PRIVACY STATEMENT – POLICY PAYMENT

Information on Personal Data Processing


INTRODUCTION - THE COMPANY

GEFSINUS S.A., a company incorporated under the laws of Greece with its registered office in Kato Kifissia Athens (Attica prefecture), at 34A VILTANIOTI str. Postal code 145 64, registered in the General Register of Commerce under register number 000833101000 acting as Processor of Personal Data, hereinafter referred to as the “Company,” in the context of the General Data Protection Regulation (EU) 2016/679, applicable on 25/05/2018, hereinafter referred to as the “GDPR” as applicable from time to time, by the present provides you information on the processing of your personal data and your rights as the subject of the processing as follows. The new Regulation replaces the existing legal framework for the protection of individuals with regard to the processing of personal data. As of the above date, any reference to the provisions of Law 2472/1997 refers to the provisions of the new "GDPR".

It should be noted that this Statement and information also concerns a) “GEFSINUSI NTERGRATE COMMERCIAL Ltd” with its registered office in Kato Kifissia, Attica at 34A Viltanioti Street, with Tax Registration No. 997715182 Kifissia Tax office and registered in the General Register of Commerce under register number No. 9557301000, b) “GEFSINUS LIMITED LIABILITY COMPANY” with its registered office in Rethymnon, Crete at 29 Apostolaki Street, with Tax Reg. No. 099983302 of the Tax Office of Rethymnon and registered in the General Register of Commerce under register number. No. 21907750000 and c) “CHRYSI CHINA LIMITED LIABILITY COMPANY” with its registered office in Krioneri, Attica, at 7 Asklipiou Street, with Tax Reg. No. 998647180 of the Tax Office of Kifissia and registered in the General Register of Commerce under register number No. 7414201000. Each of the above companies is affiliated either, commercially or legally, with the Company, use and promotes their business through the official website of the Company (www.gefsinus.gr). The “Company” is appointed as liable for the Processing of Personal Data also for the aforementioned legal persons.

This information is addressed to individuals conducting any transaction with the Company, through a mobile application, aiming at the implementation of an integrated solution for the management of the electronic wallet of the company's customers and through mobile ordering.

First of all, we would like to assure you that, protection of Personal Data has always been and shall continue to be of the utmost importance for “GEFSINUS S.A.”. We take all the necessary and appropriate actions and measures in order to protect the personal data which we process. Our primary concern is to ensure that processing of personal data is carried out in accordance with all requirements defined by/set out in the existing legal framework, both on part of the company itself, as well as that of third parties, partners, contractors, agents and/or servants who have been assigned or shall be assigned with the task of processing personal data on behalf of the Company. Processing of personal data means collection, recording, organization, structuring, storage, alteration, retrieval, searching for information, use, transmission, restriction or deletion of personal data that has come or will come to the knowledge of the Company, either within the context of your transactions with it, or within the context of information the Company receives from a third party individual or legal entity or public-sector body while exercising a legitimate right.

The processing of personal data involves the collection, recording, organization, structuring, storage, alteration, retrieval, searching for information, use, transmission, restriction or deletion of personal data which has come to or will come to the Company’s knowledge. In compliance with the current legislative framework, the Company has taken all the necessary actions by implementing the appropriate technical and organizational measures for the lawful maintenance, processing, and secure storage of personal data, being committed to safeguarding and protecting, in every way, the processing of your personal data from loss or unauthorized disclosure, alteration, transmission, or any otherwise unlawful processing thereof.

For your information the Company encourages you to read this Privacy and Data Protection Statement in order to obtain the following information:

Which personal data do we process and where do we collect it from?

Mobile Application processes your personal data (name, email, password - stored hashed in the database, not as text, history of orders made through the application, history of transaction made through the application. Necessary data of transactions are held so the user can make payment by using them without re-depositing his card. Card details are held, only a masked bank account number, digital signature, etc.). The Company in turn processes your personal data that receives through the use of the application by you, for example, statistics of a product consumption by region, days / hours, ages, gender, and many other statistics. Please be advised that personal data submitted to the Company through the app should be complete, accurate, and true. Updating of these personal data should be done with your own care immediately, in case they change or whenever it is deemed necessary by the Company in order your transactional relationships to be maintained or the Company's obligation under the law and the applicable regulations to be fulfilled. The collection and processing of your personal data by the Company through the application is necessary for the commencement, execution and maintenance of our business relationships. Any objection to the provision or processing of your personal information may lead to the inability to use the mobile application.

Legitimacy of processing personal data

The Company lawfully processes personal data provided that processing:

  • Is necessary for the use of the app and the execution of your order
  • Is necessary to service, support and monitor your business relationship with the Company, and for the proper performance of the contracts between us.
  • Is necessary in order for the Company to comply with a legal obligation on its part, or to pursuit its legitimate interests arising from your business relations with the Company, or from other rights it enjoys deriving from Law, unless your own interests, or fundamental rights or fundamental freedoms, which dictate protection of your personal data, prevail over those interests.
  • Is necessary for the fulfillment of a duty on its part carried out in the public interest, within the framework of the applicable legislative and regulatory framework.
  • It is based on your prior explicit consent, provided that processing is not grounded in any of the aforementioned legal processing bases which you can revoke under your rights, as they are detailed below, at any time through the Settings.

By completing the necessary fields with the required personal data, you also consent to the storage and use of your personal data in accordance with this Statement.

Processing of specific categories of personal data – Minors’ personal data

The Company does not process personal data such as data related to your racial or ethnic origin, your political views, religious beliefs or your union membership, genetic or biometric data for the purpose of identifying you as the subject of the processing, as well as heath data or data relating to your sexual life and sexual orientation unless: a) you have given your explicit consent to this effect for a specific purpose; (b) these data have been communicated to the Company by you or a third party individual or legal entity in the context of documenting and safeguarding your legitimate interests and/or those of the Company as a data processing controller (e.g. information on the position of the subject in legal assistance), (c) processing is necessary to protect your vital interests; (d) the data have been explicitly published by you; (e) processing is necessary to establish, exercise, or support both your own legal claims as well as those of the Company as processing controller (f) processing is necessary for reasons of substantial public interest (investigation of a criminal offense under the Law). In every case, the company has taken all necessary technical and organizational measures to safely store and process your personal data belonging to the specific categories above.

The processing of minors’ personal data shall be subject to the prior consent of their parents or guardians, unless otherwise specified by law. For the purpose of this Statement, minors are considered to be those who have not yet reached the age of 16. If it comes to your knowledge that a minor under the age of 16 has provided us with personal information, please contact us immediately.

Personal Data receivers

Employees members of the Company’s business and operational units and the other aforementioned companies shall have access to your personal data, within the scope of their responsibilities within the context of proper execution and fulfillment of their contractual, legal and regulatory obligations, as will the Company’s appointed sworn auditors in each case. The Company does not communicate or disclose your personal data to third parties, without your consent, except in cases noted in this Policy.

In particular, in order to provide you with our services, we may share your personal data with certain other third companies, acting according to our instructions (as processors), providing services to us in order for us to provide optimal service to you. Our company ensures processing of your personal data by its partners - third companies through contractual clauses limiting the scope of the processing and storage of the latter in accordance with the GDPR stating technical and organizational measures for the proper and secure processing of your personal data. Both our company as well as our affiliates, are subject to confidentiality clauses, and process your personal data in a legitimate and lawful manner for clearly defined purposes.

Retention of personal data

The retention time of the information we collect from you depends on the type of information. Information deemed necessary when filling for the purpose of signing in the application - such as first name, last name and email - is retained throughout your registration as a user, and for as long as required given the nature of the Service provided by the Company, which you have selected, with the explicit retention for as long as the relevant Legislation sets. Each time you use our services, we make every effort to ensure that your information remain safe, having already taken all the necessary technical and organizational measures in this regard.

In any case your personal data is limited to what is strictly necessary to achieve these objectives, they are accurate, and are kept for a period of time determined by the purposes of processing, are protected by adequate security measures and are not transmitted to third countries but only to authorized employees of each department of the Company, solely for the purposes of providing the required service. They are transmitted only to authorized persons bounded to confidentiality and discretion, and complied with the terms of this Policy, acting on behalf of the Company for the stated purposes only.

Transfer of information internationally

The company does not forward your data to third countries. If it is necessary to transfer certain personal data outside the EEA, the appropriate guarantees are provided in accordance with the provisions of Regulation (EC) 2016/679, and your data shall continue to be protected by contracts which we have signed with the respective organizations outside the EEA, in a format approved by the European Commission, following your prior notice.

User rights – subject of personal data – exercise of rights – complaint

The Company informs you that, as a data subject, you reserve the following rights:

  • Right to access your personal data, provided that these are processed by the Company, as a controller, for the purposes of such processing, the categories of data, and the recipients or categories of recipients thereof (Article 15 GDPR).
  • Right to rectify inaccurate data and to complete incomplete data (Article 16 GDPR).
  • Right to erase your personal data, subject to the Company’s obligations and the legal rights for their retention on the basis of the applicable laws and regulations in each case (Article 17 GDPR).
  • Right to restrict the processing of your personal data provided that either their accuracy is contested or the processing is unlawful or the purpose for processing no longer exists and provided that no legitimate ground exists to retain these data (Article 18 GDPR).
  • The right of portability of your personal data to another controller, provided that processing is based on your consent and is carried out by automated means. The fulfillment of this right is subject to Company’s legal rights and obligations to retain personal data and perform a task carried out in the public interest (Article 20 GDPR).
  • Right to object on grounds related to your particular situation in the event that your personal data is processed for the performance of an obligation being carried out in the public interest or during the exercise of public authority conferred on the Company, or for the purposes of the legitimate interests pursued by the Company or a third party.

Any request on your part related to your personal data and the exercise of your rights should primarily be addressed by email to the following email address gperifanos@gefsinus.gr or by fax to 210-6254954, or by letter to the following address 34A Viltanioti Street, Kato Kifissia. Mr. Ioannis Perifanos is responsible to answer, resolve, or clarify any questions (Data Protection Officer-DPO). The company reserves the right, after looking into such a request on your part, to proceed within a monthly period or longer, in case of justified delay, which can be excused, to its satisfaction, provided that the request is legitimate and based in law. Before providing you with personal data, we may ask you to give us proof of your identity and sufficient information about your previous transactions with us, whereby we can identify your personal information. Please let your relevant requests to be accompanied by appropriate and adequate proof of identity, explicitly reserving the right, on the part of the Company and the other companies, to request additional information be provided in order to identify and confirm your details.

Refusal of the Company or unjustified delay in satisfying your requests in the exercise of your rights, gives you the right to appeal to the Personal Data Protection Authority which is the competent supervisory authority for the implementation of the GDPR. In any case, you reserve the right to submit a complaint to the competent supervisory authority if you believe that your personal data are being processed in violation of any applicable law. For more information, you may visit the following website www.dpa.gr.

If you decide to sign out from any service or contact, we shall delete your data within reasonable time upon your request. The Company reserves the right to store safely your personal data in cases where it is obliged by Law, it is essential for pursuing legal claims or the fulfillment of its contractual obligations.

Which Cookies policy do we implement?

We often make use of cookies technology in order to indicatively check and verify your identity, to detect potential fraud or misuse of the services we provide, and to ensure secure navigation on our application, to provide the ability to post comments, either directly to the site or through social media, for ads to be displayed, and for a survey to be made and the relevant statistics to be extracted, for us to ensure high performance during operation of our application (e.g. proper and continuous operation). With the help of cookies, small temporary or permanent files are saved to your computer when navigating, certain information that is not associated with your personal information, we do not use them to identify you, but these are useful for improved navigation and viewing of information based on your preferences, as well as for evaluation of the experience of the user using the application. It is at your discretion to store or delete these files by modifying your browser settings but, unfortunately, possible deletion of these will probably limit the ability to navigate and utilize our mobile application.

ΠGefsinus App Payment Policy

The following Payment Policy ("Policy") applies to all users and details of how your payments are made and received by GEFSINUS S.A. ("Gefsinus" or "us") and other products and services provided or will be provided in the future on the company's website (all the above, collectively, the "Services") or the above-mentioned companies that are linked to business - commercially or legally with "GEFSINOUS SA".

By using the Services, you agree to the terms, conditions and policies described in this Policy as may be amended from time to time. Every time you use the Services and/or pay for a Service in the Application, you explicitly agree and agree with the following:

GENERAL TERMS

The use of the app is addressed to persons over the age of eighteen (18). If you are under eighteen (18) you need your parent’s or guardian’s consent to join and make any payment to Gefsinus App.

Please be advised that Gefsinus App holds your full name, the email address given to us by you, login password, and full history of orders and transactions made through the app. After the first order you can submit a next one without giving your card number again. The app does not store your card details, only the transaction date and the amount you spent.

By making payments through Gefsinus App, at the same time, you agree that we can contact you via phone, email and / or other available means in relation to any purchase you made in Gefsinus App.

PAYMENTS

You can order Gefsinus products from the posted list in the app (Gefsinus App), which also includes prices, by using any debit card linked to your bank account or credit card. The purchase of Gefsinus products will be displayed on your User Account at the time of purchase. A receipt of the order we will be emailed to you at the email address you have submitted to us.

If your Gefsinus user account is deactivated, details of your debit or credit card will be lost. For this purpose, Gefsinus user account may be deactivated in any of the following cases: (i) after actively deactivation of your account made by you. (ii) By removing Gefsinus App from your mobile device.

Verification of charges. Charges for purchasing the relevant Services will be confirmed with you before you complete a purchase from Gefsinus and may include taxes, fees or other charges. Gefsinus is entitled to change the prices of these products at any time without any given notice to you. You may choose whether accept or not the new charges before concluding the next purchase of the appropriate product. New prices will apply to your next purchase after new prices are advertised.

If you pay with a foreign currency, you agree that the amount finally credited may vary as a result of currency exchange policies of our third party payment processors, which can be found on the respective website or the place where you make the actual purchase.

Gefsinus may receive VAT or other indirect taxes at the applicable country rate (in accordance with applicable tax rules) at the time of purchase of the product.

We may deny or cancel a transaction at any time at our discretion if we believe it violates the Terms of Use or this Payment Policy or to prevent financial losses. In cases of fraud or illegal operations, we may cancel your Gefsinus App account.

We use third party services to process your payments and we require that these third parties get the appropriate organizational and technical Data Usage & Fees techniques. The use of Services through mobile applications will use some of the data available from the data packet you subscribed to your mobile network operator.

In case an error occurs related to pricing or the specifications, Gefsinus has the right to refuse or cancel any order at its sole discretion. If we charged your credit card or other account prior to cancellation, we will credit your account with the amount of charge. Additional terms may apply.

PAYMENTS THROUGH THIRD PARTY SERVICES

When you make a purchase through Gefsinus App or the Website through third parties (such as, without limitation, AppStore or GooglePlay or World Pay for payment with Credit Card), your purchase is also subject to the terms of this third party (including terms of payment, refunds, etc.) and you should read the applicable terms before deciding to complete the purchase. You agree to comply with any relevant service terms or other legal agreement governing the use of a particular service and / or payment processing method. You also agree to exchange information between us and this third-party payment processor for the activity associated with charges.

MOBILE CHARGE

We allow payment from mobile operators in certain locations. When using the mobile phone billing method, you agree to exchange information between us and the mobile operator about the billing activity. Furthermore, you are responsible for any charges, fees, changes to your mobile plan service or charge, changes to your mobile device, or any other consequence that may result from the use of billing through your mobile phone. The terms and conditions of the mobile carrier apply to your payment, except for our Terms. If you have any questions about any charges or fees displayed in your mobile phone account, you can contact your mobile service provider. Please note that using mobile billing can result in charges that cannot be refunded for technical reasons beyond our control.

REFUNDS

In addition to the provisions of the Law, all purchases are final and not refundable. If you believe that Gefsinus has charged you incorrectly, you should contact Gefsinus within thirty (30) days of charging. There will be no refunds for any charges over thirty (30) days. When you buy any digital content from Gefsinus, any right of withdrawal or canceling the purchase will be terminated as soon as the digital content is delivered to you upon your request and you will not be entitled to claim any refund unless you believe that Gefsinus has charged you incorrectly. If you use third party services to purchase any of our Services, this purchase is subject to the third party's terms of payment (including terms of payment, refunds, etc.).

Gefisnus reserves the right to refuse any refund if it reasonably believes or suspects that (a) you are attempting to take unfair advantage of the refund policy by, for example, making repeated refund requests for the same product or feature or trying to receive a refund for non-refundable credit (such as reward). (b) that you violate the terms of the Policy, the Terms of Use, or the Privacy Policy, (c) that you use any of our products in fraudulent manner, or that your User Account is being used by a third party forcibly. This refund policy does not affect any of your legal rights to make a claim.

TYPE OF INFORMATION WHICH WE MAY SHARE WITH THIRD PARTIES

Μπορούμε να μοιραστούμε λεπτομέρειες σχετικά με την πληρωμή από εσάς και τις Προσωπικές Πληροφορίες, όπως ορίζονται στην Πολιτική Προστασίας Προσωπικών Δεδομένων, με τρίτα μέρη, αν χρειαστεί, προκειμένου να αποφευχθεί οικονομική ζημία για εσάς ή εμάς ή για να αποτραπεί παραβίαση του νόμου.

ΝΟΜΙΚΟΙ ΟΡΟΙ

We may share details about your payment and Personal Information, as these are defined in the Privacy Policy, with third parties, if necessary, in order to avoid financial loss for you or us or to prevent a violation of the law.

Right of cancellation. If you are within the European Union, you consent to the execution of this Policy for your purchase and waive any right of cancellation under the Consumer Rights Directive (2011/83 / EU) or similar regulations that apply.

Please be advised that the Company and the other aforementioned companies, on the basis of its applicable policy on data protection, and within the applicable legislative and regulatory framework, may revise or modify this update, which will always be available, in its updated form, on the Company’s website (www.gefsinus.gr), under Customer Information-General Data Protection Regulation (GDPR). To this end, please check this privacy Policy and personal data protection statement regularly in order to keep up with any changes that have been made.

USEFUL TELEPHONE NUMBERS:
Controller Information
  • Address: 34A Viltanioti Street, 14564 - K. Kifissia
  • Telephone: 210 6254950
  • Fax: 210 6254954
  • Email: info@gefsinus.gr
Data Protection Officer (DPO) Information:
  • Telephone: 210 6254950 ext. 116
  • Fax: 210 6254954
  • Email: gperifanos@gefsinus.gr
Personal Data Protection Authority (PDPA) Information:
  • Offices: 1-3 Kifissias Avenue, Post Code 115 23, Athens
  • Call Center: +30-210 6475600
  • Fax: +30-210 6475628
  • Email contact@dpa.gr