This privacy notice has been prepared in accordance with the provisions of the Regulation (EU) 2016/679 on the Protection of Personal Data (“GDPR”). We recommend that you read carefully this notice in order to be informed about the processing of your personal data when you visit our website. We may amend this notice at any time and at our discretion. The amendments will be published on our website. Please check this notice regularly to be informed of any amendments.
1. The controller of your personal data
“SARMED S.A.” (the “Company”, “we”, “our”) is the controller of personal data collected and saved when you visit our website www.sarmed.gr/web. For any matter relating to the processing of your personal data, including the exercise of your rights and more information on the balancing test between our legitimate interest to process your personal data, where appropriate, and your interests you may contact us by email at firstname.lastname@example.org
2. Categories of personal data, purpose and legal basis of processing personal data, and storage periods
When you visit our website we collect from you and process personal data depending on your use of our website. Therefore:
- When you visit our website we collect and process your IP address and your activity in our website. The purpose of processing these personal data is to monitor the use of our website in order to improve it and protect it. The legal basis for processing these personal data is our legitimate interest to safeguard the smooth operation of our website and optimize its function and management. We will retain these personal data for a period of 6 months from the day of your last visit to our website.
- When you contact us either through a communication form hosted on our website or email we collect and process your full name, your country of origin, your email address, the company you represent and your position, and any information you include in the communication form or in your email. The purpose of processing these personal data is to address your request, query or comment, and support our shareholders and investors. The legal basis for processing of these personal data is our (a) legitimate interest to conduct our activities through our website in the best possible manner and support our visitors, investors and shareholders and (b) legal obligation to comply with the capital market legislation, where necessary. We will retain these personal data for a period of 6 months from the day you submit the communication form or send your email to us and delete them afterwards.
- When you send us your resume through our website we collect and process the personal data included in your resume.
A portion of your personal data is collected through cookies and other similar techniques. Please refer to our cookies policy for more information.
Your personal data is not subject to any automated-decision making including profiling. You have no statutory or contractual obligation to provide your personal data to us. Unless you do so, we will not be in a position to address your request or consider your resume.
3. Your rights
a. Right of Access. You have the right to obtain from the data processor confirmation as to whether your personal data is being processed, request details of the processing activities, and obtain a copy of your personal data undergoing processing.
b. Right to Rectification, Erasure and Restriction. You have the right to request the rectification, erasure or restriction of processing (as appropriate) of your personal data.
We will satisfy your right of access or to rectification within one month. If your request is complicated or you have submitted numerous requests, we may need more time to satisfy your rights. In any case, we will inform you within one month if we will need more time.
Please be aware that any requests failing to satisfy all requirements of the applicable legislation or any requests that are manifestly unfounded or excessive, in particular because of their repetitive nature, may need to be composed again or may be rejected. Also, please note that some personal data may be excluded from such requests for access, rectification and erasure, in accordance with the applicable data protection legislation.
c. Right to data portability. You have the right to receive your personal data, which you have provided to us, in a structured, commonly used and machine-readable format and, in some cases, at your request we will transmit your personal data directly to another controller, where technically feasible.
d. Right to object. You have the right, in some cases, to demand that we stop processing your personal data. However, if there are compelling legitimate grounds for the processing which override your interests, rights and freedoms, we will continue to process your personal data. In any case, you have the right to object to the use of your personal data for direct marketing purposes, including profiling. If you do so, we will satisfy your request.
e. Right to object to automated decision-making: You have the right not to be subject to a decision based solely on automated processing including profiling.
f. Consent. In case you have given us your consent to process your personal data, you have the right to withdraw your consent any time. The withdrawal of consent will not affect the lawfulness of processing that was based on your consent prior to withdrawal.
When you exercise your rights, we may request some information that will help us verify your identity. If we do not satisfy your request, you have the right to file a complaint with the Hellenic Data Protection Authority (www.dpa.gr).
4. Recipients and international transfers of your personal data
Your personal data are processed only by Company employees, if necessary to carry out their duties. We also share your personal data with third parties as follows:
- Providers of services relating to the operation, maintenance and technical support of our website and data analysis services relating to the use of our website by you;
- In case the Company sells all or part of its assets to third parties, your personal data may be provided to those third parties; and
- With law enforcement or administrative authorities in order to comply with our legal obligations or a court order.
The foregoing recipients receive only data that are strictly necessary for the respective purposes and are committed to comply fully with the applicable laws for the protection of personal data.
Such third parties may be headquartered in countries of the European Economic Area (EEA) or in other parts of the world. When transferring personal data outside the EEA, we ensure an appropriate level of protection of the transferred data. Your personal data will be transferred based on your consent, based οn standard contractual clauses approved by the European Commission, based on the selection of persons/organizations participating in international programs for the free flow of data (e.g. EU-US Privacy Shield) or will be transferred to countries that the European Commission considers safe.
In any case, anyone who may have access to your personal data, either employee or business partner, is contractually bound against us to take appropriate measures for the protection of confidentiality and security of your personal data.
5. Security of personal data
We implement all appropriate technical and organizational measures to ensure the security of your personal data, the confidentiality of processing and the protection against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access and any other form of unauthorized processing. However, we cannot guarantee the security of the data transmitted to our website, as the transmission of information over the Internet can never be completely secure.
Our website may contain links to other websites. We are not responsible for the personal data protection practices, the content and the security of other websites that are not governed by this notice of personal data protection. For this reason we advise you to carefully read the personal data protection notices of those websites.