Back to top

PRIVACY POLICY

INTRODUCTION

AGRIS S.A., Klidi Imathias – Platanos, 590 32, Imathia, Greece VAT Number: 099771460, (hereinafter «AGRIS»), commits to the protection of your privacy and personal data, in accordance with the requirements of EU General Data Protection Regulation (GDPR).

AGRIS constitutes the Data Controller of the personal data that are collected with the means and for the purposes described in this Privacy Notice. This Privacy Notice aims to keep you informed regarding the personal data that we hold about you, as well as for the purposes of collecting, storing, using and transferring these personal data. It is also intended to inform you of the rights you have under the GDPR for the protection of your personal data.

For any issues related to the processing and management of personal data, you may contact our Data Protection Officer, Mr. Petros Papadionisiou, at dpo@agris.gr.

TYPES OF INFORMATION WE COLLECT

AGRIS collects and processes personal data belonging to its customers, prospects, candidates for job positions, suppliers and business partners, as well as visitors to its website and premises. These personal data include:

  • Identification and contact details (name, surname, job address, home address, email address, mobile and land line numbers, Identity Card number).

  • Tax and financial details (name, surname, VAT number, job address, profession, bank account).

  • Data produced when visitors browse our website, such as: IP address, type and version of browser, operational system and other relevant data. Our Cookies Policy describes the above in detail.

  • Images and videos from CCTV footage of people visiting our premises.

  • Professional and academic qualifications included in the CVs and job applications sent by job applicants.

Note: The processing of personal data for our employees is addressed in a separate Privacy Notice.

WHY WE NEED YOUR DATA

We would like to keep you updated on the collection and use of the personal data that we hold about you. We will never ask for more information than what we need to fulfil your requests and to efficiently communicate with you. In general, we collect personal data to:

  • issue and record the legal tax documents relating to your transactions with us;

  • make and receive payments;

  • communicate and cooperate with you for the purposes of our business relationship;

  • comply with legally binding procedures;

  • send you bids and confirm your orders;

  • execute your orders and to deliver our products to you;

  • assess your qualifications before hiring you to work for AGRIS;

  • ensure the safety of our premises;

  • track how our web site is used;

  • receive your feedback on problems you may encounter when collaborating with us.

CONSENT

We always seek your consent when we are going to use your personal data for purposes other than those related to the provision of our products and services, e.g. for sending informational emails and newsletters. You must know that you can always withdraw your consent for receiving emails and newsletters from us by clicking in the relevant link that is always included in such communications.

If you transfer a third party's personal information to us, you are responsible for having informed that person about the use of their information and for obtaining their express consent that this information is provided for the purposes explained above.

LAWFULLNESS OF PROCESSING

The lawful bases we rely on for processing your personal data, depend on the type or data and the on the context of processing and include:

  1. performance of a contract (including any Client Agreement), where we need your Personal Data to perform our obligations under a Client Agreement or other binding contract - Art. 6 GDPR, par. 1 (b);

  2. compliance with a legal obligation to which we are subject such as tax and social security legislation - Art. 6 GDPR, par. 1 (c);

  3. your consent when it comes to sending informational emails and newsletters - Art. 6 GDPR, par. 1 (a);

  4. our legitimate interests, where the processing is necessary for protecting our legitimate business interests such as to safeguard the security of our products or to prevent unauthorized or malicious activities- Art. 6 GDPR, par. 1 (f).

TRANSFER OF YOUR INFORMATION

We will never transfer your personal data to third parties, unless it is necessary for the processing purposes explained above. When such a transfer is required, we ensure that only the minimum amount of information necessary for the specific purpose is shared.

Notwithstanding relevant legal provisions, our business partners are contractually bound to us to protect your personal data in accordance with our policies and to comply with the applicable laws and regulations on privacy and personal data.

Some indicative recipients of your personal information include:

  • State authorities and law enforcement agencies, when this is required for the fulfilment of a legally or administratively defined obligation or the performance of an audit (e.g. from tax authorities) and in accordance with the relevant legal procedures.

  • Business partners (e.g. cloud service providers, banks, accounting services, transporters, courier services, legal advisors, consultants, etc.).

RETENTION AND DELETION OF YOUR PERSONAL DATA

We retain and store your personal data until it is no longer necessary for providing our products and services to you or no other reason exists that requires their retention. The reasons for retaining your data are determined on a case-by-case basis and depend on the nature of the data, the purposes for collecting and processing them and on the relevant legal and operational requirements. The criteria used to determine the retention period include:

  • When processing your personal data for the performance of a contract signed between us, we retain the data for as long as this contract is valid and for an additional period required for the establishment, exercise and/or support of legal claims that may arise from this contract.

  • When processing your personal data to comply with legal obligations to which we are subject, we retain the data for as long as the relevant provisions require. As an example, we retain personal data included in invoices and other tax documents for at least 10 years as provided by the current tax legislation.

  • When processing your personal data for protecting our legitimate interests, we retain the data for as long as necessary for the fulfilment of the aforementioned legitimate interests.

  • When processing your personal data relying on your consent, we retain the data until you withdraw your consent or when they are no longer necessary for the purpose for which we asked for them. Please be aware that the withdrawal of consent does not affect the legality of the processing carried out based on that consent prior to its revocation.

After the end of retention period, your personal data are destroyed, deleted or anonymized.

YOUR RIGHTS

You must know that according to the General Data Protection Regulation, you have certain rights regarding your personal data handled by us. Specifically:

  • Right to be informed: you have the right to be informed about how and why your data is used.

  • Right of access: you have the right to access the personal data held about you.

  • Right to rectification: you have the right to ask us to rectify your data if you believe that it is inaccurate.

  • Right to erasure (“right to be forgotten”): you have the right to ask us to erase your personal data without undue delay, if there are specific reasons.

  • Right to restriction of processing: you have the right to ask us to restrict processing of your data when (a) the accuracy of the data is questioned until verified, (b) the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead, (c) we no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims and (d) you have objected to processing pending the verification whether the legitimate grounds of AGRIS override those of you.

  • Right to data portability: you have the right to receive your personal data in a structured, commonly used and machine-readable format and to transmit those data to another controller. This right is valid for data provided by you and their processing is carried out by automated means based on your consent or in execution of a relevant contract.

  • Right to object: you have the right to object to the processing of your personal data, if specific reasons exist.

  • Right to withdraw your consent: You can withdraw your consent at any time, without affecting the lawfulness of the processing up to the point of withdrawal.

  • Automated individual decision-making: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

To ask us to do anything of the above, you can contact our DPO, Mr. Petros Papadionisiou, at dpo@agris.gr.

We will promptly examine your request against the relevant requirements of the GDPR and we will answer the latest within 30 days after receiving your request. We will ask you for some kind of identification (e.g. photocopy of your identity card or passport) to avoid non-authorized reveal of your personal data. If, for reasons of complexity of the request or a multitude of requests, we are unable to respond promptly, we will notify you within 30 days of any delay, which in no case may exceed two months from the expiration of the 30-day deadline.

The request to exercise a legally granted right does not always guarantee that it can be fully satisfied, particularly when other legal provisions impose limitations. If we are unable to fulfil your request, we will inform you of the reasons.

To ensure that your personal data are always accurate and updated, we recommend you keep us informed about your data, as needed (e.g. in case of a change in a street or email address).

If you feel that your rights regarding your personal data are being compromised, you have the right to submit a complaint to the competent Data Protection Authority: http://www.dpa.gr, Kifissias 1-3, T.K. 115 23, Athens, tel. 210 6475600, email: complaints@dpa.gr.

SECURITY

We apply protection technologies, data safety policies and other measures to protect personal data under our control from unauthorized access, inappropriate use, alteration, illegal or accidental destruction or loss. We also require from all our employees and any third party that have access to or are authorized to process your data, to be bound by a contract to protect your data.

We have established procedures to address any potential data security breaches and will notify you and the relevant authorities in accordance with applicable legal requirements. We reserve the right to address incidents beyond our control, which may arise from special circumstances, force majeure, or network failures.

DISCLAIMER OF LIABILITY FOR THIRD PARTY WEBSITES

Although our website may contain links to third-party sites, we are not responsible for the privacy practices or content of these sites, and we expressly disclaim any liability for any loss or damage that may be caused by the use of these links. We do not monitor the privacy practices or the content of these sites. If you have any questions about the privacy practices of another site, you should contact the site's responsible personnel. We suggest you read the privacy policy of each website you interact with, before allowing the collection and use of your personal data.

We may also provide social media features that allow you to share information on your social networks and interact with AGRIS on various social media sites. The use of these social media features may result in the collection or sharing of information about you. We recommend that you check the privacy policies and regulations of the social networking sites you interact with, so that you can be sure that you understand what information may be collected, used and disclosed by these sites.

PERSONAL DATA OF MINORS

We do not knowingly collect and / or retain data regarding persons under the age of 16. If a parent or guardian becomes aware that his or her child has provided us with information without their consent, he or she should contact us at dpo@agris.gr. We will delete such information from our files within a reasonable time

CONTACT

We encourage you to reach out to us regarding any matters related to your personal data and the protection of your privacy, including:

  • Updating your information,

  • Changing how you want us to communicate with you,

  • Asking questions or making comments about our privacy practices and this Privacy Policy.

You may contact us regarding the above or any other relevant issues using the following contact details:

AGRIS, 59 300 – KLIDI IMATHIAS
Τel.: +30 23330 53500
e-mail: dpo@agris.gr
freefone: 800 11 53500

REVISIONS OF THIS PRIVACY POLICY

This Privacy Policy is valid from 13/06/2024 and replaces any other previous notifications that we had issued in the past regarding our personal data management practices. We reserve the right to revise this Policy at any time. The current version will be always uploaded to our website indicating the date of entry into force, so you know when the most recent revision took place. If there are critical changes in this policy or our personal data practices change significantly in the future, we will notify you by posting the changes on our website.