Privacy Policy

I. Introduction

“AFOI A. SELIDIS SCIENTIFIC EQUIPMENT S.A.”, having its registered office in Thessaloniki, 12th km Thessaloniki–Nea Moudania, Spectra Building, PC 57001 (hereinafter referred to as the “Company”), is committed to protecting the personal data of its employees, customers, partners, and any other individuals whose data may be processed by the Company (hereinafter the “Data Subjects”).
This Privacy Policy (hereinafter the “Policy”) has been drafted in accordance with the EU General Data Protection Regulation 2016/679 (hereinafter “GDPR”) and the applicable Greek legislation, including Law 4624/2019. Its purpose is to inform you of the manner in which the Company collects, uses, stores, and generally processes your personal data.

II. Definitions

For the purposes of this Policy, the following terms shall have the meaning set out below:

•  Personal Data: Any information relating to an identified or identifiable natural person (“Data Subject”); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person (Article 4(1) GDPR).
• Processing: Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction (Article 4(2) GDPR).
• Controller: The natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data (Article 4(7) GDPR). In this case, the Controller is [Company Name].
• Processor: A natural or legal person, public authority, agency, or other body which processes personal data on behalf of the Controller (Article 4(8) GDPR).

III. Data Processing Principles

The Company undertakes to process personal data in accordance with the following principles:

• Lawfulness, Fairness, and Transparency: Personal data shall be processed lawfully, fairly, and in a transparent manner in relation to the Data Subject.
• Purpose Limitation: Data shall be collected for specified, explicit, and legitimate purposes and not further processed in a manner incompatible with those purposes.
• Data Minimization: Data shall be adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed.
• Accuracy: Personal data shall be accurate and kept up to date.
• Storage Limitation: Data shall be retained only for as long as necessary for the purposes for which they were collected.
• Integrity and Confidentiality: Appropriate technical and organizational measures shall be in place to ensure data security, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage.

IV. Categories of Personal Data Collected

The Company may collect the following types of personal data:

• Identity Information: Name, surname, patronymic and matronymic names, date of birth, Tax Identification Number, ID card or passport number, or other identification documents.
• Contact Details: Residential address, telephone number, email address.
• Employment Data: Job title, employment start date, department, salary, bank account details, Social Security numbers (e.g., AMKA, AMIKA), insurance provider information.
• Education and Professional Background: CVs, degrees, certificates, recommendation letters.
• Performance Data: Performance evaluations, disciplinary records.
• Monitoring Data: Data collected via monitoring systems, such as CCTV footage, access control logs, GPS tracking from company vehicles.
• Electronic Data: IP addresses, cookies, browsing history on the Company’s website.

V. Legal Basis and Purposes of Processing

The Company processes personal data for the following purposes and on the following legal bases:

• Performance of Employment Contract: Processing is necessary for the performance or initiation of your employment contract with the Company (Article 6(1)(b) GDPR).
• Compliance with Legal Obligations: Processing is necessary for compliance with the Company’s legal obligations, including labor, social security, and tax obligations (Article 6(1)(c) GDPR).
• Legitimate Interests: Processing is necessary for the purposes of the Company’s legitimate interests, such as asset protection, fraud prevention, risk management, service improvement, and efficient business operation (Article 6(1)(f) GDPR).
• Consent: In certain cases, your explicit consent may be requested for processing activities such as newsletter distribution or the use of cookies on the Company website (Article 6(1)(a) GDPR).

VI. Data Recipients

Your personal data may be disclosed to the following categories of recipients:

• Company Employees: Access is restricted to employees who have a legitimate business need to access the data in the course of their duties.
• Processors: Third parties may process personal data on behalf of the Company, including IT service providers, accountants, legal advisors, and insurance companies. Contracts are in place with all processors to ensure appropriate data protection safeguards.
• Public Authorities: Personal data may be disclosed to public authorities where required by law.

VII. Data Transfers Outside the EU

The Company does not transfer personal data outside the European Economic Area (EEA). Should such a transfer be necessary in the future, appropriate safeguards will be implemented in compliance with the GDPR.

VIII. Data Retention

Personal data will be retained only for as long as necessary to fulfill the purposes for which it was collected and to comply with the Company’s legal obligations.

IX. Data Security

The Company applies appropriate technical and organizational measures to ensure data security, including:

• Access Control: Access to personal data is restricted to authorized personnel.
• Encryption: Sensitive data is encrypted.
• Physical Security: IT systems are protected against physical threats such as fire, flooding, and theft.
• Backups: Regular data backups are performed.

X. Data Subject Rights

You have the following rights with respect to your personal data:

• Right of Access: To request confirmation of whether your personal data is being processed and obtain access to it.
• Right to Rectification: To request correction of inaccurate or incomplete personal data.
• Right to Erasure (“Right to be Forgotten”): To request deletion of your data under certain conditions.
• Right to Restrict Processing: To request the restriction of processing under certain circumstances.
• Right to Data Portability: To receive your data in a structured, commonly used, and machine-readable format and transmit it to another controller.
• Right to Object: To object to processing based on legitimate interests or for direct marketing purposes.
• Right to Lodge a Complaint: To lodge a complaint with the Hellenic Data Protection Authority if you believe your rights under the GDPR have been violated.

XI. Contact

For any inquiries or requests related to your personal data, you may contact the Company’s Data Protection Officer (DPO), Mr. Christos Yalamas, at [email protected] or by phone at +30 210 7795980.

XII. Amendments to the Policy

The Company reserves the right to amend this Policy at any time. Any changes will be posted on the Company’s website and shall take effect upon publication.

XIII. Effective Date

This Policy is effective as of 22 May 2018.