1. Personal Data
The company places the utmost importance on the processing, security, and protection of the personal data of all involved parties. The company is ISO 9001 certified and has appointed a Data Protection Officer (DPO), with whom interested parties can communicate to exercise their rights or to request clarification regarding this security policy, using the following contact information:
NLG GROUP SYMVOULITIKI MONOPROSOPI IKE
Irodotou 3, 13671 Acharnes
VAT Number: 801833730
This company policy establishes the measures taken in relation to personal data, fully complying with EU Regulation 679/2016 and applicable legislation. The term “personal data” refers to information about individuals, such as full name, postal address, email address, contact number, etc., that identify or can identify a person.
The company collects personal information through various methods, always with the consent of the parties involved. As stated in procedure D.320 “Confidentiality,” company records are maintained confidentially and are accessible only to authorized personnel, namely the designated responsible party and the CEO.
2. Data Processing – Collection
Data is collected and processed for lawful purposes. It is retained for a specific period, as required by law or defined by corporate policy. Data is processed in accordance with applicable law, and the company is committed to protecting it from unauthorized or unlawful processing, accidental loss, destruction, or damage. The time and method of record retention are outlined in procedure D.550 “Control and Maintenance of Records and Registers.”
4. When Data is Collected
Data is collected during communication with the company and the use of its services—either via the contact form, program interest form, or phone—directly by company personnel or its partners.
5. How Data is Used
To provide better service to the interested parties and in compliance with personal data protection laws, data may be used for:
- Registering a new customer
- Processing an order/request
- Managing payments and collecting debts
- Entering into a contract
- Fulfilling legal obligations
- Participation in a competition
- Displaying relevant website content and related advertisements
- Improving the website, products/services, and user experience through data analysis tools
- Personalized suggestions regarding goods or services
- Updates on changes to the security policy
6. Categories of Collected Data
- Identity Data: Includes name, surname, username or similar identifier, marital status, date of birth, and gender.
- Contact Data: Includes email address, city, and phone numbers.
- Financial Data: Includes bank account and payment card details.
- Transaction Data: Includes payment details and information on products or services purchased.
- Technical Data: Includes IP address, login data, browser type and version, time zone and location, browser plug-in types and versions, operating system and platform, and other technology used to access the website.
- Profile Data: Includes username and password, past purchases/orders, interests, preferences, feedback, and survey responses.
- Usage Data: Includes information about how you use the website, products, and services.
- Marketing and Communication Data: Includes preferences for receiving promotional materials and how you prefer to be contacted.
7. Purpose Change
Data is used solely for the purposes for which it was collected. If it needs to be used for another purpose, consent must be obtained or a legal basis for the new purpose must be provided—unless the new purpose is compatible with the original one under applicable legislation.
8. Cookies and Similar Technologies
The website uses “cookies” to recognize visitors, record IP addresses, and analyze how users interact with the website. This information is used to improve services, site design, products, services, and promotional activities.
A cookie is a small data file placed on a visitor’s hard drive. A “session cookie” expires when the browser is closed, while a “persistent cookie” remains stored and allows the site to recognize the visitor on return visits. The company reserves the right to use both session and persistent cookies, as well as “Flash cookies” or similar technologies.
Flash cookies are not used for behavioral advertising and are different from browser cookies; they cannot be removed using standard browser cookie management tools.
Visitors may disable cookies via browser settings, but if they do so, the company may not be able to record purchases or allow online transactions, nor recognize registered users to grant access to their account information.
9. Children’s Privacy
The company does not knowingly collect any information from individuals under the age of 15. Children under 15 are advised not to use the website, provide any information, or make purchases without parental consent. If it is discovered that data from a child under 15 has been collected, it will be immediately deleted.
10. Data Security
The company implements appropriate physical and technological safeguards (including encryption, anonymization, or pseudonymization where necessary) to prevent accidental loss, alteration, disclosure, or unauthorized access to personal data.
Access to data is restricted to authorized employees who process the data under strict confidentiality and clear instructions. Procedure D.320 “Confidentiality” describes how the company handles confidential information.
In the event of a data breach, management, the IT department, and any affected departments are notified immediately. Actions are taken to identify the source and assess the risk level. Measures are implemented to stop the breach and prevent future incidents. Corrective actions may include changes to procedures, supplier removal, or legal action. Involved parties are also informed as necessary.
11. Data Retention
Personal data is retained only for as long as necessary to fulfill the purpose for which it was collected, including compliance with legal or tax obligations. Details are outlined in procedure D.550 “Control and Maintenance of Records and Registers.”
Under certain conditions, individuals have the right to request the deletion of their data, as described below.
12. Rights of Data Subjects
Data subjects have the right to:
- Withdraw consent
- Request access to their data
- Request data correction
- Request data deletion
- File a complaint with the supervisory authority
These rights are detailed in procedure D.240 “Handling of Personal Data Requests” and the corresponding form E.240-1 for withdrawal, access, correction, or deletion of personal data.