The access to the specific website[(www.nutripass.gr)] (in the hereafter referred to as the “Website”),as well as the use of the content of the specific website, are subject to the conditions of use as described below (in the hereafter referred to as “Terms and Conditions”). Accessing, navigating and visiting the information included on the Website constitutes acceptance by the user (in the hereinafter referred to as “you”) of the Terms and Conditions.
The owners may modify the Terms and Conditions at any time and without prior notice. Once the changes are posted via their online posting on the website, they are automatically deemed to be unconditionally accepted by you from the moment you log on to the Website, after updating it online. The owners suggest that you periodically visit the Terms and Conditions site in order to be informed of any modifications and/or upgrades.
The elements contained in the Website (information, texts, images, sounds, logos and in general any type of data, hereinafter referred to as the “Content”) as well as the Website itself are protected by intellectual property rights and any databases remain in the exclusive possession of the owners. Any total or partial export, reuse, reproduction, representation or modification of all or part of the Content for purposes other than personal and strictly private (including in particular any exposure to the public or any commercial use) is prohibited without the previous express authorization from one of the owners. Any quantitative or qualitative substantial extraction or reuse of all or part of the data contained in the Website is prohibited, even for private use.
In addition, any repeated and systematic extraction or reuse of any quantitatively or qualitatively non-essential part of the Website content is prohibited, even for private use, when such actions exceed the normal terms of use of the Website. You are entirely responsible for the use you make regarding in the Content displayed on the Website, including third parties.
The trademarks and logos displayed on the Website are the property of their respective owners. Any reuse, in any form, of these logos and trademarks is prohibited, unless you have received authorization from the owners or a third party that owns similar logos and trademarks. No reference to the Website can be interpreted as a grant of rights to you regarding the logos and trademarks mentioned above.
The owners reserve the right to modify, suspend and / or interrupt at any time, occasionally or permanently, all or part of the Website, to upgrade or correct the information available on the Website, or to improve it, without prior notice. Under these circumstances, the owners bear no responsibility for any modification, suspension or interruption of the Website or access to it. In order to prevent the spread of computer viruses or other harmful programs, the owners make every effort to implement the techniques of those media that are compatible with current standards. However, given the structure of the Internet and the speed with which it evolves, the owners are unable to provide guarantees regarding the complete absence of viruses or other harmful programs. Therefore, in order to reduce the risks, it is your responsibility to regularly save your data before connecting to the Internet as well as installing appropriate anti-virus measures (antivirus programs).
Pursuant to applicable regulations, you expressly acknowledge and agree that: This Website is provided to you “AS IT IS” and is accessible as available, without express or implied warranty of any kind on the part of the owners, as well as that you assume all responsibility and risk regarding the use of the Website. The Owners do not make any promises or guarantees that the Website will perform as expected, without interruptions and errors, nor that such interruptions and errors will be corrected and/or nor that the Website in question will be free of viruses. The Owners do not make no warranty of any kind, express or implied, as to the accuracy, completeness and compatibility of the information you access on the Website with your intended use. Any material you download or otherwise obtain is at your own risk.
The owners will not be held responsible for any damages to your computer. To the extent permitted by applicable law or regulation, the owners disclaim all liability for direct or indirect damages, including but not limited to: loss of profit, customers, data, or private property that may result from the use of the Website (or from the inability to use it). In addition, the owners assume no responsibility with respect to the services that you access through the Internet.
The owners disclaim all responsibility for anything arising from the use of the Website that is not in accordance with the terms and conditions of use. In addition, the owners reserve all legal rights to control, limit and delete anything that does not relate to the correct use of the Website in order to preserve its correct and intended use.
Any creation of links on the Website and any creation of frames on it is subject to the prior authorization of the owners, at whose discretion lies the withdrawal of this authorization at any time. The owners will reserve the right to require the deletion of any link or frame of the Website for which they have not given authorization or cannot continue to provide it. The Website may contain links to other websites. The owners are not responsible for the content of the sites that you may access through the links offered by the Website. The presence of active links on the Website does not in any way mean that the owners control or approve the content of those sites to which links have been created or those from which links have been created that lead to the owners’ Website.
Οι ιδιοκτήτες ενδέχεται να χρησιμοποιήσουν cookies με στόχο να σας παρέχουν ταξινομημένες πληροφορίες κάθε φορά που συνδέεστε με το Website καθώς επίσης να διευκολύνουν τη διαχείριση του Website, κυρίως για λόγους στατιστικών ερευνών. Χρησιμοποιώντας τις υπηρεσίες του Website, εξουσιοδοτείτε την αποθήκευση παρόμοιων cookies καθώς επίσης και τη χρήση τους από τους ιδιοκτήτες. Παρόλα αυτά, οι ιδιοκτήτες σας πληροφορούν ότι έχετε τη δυνατότητα να αρνηθείτε αυτά τα cookies τροποποιώντας τις ρυθμίσεις της μηχανής αναζήτησής σας για το Διαδίκτυο.
The owners put at your disposal the means (online form, etc.) which allow you to transmit information. You are aware that this transmission may cause damage to third parties or even contravene the applicable law. By using the Website you undertake the responsibility to refrain from disseminating and / or transmitting messages, images or information in general that may violate the privacy of communicators, constitute an act of discrimination, be contrary to public order and moral decency or violate the rights of third parties. You also undertake to verify the content of any message or information that you may disclose. In any case, the owners reserve the right to ensure in any way the aforementioned.
The owners offer you the option to create a private account which will allow you to access a private area of the Website. Access to this private area of the Website is through a username and password. You undertake the responsibility not to disclose to any third party the information concerning the owners or third parties of which you may have become aware during your connection to the Website. The information used to identify you is personal and strictly confidential. You agree to maintain this confidentiality and also acknowledge that you are the only responsible for maintaining the confidentiality of your username and password, the information in your account, and the actions that occur in your account. You must immediately notify the owners of any fraudulent use of your account.
The implementation of the General Data Protection Regulation (G.K.P.D.) is a priority for the Ioannis Antoniou of Georgiou Individual Enterprise (NUTRIPASS).
Details of the Controller
The Individual Enterprise of Ioannis Antoniou of Georgiou henceforth NUTRIPASS accepts as personal data: Any information concerning natural persons, as an identified or identifiable living person.
For example, this information includes their name, home address, social security number, Internet Protocol (IP) code, health and insurance information, employment status, and more.
Special category data, such as data relating to health, racial or ethnic origin, trade union activity and others, receive special protection.
The rules apply when the collection, use and storage of individuals’ data is done digitally or in paper form through a structured filing system.
This policy is in accordance with the EU General Data Protection Regulation. (G.K.P.D.), as well as with opinions / decisions issued by the Personal Data Protection Authority.
10)”Personal Data Breach”: The breach of security resulting in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access of personal data transmitted, stored or otherwise processed;
11) “Special Category Data”: Personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, as well as the processing of genetic data, biometric data for the purpose of unambiguous identification of a person, data relating to health or data relating to a natural person’s sexual life or sexual orientation.
NUTRIPASS, in the context of its activities and normal operation, may collect personal data of both its customers or partners, as well as its employees as well as its partners in general, but also other natural persons with whom it transacts in the context of its operation.
Depending on the form and purpose of processing, NUTRIPASS may collect and process personal data, such as the following:
Categories of subjects | Data Categories |
Clients | Customer data, if they are natural persons or the legal representatives of legal entities. These may include: 1)Identity and demographic information (e.g. first name, last name, etc.), 2)Contact details (e.g. registered office address, telephone, email, etc.), 3)Professional details 4)Contracts 5)Account balances 6)Bank accounts 7)Special category data 8)Other relevant information |
Suppliers/Contractors | Data of NUTRIPASS suppliers, if they are natural persons or the legal representatives/representatives of legal persons. These may include:
|
Data of other Natural Persons | Data of other natural persons who visit NUTRIPASS infrastructure or cooperate with it. |
Employees (Active And Inactive) / Candidate Employees | Data of NUTRIPASS employees under any employment relationship, as well as data of former and prospective employees, which are held for purposes of operating their employment relationship with NUTRIPASS. These may include: 1. Identity and demographic information (e.g. first and last name, patronymic, etc.), 2. Insurance details (e.g. AMKA and other Social Security Institution Register details if required), 3. Contact information (e.g. postal address, telephone, email, etc.), 4. Biographical Notes, 5. Health data (e.g. medical certificates and opinions, etc.), 6. Financial data (e.g. bank accounts, etc.), 7. Details of family status (e.g. attestations and certificates, number and details of children, etc.) |
Table 1. The categories of Subjects and their data
Purposes and Legal Basis of Processing
NUTRIPASS may collect and process personal data of the natural persons mentioned in the above paragraph who make use of its services and products. In principle, NUTRIPASS may collect and process personal data for the following purposes with the corresponding legal bases of processing:
PURPOSE OF PROCESSING | LEGAL BASIS |
The collection, processing, cross-checking and transmission of data of the Tax, Insurance and Labor Administration exclusively for the support and operation of the framework of its responsibilities | 1. Compliance with a legal obligation [art. 6 §1 c) G.K.P.D.] and/or 2. Serving legal interests [art. 6 §1 para. f) G.K.P.D.] |
The collection and processing of the necessary data of employees and/or prospective employees and partners for the proper servicing of existing working relationships or collaboration relationships or the examination of possible future collaboration | 1. Compliance with a legal obligation [art. 6 §1 c) G.K.P.D.] and/or 2. Serving legal interests [art. 6 §1 para. f) G.K.P.D.] |
The provision of products and services | 1. Compliance with a legal obligation [art. 6 §1 c. b) G.K.P.D.] and/or 2. Serving legal interests [art. 6 §1 para. f) G.K.P.D.] |
The collection and processing of image data using closed circuit cameras (CCTV) | 1. Protection of persons and goods in accordance with Directive 1/2011 GDPR 2. Serving legal interests [art. 6 §1 para. f) G.K.P.D.] |
For any other form of processing, NUTRIPASS requests a specific written, free and prior informed consent of the subjects before starting the processing, if required. |
Table 2. The main purposes and legal bases of processing
The reference to more than one legal basis of processing does not mean that NUTRIPASS changes them (lawful basis swapping) undermining the rights of data subjects, but that there are cases where more than one legal basis of processing is applicable.
Finally, NUTRIPASS does not use as the main processing basis the consent of the data subjects (whether it is simple data or special categories), recognizing the inherent inequality that exists in its relationship with each data subject and moreover in accordance with its recommendations Working Group of No. 29 (now European Data Protection Board). Except and exceptionally, for a few cases where an additional service is provided to the subjects (i.e. beyond the legally provided), consent is used in a limited way as a legal basis for processing and only then.
Transmission/Communication of data to third parties
The personal data collected may be shared or transmitted to third parties, as long as this is required for the fulfillment of obligations by law or is necessary for the fulfillment of our services provided, in compliance with the guarantees of the relevant legislation. We may outsource some of our services to individuals or legal entities. Only those personal data that are necessary for the fulfillment of the assigned services are transmitted to these persons and they are bound to our Company in terms of confidentiality and secure processing of personal data
Rights of Natural Persons
NUTRIPASS recognizes the rights of natural persons regarding the protection of their personal data. Thus natural persons have the right to:
Communication of Natural Persons
The above rights, as well as any right related to personal data, are exercised following a written request submitted at any point that is accessible to the public, or via electronic communication, by sending a message to info@nutripass.gr and is also examined by the Communication Manager for Personal Data Subjects, who has been designated by the Company.
NUTRIPASS accepts the basic principles governing the processing of personal data. Personal data (Article 5):
NUTRIPASS keeps a record of the processing activities for which it is responsible. That file includes all of the following information:
Protection of personal data
Taking into account the nature, scope, context and purposes of the processing, as well as the risks of different probability of occurrence and severity for the rights and freedoms of natural persons, NUTRIPASS implements appropriate technical and organizational measures in order to ensure and be able to prove that the processing is carried out in accordance with the G.K.P.D., adopting and applying a holistic personal data security policy.
When assessing the appropriate level of security by NUTRIPASS, particular consideration is given to the risks arising from processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access of personal data transmitted, stored or otherwise submitted in processing.
To prevent a case of personal data breach, NUTRIPASS as controller has adopted and implements a policy against attacks on the information systems it owns and manages, as well as a specific policy for managing any incidents of personal data breach.
Staff training
NUTRIPASS accepts that the protection of personal data presupposes the awareness of its human resources regarding the protection of personal data. In this direction, it accepts the adoption and application of the principle of the orientation of due education by exploiting the Fair Information Practices (FIP), which condense a set of standards that govern the collection and use of personal data and the treatment of privacy issues and accuracy. NUTRIPASS aims to make its human resources aware of basic concepts of personal data protection.
Our Company has accounts on the following social media:
In the above media our Company processes personal data (such as your username and possibly your photo) in order to provide information about our activities and services and an additional way of communication.
By actions such as liking or following our specific page (“follow”), you consent to the relevant processing, i.e. to the processing of the username you use and any photo of you that accompanies it. The withdrawal of consent is done by the social media itself with the exact same but reverse process (unlike, unfollow).
In any case, we declare to you that we do not know and are not responsible for whether the social media in question carry out further processing of personal data, whether they have additional processing purposes, whether they carry out transfers to third countries, whether they use executors and sub-executors processing, if they carry out profiling and the way they carry out the overall processing of personal data.
We recommend that before providing any consent, you consult the privacy policy of the social media in question. In the event that by your own actions you upload your own photos to our page in the above media or additional personal data, you yourself bear the responsibility for this processing. Due to the particular ease of sharing photos and other personal data on social media, we recommend that you use them while assessing the potential risks arising from their publication.
Our Company does not and cannot exercise influence and control regarding the nature and extent of personal data collected and held by social networking platforms as a condition or result of their use and bears no responsibility for the collection and processing of personal data. of data carried out by them. For more information about the purposes of collection and the further processing and use of Personal Data Protection Policy.
The implementation of the General Data Protection Regulation (G.K.P.D.) is a priority for the Ioannis Antoniou tou Georgiou Individual Enterprise (NUTRIPASS).
Details of the Controller
The Individual Enterprise of Ioannis Antoniou of Georgiou henceforth NUTRIPASS accepts as personal data: Any information concerning natural persons, as an identified or identifiable living person. For example, this information includes their name, home address, social security number, Internet Protocol (IP) code, health and insurance information, employment status, and more.
Special category data, such as data relating to health, racial or ethnic origin, trade union activity and others, receive special protection.
The rules apply when the collection, use and storage of individuals’ data is done digitally or in paper form through a structured filing system.
This policy is in accordance with the EU General Data Protection Regulation. (G.K.P.D.), as well as with opinions / decisions issued by the Personal Data Protection Authority.
10)”Personal Data Breach”: the breach of security resulting in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access of personal data transmitted, stored or otherwise processed;
11) “Special Category Data”: personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, as well as the processing of genetic data, biometric data for the purpose of unambiguous identification of a person, data relating to health or data relating to a natural person’s sexual life or sexual orientation.
NUTRIPASS, in the context of its activities and normal operation, may collect personal data of both its customers or partners, as well as its employees as well as its partners in general, but also other natural persons with whom it transacts in the context of its operation.
Depending on the form and purpose of processing, NUTRIPASS may collect and process personal data, such as the following:
Categories of Subjects | Data Categories |
Clients | Customer data, if they are natural persons or the legal representatives of legal entities. These may include:
|
Suppliers/Contractors | Data of NUTRIPASS suppliers, if they are natural persons or the legal representatives/representatives of legal persons. These may include:
|
Data of other Natural Persons | Data of other natural persons who visit NUTRIPASS infrastructure or cooperate with it. |
Employees (Active And Inactive) / Candidate Employees | Data of NUTRIPASS employees under any employment relationship, as well as data of former and prospective employees, which are held for purposes of operating their employment relationship with NUTRIPASS. These may include:
|
Table 1. The categories of Subjects and their data
Purposes and Legal Basis of Processing
NUTRIPASS may collect and process personal data of the natural persons mentioned in the above paragraph who make use of its services and products. In principle, NUTRIPASS may collect and process personal data for the following purposes with the corresponding legal bases of processing:
PURPOSE OF PROCESSING | LEGAL BASIS |
The collection, processing, cross-checking and transmission of data of the Tax, Insurance and Labor Administration exclusively for the support and operation of the framework of its responsibilities | 1. Compliance with a legal obligation [art. 6 §1 c) G.K.P.D.] and/or 2. Serving legal interests [art. 6 §1 para. f) G.K.P.D.] |
The collection and processing of the necessary data of employees and/or prospective employees and partners for the proper servicing of existing working relationships or collaboration relationships or the examination of possible future collaboration | 1. Compliance with a legal obligation [art. 6 §1 c) G.K.P.D.] and/or 2. Serving legal interests [art. 6 §1 para. f) G.K.P.D.] |
The provision of products and services | 1. Compliance with a legal obligation [art. 6 §1 c. b) G.K.P.D.] and/or 2. Serving legal interests [art. 6 §1 para. f) G.K.P.D.] |
The collection and processing of image data using closed circuit cameras (CCTV) | 1. Protection of persons and goods in accordance with Directive 1/2011 GDPR 2. Serving legal interests [art. 6 §1 para. f) G.K.P.D.] |
For any other form of processing, NUTRIPASS requests a specific written, free and prior informed consent of the subjects before starting the processing, if required. |
Table 2. The main purposes and legal bases of processing
The reference to more than one legal basis of processing does not mean that NUTRIPASS changes them (lawful basis swapping) undermining the rights of data subjects, but that there are cases where more than one legal basis of processing is applicable.
Finally, NUTRIPASS does not use as the main processing basis the consent of the data subjects (whether it is simple data or special categories), recognizing the inherent inequality that exists in its relationship with each data subject and moreover in accordance with its recommendations Working Group of No. 29 (now European Data Protection Board). Except and exceptionally, for a few cases where an additional service is provided to the subjects (i.e. beyond the legally provided), consent is used in a limited way as a legal basis for processing and only then.
Transmission/Communication of data to third parties
The personal data collected may be shared or transmitted to third parties, as long as this is required for the fulfillment of obligations by law or is necessary for the fulfillment of our services provided, in compliance with the guarantees of the relevant legislation. We may outsource some of our services to individuals or legal entities. Only those personal data that are necessary for the fulfillment of the assigned services are transmitted to these persons and they are bound to our Company in terms of confidentiality and secure processing of personal data.
Rights of Natural Persons
NUTRIPASS recognizes the rights of natural persons regarding the protection of their personal data. Thus natural persons have the right to:
Communication of Natural Persons
The above rights, as well as any right related to personal data, are exercised following a written request submitted at any point that is accessible to the public, or via electronic communication, by sending a message to info@nutripass.gr and is also examined by the Communication Manager for Personal Data Subjects, who has been designated by the Company.
Processing principles
NUTRIPASS accepts the basic principles governing the processing of personal data. Personal data (Article 5):
Archive of processing activities
NUTRIPASS keeps a record of the processing activities for which it is responsible. That file includes all of the following information:
Protection of personal data
Taking into account the nature, scope, context and purposes of the processing, as well as the risks of different probability of occurrence and severity for the rights and freedoms of natural persons, NUTRIPASS implements appropriate technical and organizational measures in order to ensure and be able to prove that the processing is carried out in accordance with the G.K.P.D., adopting and applying a holistic personal data security policy.
When assessing the appropriate level of security by NUTRIPASS, particular consideration is given to the risks arising from processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access of personal data transmitted, stored or otherwise submitted in processing.
To prevent a case of personal data breach, NUTRIPASS as controller has adopted and implements a policy against attacks on the information systems it owns and manages, as well as a specific policy for managing any incidents of personal data breach.
Staff training
NUTRIPASS accepts that the protection of personal data presupposes the awareness of its human resources regarding the protection of personal data. In this direction, it accepts the adoption and application of the principle of the orientation of due education by exploiting the Fair Information Practices (FIP), which condense a set of standards that govern the collection and use of personal data and the treatment of privacy issues and accuracy. NUTRIPASS aims to make its human resources aware of basic concepts of personal data protection.
Update on the processing of personal data in Social Networking Media
Our Company has accounts on the following social media:
In the above media our Company processes personal data (such as your username and possibly your photo) in order to provide information about our activities and services and an additional way of communication.
By actions such as liking or following our specific page (“follow”), you consent to the relevant processing, i.e. to the processing of the username you use and any photo of you that accompanies it. The withdrawal of consent is done by the social media itself with the exact same but reverse process (unlike, unfollow).
In any case, we declare to you that we do not know and are not responsible for whether the social media in question carry out further processing of personal data, whether they have additional processing purposes, whether they carry out transfers to third countries, whether they use executors and sub-executors processing, if they carry out profiling and the way they carry out the overall processing of personal data.
We recommend that before providing any consent, you consult the privacy policy of the social media in question. In the event that by your own actions you upload your own photos to our page in the above media or additional personal data, you yourself bear the responsibility for this processing. Due to the particular ease of sharing photos and other personal data on social media, we recommend that you use them while assessing the potential risks arising from their publication.
Our Company does not and cannot exercise influence and control regarding the nature and extent of personal data collected and held by social networking platforms as a condition or result of their use and bears no responsibility for the collection and processing of personal data. of data carried out by them. For more information about the purposes of collection and the further processing and use of Personal Data Privacy Policy
Application Statement
The implementation of the General Data Protection Regulation (G.K.P.D.) is a priority for the Ioannis Antoniou tou Georgiou Individual Enterprise (NUTRIPASS).
Details of the Controller
The Individual Enterprise of Ioannis Antoniou of Georgiou henceforth NUTRIPASS accepts as personal data: Any information concerning natural persons, as an identified or identifiable living person. For example, this information includes their name, home address, social security number, Internet Protocol (IP) code, health and insurance information, employment status, and more.
Special category data, such as data relating to health, racial or ethnic origin, trade union activity and others, receive special protection.
The rules apply when the collection, use and storage of individuals’ data is done digitally or in paper form through a structured filing system.
This policy is in accordance with the EU General Data Protection Regulation. (G.K.P.D.), as well as with opinions / decisions issued by the Personal Data Protection Authority.
Definitions
Categories of Personal Data Collected
NUTRIPASS, in the context of its activities and normal operation, may collect personal data of both its customers or partners, as well as its employees as well as its partners in general, but also other natural persons with whom it transacts in the context of its operation.
Depending on the form and purpose of processing, NUTRIPASS may collect and process personal data, such as the following:
CATEGORIES OF SUBJECTS | DATA CATEGORIES |
Clients | Customer data, if they are natural persons or the legal representatives of legal entities. These may include:
|
Suppliers/Contractors | Data of NUTRIPASS suppliers, if they are natural persons or the legal representatives/representatives of legal persons. These may include:
|
Data of other Natural Persons | Data of other natural persons who visit NUTRIPASS infrastructure or cooperate with it. |
Employees (Active And Inactive) / Candidate Employees | Data of NUTRIPASS employees under any employment relationship, as well as data of former and prospective employees, which are held for purposes of operating their employment relationship with NUTRIPASS. These may include:
|
Table 1. The categories of Subjects and their data
Purposes and Legal Basis of Processing
NUTRIPASS may collect and process personal data of the natural persons mentioned in the above paragraph who make use of its services and products. In principle, NUTRIPASS may collect and process personal data for the following purposes with the corresponding legal bases of processing:
PURPOSE OF PROCESSING | LEGAL BASIS |
The collection, processing, cross-checking and transmission of data of the Tax, Insurance and Labor Administration exclusively for the support and operation of the framework of its responsibilities | 1. Compliance with a legal obligation [art. 6 §1 c) G.K.P.D.] and/or 2. Serving legal interests [art. 6 §1 para. f) G.K.P.D.] |
The collection and processing of the necessary data of employees and/or prospective employees and partners for the proper servicing of existing working relationships or collaboration relationships or the examination of possible future collaboration | 1. Compliance with a legal obligation [art. 6 §1 c) G.K.P.D.] and/or 2. Serving legal interests [art. 6 §1 para. f) G.K.P.D.] |
The provision of products and services | 1. Compliance with a legal obligation [art. 6 §1 c. b) G.K.P.D.] and/or 2. Serving legal interests [art. 6 §1 para. f) G.K.P.D.] |
The collection and processing of image data using closed circuit cameras (CCTV) | 1. Protection of persons and goods in accordance with Directive 1/2011 GDPR 2. Serving legal interests [art. 6 §1 para. f) G.K.P.D.] |
For any other form of processing, NUTRIPASS requests a specific written, free and prior informed consent of the subjects before starting the processing, if required. |
Table 2. The main purposes and legal bases of processing
The reference to more than one legal basis of processing does not mean that NUTRIPASS changes them (lawful basis swapping) undermining the rights of data subjects, but that there are cases where more than one legal basis of processing is applicable.
Finally, NUTRIPASS does not use as the main processing basis the consent of the data subjects (whether it is simple data or special categories), recognizing the inherent inequality that exists in its relationship with each data subject and moreover in accordance with its recommendations Working Group of No. 29 (now European Data Protection Board). Except and exceptionally, for a few cases where an additional service is provided to the subjects (i.e. beyond the legally provided), consent is used in a limited way as a legal basis for processing and only then.
Transmission/Communication of data to third parties
The personal data collected may be shared or transmitted to third parties, as long as this is required for the fulfillment of obligations by law or is necessary for the fulfillment of our services provided, in compliance with the guarantees of the relevant legislation. We may outsource some of our services to individuals or legal entities. Only those personal data that are necessary for the fulfillment of the assigned services are transmitted to these persons and they are bound to our Company in terms of confidentiality and secure processing of personal data
Rights of Natural Persons
NUTRIPASS recognizes the rights of natural persons regarding the protection of their personal data. Thus natural persons have the right to:
Communication of Natural Persons
The above rights, as well as any right related to personal data, are exercised following a written request submitted at any point that is accessible to the public, or via electronic communication, by sending a message to info@nutripass.gr and is also examined by the Communication Manager for Personal Data Subjects, who has been designated by the Company.
Processing principles
NUTRIPASS accepts the basic principles governing the processing of personal data. Personal data (Article 5):
Communication of Natural Persons
The above rights, as well as any right related to personal data, are exercised following a written request submitted at any point that is accessible to the public, or via electronic communication, by sending a message to info@nutripass.gr and is also examined by the Communication Manager for Personal Data Subjects, who has been designated by the Company.
Processing principles
NUTRIPASS accepts the basic principles governing the processing of personal data. Personal data (Article 5):
Archive of processing activities
NUTRIPASS keeps a record of the processing activities for which it is responsible. That file includes all of the following information:
Protection of personal data
Taking into account the nature, scope, context and purposes of the processing, as well as the risks of different probability of occurrence and severity for the rights and freedoms of natural persons, NUTRIPASS implements appropriate technical and organizational measures in order to ensure and be able to prove that the processing is carried out in accordance with the G.K.P.D., adopting and applying a holistic personal data security policy.
When assessing the appropriate level of security by NUTRIPASS, particular consideration is given to the risks arising from processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access of personal data transmitted, stored or otherwise submitted in processing.
To prevent a case of personal data breach, NUTRIPASS as controller has adopted and implements a policy against attacks on the information systems it owns and manages, as well as a specific policy for managing any incidents of personal data breach.
Staff training
NUTRIPASS accepts that the protection of personal data presupposes the awareness of its human resources regarding the protection of personal data. In this direction, it accepts the adoption and application of the principle of the orientation of due education by exploiting the Fair Information Practices (FIP), which condense a set of standards that govern the collection and use of personal data and the treatment of privacy issues and accuracy. NUTRIPASS aims to make its human resources aware of basic concepts of personal data protection.
Update on the processing of personal data in Social Networking Media
Our Company has accounts on the following social media:
In the above media our Company processes personal data (such as your username and possibly your photo) in order to provide information about our activities and services and an additional way of communication.
By actions such as liking or following our specific page (“follow”), you consent to the relevant processing, i.e. to the processing of the username you use and any photo of you that accompanies it. The withdrawal of consent is done by the social media itself with the exact same but reverse process (unlike, unfollow).
In any case, we declare to you that we do not know and are not responsible for whether the social media in question carry out further processing of personal data, whether they have additional processing purposes, whether they carry out transfers to third countries, whether they use executors and sub-executors processing, if they carry out profiling and the way they carry out the overall processing of personal data.
We recommend that before providing any consent, you consult the privacy policy of the social media in question. In the event that by your own actions you upload your own photos to our page in the above media or additional personal data, you yourself bear the responsibility for this processing. Due to the particular ease of sharing photos and other personal data on social media, we recommend that you use them while assessing the potential risks arising from their publication.
Our Company does not and cannot exercise influence and control regarding the nature and extent of personal data collected and held by social networking platforms as a condition or result of their use and bears no responsibility for the collection and processing of personal data. of data carried out by them. For more information on the purposes of collection and further processing and use of personal data by social networking platforms as well as on the rights and available settings to protect your privacy and your personal data, please consult the privacy policy of the respective social networking platform.
Update on the processing of personal data through a video surveillance system
We use a surveillance system for the purpose of protecting people and property. The processing is necessary for the purposes of legitimate interests pursued by us as a controller (Article 6 para. 1. f GDPR)
Our legal interest consists in the need to protect our site and the goods located in it from illegal acts, such as theft. The same applies to the safety of life, physical integrity, health and property of our staff and third parties who are legally present in the supervised area. We only collect image data and limit downloads to areas we have assessed as having an increased likelihood of illegal acts being committed e.g. theft, without focusing on areas where the privacy of the persons whose image is taken may be unduly restricted, including their right to respect for personal data.
We inform you that for the purpose of informing both employees and visitors, warning signs regarding the use of a recording circuit have already been placed in clearly visible places in our company’s factory, in accordance with the requirements set by the A.P.D. E.G.
Amendment
This policy may need modification regarding the processing of personal data. In the event that the modification of the terms in question is of such a nature and extent that it is not covered by the above data processing terms, NUTRIPASS will publish the new version of the policy from the social networking platforms as well as the rights and available settings to protect your privacy and personal data, consult the privacy policy of the respective social networking platform
Update on the processing of personal data through a video surveillance system
We use a surveillance system for the purpose of protecting people and property. The processing is
necessary for the purposes of legitimate interests pursued by us as a controller (Article 6 para. 1. f GDPR)
Our legal interest consists in the need to protect our site and the goods located in it from illegal acts, such as theft. The same applies to the safety of life, physical integrity, health and property of our staff and third parties who are legally present in the supervised area. We only collect image data and limit downloads to areas we have assessed as having an increased likelihood of illegal acts being committed e.g. theft, without focusing on areas where the privacy of the persons whose image is taken may be unduly restricted, including their right to respect for personal data.
We inform you that for the purpose of informing both employees and visitors, warning signs regarding the use of a recording circuit have already been placed in clearly visible places in our company’s factory, in accordance with the requirements set by the A.P.D. E.G.
Amendment
This policy may need modification regarding the processing of personal data. In the event that the modification of the terms in question is of such a nature and extent that it is not covered by the above data processing terms, NUTRIPASS will publish the new version of the policy.
Generally
These Terms and Conditions of Use are governed by Greek law. Any dispute arising from the use of the owners’ Website shall be subject to the jurisdiction of the Greek courts. The “Terms and Conditions” constitute the entire agreement existing between the Customers (i.e. you) and the owners and supersede any other possible agreement that may exist between your. PERSONAL DATA AND HEALTH DATA IN CASE OF COLLABORATION a dietitian must:
. To keep a Processing File for the personal data and health data of its customers. The Processing File records the processing activities for which it is responsible. The file must include: 1) Name and contact details of controller, representative and DPO (if it has defined) 2) Purposes of processing, 3) Categories of data subjects (e.g. customers, employees) 4) Categories of recipients to whom the data is disclosed 5) Transfers to third countries or international organizations 6) Anticipated erasure deadlines 7) Technical and organizational measures security
. To inform the customer during the stage of receiving the personal data about the information collected, the purposes for which it is collected, the security measures it observes, potential recipients of the data – only if this is necessary for the provision of the dietary service – and the rights of the customers, in terms of the protection of their data. The above obligation can be paid by quoting the following appropriately adapted statement on the customer form when receiving the data:
According to articles 6 par. 1b) and 13 of the General Regulation of the Protection of Personal Data of the E.U. (GDPR) it is necessary to keep a record in order to carry out dietetic operations, in which the following are recorded: Name, surname, gender, age, profession, customer address, customer e-mail address, dates of visit, physical data (weight, height, body dimensions, measurements of fat, muscle mass, etc.), reason for the visit, results of clinical and paraclinical examinations, diets. This file is kept for a period of 5 years after your last visit.
The dietician observes the necessary security measures to safeguard your personal data.
As a customer regarding your personal data, you have the following rights:
. Have an information form and obtain the consent of its clients if it is going to use data for purposes other than the provision of nutritionist services: If the clients’ personal data is to be used for other purposes (e.g. sending a message to remind a recheck , phone call for an appointment, use of data for clinical research, product promotion), then the dietitian must:
The above obligation to inform (b) can be paid by quoting on the customer form when receiving the data.
. To recognize and respect the rights of Customers:
2) When a client submits a request exercising any of the above rights, the dietitian must respond within 1 month either satisfying the right (e.g. giving the client a copy of the file) or rejecting the request with reasons (e.g. denying a deletion request ) or explaining the reasons for the delay. In case of delay, however, he must respond positively or negatively within 3 months of the request.
3) When the period of five years has passed since the last visit, the personal data of the customers must be destroyed.
. To apply technical security measures:
To use a strong – difficult password (e.g. not “1234”) to enter the systems and applications and to change them at regular intervals.
Disabling storage media (e.g. USB) where it is not needed (e.g. office PC).
Use of modern computer operating systems and their continuous updating.
Use of anti-malware (antivirus) software.
Activating a Protection Wall (Firewall) on the computer.
Avoid using free software (free download).
Avoid using and granting privileged access rights to the ordinary user (Local Administrator rights).
Take backups at regular intervals.
Avoid using free e-mails, e.g. Yahoo, to send and receive health data, e.g. medical examinations.
Local computer disk encryption through the operating system.
Encrypt external storage devices (eg external hard drive, USB, etc.).