Terms and Conditions

Terms and Conditions 

The access to the specific website[(www.nutripass.gr)] (in the hereafter referred to as the “Website”),as well as the use of the content of the specific website, are subject to the conditions of use as described below (in the hereafter referred to as “Terms and Conditions”). Accessing, navigating and visiting the information included on the Website constitutes acceptance by the user (in the hereinafter referred to as “you”) of the Terms and Conditions. 

ACCEPTANCE OF THE TERMS AND CONDITIONS

The owners may modify the Terms and Conditions at any time and without prior notice. Once the changes are posted via their online posting on the website, they are automatically deemed to be unconditionally accepted by you from the moment you log on to the Website, after updating it online. The owners suggest that you periodically visit the Terms and Conditions site in order to be informed of any modifications and/or upgrades.

Copyright 

The elements contained in the Website (information, texts, images, sounds, logos and in general any type of data, hereinafter referred to as the “Content”) as well as the Website itself are protected by intellectual property rights and any databases remain in the exclusive possession of the owners. Any total or partial export, reuse, reproduction, representation or modification of all or part of the Content for purposes other than personal and strictly private (including in particular any exposure to the public or any commercial use) is prohibited without the previous express authorization from one of the owners. Any quantitative or qualitative substantial extraction or reuse of all or part of the data contained in the Website is prohibited, even for private use.

In addition, any repeated and systematic extraction or reuse of any quantitatively or qualitatively non-essential part of the Website content is prohibited, even for private use, when such actions exceed the normal terms of use of the Website. You are entirely responsible for the use you make regarding in the Content displayed on the Website, including third parties.

The trademarks and logos displayed on the Website are the property of their respective owners. Any reuse, in any form, of these logos and trademarks is prohibited, unless you have received authorization from the owners or a third party that owns similar logos and trademarks. No reference to the Website can be interpreted as a grant of rights to you regarding the logos and trademarks mentioned above.

Access to the site

The owners reserve the right to modify, suspend and / or interrupt at any time, occasionally or permanently, all or part of the Website, to upgrade or correct the information available on the Website, or to improve it, without prior notice. Under these circumstances, the owners bear no responsibility for any modification, suspension or interruption of the Website or access to it. In order to prevent the spread of computer viruses or other harmful programs, the owners make every effort to implement the techniques of those media that are compatible with current standards. However, given the structure of the Internet and the speed with which it evolves, the owners are unable to provide guarantees regarding the complete absence of viruses or other harmful programs. Therefore, in order to reduce the risks, it is your responsibility to regularly save your data before connecting to the Internet as well as installing appropriate anti-virus measures (antivirus programs).

Warranties and limitation of liability

Pursuant to applicable regulations, you expressly acknowledge and agree that: This Website is provided to you “AS IT IS” and is accessible as available, without express or implied warranty of any kind on the part of the owners, as well as that you assume all responsibility and risk regarding the use of the Website.  The Owners do not make any promises or guarantees that the Website will perform as expected, without interruptions and errors, nor that such interruptions and errors will be corrected and/or nor that the Website in question will be free of viruses. The Owners do not make no warranty of any kind, express or implied, as to the accuracy, completeness and compatibility of the information you access on the Website with your intended use. Any material you download or otherwise obtain is at your own risk.

The owners will not be held responsible for any damages to your computer. To the extent permitted by applicable law or regulation, the owners disclaim all liability for direct or indirect damages, including but not limited to: loss of profit, customers, data, or private property that may result from the use of the Website (or from the inability to use it). In addition, the owners assume no responsibility with respect to the services that you access through the Internet.

The owners disclaim all responsibility for anything arising from the use of the Website that is not in accordance with the terms and conditions of use. In addition, the owners reserve all legal rights to control, limit and delete anything that does not relate to the correct use of the Website in order to preserve its correct and intended use.

Links 

Any creation of links on the Website and any creation of frames on it is subject to the prior authorization of the owners, at whose discretion lies the withdrawal of this authorization at any time. The owners will reserve the right to require the deletion of any link or frame of the Website for which they have not given authorization or cannot continue to provide it. The Website may contain links to other websites. The owners are not responsible for the content of the sites that you may access through the links offered by the Website. The presence of active links on the Website does not in any way mean that the owners control or approve the content of those sites to which links have been created or those from which links have been created that lead to the owners’ Website. 

COOKIES 

Οι ιδιοκτήτες ενδέχεται να χρησιμοποιήσουν cookies  με στόχο να σας παρέχουν ταξινομημένες πληροφορίες κάθε φορά που συνδέεστε με το Website καθώς επίσης να διευκολύνουν τη διαχείριση του Website, κυρίως για λόγους στατιστικών ερευνών. Χρησιμοποιώντας τις υπηρεσίες του Website, εξουσιοδοτείτε την αποθήκευση παρόμοιων cookies καθώς επίσης και τη χρήση τους από τους ιδιοκτήτες. Παρόλα αυτά, οι ιδιοκτήτες σας πληροφορούν ότι έχετε τη δυνατότητα να αρνηθείτε αυτά τα cookies τροποποιώντας τις ρυθμίσεις της μηχανής αναζήτησής σας για το Διαδίκτυο.  

Your Behavior at Website 

The owners put at your disposal the means (online form, etc.) which allow you to transmit information. You are aware that this transmission may cause damage to third parties or even contravene the applicable law. By using the Website you undertake the responsibility to refrain from disseminating and / or transmitting messages, images or information in general that may violate the privacy of communicators, constitute an act of discrimination, be contrary to public order and moral decency or violate the rights of third parties.  You also undertake to verify the content of any message or information that you may disclose. In any case, the owners reserve the right to ensure in any way the aforementioned. 

Personal Account 

The owners offer you the option to create a private account which will allow you to access a private area of the Website. Access to this private area of the Website is through a username and password. You undertake the responsibility not to disclose to any third party the information concerning the owners or third parties of which you may have become aware during your connection to the Website. The information used to identify you is personal and strictly confidential. You agree to maintain this confidentiality and also acknowledge that you are the only responsible for maintaining the confidentiality of your username and password, the information in your account, and the actions that occur in your account. You must immediately notify the owners of any fraudulent use of your account. 

Data Protection Policy 

Personal Data Protection Policy 

Application Statement 

The implementation of the General Data Protection Regulation (G.K.P.D.) is a priority for the Ioannis Antoniou of Georgiou Individual Enterprise (NUTRIPASS). 

Details of the Controller

  • Name:  Ioannis Antoniou of Georgiou 
  • Distinctive Title: NUTRIPASS
  • VAT Number: 141455616
  • Contact Phone: 2111824998
  • Email Address: [email protected]

The Individual Enterprise of Ioannis Antoniou of Georgiou henceforth NUTRIPASS accepts as personal data: Any information concerning natural persons, as an identified or identifiable living person. 

For example, this information includes their name, home address, social security number, Internet Protocol (IP) code, health and insurance information, employment status, and more. 

Special category data, such as data relating to health, racial or ethnic origin, trade union activity and others, receive special protection.

The rules apply when the collection, use and storage of individuals’ data is done digitally or in paper form through a structured filing system.

This policy is in accordance with the EU General Data Protection Regulation. (G.K.P.D.), as well as with opinions / decisions issued by the Personal Data Protection Authority. 

Definitions 

  1. “Personal Data”: Any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one whose identity can be ascertained, directly or indirectly, in particular by reference to an identifier such as name, identity number, location data, online identifier or one or more factors that characterize the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person; 
  2. “Processing”: Any operation or series of operations carried out with or without the use of automated means, on personal data or sets of personal data, such as collection, registration, organization, structuring, storage, adaptation or alteration, retrieval, retrieval of information, use, disclosure by transmission, dissemination or any other form of disposal, association or combination, restriction, deletion or destruction;
  3. “Restriction of Processing”: The marking of stored personal data with the aim of limiting their processing in the future
  4. “Archive System”: Any structured set of personal data that is accessible based on specific criteria, whether this set is centralized or decentralized or distributed on a functional or geographical basis
  5. “Processing Manager”: The natural or legal person, public authority, agency or other entity that, alone or jointly with others, determines the purposes and manner of processing personal data; when the purposes and manner of such processing are determined by Union law or the law of a Member State, the controller or the specific criteria for his appointment may be provided for by Union law or the law of a Member State
  6. “Processor of performing “: The natural or legal person, public authority, agency or other entity that processes personal data on behalf of the controller
  7. Recipient”: The natural or legal person, public authority, agency or other body to which the personal data is disclosed, whether it is a third party or not. However, public authorities that may receive personal data in the context of a specific investigation in accordance with Union or Member State law are not considered as recipients; the processing of such data by said public authorities is carried out in accordance with the applicable data protection rules depending on the purposes of the processing
  8. “Third party”: Any natural or legal person, public authority, agency or body, with the exception of the data subject, the controller, the processor and the persons who, under the direct supervision of the controller or the processor , are authorized to process personal data
  9. “Consent” of the data subject: any indication of will, free, specific, explicit and fully informed, by which the data subject manifests that he agrees, by statement or by a clear positive action, to be the subject of processing of the personal data that it concerns

10)”Personal Data Breach”: The breach of security resulting in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access of personal data transmitted, stored or otherwise processed;

11) “Special Category Data”: Personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, as well as the processing of genetic data, biometric data for the purpose of unambiguous identification of a person, data relating to health or data relating to a natural person’s sexual life or sexual orientation.

Categories of Personal Data Collected

NUTRIPASS, in the context of its activities and normal operation, may collect personal data of both its customers or partners, as well as its employees as well as its partners in general, but also other natural persons with whom it transacts in the context of its operation.

Depending on the form and purpose of processing, NUTRIPASS may collect and process personal data, such as the following:

Categories of subjects

Data Categories 

Clients 

Customer data, if they are natural persons or the legal representatives of legal entities. These may include:

1)Identity and demographic information (e.g. first name, last name, etc.),

2)Contact details (e.g. registered office address, telephone, email, etc.),

3)Professional details

4)Contracts

5)Account balances

6)Bank accounts

7)Special category data

8)Other relevant information

Suppliers/Contractors 

Data of NUTRIPASS suppliers, if they are natural persons or the legal representatives/representatives of legal persons. These may include:

  1. Identity and demographic information (e.g. first and last name, patronymic, etc.),
  2. Contact details (e.g. registered office address, telephone, email, etc.),
  3. Professional details
  4.  Contracts
  5. Account balances
  6. Bank accounts
  7. Other relevant information

Data of other Natural Persons

Data of other natural persons who visit NUTRIPASS infrastructure or cooperate with it.

Employees (Active And Inactive) / Candidate Employees

Data of NUTRIPASS employees under any employment relationship, as well as data of former and prospective employees, which are held for purposes of operating their employment relationship with NUTRIPASS. These may include:

1. Identity and demographic information (e.g. first and last name, patronymic, etc.),

2. Insurance details (e.g. AMKA and other Social Security Institution Register details if required),

3. Contact information (e.g. postal address, telephone, email, etc.),

4. Biographical Notes,

5. Health data (e.g. medical certificates and opinions, etc.),

6. Financial data (e.g. bank accounts, etc.),

7. Details of family status (e.g. attestations and certificates, number and details of children, etc.)

Table 1. The categories of Subjects and their data

Purposes and Legal Basis of Processing

NUTRIPASS may collect and process personal data of the natural persons mentioned in the above paragraph who make use of its services and products. In principle, NUTRIPASS may collect and process personal data for the following purposes with the corresponding legal bases of processing:

PURPOSE OF PROCESSING

LEGAL BASIS

The collection, processing, cross-checking and transmission of data of the Tax, Insurance and Labor Administration exclusively for the support and operation of the framework of its responsibilities

1. Compliance with a legal obligation [art. 6 §1 c) G.K.P.D.] and/or

2. Serving legal interests [art. 6 §1 para. f) G.K.P.D.]

The collection and processing of the necessary data of employees and/or prospective employees and partners for the proper servicing of existing working relationships or collaboration relationships or the examination of possible future collaboration

1. Compliance with a legal obligation [art. 6 §1 c) G.K.P.D.] and/or

2. Serving legal interests [art. 6 §1 para. f) G.K.P.D.]

The provision of products and services

1. Compliance with a legal obligation [art. 6 §1 c. b) G.K.P.D.] and/or

2. Serving legal interests [art. 6 §1 para. f) G.K.P.D.]

The collection and processing of image data using closed circuit cameras (CCTV)

1. Protection of persons and goods in accordance with Directive 1/2011 GDPR

2. Serving legal interests [art. 6 §1 para. f) G.K.P.D.]

For any other form of processing, NUTRIPASS requests a specific written, free and prior informed consent of the subjects before starting the processing, if required.

 

Table 2. The main purposes and legal bases of processing

The reference to more than one legal basis of processing does not mean that NUTRIPASS changes them (lawful basis swapping) undermining the rights of data subjects, but that there are cases where more than one legal basis of processing is applicable.

Finally, NUTRIPASS does not use as the main processing basis the consent of the data subjects (whether it is simple data or special categories), recognizing the inherent inequality that exists in its relationship with each data subject and moreover in accordance with its recommendations Working Group of No. 29 (now European Data Protection Board). Except and exceptionally, for a few cases where an additional service is provided to the subjects (i.e. beyond the legally provided), consent is used in a limited way as a legal basis for processing and only then.

Transmission/Communication of data to third parties

The personal data collected may be shared or transmitted to third parties, as long as this is required for the fulfillment of obligations by law or is necessary for the fulfillment of our services provided, in compliance with the guarantees of the relevant legislation. We may outsource some of our services to individuals or legal entities. Only those personal data that are necessary for the fulfillment of the assigned services are transmitted to these persons and they are bound to our Company in terms of confidentiality and secure processing of personal data

Rights of Natural Persons

NUTRIPASS recognizes the rights of natural persons regarding the protection of their personal data. Thus natural persons have the right to:

  1. They are informed about the processing of personal data.
  1. They get access to the personal data concerning them.
  1. Request the correction of incorrect, inaccurate or incomplete personal data.
  1. They submit a request for the deletion of personal data when they are no longer necessary or if the processing is illegal. Since no. 6 par. 1 para. is applied as a legal basis for processing. c GDPR in most processing, the right to erasure is limited and will be determined on a case-by-case basis under the legal conditions. After all, according to recital 4 of the G.K.P.D., the right to the protection of personal data is not an absolute right; it must be assessed in relation to its function in society and weighed against other fundamental rights, according to with the principle of proportionality.
  1. They object to the processing of personal data for reasons related to their particular situation, subject to Article 21 par. 6 GDPR.
  1. Submit a request to limit the processing of personal data in specific cases.
  1. Submit a complaint to the Personal Data Protection Authority (1-3 Kifisias Ave., 11523 Ampelokipi, tel. 210.647.5600, www.dpa.gr) or to the supervisory authority of the EU member state where they live or work or to the supervisory authority of the place of the alleged offence.

Communication of Natural Persons

The above rights, as well as any right related to personal data, are exercised following a written request submitted at any point that is accessible to the public, or via electronic communication, by sending a message to [email protected] and is also examined by the Communication Manager for Personal Data Subjects, who has been designated by the Company.

Processing principles

NUTRIPASS accepts the basic principles governing the processing of personal data. Personal data (Article 5):

  1. They are processed lawfully and legitimately in a transparent manner in relation to the data subject (“lawfulness, objectivity and transparency”).
  2. They are collected for specified, express and lawful purposes and are not further processed in a manner incompatible with those purposes; further processing for archiving purposes in the public interest or for scientific or historical research or statistical purposes is not considered incompatible with the original purposes in accordance with Article 89(1) (“purpose limitation”).
  3. They are appropriate, relevant and limited to what is necessary for the purposes for which they are processed (“data minimization”).
  4. It is accurate and, where necessary, updated; all reasonable steps must be taken to promptly delete or correct personal data that is inaccurate in relation to the purposes of the processing (“accuracy”).
  5. They are kept in a form that allows the identification of the data subjects only for the period necessary for the purposes of the processing of the personal data; the personal data may be stored for longer periods, as long as the personal data will be processed only for archiving purposes in the public interest, for the purposes of scientific or historical research or for statistical purposes, in accordance with article 89 paragraph 1 and as long as the appropriate technical and organizational measures required by this regulation are applied to ensure the rights and freedoms of the subject of data (“restriction of storage period”).
  6. They are processed in a way that guarantees the appropriate security of personal data, including their protection against unauthorized or unlawful processing and accidental loss, destruction or damage, using appropriate technical or organizational measures (“integrity and confidentiality”).

Archive of processing activities

NUTRIPASS keeps a record of the processing activities for which it is responsible. That file includes all of the following information:

  1. the name and contact details of the controller and, where applicable, the joint controller, the controller’s representative and the data protection officer;
  2. the purposes of the processing,
  3. description of the categories of data subjects and categories of personal data,
  4. the categories of recipients to whom the personal data is to be disclosed or has been disclosed, including recipients in third countries or international organizations,
  5. where applicable, the transfers of personal data to a third country or international organization, including the identification of said third country or international organization and, in the case of transfers referred to in Article 49 paragraph 1 second subparagraph, the documentation of the appropriate guarantees,
  6. where possible, the prescribed deletion deadlines for the various categories of data;
  7. where possible, a general description of the technical and organizational security measures referred to in Article 32(1).

Protection of personal data

Taking into account the nature, scope, context and purposes of the processing, as well as the risks of different probability of occurrence and severity for the rights and freedoms of natural persons, NUTRIPASS implements appropriate technical and organizational measures in order to ensure and be able to prove that the processing is carried out in accordance with the G.K.P.D., adopting and applying a holistic personal data security policy.

When assessing the appropriate level of security by NUTRIPASS, particular consideration is given to the risks arising from processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access of personal data transmitted, stored or otherwise submitted in processing.

To prevent a case of personal data breach, NUTRIPASS as controller has adopted and implements a policy against attacks on the information systems it owns and manages, as well as a specific policy for managing any incidents of personal data breach.

Staff training

NUTRIPASS accepts that the protection of personal data presupposes the awareness of its human resources regarding the protection of personal data. In this direction, it accepts the adoption and application of the principle of the orientation of due education by exploiting the Fair Information Practices (FIP), which condense a set of standards that govern the collection and use of personal data and the treatment of privacy issues and accuracy. NUTRIPASS aims to make its human resources aware of basic concepts of personal data protection.

Update on the processing of personal data in Social Networking Media

Our Company has accounts on the following social media:

  • Instagram
  • Facebook
  • YouTube
  • Tik Tok

In the above media our Company processes personal data (such as your username and possibly your photo) in order to provide information about our activities and services and an additional way of communication.

By actions such as liking or following our specific page (“follow”), you consent to the relevant processing, i.e. to the processing of the username you use and any photo of you that accompanies it. The withdrawal of consent is done by the social media itself with the exact same but reverse process (unlike, unfollow).

In any case, we declare to you that we do not know and are not responsible for whether the social media in question carry out further processing of personal data, whether they have additional processing purposes, whether they carry out transfers to third countries, whether they use executors and sub-executors processing, if they carry out profiling and the way they carry out the overall processing of personal data.

We recommend that before providing any consent, you consult the privacy policy of the social media in question. In the event that by your own actions you upload your own photos to our page in the above media or additional personal data, you yourself bear the responsibility for this processing. Due to the particular ease of sharing photos and other personal data on social media, we recommend that you use them while assessing the potential risks arising from their publication.

Our Company does not and cannot exercise influence and control regarding the nature and extent of personal data collected and held by social networking platforms as a condition or result of their use and bears no responsibility for the collection and processing of personal data. of data carried out by them. For more information about the purposes of collection and the further processing and use of Personal Data Protection Policy.

Application Statement 

The implementation of the General Data Protection Regulation (G.K.P.D.) is a priority for the Ioannis Antoniou tou Georgiou Individual Enterprise (NUTRIPASS).

Details of the Controller

  • Name: Ioannis Antoniou tou Georgiou
  • Distinctive Title: NUTRIPASS
  • VAT number: 141455616
  • Contact phone: 2111824998

The Individual Enterprise of Ioannis Antoniou of Georgiou henceforth NUTRIPASS accepts as personal data: Any information concerning natural persons, as an identified or identifiable living person. For example, this information includes their name, home address, social security number, Internet Protocol (IP) code, health and insurance information, employment status, and more.

Special category data, such as data relating to health, racial or ethnic origin, trade union activity and others, receive special protection.

The rules apply when the collection, use and storage of individuals’ data is done digitally or in paper form through a structured filing system.

This policy is in accordance with the EU General Data Protection Regulation. (G.K.P.D.), as well as with opinions / decisions issued by the Personal Data Protection Authority.

Definitions

  1. “Personal Data”: any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one whose identity can be ascertained, directly or indirectly, in particular by reference to an identifier such as name, identity number, location data, online identifier or one or more factors that characterize the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person;
  2. “Processing”: any operation or series of operations carried out with or without the use of automated means, on personal data or sets of personal data, such as collection, registration, organization, structuring, storage, adaptation or alteration, retrieval, retrieval of information, use, disclosure by transmission, dissemination or any other form of disposal, association or combination, restriction, deletion or destruction;
  3. “Restriction of Processing”: the marking of stored personal data with the aim of limiting their processing in the future,
  4. “Archive System”: any structured set of personal data that is accessible based on specific criteria, whether this set is centralized or decentralized or distributed on a functional or geographical basis,
  5. “Controller”: the natural or legal person, public authority, agency or other entity that, alone or jointly with others, determines the purposes and manner of processing personal data; when the purposes and manner of such processing are determined by Union law or the law of a Member State, the controller or the specific criteria for his appointment may be provided for by Union law or the law of a Member State;
  6. “Processor”: the natural or legal person, public authority, agency or other entity that processes personal data on behalf of the controller,
  7. “Recipient”: the natural or legal person, public authority, agency or other body to which the personal data is disclosed, whether it is a third party or not. However, public authorities that may receive personal data in the context of a specific investigation in accordance with Union or Member State law are not considered as recipients; the processing of such data by said public authorities is carried out in accordance with the applicable data protection rules depending on the purposes of the processing,
  8. “Third party”: any natural or legal person, public authority, agency or body, with the exception of the data subject, the controller, the processor and the persons who, under the direct supervision of the controller or the processor , are authorized to process personal data,
  9. “Consent” of the data subject: any indication of will, free, specific, explicit and fully informed, by which the data subject manifests that he agrees, by statement or by a clear positive action, to be the subject of processing of the personal data that it concerns

10)”Personal Data Breach”: the breach of security resulting in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access of personal data transmitted, stored or otherwise processed;

11) “Special Category Data”: personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, as well as the processing of genetic data, biometric data for the purpose of unambiguous identification of a person, data relating to health or data relating to a natural person’s sexual life or sexual orientation.

Categories of Personal Data Collected

NUTRIPASS, in the context of its activities and normal operation, may collect personal data of both its customers or partners, as well as its employees as well as its partners in general, but also other natural persons with whom it transacts in the context of its operation.

Depending on the form and purpose of processing, NUTRIPASS may collect and process personal data, such as the following:

Categories of Subjects

Data Categories 

Clients 

Customer data, if they are natural persons or the legal representatives of legal entities. These may include:

  1. Identity and demographic information (e.g. first name, last name, etc.),
  2. Contact details( e.g. registered office address, telephone, email) 
  3. Professional details
  4. Contracts
  5. Account balances
  6. Bank accounts
  7. Special category data
  8. Other relevant information

Suppliers/Contractors

Data of NUTRIPASS suppliers, if they are natural persons or the legal representatives/representatives of legal persons. These may include:

  1. 1. Identity and demographic information (e.g. first and last name, patronymic, etc.),
  2. Contact details (e.g. registered office address, telephone, email, etc.),
  3. Professional details
  4. 4. Contracts
  5. Account balances
  6. Bank accounts
  7. Other relevant information

Data of other Natural Persons

Data of other natural persons who visit NUTRIPASS infrastructure or cooperate with it.

Employees (Active And Inactive) / Candidate Employees

Data of NUTRIPASS employees under any employment relationship, as well as data of former and prospective employees, which are held for purposes of operating their employment relationship with NUTRIPASS. These may include:

  1. Identity and demographic information (e.g. first and last name, patronymic, etc.),
  2. Insurance details (e.g. AMKA and other Social Security Institution Register details if required),
  3. Contact information (e.g. postal address, telephone, email, etc.),
  4. Biographical Notes,
  5. Health data (e.g. medical certificates and opinions, etc.),
  6. Financial data (e.g. bank accounts, etc.),
  7. Details of family status (e.g. attestations and certificates, number and details of children, etc.)

Table 1. The categories of Subjects and their data

Purposes and Legal Basis of Processing

NUTRIPASS may collect and process personal data of the natural persons mentioned in the above paragraph who make use of its services and products. In principle, NUTRIPASS may collect and process personal data for the following purposes with the corresponding legal bases of processing:

PURPOSE OF PROCESSING

LEGAL BASIS

The collection, processing, cross-checking and transmission of data of the Tax, Insurance and Labor Administration exclusively for the support and operation of the framework of its responsibilities

1. Compliance with a legal obligation [art. 6 §1 c) G.K.P.D.] and/or

2. Serving legal interests [art. 6 §1 para. f) G.K.P.D.]

The collection and processing of the necessary data of employees and/or prospective employees and partners for the proper servicing of existing working relationships or collaboration relationships or the examination of possible future collaboration

1. Compliance with a legal obligation [art. 6 §1 c) G.K.P.D.] and/or

2. Serving legal interests [art. 6 §1 para. f) G.K.P.D.]

The provision of products and services

1. Compliance with a legal obligation [art. 6 §1 c. b) G.K.P.D.] and/or

2. Serving legal interests [art. 6 §1 para. f) G.K.P.D.]

The collection and processing of image data using closed circuit cameras (CCTV)

1. Protection of persons and goods in accordance with Directive 1/2011 GDPR

2. Serving legal interests [art. 6 §1 para. f) G.K.P.D.]

For any other form of processing, NUTRIPASS requests a specific written, free and prior informed consent of the subjects before starting the processing, if required.

 

Table 2. The main purposes and legal bases of processing

The reference to more than one legal basis of processing does not mean that NUTRIPASS changes them (lawful basis swapping) undermining the rights of data subjects, but that there are cases where more than one legal basis of processing is applicable.

Finally, NUTRIPASS does not use as the main processing basis the consent of the data subjects (whether it is simple data or special categories), recognizing the inherent inequality that exists in its relationship with each data subject and moreover in accordance with its recommendations Working Group of No. 29 (now European Data Protection Board). Except and exceptionally, for a few cases where an additional service is provided to the subjects (i.e. beyond the legally provided), consent is used in a limited way as a legal basis for processing and only then.

Transmission/Communication of data to third parties

The personal data collected may be shared or transmitted to third parties, as long as this is required for the fulfillment of obligations by law or is necessary for the fulfillment of our services provided, in compliance with the guarantees of the relevant legislation. We may outsource some of our services to individuals or legal entities. Only those personal data that are necessary for the fulfillment of the assigned services are transmitted to these persons and they are bound to our Company in terms of confidentiality and secure processing of personal data.

Rights of Natural Persons

NUTRIPASS recognizes the rights of natural persons regarding the protection of their personal data. Thus natural persons have the right to:

  1. They are informed about the processing of personal data.
  2. They get access to the personal data concerning them.
  3. Request the correction of incorrect, inaccurate or incomplete personal data.
  4. They submit a request for the deletion of personal data when they are no longer necessary or if the processing is illegal. Since no. 6 par. 1 para. is applied as a legal basis for processing. c GDPR in most processing, the right to erasure is limited and will be determined on a case-by-case basis under the legal conditions. After all, according to recital 4 of the G.K.P.D., the right to the protection of personal data is not an absolute right; it must be assessed in relation to its function in society and weighed against other fundamental rights, according to with the principle of proportionality.
  5. They object to the processing of personal data for reasons related to their particular situation, subject to Article 21 par. 6 GDPR.
  6. Submit a request to limit the processing of personal data in specific cases.
  7. Submit a complaint to the Personal Data Protection Authority (1-3 Kifisias Ave., 11523 Ampelokipi, tel. 210.647.5600, www.dpa.gr) or to the supervisory authority of the EU member state where they live or work or to the supervisory authority of the place of the alleged offence.

Communication of Natural Persons

The above rights, as well as any right related to personal data, are exercised following a written request submitted at any point that is accessible to the public, or via electronic communication, by sending a message to [email protected] and is also examined by the Communication Manager for Personal Data Subjects, who has been designated by the Company.

Processing principles

NUTRIPASS accepts the basic principles governing the processing of personal data. Personal data (Article 5):

  1. They are processed lawfully and legitimately in a transparent manner in relation to the data subject (“lawfulness, objectivity and transparency”).
  2. They are collected for specified, express and lawful purposes and are not further processed in a manner incompatible with those purposes; further processing for archiving purposes in the public interest or for scientific or historical research or statistical purposes is not considered incompatible with the original purposes in accordance with Article 89(1) (“purpose limitation”).
  3. They are appropriate, relevant and limited to what is necessary for the purposes for which they are processed (“data minimization”).
  4. It is accurate and, where necessary, updated; all reasonable steps must be taken to promptly delete or correct personal data that is inaccurate in relation to the purposes of the processing (“accuracy”).
  5. They are kept in a form that allows the identification of the data subjects only for the period necessary for the purposes of the processing of the personal data; the personal data may be stored for longer periods, as long as the personal data will be processed only for archiving purposes in the public interest, for the purposes of scientific or historical research or for statistical purposes, in accordance with article 89 paragraph 1 and as long as the appropriate technical and organizational measures required by this regulation are applied to ensure the rights and freedoms of the subject of data (“restriction of storage period”).
  6. They are processed in a way that guarantees the appropriate security of personal data, including their protection against unauthorized or unlawful processing and accidental loss, destruction or damage, using appropriate technical or organizational measures (“integrity and confidentiality”).

Archive of processing activities

NUTRIPASS keeps a record of the processing activities for which it is responsible. That file includes all of the following information:

  1. the name and contact details of the controller and, where applicable, the joint controller, the controller’s representative and the data protection officer;
  2. the purposes of the processing,
  3. description of the categories of data subjects and categories of personal data,
  4. the categories of recipients to whom the personal data is to be disclosed or has been disclosed, including recipients in third countries or international organizations,
  5. where applicable, the transfers of personal data to a third country or international organization, including the identification of said third country or international organization and, in the case of transfers referred to in Article 49 paragraph 1 second subparagraph, the documentation of the appropriate guarantees,
  6. where possible, the prescribed deletion deadlines for the various categories of data;
  7. where possible, a general description of the technical and organizational security measures referred to in Article 32(1).

Protection of personal data

Taking into account the nature, scope, context and purposes of the processing, as well as the risks of different probability of occurrence and severity for the rights and freedoms of natural persons, NUTRIPASS implements appropriate technical and organizational measures in order to ensure and be able to prove that the processing is carried out in accordance with the G.K.P.D., adopting and applying a holistic personal data security policy.

When assessing the appropriate level of security by NUTRIPASS, particular consideration is given to the risks arising from processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access of personal data transmitted, stored or otherwise submitted in processing.

To prevent a case of personal data breach, NUTRIPASS as controller has adopted and implements a policy against attacks on the information systems it owns and manages, as well as a specific policy for managing any incidents of personal data breach.

Staff training

NUTRIPASS accepts that the protection of personal data presupposes the awareness of its human resources regarding the protection of personal data. In this direction, it accepts the adoption and application of the principle of the orientation of due education by exploiting the Fair Information Practices (FIP), which condense a set of standards that govern the collection and use of personal data and the treatment of privacy issues and accuracy. NUTRIPASS aims to make its human resources aware of basic concepts of personal data protection.

Update on the processing of personal data in Social Networking Media

Our Company has accounts on the following social media:

  • Instagram
  • Facebook
  • YouTube 
  • Tik Tok

In the above media our Company processes personal data (such as your username and possibly your photo) in order to provide information about our activities and services and an additional way of communication.

By actions such as liking or following our specific page (“follow”), you consent to the relevant processing, i.e. to the processing of the username you use and any photo of you that accompanies it. The withdrawal of consent is done by the social media itself with the exact same but reverse process (unlike, unfollow).

In any case, we declare to you that we do not know and are not responsible for whether the social media in question carry out further processing of personal data, whether they have additional processing purposes, whether they carry out transfers to third countries, whether they use executors and sub-executors processing, if they carry out profiling and the way they carry out the overall processing of personal data.

We recommend that before providing any consent, you consult the privacy policy of the social media in question. In the event that by your own actions you upload your own photos to our page in the above media or additional personal data, you yourself bear the responsibility for this processing. Due to the particular ease of sharing photos and other personal data on social media, we recommend that you use them while assessing the potential risks arising from their publication.

Our Company does not and cannot exercise influence and control regarding the nature and extent of personal data collected and held by social networking platforms as a condition or result of their use and bears no responsibility for the collection and processing of personal data. of data carried out by them. For more information about the purposes of collection and the further processing and use of Personal Data Privacy Policy

Application Statement

The implementation of the General Data Protection Regulation (G.K.P.D.) is a priority for the Ioannis Antoniou tou Georgiou Individual Enterprise (NUTRIPASS).

Details of the Controller

  • Name: Ioannis Antoniou tou Georgiou
  • Distinctive Title: NUTRIPASS
  • VAT number: 141455616
  • Contact phone: 2111824998
  • Email: [email protected]

The Individual Enterprise of Ioannis Antoniou of Georgiou henceforth NUTRIPASS accepts as personal data: Any information concerning natural persons, as an identified or identifiable living person. For example, this information includes their name, home address, social security number, Internet Protocol (IP) code, health and insurance information, employment status, and more.

Special category data, such as data relating to health, racial or ethnic origin, trade union activity and others, receive special protection.

The rules apply when the collection, use and storage of individuals’ data is done digitally or in paper form through a structured filing system.

This policy is in accordance with the EU General Data Protection Regulation. (G.K.P.D.), as well as with opinions / decisions issued by the Personal Data Protection Authority.

Definitions 

  1. “Personal Data”: any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one whose identity can be ascertained, directly or indirectly, in particular by reference to an identifier such as name, identity number, location data, online identifier or one or more factors that characterize the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person;
  2. “Processing”: any operation or series of operations carried out with or without the use of automated means, on personal data or sets of personal data, such as collection, registration, organization, structuring, storage, adaptation or alteration, retrieval, retrieval of information, use, disclosure by transmission, dissemination or any other form of disposal, association or combination, restriction, deletion or destruction;
  3. “Restriction of Processing”: the marking of stored personal data with the aim of limiting their processing in the future,
  4. “Archive System”: any structured set of personal data that is accessible based on specific criteria, whether this set is centralized or decentralized or distributed on a functional or geographical basis,
  5. “Controller”: the natural or legal person, public authority, agency or other entity that, alone or jointly with others, determines the purposes and manner of processing personal data; when the purposes and manner of such processing are determined by Union law or the law of a Member State, the controller or the specific criteria for his appointment may be provided for by Union law or the law of a Member State;
  6. “Processor”: the natural or legal person, public authority, agency or other entity that processes personal data on behalf of the controller,
  7. “Recipient”: the natural or legal person, public authority, agency or other body to which the personal data is disclosed, whether it is a third party or not. However, public authorities that may receive personal data in the context of a specific investigation in accordance with Union or Member State law are not considered as recipients; the processing of such data by said public authorities is carried out in accordance with the applicable data protection rules depending on the purposes of the processing,
  8. “Third party”: any natural or legal person, public authority, agency or body, with the exception of the data subject, the controller, the processor and the persons who, under the direct supervision of the controller or the processor, are authorized to process personal data,
  9. “Consent” of the data subject: any indication of will, free, specific, explicit and fully informed, by which the data subject manifests that he agrees, by statement or by a clear positive action, to be the subject of processing of the personal data that it concerns
  1. “Personal Data Breach”: the breach of security resulting in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access of personal data transmitted, stored or otherwise processed;
  2. “Special Category Data”: personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, as well as the processing of genetic data, biometric data for the purpose of unambiguous identification of a person, data relating to health or data relating to a natural person’s sexual life or sexual orientation.

Categories of Personal Data Collected

NUTRIPASS, in the context of its activities and normal operation, may collect personal data of both its customers or partners, as well as its employees as well as its partners in general, but also other natural persons with whom it transacts in the context of its operation.

Depending on the form and purpose of processing, NUTRIPASS may collect and process personal data, such as the following:

CATEGORIES OF SUBJECTS

DATA CATEGORIES

Clients 

Customer data, if they are natural persons or the legal representatives of legal entities. These may include:

  1. Identity and demographic information (e.g. first name, last name, etc.),
  2. Contact details (e.g. registered office address, telephone, email, etc.),
  3. Professional details
  4. Contracts
  5. Account balances
  6. Bank accounts
  7. Special category data
  8. Other relevant information

Suppliers/Contractors

Data of NUTRIPASS suppliers, if they are natural persons or the legal representatives/representatives of legal persons. These may include:

  1. Identity and demographic information (e.g. first and last name, patronymic, etc.),
  2. Contact details (e.g. registered office address, telephone, email, etc.),
  3. Professional details
  4. Contracts
  5. Account balances
  6. Bank accounts
  7. Other relevant information

Data of other Natural Persons

Data of other natural persons who visit NUTRIPASS infrastructure or cooperate with it.

Employees (Active And Inactive) / Candidate Employees

Data of NUTRIPASS employees under any employment relationship, as well as data of former and prospective employees, which are held for purposes of operating their employment relationship with NUTRIPASS. These may include:

  1.  Identity and demographic information (e.g. first and last name, patronymic, etc.),
  1.  Insurance details (e.g. AMKA and other Social Security Institution Register details if required),
  1.  Contact information (e.g. postal address, telephone, email, etc.),
  1.  Biographical Notes,
  1.  Health data (e.g. medical certificates and opinions, etc.),
  1.  Financial data (e.g. bank accounts, etc.),
  1.  Details of family status (e.g. attestations and certificates, number and details of children, etc.)

Table 1. The categories of Subjects and their data

Purposes and Legal Basis of Processing

NUTRIPASS may collect and process personal data of the natural persons mentioned in the above paragraph who make use of its services and products. In principle, NUTRIPASS may collect and process personal data for the following purposes with the corresponding legal bases of processing:

PURPOSE OF PROCESSING

LEGAL BASIS

The collection, processing, cross-checking and transmission of data of the Tax, Insurance and Labor Administration exclusively for the support and operation of the framework of its responsibilities

1. Compliance with a legal obligation [art. 6 §1 c) G.K.P.D.] and/or

2. Serving legal interests [art. 6 §1 para. f) G.K.P.D.]

The collection and processing of the necessary data of employees and/or prospective employees and partners for the proper servicing of existing working relationships or collaboration relationships or the examination of possible future collaboration

1. Compliance with a legal obligation [art. 6 §1 c) G.K.P.D.] and/or

2. Serving legal interests [art. 6 §1 para. f) G.K.P.D.]

The provision of products and services

1. Compliance with a legal obligation [art. 6 §1 c. b) G.K.P.D.] and/or

2. Serving legal interests [art. 6 §1 para. f) G.K.P.D.]

The collection and processing of image data using closed circuit cameras (CCTV)

1. Protection of persons and goods in accordance with Directive 1/2011 GDPR

2. Serving legal interests [art. 6 §1 para. f) G.K.P.D.]

For any other form of processing, NUTRIPASS requests a specific written, free and prior informed consent of the subjects before starting the processing, if required.

 

Table 2. The main purposes and legal bases of processing

The reference to more than one legal basis of processing does not mean that NUTRIPASS changes them (lawful basis swapping) undermining the rights of data subjects, but that there are cases where more than one legal basis of processing is applicable.

Finally, NUTRIPASS does not use as the main processing basis the consent of the data subjects (whether it is simple data or special categories), recognizing the inherent inequality that exists in its relationship with each data subject and moreover in accordance with its recommendations Working Group of No. 29 (now European Data Protection Board). Except and exceptionally, for a few cases where an additional service is provided to the subjects (i.e. beyond the legally provided), consent is used in a limited way as a legal basis for processing and only then.

Transmission/Communication of data to third parties

The personal data collected may be shared or transmitted to third parties, as long as this is required for the fulfillment of obligations by law or is necessary for the fulfillment of our services provided, in compliance with the guarantees of the relevant legislation. We may outsource some of our services to individuals or legal entities. Only those personal data that are necessary for the fulfillment of the assigned services are transmitted to these persons and they are bound to our Company in terms of confidentiality and secure processing of personal data

Rights of Natural Persons

NUTRIPASS recognizes the rights of natural persons regarding the protection of their personal data. Thus natural persons have the right to:

  1. They are informed about the processing of personal data.
  2. They get access to the personal data concerning them.
  3. Request the correction of incorrect, inaccurate or incomplete personal data.
  4. They submit a request for the deletion of personal data when they are no longer necessary or if the processing is illegal. Since no. 6 par. 1 para. is applied as a legal basis for processing. c GDPR in most processing, the right to erasure is limited and will be determined on a case-by-case basis under the legal conditions. After all, according to recital 4 of the G.K.P.D., the right to the protection of personal data is not an absolute right; it must be assessed in relation to its function in society and weighed against other fundamental rights, according to with the principle of proportionality.
  5. They object to the processing of personal data for reasons related to their particular situation, subject to Article 21 par. 6 GDPR.
  6. Submit a request to limit the processing of personal data in specific cases.
  7. Submit a complaint to the Personal Data Protection Authority (1-3 Kifisias Ave., 11523 Ampelokipi, tel. 210.647.5600, www.dpa.gr) or to the supervisory authority of the EU member state where they live or work or to the supervisory authority of the place of the alleged offence.

Communication of Natural Persons

The above rights, as well as any right related to personal data, are exercised following a written request submitted at any point that is accessible to the public, or via electronic communication, by sending a message to [email protected] and is also examined by the Communication Manager for Personal Data Subjects, who has been designated by the Company.

Processing principles

NUTRIPASS accepts the basic principles governing the processing of personal data. Personal data (Article 5):

  1. They are processed lawfully and legitimately in a transparent manner in relation to the data subject (“lawfulness, objectivity and transparency”).
  2. They are collected for specified, express and lawful purposes and are not further processed in a manner incompatible with those purposes; further processing for archiving purposes in the public interest or for scientific or historical research or statistical purposes is not considered incompatible with the original purposes in accordance with Article 89(1) (“purpose limitation”).
  3. They are appropriate, relevant and limited to what is necessary for the purposes for which they are processed (“data minimization”).
  4. It is accurate and, where necessary, updated; all reasonable steps must be taken to promptly delete or correct personal data that is inaccurate in relation to the purposes of the processing (“accuracy”).
  5. They are kept in a form that allows the identification of the data subjects only for the period necessary for the purposes of the processing of the personal data; the personal data may be stored for longer periods, as long as the personal data will be processed only for archiving purposes in the public interest, for the purposes of scientific or historical research or for statistical purposes, in accordance with article 89 paragraph 1 and as long as the appropriate technical and organizational measures required by this regulation are applied to ensure the rights and freedoms of the subject of data (“restriction of storage period”).
  6. They are processed in a way that guarantees the appropriate security of personal data, including their protection against unauthorized or unlawful processing and accidental loss, destruction or damage, using appropriate technical or organizational measures (“integrity and confidentiality”).

Communication of Natural Persons

The above rights, as well as any right related to personal data, are exercised following a written request submitted at any point that is accessible to the public, or via electronic communication, by sending a message to [email protected] and is also examined by the Communication Manager for Personal Data Subjects, who has been designated by the Company.

Processing principles

NUTRIPASS accepts the basic principles governing the processing of personal data. Personal data (Article 5):

  1. They are processed lawfully and legitimately in a transparent manner in relation to the data subject (“lawfulness, objectivity and transparency”).
  2. They are collected for specified, express and lawful purposes and are not further processed in a manner incompatible with those purposes; further processing for archiving purposes in the public interest or for scientific or historical research or statistical purposes is not considered incompatible with the original purposes in accordance with Article 89(1) (“purpose limitation”).
  3. They are appropriate, relevant and limited to what is necessary for the purposes for which they are processed (“data minimization”).
  4. It is accurate and, where necessary, updated; all reasonable steps must be taken to promptly delete or correct personal data that is inaccurate in relation to the purposes of the processing (“accuracy”).
  5. They are kept in a form that allows the identification of the data subjects only for the period necessary for the purposes of the processing of the personal data; the personal data may be stored for longer periods, as long as the personal data will be processed only for archiving purposes in the public interest, for the purposes of scientific or historical research or for statistical purposes, in accordance with article 89 paragraph 1 and as long as the appropriate technical and organizational measures required by this regulation are applied to ensure the rights and freedoms of the subject of data (“restriction of storage period”).
  6. They are processed in a way that guarantees the appropriate security of personal data, including their protection against unauthorized or unlawful processing and accidental loss, destruction or damage, using appropriate technical or organizational measures (“integrity and confidentiality”).

Archive of processing activities

NUTRIPASS keeps a record of the processing activities for which it is responsible. That file includes all of the following information:

  1. the name and contact details of the controller and, where applicable, the joint controller, the controller’s representative and the data protection officer;
  2. the purposes of the processing,
  3. description of the categories of data subjects and categories of personal data,
  4. the categories of recipients to whom the personal data is to be disclosed or has been disclosed, including recipients in third countries or international organizations,
  5. where applicable, the transfers of personal data to a third country or international organization, including the identification of said third country or international organization and, in the case of transfers referred to in Article 49 paragraph 1 second subparagraph, the documentation of the appropriate guarantees,
  6. where possible, the prescribed deletion deadlines for the various categories of data;
  7. where possible, a general description of the technical and organizational security measures referred to in Article 32(1).

Protection of personal data

Taking into account the nature, scope, context and purposes of the processing, as well as the risks of different probability of occurrence and severity for the rights and freedoms of natural persons, NUTRIPASS implements appropriate technical and organizational measures in order to ensure and be able to prove that the processing is carried out in accordance with the G.K.P.D., adopting and applying a holistic personal data security policy.

When assessing the appropriate level of security by NUTRIPASS, particular consideration is given to the risks arising from processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access of personal data transmitted, stored or otherwise submitted in processing.

To prevent a case of personal data breach, NUTRIPASS as controller has adopted and implements a policy against attacks on the information systems it owns and manages, as well as a specific policy for managing any incidents of personal data breach.

Staff training

NUTRIPASS accepts that the protection of personal data presupposes the awareness of its human resources regarding the protection of personal data. In this direction, it accepts the adoption and application of the principle of the orientation of due education by exploiting the Fair Information Practices (FIP), which condense a set of standards that govern the collection and use of personal data and the treatment of privacy issues and accuracy. NUTRIPASS aims to make its human resources aware of basic concepts of personal data protection.

Update on the processing of personal data in Social Networking Media

Our Company has accounts on the following social media:

  • Instagram
  • Facebook
  • YouTube
  • Tik Tok

In the above media our Company processes personal data (such as your username and possibly your photo) in order to provide information about our activities and services and an additional way of communication.

By actions such as liking or following our specific page (“follow”), you consent to the relevant processing, i.e. to the processing of the username you use and any photo of you that accompanies it. The withdrawal of consent is done by the social media itself with the exact same but reverse process (unlike, unfollow).

In any case, we declare to you that we do not know and are not responsible for whether the social media in question carry out further processing of personal data, whether they have additional processing purposes, whether they carry out transfers to third countries, whether they use executors and sub-executors processing, if they carry out profiling and the way they carry out the overall processing of personal data.

We recommend that before providing any consent, you consult the privacy policy of the social media in question. In the event that by your own actions you upload your own photos to our page in the above media or additional personal data, you yourself bear the responsibility for this processing. Due to the particular ease of sharing photos and other personal data on social media, we recommend that you use them while assessing the potential risks arising from their publication.

Our Company does not and cannot exercise influence and control regarding the nature and extent of personal data collected and held by social networking platforms as a condition or result of their use and bears no responsibility for the collection and processing of personal data. of data carried out by them. For more information on the purposes of collection and further processing and use of personal data by social networking platforms as well as on the rights and available settings to protect your privacy and your personal data, please consult the privacy policy of the respective social networking platform.

Update on the processing of personal data through a video surveillance system

We use a surveillance system for the purpose of protecting people and property. The processing is necessary for the purposes of legitimate interests pursued by us as a controller (Article 6 para. 1. f GDPR)

Our legal interest consists in the need to protect our site and the goods located in it from illegal acts, such as theft. The same applies to the safety of life, physical integrity, health and property of our staff and third parties who are legally present in the supervised area. We only collect image data and limit downloads to areas we have assessed as having an increased likelihood of illegal acts being committed e.g. theft, without focusing on areas where the privacy of the persons whose image is taken may be unduly restricted, including their right to respect for personal data.

We inform you that for the purpose of informing both employees and visitors, warning signs regarding the use of a recording circuit have already been placed in clearly visible places in our company’s factory, in accordance with the requirements set by the A.P.D. E.G.

Amendment

This policy may need modification regarding the processing of personal data. In the event that the modification of the terms in question is of such a nature and extent that it is not covered by the above data processing terms, NUTRIPASS will publish the new version of the policy from the social networking platforms as well as the rights and available settings to protect your privacy and personal data, consult the privacy policy of the respective social networking platform

Update on the processing of personal data through a video surveillance system

We use a surveillance system for the purpose of protecting people and property. The processing is

necessary for the purposes of legitimate interests pursued by us as a controller (Article 6 para. 1. f GDPR)

Our legal interest consists in the need to protect our site and the goods located in it from illegal acts, such as theft. The same applies to the safety of life, physical integrity, health and property of our staff and third parties who are legally present in the supervised area. We only collect image data and limit downloads to areas we have assessed as having an increased likelihood of illegal acts being committed e.g. theft, without focusing on areas where the privacy of the persons whose image is taken may be unduly restricted, including their right to respect for personal data.

We inform you that for the purpose of informing both employees and visitors, warning signs regarding the use of a recording circuit have already been placed in clearly visible places in our company’s factory, in accordance with the requirements set by the A.P.D. E.G.

Amendment

This policy may need modification regarding the processing of personal data. In the event that the modification of the terms in question is of such a nature and extent that it is not covered by the above data processing terms, NUTRIPASS will publish the new version of the policy.

Generally

These Terms and Conditions of Use are governed by Greek law. Any dispute arising from the use of the owners’ Website shall be subject to the jurisdiction of the Greek courts. The “Terms and Conditions” constitute the entire agreement existing between the Customers (i.e. you) and the owners and supersede any other possible agreement that may exist between your. PERSONAL DATA AND HEALTH DATA IN CASE OF COLLABORATION a dietitian must:

. To keep a Processing File for the personal data and health data of its customers. The Processing File records the processing activities for which it is responsible. The file must include: 1) Name and contact details of controller, representative and DPO (if it has defined) 2) Purposes of processing, 3) Categories of data subjects (e.g. customers, employees) 4) Categories of recipients to whom the data is disclosed 5) Transfers to third countries or international organizations 6) Anticipated erasure deadlines 7) Technical and organizational measures security

. To inform the customer during the stage of receiving the personal data about the information collected, the purposes for which it is collected, the security measures it observes, potential recipients of the data – only if this is necessary for the provision of the dietary service – and the rights of the customers, in terms of the protection of their data. The above obligation can be paid by quoting the following appropriately adapted statement on the customer form when receiving the data:

According to articles 6 par. 1b) and 13 of the General Regulation of the Protection of Personal Data of the E.U. (GDPR) it is necessary to keep a record in order to carry out dietetic operations, in which the following are recorded: Name, surname, gender, age, profession, customer address, customer e-mail address, dates of visit, physical data (weight, height, body dimensions, measurements of fat, muscle mass, etc.), reason for the visit, results of clinical and paraclinical examinations, diets. This file is kept for a period of 5 years after your last visit.

The dietician observes the necessary security measures to safeguard your personal data.

As a customer regarding your personal data, you have the following rights:

  • Right to access your data: The right to know if your data is being processed, how and for what purpose.
  • Right to rectification of your data: The right to request rectification of your personal data if it is inaccurate or incomplete.
  • Right to delete your data (“right to be forgotten”): The right to request the deletion or removal of your personal data, under certain conditions and after the expiry of the above mentioned five years.
  • Right to restrict the processing of your data: The right to request the restriction of the processing of your personal data when certain conditions are met.
  • Right to portability of your data: Your right to request that your data be sent to a third party (eg another dietitian).
  • When you submit a request exercising one of the above rights, the dietitian must respond to you within 1 month, either satisfying the right (eg giving you a copy of the file) or rejecting your request with reasons or explaining the reasons for the delay. In any case of delay, however, the dietician must respond positively or negatively within 3 months of the request.

. Have an information form and obtain the consent of its clients if it is going to use data for purposes other than the provision of nutritionist services: If the clients’ personal data is to be used for other purposes (e.g. sending a message to remind a recheck , phone call for an appointment, use of data for clinical research, product promotion), then the dietitian must:

  1. to clearly inform the patient about the further use of his data and for its purpose and
  2. not to proceed with their further use without obtaining the patient’s consent for each purpose separately.

 The above obligation to inform (b) can be paid by quoting on the customer form when receiving the data.

. To recognize and respect the rights of Customers:

  1. The customer, regarding his personal data, has the following rights)
  1. a) Right of access to his data: The right to know if his data is being processed, how and for what purpose.
  2. b) Right to correct his data: The right to request correction of his personal data if it is inaccurate or incomplete.
  3. c) Right to delete his data: The right to request the deletion or removal of his personal data under certain conditions.
  4. d) Right to restrict the processing of his data: The right to request the restriction of the processing of his personal data when certain conditions are met.
  5. e) Right to data portability: The customer’s right to request that their data be sent to a third party (e.g. another dietician).

2) When a client submits a request exercising any of the above rights, the dietitian must respond within 1 month either satisfying the right (e.g. giving the client a copy of the file) or rejecting the request with reasons (e.g. denying a deletion request ) or explaining the reasons for the delay. In case of delay, however, he must respond positively or negatively within 3 months of the request.

3) When the period of five years has passed since the last visit, the personal data of the customers must be destroyed.

. To apply technical security measures:

To use a strong – difficult password (e.g. not “1234”) to enter the systems and applications and to change them at regular intervals.

Disabling storage media (e.g. USB) where it is not needed (e.g. office PC).

Use of modern computer operating systems and their continuous updating.

Use of anti-malware (antivirus) software.

Activating a Protection Wall (Firewall) on the computer.

Avoid using free software (free download).

Avoid using and granting privileged access rights to the ordinary user (Local Administrator rights).

Take backups at regular intervals.

Avoid using free e-mails, e.g. Yahoo, to send and receive health data, e.g. medical examinations.

Local computer disk encryption through the operating system.

Encrypt external storage devices (eg external hard drive, USB, etc.).

Call Now
Book Now