Last Updated: 19/09/2024

With this privacy policy, the company Nosileia Tora sets forth and communicates the terms under which, as the data controller as defined by the General Data Protection Regulation (GDPR), it collects, stores, uses, and generally processes your personal data, which is collected when you visit or use the website located at www.nosileiatora.gr in any manner.

Nosileia Tora considers the protection and safeguarding of personal data to be of utmost importance, taking all necessary technical measures and complying with the applicable laws. The trust of our clients, partners, and suppliers is particularly significant for Nosileia Tora. The purpose of this policy is to inform the data subjects about the data collected to serve them, and to update them on offers and new services. Nosileia Tora reserves the right to modify and update this privacy notice whenever deemed appropriate, and any such modifications will take effect and be applicable from the moment they are electronically posted on this website, www.nosileiatora.gr.

In the context of this policy and for a better understanding of the General Data Protection Regulation:

Personal Data

Personal data refers to any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one whose identity can be determined, directly or indirectly, particularly through reference to an identifier such as a name, identification number, location data, online identifier, or one or more factors specific to the physical, physiological, genetic, psychological, economic, cultural, or social identity of that individual.

Processing

Processing refers to any operation or set of operations performed on personal data or sets of personal data, whether or not by automated means. This includes, but is not limited to, the collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction of personal data.

Data Controller

The data controller is the natural or legal person, public authority, agency, or other body that, alone or jointly with others, determines the purposes and means of processing personal data. Where the purposes and means of processing are determined by Union or Member State law, the data controller or the specific criteria for its appointment may be provided for by Union or Member State law.

Processor

The processor is the natural or legal person, public authority, agency, or other body that processes personal data on behalf of the data controller.

Consent of the Data Subject

Consent refers to any indication of wishes, which is free, specific, informed, and given with full awareness, through which the data subject expresses their agreement, by means of a statement or a clear affirmative action, to have their personal data processed.

Recipient

The recipient is the natural or legal person, public authority, agency, or other body to whom personal data is disclosed, whether a third party or not. However, public authorities that may receive personal data for the purpose of a specific investigation in accordance with Union or member state law are not considered recipients; the processing of such data by these public authorities is carried out in accordance with the applicable data protection rules based on the purposes of the processing.

Third Party

Any natural or legal person, public authority, service, or body other than the data subject, the data controller, the processor, and the persons who, under the direct authority of the data controller or the processor, are authorized to process personal data.

Special Categories of Personal Data

Personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as the processing of genetic data, biometric data for the purpose of uniquely identifying a person, data concerning health, or data concerning a person’s sex life or sexual orientation.

Genetic Data

Personal data relating to the genetic characteristics of a natural person that have been inherited or acquired, which result, in particular, from the analysis of a biological sample of that person and provide unique information about the physiology or health of that person.

Biometric Data

Personal data resulting from specific technical processing related to the physical, biological, or behavioral characteristics of a natural person, which allow or confirm the unambiguous identification of that person, such as facial images or fingerprint data.

Health Data

Personal data relating to the physical or mental health of an individual, including the provision of health care services, and which reveal information about the individual’s health status.

Pseudonymization

The processing of personal data in such a way that the data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separate and subject to technical and organizational measures to ensure that the data cannot be attributed to an identified or identifiable individual.

Filing System

Any structured set of personal data which is accessible according to specific criteria, whether that set is centralized, decentralized, or distributed on a functional or geographical basis.

Restriction of Processing

The marking of stored personal data with the aim of limiting its processing in the future.

Profiling

Any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects of an individual, particularly to analyze or predict aspects concerning work performance, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements of the individual.

Personal Data Breach

A breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access to personal data that has been transmitted, stored, or otherwise processed.

Cross-Border Processing

a) The processing of personal data which takes place within the activities of several establishments in more than one Member State of the Union where the controller or processor is established in more than one Member State; or

b) The processing of personal data which takes place within the activities of a single establishment of a controller or processor in the Union but which affects or may affect significantly data subjects in more than one Member State.

Representative

A natural or legal person established in the Union, designated in writing by the controller or processor pursuant to Article 27, who represents the controller or processor with regard to their respective obligations under this Regulation.

Business

A natural or legal person engaged in economic activity, regardless of its legal form, including partnerships or associations regularly engaged in economic activity.

Group of Enterprises

A controlling enterprise and the enterprises controlled by it.

Information Society Service

A service within the meaning of Article 1(1)(b) of Directive (EU) 2015/1535 of the European Parliament and of the Council.

Main Establishment

a) For a data controller with establishments in more than one Member State, the place of its central administration in the Union, unless decisions regarding the purposes and means of processing personal data are taken in another establishment of the data controller in the Union and that establishment has the authority to implement those decisions, in which case the main establishment is considered to be the establishment where those decisions were taken.

b) For a processor with establishments in more than one Member State, the place of its central administration in the Union or, if the processor does not have central administration in the Union, the establishment of the processor in the Union where the main processing activities are carried out in the context of the processor’s establishment, to the extent that the processor is subject to specific obligations under this Regulation.

Binding Corporate Rules

The personal data protection policies followed by a data controller or processor established in a Member State for transfers or sets of transfers of personal data to a data controller or processor in one or more third countries within a corporate group, or a group of companies engaged in a common economic activity.

Supervisory Authority

An independent public authority established by a Member State in accordance with Article 51.

Concerned Supervisory Authority

A supervisory authority that is concerned with the processing of personal data because:

a) the data controller or processor is established within the territory of the Member State of that supervisory authority,

b) data subjects residing in the Member State of that supervisory authority are affected or may be substantially affected by the processing, or

c) a complaint has been lodged with that supervisory authority.

International Organization

An organization and its subordinate entities governed by public international law or any other entity established under or on the basis of an agreement between two or more countries.

Relevant and Justified Objection

An objection to a draft decision regarding the existence of an infringement of this regulation, or regarding the compatibility of the proposed action with this regulation concerning the data controller or processor, which clearly demonstrates the significance of the risks posed by the draft decision to the fundamental rights and freedoms of data subjects and, where applicable, to the free flow of personal data within the Union.

1. Fundamental Principles of Personal Data Protection

We fully respect your fundamental rights and ensure the protection of your privacy as a priority for Nosileia Tora. In this context, when processing your personal data, we adhere to the following fundamental principles:

  • We process your personal data lawfully and maintain full transparency regarding how we handle your personal data.
  • We collect and process your data only for specific, clear, and legitimate purposes, as described in this policy, and do not process it further in a manner inconsistent with these purposes.
  • We process your personal data only to the extent that it is adequate and relevant to the above purposes, while limiting the processing to what is necessary for these purposes.
  • We process your personal data in a manner that ensures its security, using appropriate technical or organizational measures.
  • We do not intend to process your personal data for purposes other than those for which it was collected.
  • As a general principle, providing any consent and submitting any Personal Data under this policy is entirely voluntary. Generally, there are no detrimental effects to you if you choose not to provide your consent or submit your Personal Data. However, there are cases where Nosileia Tora may not be able to proceed with actions if specific Personal Data is not provided, for example, because such Personal Data is required to process your orders or to provide you with specific services. In these cases, unfortunately, Nosileia Tora will not be able to provide you with what you desire without your Personal Data.
  • Additionally, we inform you that your personal data will not be used for automated decision-making, including profiling.
  • Subject to what is stated in this policy, we do not disclose or transmit your personal data to third parties without your consent, unless permitted by law or by our contractual agreement with you.
  • We also inform you that we do not transfer your personal data to a third country or international organization for which there is no decision by the European Commission under the General Data Protection Regulation.
  • In general, we comply with all applicable laws and legal obligations as data controllers of your personal data.

As part of protecting the data we process, we implement a range of appropriate technical and organizational measures. We adopt internal security policies, provide proper training to our staff, who are committed to maintaining confidentiality and privacy, and utilize a range of technologies that ensure the security of your data (e.g., SSL certificates, encryption, certified hosting providers). As required by the principles of information security and data protection, the technical and organizational security measures are regularly monitored and, if necessary, updated and adjusted to align with new best practices.

2. What Data We Process and For What Purpose

Generally, we collect and process data from visitors/users of Nosileia Tora only when they provide it directly and voluntarily. Therefore, simply visiting the website does not necessarily mean that we process your data.

However, this rule does not apply absolutely in two cases: data collected through cookies and certain data collected automatically during your visit.

2.1 Data We Collect Automatically

Due to the nature and operation of the internet, as soon as you visit our website, our server logs your IP address, which constitutes personal data, even though, as a website, we cannot identify you solely based on this information. The reasons (legal basis and purpose) for which we collect your IP address, along with the date and time of connection, and retain them in special log files are as follows:

On the one hand, we have a legitimate interest in processing this data to ensure the security of networks, information, and services against accidental events or illegal or malicious actions that threaten the availability, authenticity, integrity, and confidentiality of stored or transmitted data (e.g., denial-of-service attack monitoring). We also use this data to establish, exercise, or defend legal claims.

On the other hand, we have a legal obligation to retain this data, as protecting your data from malicious users is both a priority and a duty. Additionally, under the applicable legal framework, we may be required to provide data to law enforcement or judicial authorities, and we must be able to do so under strict conditions and terms.

2.2 Types of Data Collected

During the following activities: (a) When you access and use our website at www.nosileiatora.gr, (b) When you communicate with us as a user, and (c) During the process of providing services at your location, you may provide the following types of personal data to Nosileia Tora:

(a) During access to and use of www.nosileiatora.gr:

  • IP Address: Your IP address is automatically recorded by our server.
  • End-User Device Data: Information about the device you use to access the website.
  • General Communication Data: General data related to your communication with us.
  • Browsing Data: Information about your navigation on the website.
  • User Preferences: Data regarding your preferences related to the services provided by www.nosileiatora.gr.

(b) When you communicate with us through the contact form on www.nosileiatora.gr, depending on the topic you choose:

  • Name and Surname
  • Email Address
  • Contact Phone Number
  • Resume: Only applicable for job applications.

(c) During the provision of services at your location:

  • Address and Contact Information
  • Tax and Billing Information
  • Referral for Examinations: Includes name, surname, AMKA (Social Security Number), AMA (Medical Number), year of birth, address, phone number, and diagnosis.

3. Purposes and Legal Bases for Data Processing

The personal data necessary for navigating and using our website are collected and processed by Nosileia Tora in accordance with the General Data Protection Regulation (GDPR) for the following purposes:

  • Technical Capability: To ensure the smooth operation of our website.
  • User-Friendly Functionality: To enhance the user experience on our website.
  • Improving Online Experience: To optimize your browsing and usage of our website.

Personal data necessary for the provision of our services under our contractual relationship are collected and processed by Nosileia Tora in accordance with the General Data Protection Regulation (GDPR) for the following purposes:

  • Fulfillment of Contractual Obligations: To execute and manage the services we provide to our users and customers effectively.
  • Immediate and Efficient Service Delivery: To ensure prompt and effective delivery of our services.
  • Tax and Billing Purposes: To handle invoicing, receipt of payments, and delivery of ordered products/services.
  • Customer Communication: To communicate with customers regarding service delivery and resolve any issues.
  • Improvement and Management: To enhance, manage, and review our products and services to better meet customer needs.
  • Business Administration: To manage, organize, and operate our business.
  • Customer Management: To handle and maintain our customer relationships.

Nosileia Tora collects and processes personal data exclusively for the purposes outlined above and only to the extent necessary to provide effective service. The data collected is relevant, appropriate, and does not exceed what is necessary for these purposes. We strive to ensure that your data is accurate and up-to-date. Additionally, your data is retained only for as long as necessary to achieve the purposes for which it was collected and processed, and is then deleted.

4. Data Recipients

  • Nosileia Tora does not disclose your personal data to public authorities or other organizations for financial or other evaluations.

4.2 For the execution of the purposes mentioned in this notice, Nosileia Tora may provide access to or transmit the following types of data to the following processors:

  • Financial Information: To financial institutions with which we cooperate to process payments to and from bank accounts.
  • Personal Data: To Internet service providers and data hosting services for hosting purposes.
  • Personal Data: To IT maintenance and support providers for the smooth operation of the website and our information and communication systems.
  • Personal Data: To the company’s accountants for maintaining financial transactions.

4.3 The processing of your personal data by the aforementioned data processors is carried out under our control and instructions and is subject to the same data protection policy or at least to a policy of equivalent protection level.

4.4 If required by a court or another administrative authority, and in any other case where we are legally obligated to do so, our company may transfer your personal data to public authorities to the extent required by law.

5. Data Security and Confidentiality

To ensure the proper use and integrity of your personal data and to prevent unauthorized or accidental access, processing, deletion, alteration, or any other use, Nosileia Tora implements appropriate internal policies and takes all suitable organizational, technical, physical, logical, and procedural measures in accordance with applicable laws and regulations.

6. Where and for How Long Do We Store Your Data?

Your data is stored within the company’s system, and its management is exclusively handled by strictly limited company personnel, without the involvement of third parties.

As a general principle, we retain your data only for the period necessary to achieve the specific purpose of processing. The rules for determining the retention period are derived from ensuring compliance with data protection regulations, best practices in the field, and maintaining the smooth operation of our company. Additionally, there are conditions imposed by relevant authorities that must be considered beyond the parameters set by the company itself.

Please note that even if you request the deletion of your data, we may retain certain data exclusively due to legal obligations or for the establishment, exercise, or defense of legal claims. Nosileia Tora may retain your personal data beyond the purpose of processing in the following limited circumstances:

  • If there is a legal obligation based on relevant legislative provisions.
  • For tax audit and social security audit purposes within the legal statute of limitations period.
  • In the event of any claims against Nosileia Tora, as long as necessary to defend our rights and legitimate interests before any competent court or public authority.

After the retention period, your personal data will be deleted from our databases and systems in accordance with our data protection policies, provided that their retention is no longer necessary.

7. Your Rights Regarding Your Data and How to Exercise Them

Under the General Data Protection Regulation (GDPR), you have a number of rights regarding the processing of your data by the Company.

Specifically, with regard to Nosileia Tora, you have the following rights:

  • Right of Access: You can submit a request to be informed whether we are processing your data and, if so, which data is being processed. You are also entitled to obtain additional information such as the purpose of the processing, the recipients of the data, and other relevant details.
  • Right to Rectification: You can request the correction or completion of your data if it is inaccurate or incomplete.
  • Right to Erasure: You can request the deletion of your data under certain conditions, such as when it is no longer necessary for the purposes for which it was collected or if you have withdrawn your consent.
  • Right to Restriction of Processing: You can request, under certain conditions, to limit the processing of your data by us, for example, if you contest the accuracy of the data or if the processing is unlawful.
  • Right to Object: You can object at any time to the processing of your data based on our legitimate interests, such as for commercial promotion purposes.
  • Right to Data Portability: You can request to receive the data you have provided to us in a structured, commonly used, and machine-readable format, provided this is technically feasible under the GDPR provisions.

Finally, in the event of a data breach that may pose a high risk to your rights and freedoms, and if this does not fall under one of the exceptions provided by the GDPR, we are obligated to notify you without undue delay. Generally, we are required to respond to your request promptly and no later than one month. If necessary, taking into account the complexity of your request and the number of requests pending processing, this deadline may be extended by an additional two months. In any case, we will inform you as soon as possible and, in any case, within one month of receiving your request, about the progress of your request and the reason for any potential delay in fulfilling it.

If your requests are manifestly unfounded or excessive, particularly due to their repetitive nature, Nosileia Tora may either charge a reasonable fee, considering the administrative costs of providing the information or performing the requested action, or refuse to act on your request.

If you believe that we are not complying with data protection laws, you have the right to file a complaint with the competent supervisory authority (in Greece, the Hellenic Data Protection Authority).

Nosileia Tora
Dimitrakopoulou 1, 12134, Peristéri, Greece
Phone and Fax: +30 210 5710088
Email: info@nosileiatora.gr

Additionally, if you believe that the processing of your personal data violates the applicable data protection laws, you may file a complaint with the Hellenic Data Protection Authority at:

Hellenic Data Protection Authority
Kifisias 1-3, 115 23 Athens, Greece
Phone: +30 210 6475600
Email: contact@dpa.gr

8. Social Media

Nosileia Tora has official accounts on the following social media platforms:

Facebook

Twitter

With the help of each of the above platforms, we collect and process certain data about you (such as your username and profile picture).

The purpose of processing all data collected about you, whether anonymized or not, is to provide updates about our content or to communicate with you by responding to the messages you send us.

The legal basis for processing is your consent.

You provide your consent by liking or following our pages and can revoke it just as easily by unfollowing or unliking. This consent implies acceptance of our data protection policy, which is prominently displayed and easily accessible on each page. If you do not agree with our policy, you should revoke your consent by using the appropriate action (unfollow, unlike).

Based on the above, Nosileia Tora is considered a joint data controller alongside the social media platform.

To ensure more comprehensive protection of the rights of individuals visiting our pages on social media, we strictly adhere to our obligations regarding personal data protection.

Specifically, the management of social media is part of our internal data protection policy.

In this context, we implement a series of appropriate technical and organizational measures, such as limiting the number of individuals who have access to the management of these platforms, to ensure the secure processing of data.

Important Note: We are not responsible for how or by what means each of the above platforms processes your data. Please review the policies of these platforms through the respective links:

Facebook: here and here

Twitter: here and here

Comments on Social Media

Nosileia Tora encourages users to submit comments on posts and/or pages maintained on social media platforms, within the framework of open dialogue and respect for differing opinions.

Nosileia Tora does not have a general obligation to monitor the content submitted by users of these platforms. However, we make efforts to ensure a safe online environment.

Therefore, the administrators of Nosileia Tora have the right to remove any type of content that is deemed to violate the website’s terms of use. This includes, for example, content that is abusive, obscene, pornographic, threatening, promotional, infringes intellectual property rights, or contains false statements about individuals, while also retaining the option to block users who submit such content.

If you believe that user-generated content hosted on Nosileia Tora’s social media pages is offensive or otherwise violates our terms of use, please contact the Nosileia Tora administrators immediately.

9. Hyperlinks to Third-Party Websites

Nosileia Tora provides links to third-party websites through appropriate hyperlinks. These links are included solely for the convenience of visitors during their internet browsing. They do not imply any endorsement or approval of the content on the linked websites. Each link directs to a different website, and browsing those sites is subject to their own terms of use and privacy policies.

Nosileia Tora assumes no responsibility for the content or data management policies of the websites linked through hyperlinks.

Accessing any linked website is done at the user’s own risk. We encourage you to read the privacy policies of all websites you visit.

10. Cookies

Like most websites, we use cookies and similar technologies when you access and browse www.nosileiatora.gr. Balancing our obligation to protect your data with the needs of Nosileia Tora, we use these technologies sparingly to make your browsing experience comfortable and effective, and to collect some anonymized information about your visits. Cookies are small text files that are stored on your computer’s hard drive or other electronic device used to access the website. Cookies are unique to each web browser (e.g., Google Chrome, Mozilla Firefox) and contain anonymized information about the websites you visit and the devices you use.

By continuing to use Nosileia Tora without changing your default settings, you consent to the use of cookies. For more information, please see our cookie policy.

11. Minors

Our content and services are intended exclusively for individuals over the age of 18, and we do not knowingly collect any information from individuals under this age threshold. If you are under 18 years old, you are not permitted to submit any information to us in any manner.

Since it is not technically feasible to effectively verify your age in all cases, we are committed to promptly deleting any personal information related to minors if it is reported and confirmed. This deletion will be carried out except where necessary to retain information for establishing, exercising, or defending legal claims, or where consent is provided by a guardian.

12. Changes to the Policy and Notifications

Effective protection of your personal data requires systematic monitoring of our policies and procedures. At the same time, our desire to provide better services means that we continually strive to improve our practices and adopt new ones, always with respect for your personal data.

Therefore, this Privacy Policy may be modified at any time without prior notice. Guided by the principle of transparency, we are committed to informing you of any significant changes to our policy. However, you should regularly review our policy, as continued use of our services implies your acceptance of any such changes.

13. Questions

If you have any questions regarding our Policy or how we process your data, you can contact us through the following methods: