1.1 Who we are:
Dragées Hatziyiannakis was established in 1950 by Nikolaos Hatziyiannakis as a confectionery family business with the vision to always produce top quality products. The company soon became the leading dragées manufacturer in Greece. In the following years, the company’s reputation exceeded the country’s borders and now has an international presence in more than 40 countries, acquiring an important share in the European, North American, Australian and Middle Eastern markets.
In our state-of-the-art facilities we use carefully selected raw materials from officially certified producers in Greece and abroad, and make the best out of them using cutting edge technology and aligning traditional with innovative production methods. Our list of unique products includes: sugar dragées, tailor-made/personalized dragées, chocolate dragées, sweet pebbles, sweet decoratives and a plenty of others.
In its 65-years course, Dragées Hatziyiannakis has always been seeking for new, innovative products staying true to its fundamental principal; the quality of its products.
1.2. Protection & Processing of General Personal Data
Personal Data (PD) is any information relating to an identified or identifiable natural person. An identifiable natural person is one whose identity can be ascertained, directly or indirectly, by reference to an identification identifier, such as a name, identity number, location data, online identity card, or one or more factors matching to the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.
This also applies to more personal information such as habits, preferences, biometric data, etc.
Every company that manages personal data relating to living natural persons within the EU, is required, from 25th of May 2018, to fully comply with EU Data Protection Regulation 679/2016 on the protection of personal data. The Regulation is directly applicable in all EU Member States.
The collection of PD is a form of processing, such as storing, organizing, structuring, altering, retrieving, searching for information, using, disclosing, deleting, or destroying.
The enterprise has to collect PD (ie personal information) for the effective execution of everyday business functions and services and in some occasions for the compliance with the legislation and / or the regulations that it applies.
Furthermore, it aims to:
- Inform the natural persons about the PD we collect and process, for what purpose, in what way and for how long.
- Ensure that the natural persons are aware of their rights and of our duty for accountability and security.
- Provides an easy and clear way of securing your consent, as one of the six legal basis for processing PD and at the same time enables you to withdraw this consent whenever you want.
2. What kind of PD we are processing
When you call us, visit our website, ask questions or order one of our products, we may ask you for information (PD) such as name, address, email, telephone number, IBAN, age, date of birth.
Furthermore, it is likely that you choose to voluntarily disclose to us additional PD (as in the case of sending a CV) or send us additional information (such as your update on specialized and personal products).
We collect information, directly or indirectly, in the following ways:
- Information you give us when you contact us or visit our website.
- Information we receive from your usage of our products and services or our partners’ services.
- It is likely to use information from advertising networks, our customers or third parties, in order to let you know about special services that may interest you.
For further information on how to access, manage or delete information, see sections 5 & 6 below.
3. How we use PD?
We use the information we collect, according to the consent you provide us with (section 8), in order to:
- Process your order and shipping the product,
- Provide you with personalized and updated services,
- Contact you to inform you about new services or products that may interest you,
- Process your payment or prevent or detect potential frauds,
- Answer to your questions
When you contact us, we keep a record of our communication messages so as to resolve any issues you may have. We do not allow any unauthorized entities, especially without your consent, to access your information.
Your consent is prerequisite for all the above (see sections 5 & 8 below).
4. Who we share your PD with
We do note disclosure or share PD with companies, organisations or natural persons outside our business, unless one of the following situations occurs:
- With your own consent: we share your personal information with companies, organisations and natural persons when we have your explicit consent.
- For legal purposes: We share personal information with public services when it is reasonably necessary and in order to comply with laws, regulations, legal procedures or governmental demands
- For scientific research: We provide non-identifiable data for scientific research or statistical studies.
5. Your rights and our obligations
5.1 Your rights
Our clients, the users of our services and our website visitors, have rights under the Regulation for the Protection of the Personal Data (which should not be in contrary to the legislation). The rights of the natural persons are the followings:
- Right of access to their PD
- Right to correct their PD
- Right to delete their PD
- Right to restrict the process of their PD
- Right to be informed about correcting or deleting or limiting the processing of their own PD
- Right to portability of their PD
- Right to object to the processing of their PD
- Right to object to the automated decision making including profile instructions.
5.2 Our obligations
Our obligations include:
- The principle of accountability in respect with the 6 principles of processing the PD (legitimacy, objectivity and transparency, purpose limitation, minimasation of PD, accuracy of PD, limitation of storage period, security, integrity, and confidentiality).
- Every process of the PD is legitimate only if one of the following 6 conditions applies:
- The subject of the data has consent to the processing of the data.
- The process of the PD is necessary for undertaking a contract, where the subject is a party.
- Processing is necessary for the compliance with the legal obligation of the controller
- Processing is necessary to safeguard the vital interest of the natural person
- Processing is necessary for the fulfillment of a duty to the public interest or during the exercise of public authority entrusted to controller
- Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, unless the interest or fundamental rights and freedoms of the natural person prevail
In addition, we implement the appropriate technical and organizational measures to protect our company and our customers against unauthorized access or alteration, tampering or destruction of the PD we have in our possession. Specifically:
- We encrypt many of our services.
- We control data collection, storage and processing practices, including security measures, to protect against access to systems.
- Access to personal information is limited and controlled, and these natural persons are subject to strict contractual obligations of confidentiality.
- In case that outside partners (for maintenance or support purposes) have potential access to PD, certain appendices of the existing cooperation contracts cover the requirements of the Regulation.
Throughout the entire processing cycle of PD (from collection to destruction of the PD), we take the appropriate technical and organizational measures to ensure the confidentiality, integrity and availability of PD. Similar measures are required by third parties handling or processing PD.
Our services, products and website are not indented for children under the age of 16. We do not, to our knowledge, process PD of any children under the age of 16.
6. Access to your own PD and information
Within the scope of the Rights granted to you by the Regulation, you can view and request a correction or limitation of processing or deleting the PD (see in detail your rights in Section5.1)
In such cases, you are requested to fill in a subject access request (SAR). We are obliged to respond to you within one month of the receipt of the SAR.
The exercise of the rights of a natural person can always be done under the existing legislation (eg you cannot ask for a deletion of your PD when the labor law requires to be retained for 10 years).
Every time you use our services, our goal is to provide you with access to your own PD. If this data is incorrect, we put efforts to provide you ways for quick update or deletion of this data –unless we have to maintain this information due to relevant legislation or for legitimate purposes.
WOULD YOU LIKE TO FILL A SAR FORM?
Please contact with Customer Service Department at email@example.com, in order to provide you the SAR.
7. Your consent and its withdrawal
Our company under:
- Compliance with the Regulation on the General Data Protection (EE679/2016) and the relevant national legislation
- Respect for protecting the privacy and security of personal data
Your consent is for distinct purposes and may be withdrawed (per case/object or in total) at any time.
The company will collect and process PD only where it can legally do so, such as (a) requirement of legislation, (b) processing of a contract that the natural person is a party, (c) processing in compliance with the legal obligation of controller, (d) processing necessary to safeguard the interests of the natural person, (e) processing necessary for the purposes of the legitimate interests pursued by the controller or a third party, unless such interest or fundamental rights and freedoms prevail over those interests.
8. Ways of communication
HATZIYIANNAKIS DRAGEES SA
Customer Service Department
Address: 70B Thivon Ave., 18542, Piraeus, Greece
t. +30 210 4202962
f. +30 210 4201039