kallas
PRIVACY POLICY

PRIVACY POLICY

Website Privacy Policy
Valid from 01/12/2023.
Thank you for visiting the website (hereinafter the "Website") of Kallas Cyprus Ltd, (hereinafter: "the Company"), member of the "KALLAS INCORPORATION SOCIETE ANONYME" Group with registered offices at 13 Filippou Damianou Street, 136 71, Acharnes and having subsidiaries in Romania, Bulgaria, Cyprus and North Macedonia. 
Before using our Website as a user/visitor/customer (hereinafter referred to as "User"), please read carefully this Privacy Policy (hereinafter referred to as the "Policy").


1.Introduction 


The Company is committed to collecting and processing your personal data in accordance with the provisions of Regulation (EU) 2016/679 (hereinafter referred to as "GDPR") and applicable national legislation. The Company, as Data Controller, informs you about how we collect and process information about you, which is governed by the following terms as well as the relevant provisions of the GDPR and the relevant applicable national and European legislation on protection of personal data.
The protection of your Personal Data is very important for the Company, which takes measures in this direction. This Policy sets out the categories of information/data that our Company may collect from you and informs you about how we use this information. When you voluntarily provide us with personal information, such as your name, address or email address, we use that information with absolute confidentiality. Subject to specific provisions of this Policy, no personal information is rented, sold, publicly posted or shared with other companies, organizations or websites.


2.Definitions 


'Personal data' means any information relating to an identified or identifiable natural person ('data subject'), that is to say, a natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to physical identity; the physiological, genetic, mental, economic, cultural or social identity of that natural person; 

"Special Categories Data" (Sensitive Personal Data) is by nature particularly sensitive in relation to fundamental rights and freedoms of natural persons and requires special protection, as the context of its processing could create significant risks to the fundamental rights and freedoms of natural persons such as health data, data revealing racial or ethnic origin, religious or philosophical beliefs or concerning the sexual life of a natural person or sexual orientation, etc.

 "Processing" means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available; association or combination, restriction, erasure or destruction;


3.What data we collect from you


During the exercise of our professional activity and operation of our Company, we collect the following personal Data, on a case-by-case basis:

  • Your Personal & Contact Details or details of persons indicated by you whose explicit consent you have received (full name, father's name, mother's name, contact telephone numbers, mailing address, service address, Email, activity/profession, VAT number, State issued Identity Card Number).
     
  • Electronic identification data (where required during the provision of services of the Company to you).
     
  • Financial information, bank account numbers, credit card details and payment methods.
     
  • Education level, work history/market education data when you submit your CV to us.
     
  • Data you submit through the contact form to us
     
  • Cookies Data: Through the cookies of the browser, you use while browsing our website, in order to respond, forward and accurately route your request. In this case, we may collect information about the type of browser that and other data such as search history, IP address, screen resolution,  the browser you used, the operating system and settings, access times, and your referring URL. If you use a mobile device, we may also collect data that identifies your device, settings, and location. For more information about the cookies used by the Website, users are kindly requested to visit the Cookies Policy page.


4.How we collect your Personal Data


We collect your personal data directly from you, indicatively in the following ways:

Directly from you:

  • Via forms.
     
  • Via  email.
     
  • Via phone calls.
     
  • Via fax.
     
  • Through any kind of Contracts of Sale / Provision of Services / Products / Labor that you sign with our Company.
     
  • Through financial offers in the context of expression of interest on your part for the conclusion of sales contracts and for the provision of offers/services/products under our Company.
     
  • Through our authorized employees/partners (e.g. traveling vendors).
     
  • By sending your CV electronically in order to apply online for a job position in the Company.
     
  • If you are interested in contacting you via the contact form found on the Website.
     
  • If you choose to subscribe to the Company's newsletter.
     
  • We also collect Personal Data from other sources, such as:
     
  • Databases of information of public, judicial and private bodies (indicatively Public Business Registry, Judicial and Prosecutorial Authorities, Registers of Ministries and Independent Authorities, Diavgeia, Tiresias, ICAP etc.).

By submitting your Personal Data to the Company, you declare that you are aware of this Policy. Your Personal Data is not used for other purposes unless we obtain your permission, or unless required to do so by law or professional rules and standards.


5.Purpose of Processing  


The purpose of data collection/processing is to provide information to all users, existing and future customers/partners about the company and the services offered, to communicate effectively with users and customers, to support, promote and execute any contractual relationship with our customers and to protect the security of transactions. Specifically, we use your data:

  1. To enable access and use of our website and the provision of services through our website
     
  2. To respond to customer service requests.
     
  3. To send you information and commercial communications;
     
  4. To conduct marketing and promotional campaigns 
     
  5. To be able to detect and prevent fraud, abuse, security incidents and other harmful activities and perform security and risk assessments.
     
  6. To enforce the terms of use of the website and other policies.
     
  7. To ensure the company's compliance with legal obligations
     
  8. To improve our services and user experience, in order to control, troubleshoot and improve the functionality and quality of our online services and generally optimize and adapt our online presence to your needs, making our website easier and more effective to use.


6.Legal Basis for Processing Your Personal Data


The Company collects only those Personal Data that are necessary to fulfil your requests in the context of its commercial activity and operation in general. Where additional, optional information is sought, you will be informed at the time of data collection. Based on national and European legislation we process Personal Data, provided we have the appropriate legal basis. Specifically, we rely on one of the following processing basis:

  • Performance of a contract: When the processing of your Personal Data is necessary for our fulfillment and compliance with our contractual obligations.
     
  • Legitimate interest: We may process data about you when we have a legitimate interest in performing a lawful activity in order to ensure the continuity of that activity, as long as it does not exceed your interests. Such a case may be our sending communications to you about our Company's products when you have requested such information as well as communications about our new products.
     
  • Compliance with legal obligation: We are obliged to process your Personal Data to comply with a legal obligation, such as to keep records for tax purposes or to provide information to a public body or authority or to comply with other insurance, accounting or tax provisions.
     
  • Consent: We may occasionally ask you for special permission to process some of your Personal Data, and your Personal Data will only be processed in this way if you agree to this. You can withdraw your consent at any time by contacting Kallas Cyprus Ltd at gdpr@kallas.com.cy

The Company does not collect "sensitive" personal data unless the subjects voluntarily offer us such data and have given explicit consent to their processing or when the collection of such data is required by labor or social security laws. 


7.Recipients of personal data


We use your Personal Data to fulfill the processing purposes as described above. We do not disclose your Personal Data to third parties who are not affiliated with us, unless this is required for our legitimate professional and business needs, in order to respond to your requests and/or if required or permitted by law or professional standards and/or if we have your explicit consent to do so.

Your data, to the extent that this is necessary for the fulfillment of our contractual obligations, your better service and the satisfaction of your requests, may be transmitted to specific recipients, who may be:

i.The competent employees of the Company in the context of their duties.

ii.Companies affiliated with the Company, companies belonging to our group, banking institutions, or providers affiliated with the Company, such as insurance companies, associated debtor information companies, consulting and auditing companies, any collaborating companies for the storage and management of records, collaborating IT companies, collaborating companies providing printing, organization and delivery services, in transport companies, shipping companies, independent quality control laboratories.

iii.In addition, the Company may provide suppliers with access to customer data in order to identify specific volume needs and sales quality assessment.

iv.In addition, as provided by law, the Company may disclose your data to public authorities of any kind (indicatively public services, insurance funds, tax authorities, etc.) to judicial, public and independent authorities, competent Ministries, Prefectures, Health Services, Customs, prosecutorial authorities, independent audit firms upon their lawful request, if this is absolutely necessary for the defense of legal rights or the fulfillment obligations of the Company.

It should be noted that when registering, accessing and/or processing the user's personal data, the Company's employees and agents fully comply with the provisions of the European General Data Protection Regulation 2016/679 as well as with the applicable national legislation and jurisprudence on the protection of personal data. The Company requires its employees, the maintainers of its website, as well as its third-party partners to take all necessary technical and organizational measures (including appropriate policies and procedures to prevent the disclosure of the personal data of its visitors/users/customers who process and have and apply procedures for managing and processing personal data in a manner that is lawful and protect them in accordance with GDPR.

In the event of our reorganization or sale to another organization, the Company may also disclose Personal Data relating to the sale, assignment or other transfer of the business.

Furthermore, the Company may, if necessary, when carrying out controls concerning the protection of Personal Data and security and/or for investigation or response to a complaint or security threat, make disclosures of Personal Data.


8.Social Media Share Button


The Company has an official account on the social media LinkedIn. On its website, the company incorporates a social media share button of LinkedIn, suggesting website visitors to follow the company in the respective media (Follow/like) as well as to make posts and comments. During your transfer to the social network, we may collect some of your data (such as your profile data on the respective medium).
 
Based on the case law of the European Court of Justice, the Company is considered a joint controller of your data together with the social network. In this context, the company refers to its website and the Privacy Policy on LinkedIn, strictly complies with the obligations regarding the protection of personal data by taking appropriate technical and organizational measures (such as limiting the persons who have access to the management of the media) in order to ensure the safe processing of data.

The purpose of processing this data is to promote the image and services of the company, to provide updates or to communicate with you, responding to the messages / comments you send us. 

The legal basis for the processing is your consent, which you provide with your positive action to click on the like or follow field on the Company's LinkedIn account. You can revoke your consent at any time in the same way you gave it, i.e. by unlike or unfollow. 

The Company is not responsible for the way or means by which each social media processes your data and it is your responsibility to be informed accordingly under LinkedIn's Privacy Policy. 

Finally, while the Company wishes and encourages the submission of comments on behalf of users on the posts and / or pages it maintains on social media, it informs users that any post or comment should respect the basic rules of courtesy, decency and respect for different opinions. Therefore, although the Company is not obliged nor able to control the content submitted by the users of these media,  will make efforts to ensure a safe online environment and will remove any content deemed to  violate the Terms of Use  of the website, such as abusive, pornographic, threatening or infringing intellectual property rights, while it may exclude users who violate the above terms. In any case, if you consider that content posted on an official account of the Company in Social media violates the terms of use, please contact us directly. 


9.Transfers of Personal Data to Countries outside the EU and EEA


We may transfer the Personal Data we collect from you to countries other than the country in which the Personal Data was originally collected. These countries may not have the same laws on the protection of Personal Data as the country in which the Personal Data was originally collected. In case a transfer to a third country (outside the European Economic Area) becomes necessary, the Company will take all necessary measures and guarantees as provided for in Articles 45 et seq. of the General Data Protection Regulation, including the preparation of a Transfer Impact Assessment where necessary to ensure the lawfulness of the transfer and the protection of your data.


10.Network and Information Security


The Company implements all reasonable and appropriate technical and organizational security measures to protect your Personal Data against unauthorized access, misuse, loss or destruction. Such measures include, where necessary, the use of firewalls, secure server installations, encryption, implementation of appropriate access rights systems and procedures, implementation of an access control policy, careful selection of processors and verification of compliance with the GDPR, and other reasonable organizational and technical measures to provide appropriate protection of your Personal Data, which are updated taking into account developments in the technology and the cost of their implementation.

All employees are bound by confidentiality and confidentiality clauses and your Personal Data are processed only by specially authorized personnel of the Company.


11.Storage – protection of Personal Data


The Company has taken appropriate technical and organizational measures to safeguard the security and protection of Personal Data with the aim of safely storing Personal Data and preventing accidental loss or destruction and unauthorized and/or illegal access to, use, modification or disclosure thereof. Indicatively, the following are mentioned:

  • physical security measures such as access control and logging, security policies, implementation of safe file destruction measures, installation of security locks, etc.
     
  • Electronic security measures such as encryption, pseudonymization, access control of users of information systems, installation of security hardware and software, etc.
     
  • Regular training and updating of authorized users
     
  • regular checks on the adequacy of security systems.


The storage of your Personal Data is placed in data centers mainly in Cyprus or within the EU and EEA, where the Company's data center is located, with the storage location of the (primary-main) backups located within the Company in an area that has all the necessary security measures and the necessary procedures to protect their loss.
Also stored data is located in partner cloud service providers whose datacenters are located in Europe. If you need more information about the protection measures you can contact the Company at the e-mail: gdpr@kallas.com.cy


12.Personal Data Retention Period


Personal Data is retained for the time necessary to perform and complete the processing purposes mentioned above, including the purposes of satisfying legal, accounting or information requirements, and to meet your needs, both in physical file and electronic form. It is clarified that we will keep and process your personal data for the duration of our contractual relationship. In case the relationship is interrupted or terminated in any way, we will keep your data for as long as it is required until the statutory limitation period of the relevant claims occurs and in any case for as long as required by tax legislation, the applicable legal and regulatory framework and the approved codes of conduct. We will also retain your Personal Data:

  • when you contact us to submit a query throughout the time required to process your query as well as for six (6) after the completion of the request.
     
  • Where you have provided consent to direct marketing communications or newsletters, we retain your Personal Data until you unsubscribe or request deletion or after a period of inactivity (without engaging in trademark transactions) determined in accordance with local regulations and guidelines. You can unsubscribe from receiving updates at any time by sending an e-mail to: gdpr@kallas.com.cy and you will be immediately unsubscribed from the mailing list.
     
  • In case you send us your CV, for the time required in order to evaluate your qualifications and the chances of cooperation with the Company. In case you are not finally selected for the position, your CV will be kept in the CV database for future use for 1 year.


In any case, some necessary Personal Data related to your transactions with the Company, as well as updates provided to you regarding the processing of your data, may remain as customer information to ensure that the Company can demonstrate the lawful processing of your Data and for the security of any claims of both parties. Please note that if a legal dispute is pending between us beyond the above processing times, we will keep your data until the conclusion of the court case with an irrevocable court decision.
After the end of the retention period, Personal Data is destroyed from the Company's paper files and information systems or we anonymize them so that you can no longer be identified by them.


13.Your Rights regarding the Processing of Personal Data


According to the GDPR (Articles 12-22) you have the following rights:

  • Request a copy of your personal data.
     
  • Withdraw your consent when this is the legal basis for processing your personal data.
     
  • Request that your personal data be corrected if it is inaccurate.
     
  • Request the deletion of the personal data you have provided, in accordance with the terms set by law.
     
  • Request the restriction of processing, under the conditions set by law.
     
  • Request the portability of your personal data, if you provide us with the data yourself and the processing is based on consent or performance of the contract and the processing is carried out by automated means.
     
  • Object to some form of processing of your personal data by the company.

To exercise any of the above rights, you can contact us by e-mail: gdpr@kallas.com.cy or by sending a relevant letter, with the indication "GDPR",  to KALLAS CYPRUS LTD, Evrithea 8, Industrial Area Agiou Silas, 4193 Ypsonas, Limassol, Cyprus, to the attention of the Data Controller.

We will take all possible steps to satisfy your request within a reasonable time, no later than one (1) month after the submission of the request and your appropriate identification. That period may be extended by a further two months, if necessary, taking into account the complexity and number of applications. Please note that the absolutely necessary data may be retained in order to safeguard the legitimate interests of the company.

Please note that depending on the circumstances and the request, we may not be allowed to provide you with access to personal data or otherwise fully comply with your request, for example, when providing your data may reveal the identity of another person. We reserve the right to charge an appropriate administrative fee to comply with your request, where permitted by applicable law, and/or refuse your requests where, in the company's discretion, they may be unfounded, excessive or otherwise unacceptable under applicable law.

Finally, each user has the right to submit a question to the Company on how to process and protect his personal data, and if he considers that a right is violated, he has the right to complain to the Supervisory Authority, Office of the Commissioner for Personal Data, https://www.dataprotection.gov.cy/ (https://www.dataprotection.gov.cy/dataprotection/dataprotection.nsf/page1i_gr/page1i_gr?opendocument) . 


14.Children's policy


Our company is committed to protecting children's privacy. Please be aware that the content and services of this Website are not intended for children under the age of 16. No Personal Data should be submitted to the Company, either through the Website or otherwise, by persons under the age of 16. If we become aware that a person under the age of 16 has submitted Personal Data to the Company, without the explicit consent of the holder of parental responsibility, we will immediately delete, upon notification or request, such data in accordance with our Company's deletion policy.


15.CalOPPA Do-Not-Track Update


The Company does not track its users on third-party websites and therefore does not respond to Do Not Track (DNT) signals. The Company does not allow third parties to collect personal data directly from our users on our Website such as through the use of third-party advertisements.


16.Changes to the Privacy Policy


The Company may modify this Policy. Please check the Effective Date at the beginning of the Policy to see when it was last revised. Any revision will take effect as soon as we post the revised Policy.

If we make material changes to this Policy that expand our rights to use Personal Data that we have already collected from you, we will inform you and provide you with a choice about the future use of that data.