PERSONAL DATA

Growing economic and scientific collaborations as well as mutual provision for data processing services result in the exchange of personal data, a trend reinforced by the increasing use of modern telecommunications media.

For these reasons, it is necessary to process the data carefully.

The Controller states that compliance with the principles governing data protection for their processing is its purpose as it is committed to respect the individual rights and privacy of individuals. The Processor handles personal data with special care and always in accordance with EU Regulation 2016/679, the applicable National Law and the applicable legislation.

For the purposes of this Directive, the following definitions shall apply:

Data Subject: any natural person whose personal data are processed by or on behalf of the Company

Personal Data: any information related to a designated or identifiable natural person related to his or her physical, physiological, psychological, emotional or economic status, cultural or social identity.

Processing: processing of personal data (“processing”), any work or series of tasks performed on personal data, such as the collection, registration, storage, modification, analysis, use, association, commitment ( lock), deletion or destruction.

1.Data Controller and DPO

The Data Processing Officer is Nikolaos Roumeliotis, based in Thessaloniki, 20 Frangon St, ΑΦΜ 113490074, Δ.Ο.Υ. A Thessaloniki, E-mail info@roumelstore.gr (“Processor”).

2.The Data we process

With your consent, we process the following common and sensitive personal data that you provide when you interact with the Website (https://roumelstore.gr/), and use the services and functions it provides. This data includes in particular the name and surname, contact details, address and content of your specific requests, updates or reports as well as additional data that may be obtained by the Data Controller, including from third parties, in the context of conducting of its business activity (“Data”). In order to be able to fulfill the requests you submit through the contact form and / or to provide updates on the side effects, it is necessary to consent to the processing of the data marked with an asterisk (*).Without these mandatory data or your consent we can not proceed further. Instead, the information requested in fields that are not marked with an asterisk and your consent to download information material is optional and non-provision has no consequence.

In any case, even without your prior consent, the Data Controller may process your data to comply with legal obligations under EU law, regulations and law, to exercise legal rights, to exercise its own legitimate interests and in all cases provided for, where applicable, in Articles 6 and 9 of the GDPR.

The processing is performed both with the use of computers and in printed form and always implies the application of the security measures provided by the current legislation.

3. Why and how we process your data.

The data are processed for the following purposes:

• • to process the requests you submit with the “Form”, to then contact you or to provide information through it. The legal basis for the processing of personal data for this purpose is your consent (Article 6 (1) (a) and Article 9 (2) (a) of the GDPR Regulation) and the performance of the contract to which you are a party to the data ·
• • to manage adverse reaction reports submitted through the Website or Forms. The legal basis for processing for these purposes is your consent (Article 6 (1) (a) and Article 9 (2) (a) of the GDPR Regulation), as well as the pursuit of any public interest (Article 9 (2) (i)) of the GDPR Regulation) and legal obligations

in addition, but only with your voluntary consent which is the legal basis for processing in accordance with Article 6 (1) (a) of the GDPR:

• to receive promotional material (direct marketing) from us.

By selecting the appropriate boxes you agree to the processing of your data for these purposes.

Your data may in any case be processed, even without your consent, for compliance with laws, regulations, EU law (Article 6 (1) (c) of the GDPR), for obtaining statistics on the use of the Website and its proper functioning (Article 6 (1) (f) of the Rules of Procedure).

The personal data is entered into the computer system of the Controller in full compliance with the data protection legislation, including the security and confidentiality profiles and is based on principles of good practice, legality and transparency regarding the processing.

The data are stored for as long as is absolutely necessary to achieve the purposes for which they were collected. In any case, the criterion used to determine this period is based on compliance with the deadlines set by law and the principles of data minimization, storage limitation and rational file management.

All your data will be processed in printed or automated media, ensuring in each case the appropriate level of security and confidentiality.

4. Principles applicable to processing

We are allowed to process your personal data in order to provide personalized services, based on the law (Article 6 (1b) of Regulation (EU) 2016/679) and the relevant National Implementing Law. Your personal data is not used for purposes other than those described in the Declaration, unless we obtain your prior permission, or unless otherwise required or permitted by law.

Personal data is processed in a manner compatible with the purpose for which it was collected.

The principle of proportionality applies to the processing of personal data. Among other things, it creates the obligation not to collect personal data for no reason.
The personal data used should be accurate and up to date.
Personal data used that is no longer accurate and complete should be corrected or deleted.

Apart from cases where by law there is an obligation to keep them for a longer period of time, personal data are not stored for a longer period of time than is necessary for the purposes for which they were collected or processed.

The processing of personal data is done in accordance with the principles of good faith. This means that data subjects can rely on the fact that processors will show due diligence in all data processing matters.

Subjects whose personal data has been processed will be informed accordingly, upon request. In particular, they have the right to be informed of the purposes for which their data are processed, the type of data to which they relate, as well as the identity of the recipients of the data. Where necessary, data subjects also have the right to request the correction, non-transmission or deletion of their data.

The above rights can be restricted only if this restriction is provided by law. This is especially true when conducting scientific research.

In particular, personal data is protected against unauthorized disclosure and any unlawful processing. The measures implemented ensure a level of security commensurate with the nature of the data to be protected and the risks that may arise from its processing.

The controller is responsible for the compliance and implementation of EU Regulation 2016/679 and the National Implementing Law.

Our employees who deal with the processing of personal data are accordingly informed and trained. Procedures for the processing of personal data by third parties upon agreement will be set out in writing, ensuring that the contracting third party processes the personal data securely and that it complies with the principles set out in this Declaration and the GDPR EU. In the event that the third party is deemed unable to ensure a satisfactory level of personal data security, we will terminate the cooperation.

5. People who have access to the data.

The Data is processed by electronic and manual means in accordance with the procedures and practices related to the aforementioned purposes and is accessible by the staff of the Processor who is authorized to process the Personal Data and the supervisors and in particular the employees belonging to the following categories: technical personnel, Information and Network Security personnel and administrative staff as well as other staff members who have to process the data in order to perform their duties.

The Data may also be communicated to countries outside the European Union (“Third Countries”): (i) to institutions, authorities, public bodies for institutional purposes; (ii) to professionals, independent consultants – whether working individually or collectively – and others, third parties and providers that provide the Data Controller with commercial, professional or technical services required for the operation of the Website (e.g. the provision of IT services and Cloud Computing) for the purposes stated above and for the support of the Data Controller in the provision of services you requested; (iii) to third parties in the event of mergers, acquisitions, transfers of undertakings or their branches, controls or other extraordinary operations;

The mentioned recipients receive only the necessary data for their respective functions and duly undertake their processing only for the purposes mentioned above and in accordance with the data protection laws. The Data may also be disclosed to the other legal recipients specified from time to time by applicable laws.

With the exception of the above, the Data will not be disclosed to third parties, natural or legal persons, who do not perform commercial, professional or technical duties for the Controller and will not be disseminated. The recipients of the data will process them, as the case may be, as Data Controllers, Processors or persons authorized to process the personal data for the purposes stated above and in accordance with applicable data protection law.

With regard to data transfers outside the EU, even in countries whose laws do not guarantee the same level of protection of personal data privacy as provided by EU law, the Data Controller informs that the transfer will in any case take place in accordance with with methods permitted by the GDPR, such as on the basis of user consent, on the basis of standard contractual clauses approved by the European Commission, selecting parties to participate in international programs for the free movement of data (e.g. EU-US PrivacyShield) or implemented in countries considered safe by the European Commission.

6. Your rights

If you wish, you can request at any time to exercise the rights of Articles 15-22 of the GDPR Regulation, to be informed about your personal data held by us, their recipients, the purpose of keeping and processing them as well as the modification, by correcting or deleting them, by sending a relevant e-mail to the addresses shown above, from the e-mail address of which you have stated, by completing an attached by the Controller copy of your police ID. You also have the right to review the personal data we hold and in general to exercise any right provided by the law for the protection of personal data.

The personal data that you disclose to the Processor via http://roumelmelstore.gr/ either during your registration or at a later stage, are collected and used and processed in accordance with the applicable provisions for the protection of personal data of the new European ́ General Regulation. Data Protection (EU) 2016/679.

You reserve the following rights in detail:

• Right to be informed about your personal data: Upon your request, we will provide you with information about the personal data we hold about you.

• Right to correct and supplement your personal data: If you notify us, we will correct any inaccurate personal data concerning you. We will fill in incomplete data if you notify us, provided that this data is necessary for the purposes of processing your data.

• Right to delete your personal data: Upon your request, we will delete the personal data we hold about you. However, some data will only be deleted after a specified retention period, for example because in some cases we are required by law to retain the data, or because the data is required to meet our contractual obligations to you.

• Right to freeze your personal data: In certain cases provided by law, we will freeze your data if you request it. Further processing of bound data is done only to a very limited extent.

• Your right to object to the processing of your data: You may at any time object to the processing of your personal data in the future if we process your data on the basis of one of the legal justifications provided for in Article 6 (1e or 1f) of Regulation (EU) 2016/679. If you object, we will stop processing your data, provided there are no legitimate grounds for further processing. The processing of your data for advertising purposes is not a legitimate reason.

7. Security of Personal Data

The Controller implements specific technical and organizational security procedures in order to protect personal data and information from loss, misuse, alteration or destruction. Our partners who support us in the operation of this website also comply with these provisions.

The Controller makes every reasonable effort to keep the personal data collected only for the period for which it is needed for the purpose for which it was collected or until it is requested to delete it (if this happens earlier), unless it continues to observes them in accordance with the provisions of the current legislation.

8. 8. Revisions of the Declaration

We reserve the right to amend or periodically revise this Statement, at its sole discretion. In the event of any changes, the Processor will record the date of modification or revision in this Statement and the updated Statement will be valid for you from that date. We encourage you to periodically review this Statement to determine if there are any changes to the way we handle your personal data.

This is a Declaration of Conformity with the provisions of EU Regulation 2016/679 and the National Implementing Law.

09.21.2021