PRIVACY POLICY

Sons of N. Noulikas O.E.

Our company respects your privacy and is committed to protecting your personal data. This privacy statement aims to inform you about the personal data we collect and process while providing our services and communicating with you.

Our full details are:

Full Name: Sons of N. Noulikas O.E.
Trade Name: MONTE NOULIKAS
Postal Address: 5th km Veria – Naousa, Veria, 591 01, Greece
Contact Phone: +30 2331 067347

Purpose and Scope of the Personal Data Protection Policy

The purpose of this Policy is to establish the basic principles and rules by which our company collects, processes, and stores personal data, as defined by applicable national and EU legislation, particularly the European Regulation (EU) 679/2016 (hereinafter “the Regulation”).

General Principles of Personal Data Processing

When processing personal data, our company ensures that:

  • It collects and processes this data lawfully under applicable legislation and its provisions.
  • It processes personal data only for specific, explicit, and lawful purposes.
  • It takes appropriate technical and organizational measures to ensure the secure processing of personal data, including protection against unauthorized or unlawful processing, accidental loss, destruction, or damage. It also periodically reviews the adequacy and effectiveness of these measures.
  • It strives to keep personal data accurate and up to date.
  • It does not retain personal data longer than necessary for the purposes for which it was collected and processed, except when required:
    • To comply with a legal obligation.
    • To perform a task carried out in the public interest.
    • To establish, exercise, or defend legal claims.

Purposes of Processing

Our company collects and processes personal data for the following purposes:

  • To comply with legal obligations and its corporate statutes for its activities, such as:
    • Maintenance and technical management of ski resorts.
    • Importing ski machinery.
  • To comply with legal obligations related to insurance and tax laws concerning employees, suppliers, and customers.
  • To hire personnel and contract external partners.
  • To ensure its proper operation in accordance with its statutory purposes and existing legislation.
  • To ensure the security of personnel, facilities, and equipment.
  • To legally enter into contracts and fulfill related obligations.
  • To participate as a candidate in public and broader public sector tenders related to its activities.

Legal Basis for Processing Personal Data

Our company processes your personal data transparently, based on the principles of legality, proportionality, confidentiality, integrity, purpose limitation, accuracy, retention period limitation, and data minimization.

The legal basis for processing your personal data may include:

  • Your consent.
  • The necessity of processing for the performance of a contractual obligation.
  • The necessity of processing for compliance with a legal obligation.
  • The necessity of processing to safeguard our legitimate interests.

Processed Data

Depending on the above purposes, our company may collect and process personal data, including but not limited to:

  • Employees: Full name, father’s name, mother’s name, year and place of birth, gender, nationality, postal address, email address, phone numbers, ID card details, Tax Identification Number (TIN), Social Security Number, bank account (IBAN), marital status, work experience, CV.
  • Customers/Suppliers/External Partners: Full name, Tax Identification Number (TIN), phone number, email address, bank account (IBAN).
  • Prospective customers filling out application forms for selected used machinery: Representative’s name, phone number, email address.

Special Categories of Personal Data

Our company may collect and process special categories of personal data (“sensitive data”), such as health-related data, to fulfill insurance obligations. These data may concern not only direct company associates but also third parties (e.g., employees’ family members, children, etc.).

Likewise, in exceptional cases required by law (e.g., public procurement laws when participating in public sector tenders), our company may collect and process data concerning criminal convictions or offenses, such as criminal record certificates, always respecting the principle of proportionality.

Depending on the circumstances, our company may process the above data either as a data controller or as a data processor on behalf of third parties.

Data Retention Period

Our company retains your personal data for a limited time, depending on the purpose of processing, after which the data is deleted unless a different retention period is required or permitted by applicable law. Where consent is required for data collection and processing, you may withdraw your consent at any time without affecting the lawfulness of processing before withdrawal.

Data Subject Rights

Our company ensures that data subjects can exercise their rights regarding the collection and processing of personal data. These rights include:

  • Right of access – The right to access your data.
  • Right to rectification – The right to correct inaccurate data.
  • Right to erasure (“right to be forgotten”) – The right to request deletion of data.
  • Right to restrict processing – The right to request processing limitations.
  • Right to data portability – The right to receive and transfer your data.
  • Right to object – The right to object to processing.

Requests must be submitted to our company via email at monte@montenoulikas.gr.

We will take all reasonable measures to fulfill your request within a reasonable timeframe, but no later than one (1) month from submission and verification. This period may be extended by two additional months if the request is complex or there is a high volume of requests. In such a case, our company will notify you within one month about the delay and its reasons. If we refuse your request, we will inform you of the reasons.

Our company may reject a request if permitted under the General Data Protection Regulation (EU 2016/679).

If our company processes personal data as a data processor, it will forward relevant requests to the data controller responsible for reviewing and addressing them.

Right to Lodge a Complaint with the Data Protection Authority

If you believe your personal data protection rights have been violated, you can file a complaint with the Hellenic Data Protection Authority (HDPA). More information is available at http://www.dpa.gr.

Personal Data Breach

A “personal data breach” refers to a security violation leading to accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access to personal data collected, stored, or otherwise processed by our company.

A data breach may occur in various circumstances, including:

  • Loss, destruction, or theft of data/documents or equipment containing them.
  • Unauthorized access to personal data.
  • Disclosure of information to unauthorized third parties.
  • Cyberattacks.
  • Sending emails or correspondence to incorrect recipients.

In case of a suspected or actual data breach, our company or any employee, associate, or third party must notify us immediately at monte@montenoulikas.gr.

If our company processes data as a data processor, it will promptly notify the data controller without making independent disclosures.

This Policy may be modified at any time by our company and will be updated accordingly on this website.

October 31, 2018, Veria

Go top