access to personal data from or on behalf of our company without the intent to breach this Policy does not constitute a security event, provided that the specific personal data were then used and disclosed only as permitted by this policy.
  • Third Person: Any legal entity, organization or person not belonging to our company, or for which our company is not of audit interest or who does not work for our company. Unless expressly specified by this Policy, no sector of our company is required to meet the requirements of a third party under this Policy, as all sectors are required to process data in accordance with this Policy.

Changes to this policy
This policy may be reviewed occasionally, in accordance with the requirements of the existing legislation. As our company continuously expands, updates and improves its website, it will also renew this policy accordingly. We recommend that you read this procedure at regular intervals in order to be informed of any changes to the content of this privacy policy. This policy will be amended from time to time without prior notice to users.
General Terms
Applicable Law is the Greek Law in accordance with the General Data Protection Regulation (EU) 2016/679 and in general with the applicable national and European legislative and regulatory framework referring to personal data protection.
Competent courts of justice for possible occurring differences referring to your Data are the Athens Courts of Justice. In order to exercise your rights you can submit the relevant request to the Data Protection Officer, Mrs. Ourania Sourvinou, contact telephone number 2102002200, email [email protected]

February 2019
For the Company