Personal Data Protection Policy

PERSONAL DATA PROTECTION POLICY

 

The security of your personal data is a top priority for our Company. Our Company in its capacity inter alia as controller of how your personal data are processed when you visit, register to or generally use and make purchases on our Website, has created this Personal Data Protection Policy to inform you in accordance with Regulation (EU) 2016/679, Law 4624/2019 and the other provisions of the relevant applicable Greek and EU legislation on personal data protection, of your rights and how to exercise them. This notification is supplemented in cases of processing of personal data via cookies by the specific Cookies Policy.

 

  1. Details of the Controller of your personal data

 

The controller of your personal data is the société anonyme under the name ‘GLOBALSAT SALE OF MOBILE TELEPHONES AND OFFICE ORGANISATION DEVICES SOCIÉTÉ ANONYME’, trading as ‘GLOBALSAT S.A.’ (hereinafter the “COMPANY” or “we” or “us”), with registered address at 21, Ploutarchou Street, Pallini, Attica, duly represented, TIN 997471472, ATHENS S.A. TAX OFFICE, General Commercial Registry (GEMI) Reg. No 122538101000, which manages and operates the Websites www.globalsat.gr and https://about.globalsat.gr/ and the e-shop operating therein (hereinafter “Websites” or the “Globalsat e-shop”).

 

  1. Whom does the information provided through this Policy concern

 

This Personal Data Protection Policy applies to all users/visitors of the Websites, i.e. including persons visiting both the Globalsat e-shop and http://about.globalsat.gr without having registered and created an account as well as persons who have registered and created an account, regardless of whether or not they carry out any transactions during their visit

 

  1. What type of personal data do we collect

We take care to collect only your personal data that are absolutely necessary, appropriate and relevant for the processing purpose for which they are intended and in order to provide the services offered through the Globalsat e-shop in a adequate and effective manner. The type and number of necessary personal data we collect depend and vary according to the capacity of each data subject (visitor only or registered user) and the type of relationship or transaction with said subject. In view of the foregoing, the data we collect and process in general include but are not limited to the following and may not concern you in their entirety, as explained above:

  1. Identification Data which include your first name, last name and data on your electronic authentication for your log-in when you create an account on the Website (username and password). Where invoices are issued, the following are also required: Tax Office, Tax Identification Number, occupation, corporate name.
  2. Contact Data which include your contact information, shipping or billing address of products, which need not be the same, e-mail address and mobile or landline telephone number. Furthermore, data we receive from communication with you, requests for assistance, complaints, queries, data of telephone communication with you (e.g. orders over telephone) in accordance with the legal requirements for reasons of provision of commercial transaction receipts or other professional communication.
  3. Financial Data including information concerning your payments and the bank account through which you carry out remittances to us.
  4. Transaction Data including, for instance, information concerning completed sales of products to you, including information on products or services you had purchased via the e-shop in the past, returns, etc.
  5. Data of a technical nature concerning your use of and interaction with the e-shop, including but not limited to: your computer’s Internet Protocol (ΙΡ) address, your browser software and operating system, the speed of your connection and information concerning the software programmes installed on your computer, basic information concerning connection to the server and other information collected via cookies and related technologies (provided you have consented to the use of those that are not technically vital — for further information on cookies please consult our Cookies Policy).
  6. Advertising Data including, for instance, information on your response to our Company's promotional actions, your choices, your search history, the product categories you prefer, links from which you were redirected to the e-shop, as well as the methods of communication you use the most, which data mainly originate from advertising cookies and from which we collect data only if you have consented to their use — for further information on advertising cookies please consult our Cookies Policy).
  7. Data concerning your answers and responses to surveys conducted by the Company, insofar as these are not anonymised data.
  8. h. Data concerning the conduct of (implementation, participation validity check, contact with winners, award of prizes, etc.) and your participation in lotteries, contests and promotional actions carried out by the Company.

 

  1. Data collected when you connect via social networking media. If you connect to the e-shop via any social networking media, the data we collect include but are not limited to the username or alias you use on the social networking medium in question, as well as the profile information or content you have permitted the social networking service to disclose on the basis of your privacy settings, etc.

 

It is expressly clarified that we are neither interested in nor collect:

  • Data of minors. The Company understands the importance of protecting the personal data of minors. The Website neither addresses or nor is intentionally designed to be addressed to minors. It is the Company's intention to neither collect nor knowingly retain personal data of minors who might access the Website. For this reason, the Company requests a statement from persons conducting transactions on its Website that they are over 18 years of age, and expressly clarifies that only persons over the age of 18 may connect to its Website. Where it is found that, despite the foregoing, any personal data have been collected from a minor, said data shall be erased immediately.
  • Special categories of data / Sensitive personal data. We request that you do not send us or disclose sensitive personal data (such as information concerning your racial or ethnic origin, ideology or political, religious or philosophical beliefs, information concerning your physical or mental health, biometric data or genetic characteristics, sexual orientation, trade union membership or information relating to criminal convictions) on the Website or via the e-shop or in any other manner. Where it is found that, despite the foregoing, any sensitive personal data have been collected, said data shall be erased immediately.

 

The following are also expressly clarified:

  • Any connection of the Website, e.g. via special hyperlinks (links, hyperlinks or banners) or any other manner, to any other website belonging to third parties (e.g. social networking media etc.) shall not mean that the Company accepts any liability for the policy said websites use with respect to the protection and management of personal data. You must learn about the protection and management of your personal data by the aforesaid websites yourselves.
  • More specifically, on the e-shop we also use independent payment service providers to enable you to make payments in order to purchase a product from the e-shop (“Payment Service”) through them (i.e. if you do not choose a method of direct payment to the company, e.g. cash-on-demand or carrying out a remittance to the Company). If you wish to make a payment through a Payment Service, you will be directed to a Payment Service website. Any information/data you provide to a Payment Service shall be made subject to the privacy policy of the Payment Service and not to this Personal Data Protection Policy. We have no control or supervision over information/data collected through the Payment Service and shall not be held liable for any use thereof on its part.

 


  1. Sources of collection of personal data


Your personal data are collected from the following sources:


  1. We collect data you voluntarily provide when using the services of the e-shop and, in particular, when you order a product, create an account on the Website, participate in surveys or promotional actions, etc. The data we collected directly from you are those specifically noted above under 3.a, 3.b, 3.c, 3.g and 3.h.

 

  1. We reproduce or collect certain information from your computer or device when you interact with the Website. The data listed above under 3.e belong to this category.
  2. We also collect information from the transactional relationship between us, as noted above under 3.d.
  3. We also collect data from third parties (this especially applies to the data noted above under 3.i, 3.f and 3.e) or publicly available data. Sometimes, we receive information about you from third parties, depending on how you choose to interact with us; for example, this happens through third-party cookies (for more information, please refer to our Cookies Policy) or when you log in to your account on the e-shop by using the connect function on social networking media. 

It is expressly clarified that the aforementioned collection of data directly from you also includes the collection of your data from a third person acting on your behalf. If you have provided us with the personal data of third parties, where this is permitted, you must have previously informed them (e.g. by referring them to this policy) and obtained their consent, where required. At this point, it is reminded that you must ensure that the personal data you provide to us are correct and accurate, and you are bound to notify the Company in good time of any change or modification thereto.

5. Purposes of data collection:

The Company processes your personal data for the following purposes: 

  1. Provision of services to you, performance of the performance of the agreement between us, or taking of pre-contractual measures upon your request. This purpose includes but is not limited to processing on our part in order to be able to fulfil product orders you place via the Website or by telephone, to track the progress of a product order you have placed or to manage the order in the event of a problem in its progress, to contact you, to handle your requests or complaints concerning your orders, to issue invoices, to provide support services and, generally speaking, to monitor the performance of obligations on both parts under the agreement between us.
  2. Managing your registration on the Website if you choose to create an account.
  3. Communication with you.
  4. Advertising purposes. This purpose includes processing on our part:
    1. In order to send you newsletters, at your e-mail address, provided you have requested to receive our newsletters by filling out a relevant form on the Website.
    2. In order for the Company to send you e-mail messages concerning products that might interest you, provided you have granted your relevant consent.
    3. In order to carry out promotional actions, e.g., lotteries/contests, provided you have chosen to participate in such actions.
    4. In order to customise the advertisements and information displayed to you (e.g. online). This processing entails your profiling through the combined consideration of the data referred to in section 3 above (especially browsing and purchasing history, information from cookies, etc.).
    5. For the Company to inform you via viber messages to the mobile number you have registered with us about products, offers and news that may be of interest to you, provided that you have given us your consent.
       
  5. For analysis and survey purposes. This purpose includes processing on our part to send or submit questionnaires to you in order to examine and analyse your degree of satisfaction with the Company’s services, to upgrade/improve its services and its general transactional relationship with you.
  6. For purposes of the Company’s compliance with the obligations imposed by the legal, regulatory framework in force from time to time, as well as the decisions of authorities (State, supervisory, independent, prosecution, etc.) or courts (ordinary or arbitral). 
  7. For the purposes of the legitimate interests of the Company or a third party. This purpose includes processing for reasons that include but are not limited to: a. establishment, exercise and support of the Company's legal claims; b. purposes of fraud prevention, security, protection of rights, computer systems, the Company's assets and parts thereof, its employees and Website users in general; c. the Company's compliance with is obligations under agreements with third parties; d. realisation of corporate transactions in the framework of which we may transfer or encumber the Company's assets.

 

  1. Legal basis for the processing of your personal data

 Under the requirements of the legal framework on personal data, we ensure having a valid legal basis for the processing of your personal data. Below you will find an analysis of the legal bases for the processing of your data according to their processing purpose (you can view the purposes in section 5 immediately above, cases A through G):

For the purposes enumerated between 5.A and 5.C above, the legal basis for processing is the need to perform the agreement between us. The provision and corresponding processing of the data relevant to these purposes are necessary for the performance of our obligation, e.g. concerning your orders and the provision of customer support and services; any non-provision thereof would render impossible the provision of services by the Company to you. The processing for the purpose noted under 5.C is premised on the legal basis of our Company's legitimate interests in cases of communication between the Company and subjects with whom there is no contractual relationship.

For the purposes enumerated between 5.D(a, b, c, d) and 5.B above, the legal basis for processing is the provision of consent on your part. It is expressly clarified that your filling out of a Website registration form constitutes consent given by a clear affirmative act for the subsequent processing of the data necessary for this purpose, i.e. achieving the purpose of your registration on the Website. The processing of your data for these purposes is left at your discretion. Moreover, you can exercise your right to withdraw your consent at any time, without consequences, except for ceasing to receive advertising messages and newsletters and to be a registered Website user. On how to withdraw your consent, see below under 13. Where appropriate, we shall inform you of specific withdrawal methods, depending on the manner in which consent was provided, e.g. with regard to advertising messages and newsletters you receive, they will include a link at their end to withdraw your consent and unsubscribe from the lists of recipients of advertising messages, newsletters, etc. You can also deregister from the Website by choosing to delete your account on it.

For the purposes noted under 5.F above, the legal basis for processing is the need of the Company to comply with a legal obligation. The provision and processing of these data are mandatory, as non-provision would lead to the Company breaching an existing legal obligation.

For the purposes enumerated under 5.G, 5.E and 5.D.e above, the legal basis for processing is the legitimate interests of the Company or a third party (including but not limited to other companies of the group to which the Company belongs, companies associated with the Company, suppliers, workers, etc.). This processing is preceded by weighting of the fact that the interests of the Company or the third party are not overridden by your interests your or fundamental rights and freedoms which require protection of your personal data.

  1. Duration of personal data retention.

Your personal data are retained for the length of time necessary for the performance of the purpose their processing serves, otherwise for the length of time required under the legal and/or regulatory framework in force from time to time or the exercise of claims or defence of rights and legitimate interests of the Company.

More specifically, we determine the duration of retention of various categories of personal data according to the following criteria:

  1. the purpose for which the personal data are collected;
  2. the time required to achieve this purpose;
  3. any legal obligation to retain the personal data for a specific period of time; and
  4. the need to retain data for reasons of exercising claims or defending our rights and legitimate interests.

More specifically, if you have created an account on the Website and you choose to delete it, your personal data collected for the purpose of creating and during the use of said account shall be erased, save those that must be retained under the legal and/or regulatory framework in force from time to time or for the exercise of claims and the defence of the Company's rights and legitimate interests.

  1. Principles of protection of your personal data.

Our Company processes your personal data in a fair, lawful and transparent manner. We ensure that we have a valid legal basis for the processing of your personal data and are transparent towards you with regard to the processing of your personal data (“lawfulness, fairness and transparency”).

We collect personal data solely for specific, determined and legitimate purposes. We process the personal data we have collected for purposes we have determined or further process them solely for purposes compatible with the initial purposes we determined (“purpose limitation”).

We only collect and process personal data that are adequate, relevant and absolutely necessary for the purposes for which they are processed (“data minimisation”), and take all reasonable measures to ensure that the data kept up to date, as well as measures to ensure that personal data that are inaccurate in regard to the processing purposes are erased or rectified without delay (“accuracy”).

We do not keep data in a form which permits identification of data subjects for any longer than is necessary for the purposes for which the personal data are processed (“storage limitation”). 

We process your personal data in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (“integrity and confidentiality”).

9. How we keep your personal data secure.

Processing your personal data securely is a top priority. We take appropriate technical and organisational measures for the security of your data, the safeguarding of their confidentiality, their processing and their protection from accidental or unlawful destruction, accidental loss, alteration, prohibited transmission or access and any other form of unlawful processing; these measures are continuously reviewed and amended, whenever deemed necessary. However, please bear in mind that no website and no online transaction can provide absolute security. We try to ensure the greatest possible security by using advanced encryption protocols, data pseudonymisation techniques, etc. With regard to the data used to authenticate you as a registered account user, i.e. your username and password, we remind you of your obligation to keep these secret from third parties.

 

  1. Recipients of your data.

 

In the performance of the Company’s contractual and legal obligations, the service of its legitimate interests or those of third parties, and where the Company has received your consent, the recipients of your data that are necessary on the basis of the purpose of each transmission may include the following: 

 

  1. The competent employees and members of the management of the Company, in the context of their duties (on a need-to-know basis).

 

  1. Third parties we work with or which provide services that support or facilitate the provision of services by our Company, including but not limited to the following:
  2. providers of e-mail management and distribution tools - for instance, if you subscribe to e-shop newsletters or other promotional messages, we will manage their delivery to you by using a third-party e-mail message distribution tool;

 

  1. providers of security and fraud prevention services - for instance, we use providers to identify users of automated software that could disrupt our services and to prevent poor use of our services;

 

  1. providers of data aggregation and analysis software services, allowing us to monitor and effectively optimise delivery of your orders;

 

  1. software platform providers that help us contact your or provide you with customer support services - for example, we handle and answer any messages you sent via the assistance centre, using a third-party communication management tool;

 

  1. providers of online cloud storage services and other key IT and/or support services;

 

  1. postal service and or transport/courier service providers;

 

  1. product and/or service promotion companies - advertising companies;

 

  1. customer satisfaction or general market survey companies;

 

  1. call centres;

 

  1. companies providing reviewing services for the evaluation of products offered on the e-shop and servicing of electronic orders placed by customers.

 

 

-  Where you submit a request to us for the provision of commercial warranty service to you (i.e. manufacturer warranty) for the products you purchase via the e-shop, we will for3ward your data that are absolutely necessary for this purpose, i.e. your full name, contact details declared to us (landline and/or mobile telephone number and/or e-mail address and/or postal address) and information on the products you have purchased or ordered via the e-shop.

 

  1. Supervisory, independent, court, prosecution, police, state and/or other authorities in the context of their remit, accredited mediators and mediation service provision centres, arbitral courts and alternative dispute resolution bodies. 

 

  1. Attorneys, law firms, court process services, experts, consultants, certified public accountants/auditors and providers of consulting services (e.g. financial), in the context of their remit.

 

  1. We may forward your data to third parties, potential or existing purchasers of all or part of the Company's activities or assets (including rights) or persons entitled to encumber the foregoing.

 

  1. Information may also be collected from you by certain third parties, e.g., advertisers, marketing networks, etc., using cookies and similar technologies (for further information please refer to our Cookies Policy which contains a specific section on third-party cookies). This can only take place if you have consented to the use of these cookies.

 

 

  1. Other parties for the transmission of data for which you have granted your consent.

 

In regard to the terms of processing of your personal data by those aforesaid recipients with the capacity of independent controller, we recommend you refer to their personal data notices.

  1. Transmission of personal data outside the European Economic Area (EEA)

The Company may transmit your personal data to third countries or international organisations outside the European Economic Area (EEA) only if:

  1. a) according to a relevant European Commission decision, the third country, territory or one or more specific sectors within that third country or international organisation ensures an adequate level of protection; or 
  2. b) appropriate safeguards for their processing have been provided on the basis of EU and/or national law, usually in the form of standard data protection clauses issued by the European Commission.
  3. c) If neither of the above conditions is met, transmission may take place where the deviations set forth in EU and/or national law apply, including but not limited to the following:
  4. i) if you have provided your express consent to the Company to this effect;
  5. ii) if the transmission is necessary for the performance of an agreement between you and the Company or for the application of pre-contractual measures upon your request or for the conclusion or performance of an agreement concluded for your benefit; 

iii) if the transmission is necessary for the establishment, exercise or defence of legal claims.

 

  1. Your rights with regard to the protection of your data

You have the following rights:

  1. a) To request to be informed of the categories of your personal data that we retain and process, their origin, the purposes of their processing, the categories of their recipients, their retention period as well as your relevant rights (right of access);
  2. b) To request the rectification or/and supplementation of your personal data so that they are complete and accurate (right to rectification) by producing any necessary document justifying the need for rectification or supplementation; 
  3. c) To request the restriction of processing of your data (right to restriction);
  4. d) To object to any processing of your personal data (right to object);
  5. e) To request the erasure of your personal data from the records we keep (right to be forgotten) under specific conditions, e.g. when the data are no longer necessary, you have withdrawn your consent, the data have been unlawfully processed, and so forth; 
  6. f) To request the transfer of your data by the Company to a different controller (right to data portability); 
  7. g) To withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
  8. h) Right to appeal to an Authority: If you consider that your rights have been infringed in any manner, you have the right to appeal to the Hellenic Data Protection Authority (1-3, Kifissias Street, GR-11523, Athens). For detailed information on the Authority's remit and on how to file a complaint, you can visit its website (dpa.gr - My rights - Filing a complaint). 

Please note the following with regard to your aforementioned rights:

  1. We may need to request additional information to confirm your identity in order to respond to your request.
  2. Your rights under c, d and e may not be satisfied in part or in whole where they concern data necessary for the drafting and/or performance of an agreement.
    iii. The Company is entitled to deny your request for restriction of processing or erasure of your personal data in all cases if their processing or retention is necessary for the establishment, exercise or defence of the Bank’s legitimate rights or the performance of its legitimate obligations.   
    iv. The exercise of the above rights applies to the future and does not concern data processing already performed.

 

  1. How to exercise your rights - Contact details for data protection officer

 

In order to exercise your rights, you may contact the Company's data protection officer in writing at the postal address 21, Ploutarchou Street, GR-15351 Pallini, Attica or via e-mail at globalsatGDPR@globalsat.gr or via the form concerning exercise of rights. You can use the above contact details to address any questions or queries concerning this Policy.

 

With specific regard to your right to withdraw consent, it is clarified that you can exercise this right as described in the immediately preceding paragraph of section 13 and, where appropriate, in specific ways, e.g. by clicking on a specific unsubscribe hyperlink at the end of each e-mail message you receive (e.g. newsletters or promotional messages/advertisements).

 

Furthermore, through your account you can access your data collected for your registration and for the operation of your account, and you can rectify them, delete your account and de-register from the Website; this will result in the erasure of your data as noted above in detail in section 7 hereof.

 

 We will make every effort to respond to your request within thirty (30) days of the date it is received. This time limit may be extended by sixty (60) additional days, where deemed necessary, taking into account the complexity and number of requests. You will be notified in any case of extension of the deadline within thirty (30) days of the date the request is received. This service is provided free of charge. However, where your requests are manifestly unfounded, excessive or repetitive, you may be charged a reasonable fee, following notification to you and taking into account the administrative costs for the provision of the notification requested or performance of the action requested, or action on your request(s) may be refused.

 

  1. Amendments to this Policy

We may amend this Policy from time to time to ensure it is always consistent with legal requirements and the reality of the processing we carry out. If we decide to make significant changes to this Policy, we will notify you in any expedient manner, including but not limited to a notification on this Website (e.g. via a banner or pop-up window) and/or e-mail message, etc. In order to learn about the most recent/updated version of the Policy, where we make minor changes or improvements to it, we recommend you regularly visit this page where the Policy will always be available.

 

Date of drafting: 30 March 2021