The company "MICHAEL LATSOS & Co. " located at 39 Ethnikis Antistaseos Street, Ionia, Thessaloniki, P.C. 57008, Tel. +30 2310 778 922, (hereinafter referred to as the "Company"), informs, in accordance with Regulation (EU) 2016/679 and the relevant provisions of the applicable Greek legislation on the protection of personal data, in its capacity as controller, its customers (hereinafter referred to as "Customers" or "Customer"), that it or third parties, on its behalf, will process their personal data, in accordance with the following:

What personal data do we collect and where do we collect it from?
α) Your identification data: full name, father’s name, mother’s name, surname, ID number, TIN, social security number, gender, nationality, date, place of birth, etc. These data are collected directly from you and/or from publicly accessible sources and/or from publicly accessible social networks (e.g. faceboook, twitter).
b) Your contact data: postal and email address, landline and mobile phone numbers, etc. The data is collected directly from you and/or from publicly accessible sources and/or social networks.
c) Data on your financial and property situation, occupation, salary, dependents, tax returns, etc. These data are collected either directly from you, or at your request, or from publicly accessible sources such as mortgage offices, land registries, etc.
d) Health data of you and/or your dependent family members, submitted to the Company by you, on your own initiative.
e) Data on your financial defaults (including but not limited to bounced checks, terminations of loan and credit agreements, payment orders, garnishments and checks for payment, petitions and judgments of reorganization or bankruptcy, etc.). Such data is collected by the Company, in the context of your business dealings with the Company, from publicly accessible sources such as Courts, etc.
f) Data identifying the Customer’s electronic identity, such as the internet protocol address (IP Address).
It is noted that, with the exception of your data under (a) and (b) above, which are absolutely necessary for any transactional or contractual relationship with the Company, the type and amount of other data collected depends in each case on the type of contract either to be concluded or existing with the Company, and/or the product or service offered or provided.

Why do we collect your personal data and how do we process them?
Your personal data, as mentioned above, collected are processed for the Company’s compliance with the obligations imposed by the legal, regulatory and supervisory framework in force at the time, as well as the decisions of any public authorities or Courts, as well as the defence of the rights and fulfilment of the Company’s legitimate interests, as detailed below: a) The above under (a) and (b) for the purpose of identifying you and communicating with you during the stage of both the pre-contractual and contractual relationship with you (sale of goods), its execution and generally the smooth operation of the Company and the fulfilment of our obligations towards you.
b) In the case of the granting of credit, (c) to (e) for
i. the assessment of the credit risk that the Company is required to assume or has already assumed,
ii. monitoring the development of the debt,
iii. preventing or limiting the likelihood of your default under your contract(s) with the Company,
and iv. pursuing the collection of any amounts due to the Company from the operation of your contract(s) with the Company.
c) Data, including but not limited to the data under (h) above, to prevent fraud against the Company or other customers of the Company, as well as any other illegal act.

To whom do we transmit your personal data?
Your personal data may be transmitted to the persons listed below:
a) To the Company’s employees who are responsible for the evaluation of your requests, the management and operation of your contract(s) with the Company, for the fulfilment of the obligations arising from it(s), as well as the relevant obligations imposed by law.
b) To entities to which the Company entrusts the performance of specific tasks on its behalf (processors), such as lawyers, law firms, notaries and bailiffs, experts, surveyors, accountants or accounting firms, natural or legal persons, on behalf of the Company, as well as IT application maintenance service providers, subject to the condition of confidentiality in each case.
c) To supervisory, independent, judicial, public and/or other authorities within the scope of their competence.
d) To companies that perform the processing of your data on behalf of the Company for the purposes of promoting products and/or services.

Transfer of your personal data to third countries outside the EU.
We may transfer your personal data to third countries outside the EU in the following cases:
α) Where an implementing act of the European Commission has been adopted on an adequate level of protection of personal data in that country; or
b) Where you have given your explicit consent; or
c) where the transfer is necessary for the performance of a contract with you, in which case your data necessary for this purpose will be transferred to the bodies which are obliged to intervene; or
d) where the Company is obliged to do so by a provision of law or an international contract or a court decision; or
e) in the context of the Company’s compliance with the rules, as they result from the international obligations of Greece, or
f) if the transmission is necessary for the establishment or exercise of the Company’s rights or for the defence of its interests. Please note that in order to fulfil in particular the obligations under (d) or (e) above, we may transmit your personal data to competent national authorities in order to be forwarded through them to the respective authorities of third countries.

For how long do we keep your personal data?
In case a contract is concluded with the Company, your personal data will be kept until the statutory period of the general limitation of claims has expired, i.e. for a period of up to twenty (20) years from the termination of the relevant contract in any way. If until the expiry of the twenty (20) years, legal actions are in progress with the Company or any of its affiliated companies, directly or indirectly concerning you, this period of retention of your personal data will be extended until the issuance of an irrevocable court decision. In the event that no contract is concluded with the Company, your personal data will be kept for five (5) years from the rejection of the relevant request. In the event that a shorter or longer period of retention of your personal data is provided for by law or regulatory acts, the above data retention period will be reduced or increased accordingly. The documents bearing your signature and in which your personal data have been recorded may, at the Company’s sole discretion, after five (5) years, be kept in electronic/digital format.

What rights do you have for the protection of your personal data and how can you exercise them?
I) You have the following rights for the protection of your personal data:
a) To know which personal data we hold and process, their origin, the purposes of their processing, the recipients of such data, as well as the time of their retention (right of access).
b) To request the correction and/or completion of your personal data so that they are complete and accurate (right of rectification). In such cases, you must provide any necessary document showing the need for the correction or completion.
c) Request the restriction of the processing of your data (right of restriction).
d) To refuse and/or object to any further processing of your personal data we hold  (right to object).
e) To request the erasure of your personal data from the records we hold (right to be forgotten).
f) Request that we transfer your personal data we hold to any other controller of your choice (right to data portability).
The following is noted in relation to your rights above:
The satisfaction of your rights under (c), (d) and (e), insofar as they relate to data necessary for the establishment and/or the continuation of the operation of the contract(s), regardless of the source of collection, shall entail the automatic termination of the contract(s). The Company shall in any case have the right to refuse to comply with your request for restriction of processing or erasure of your personal data if the processing or the keeping of such data is necessary for the establishment, exercise or support of its legal rights or the fulfilment of its obligations. The exercise of the right to portability (above under f) does not entail the deletion of your data from our records, which is subject to the conditions of the immediately preceding paragraph. The exercise of the above rights shall act for the future and shall not relate to data processing already carried out.
g) To lodge a complaint with the Data Protection Authority ( if you consider that your rights are infringed in any way.
II) In order to exercise the above rights, as well as for any matter concerning your personal data, you may contact the Company in writing at the postal address: 39 Ethnikis Antistaseos, Ionia, Thessaloniki P.C. 57008, or electronically at the e-mail address: [email protected], or by telephone at the number: +30 2310 778 922.
In such cases, we will make every effort to respond to your request within thirty (30) days of its submission. The said period may be extended for sixty (60) additional days if deemed necessary at the Company’s sole discretion, taking into account the complexity of the request and the number of requests, in which case we will inform you within the aforementioned thirty (30) day period. The exercise of your rights shall not entail any charge to you. However, in the event that your requests are manifestly unfounded, excessive or repetitive, we may either ask you to bear the relevant costs, of which we will inform you, or refuse to respond to them.

How do we protect your personal data?
The processing of personal data takes place in a lawful, fair and transparent manner. Personal data will only be processed for specified, explicit and legitimate purposes and further will not be processed in a way that is incompatible with those purposes. The Company for the security of your data, has and implements procedures and systems for the confidentiality of your personal data and their processing, as well as for their protection against accidental or unlawful destruction, accidental loss, alteration, unauthorized disclosure or access and all other forms of unlawful processing, physical and logical security, data loss prevention and "back up" outside the Company. The above information supersedes any previous information about the processing of your personal data.