Website Data Protection Policy
Code: P.ISMS.A.13.01
Version: 1st
Date: 13/10/2024
Confidentiality: Confidential
Contents
- 1. Introduction
- 2. Data Controller
- 3. Data We Collect
- 4. Purposes & Legal Basis
- 5. Data Recipients
- 6. Transfers Outside EU/EEA
- 7. Retention Period
- 8. Data Security
- 9. Your Rights
- 10. Use of Cookies
- 11. Changes to this Policy
1. Introduction
VAKTRO ABEE recognizes the importance of protecting the personal data of website visitors, customers, and any other individuals interacting with the company.
This Privacy Policy describes how the company collects, uses, stores, and protects personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR), applicable national legislation, and the Information Security Management System (ISMS) implemented by the company.
Commitment: We are committed to ensuring the confidentiality, integrity, and availability of your information.
2. Data Controller
Controller: VAKTRO ABEE
Address: [Full Company Address]
Phone: [Company Phone Number]
Email: [privacy@company.gr]
DPO: [DPO Name and Contact Information]
3. Data We Collect
- Identification data: first name, surname, and contact details.
- Transaction/order data: information related to products or services purchased.
- Website usage data: IP address, browser, pages visited, session duration, date and time of access.
- Communication data: information submitted through contact forms, emails, or telephone calls.
- CV/resume data when submitting job applications.
- Marketing preferences for newsletters and promotional material.
4. Purposes of Processing & Legal Basis
- Order/service fulfillment — Contract performance (Art. 6(1)(b))
- Communication — Legitimate interest or consent
- Marketing/newsletters — Consent or legitimate interest
- Website/service improvement — Legitimate interest
- Compliance with legal obligations — Legal obligation
- Protection of legal interests — Legitimate interest
- Job application management — Pre-contractual stage or legitimate interest
5. Data Recipients
- Authorized VAKTRO ABEE personnel bound by confidentiality obligations.
- Third-party service providers acting as Data Processors.
- Public authorities when required by law or court order.
- External partners or consultants for operational purposes under confidentiality obligations.
We do not disclose personal data to third parties for their own marketing purposes without your explicit consent.
6. Transfers Outside the EU / EEA
Where personal data is transferred outside the European Union or European Economic Area, the company ensures GDPR compliance through adequacy decisions, standard contractual clauses, or binding corporate rules.
7. Data Retention Period
Personal data is retained only for as long as necessary for processing purposes, legal compliance, or protection of legitimate interests. After this period, data is securely deleted or anonymized.
8. Data Security
VAKTRO ABEE implements a comprehensive Information Security Management System (ISMS) according to ISO 27001:2022.
- Organizational measures: policies, procedures, staff training, segregation of duties.
- Physical measures: access control and facility monitoring.
- Technological measures: encryption, firewalls, intrusion detection systems, backups, vulnerability management, and strong authentication.
9. Your Rights
- Right of access
- Right to rectification
- Right to erasure
- Right to restrict processing
- Right to portability
- Right to object
- Right to withdraw consent
- Right to lodge a complaint with the supervisory authority
To exercise any of the above rights, please contact the company using the details in Section 2.