Privacy Statement

We consider the security of your personal data as a top priority and are committed to safeguarding it at all times.

This Website Privacy Statement (hereinafter referred to as "Privacy Statement") informs you how BIOGENESYS I.K.E., (hereinafter "the Company" or "we" or "us") processes your personal data as Data Processor, during your interaction (as ordinary visitors or users of the provided Services) with our website www.biogenesys.gr (hereinafter referred to as "Websites"), as well as your rights with respect to this data.

1. What is personal data

Your personal data contains all information, whether in paper or electronic, which may lead, either directly or in combination with other data, to your unique identification as a natural person under the provisions of the General Data Protection Regulation 2016/679 (hereinafter referred to as "the GDPR"), the applicable Greek law and the decisions of the Hellenic Data Protection Authority (HDPA).

2. What personal data we collect

We collect the following personal information from you or from third parties:

(a) Information we receive through our websites when you simply visit it.

IP address, browser type and cookies. See also the relevant Cookies Policy below.

(b) Information we receive when you use the services offered by our websites, such as contact forms:

Full name, basic physical or electronic contact information, and any additional information you provide us.

3. Why we collect personal data

Your personal information is collected in order to:

(a) Respond to your requests and provide information about our Company and our services that you have consented to receive, e.g. newsletters, industry updates, invitations, surveys, etc.

(b) To serve the legitimate business interests of our Company. In certain cases, we process data in a way that is reasonably expected as part of our business operation and does not substantially affect your rights, freedom or interests, e.g. for internal functions and analysis such as quality assurance, internal management, fraud prevention, security, use of management information systems, and for sending newsletters related to our Company's products and services that we believe may be of interest to you.

(c) Due to a legal obligation, e.g. compliance with existing legislation.

We do not use your personal information for any other purpose.

4. Your rights regarding to your personal data

(a) You have the right to access your personal data.

This means that you have the right to ask us if we process your personal data.

(b) You have the right to correct inaccurate personal data.

If you find that your personal information is incorrect you can request us to correct it.

(c) You have the right to delete / right to be forgotten.

You may ask us to delete your personal data if it is no longer necessary for the above processing purposes or if you wish to revoke your consent if this is the only lawful basis of processing.

(d) You have the right to portability of your personal data.

You can ask us to provide you in readable form the data you provided, or ask us to forward it to another controller.

(e) You have the right to restrict processing.

You can ask us to restrict the processing of your personal data for as long as your processing of objections is pending.

(f) You have the right to object and withdraw consent of the processing of your personal data.

You may object to the processing of your personal data and we will stop processing it unless there are other compelling and legitimate reasons that prevail over your right. If you have consented to the processing of your personal data, you may revoke your consent at any time with future effect.

(g) You have the right not to receive marketing communications.

You may choose not to receive direct marketing communications from us.

(h) Where we process data based on our legitimate business interest.

In cases where we process your personal data based on our legitimate business interest, you may ask us to stop doing so, for reasons related to your personal situation. We must then do so if we do not believe that we have a legitimate compelling reason to continue to process your personal data.

5. Minimization, storage and deletion of your data

We will always request the minimum personal data required by law for the implementation of our services and the best possible service to you.

The processing of your personal data takes as long as necessary to fulfill our contractual and other legal obligations.

Your personal data may be held for up to 20 years after the end of our relationship, but also for longer if it cannot be deleted for legal, regulatory or technical reasons or if it is kept anonymous for research or statistical purposes.

6. Cookies Policy

Cookies are small pieces of text files that are stored in the browser of the web page visitor.

Our websites use the following types of cookies:

(a) The necessary cookies, otherwise essential to the proper functioning and security of our websites. These cookies do not identify you personally, nor are they transmitted to third parties for further processing. Without these cookies, our websites are inoperative and your consent is not requested prior to their use.

Cookies in this category (necessary): CAKEPHP, Expiry 24 days

(b) Preference cookies, which improve the functionality of the site. Thanks to the use of these cookies, browsing is tailored to your interests so we can save you time by not re-entering information, such as the desired language for displaying website information, search history, shopping cart. These cookies do not identify you personally, nor are they transmitted to third parties for further processing and your consent is not requested prior to their use.

Cookies in this category (preference): CakeCookie [Cart], Session Cookie

7. Transfer of your data to third parties

Only the necessary personnel of our Company can access your personal data, as long as that they have committed to sustaining confidentiality.

As a rule, we do not pass on your personal data to third parties unless explicitly required by Law/Regulations or to the extent required to complete our service and fulfill requests regarding the services provided by us.

Such third parties may be providers of various services such as consultants, IT services, internet-email providers and administrators, telecommunication providers, companies with whom we have a partnership agreement, companies with which you are requesting to share your data, as well as supervisory / government authorities.

When using third-party service providers, we strive to enter into agreements that oblige them to apply appropriate technical and organizational measures to protect your personal data.

We may also share your personal information if the Company's corporate structure changes in the future. We may choose to sell, transfer or merge part of our business, or our assets, or we may seek to acquire or merge with other businesses. During such a process, we may share your data with other parties. We will only do this if the other parties agree to keep your data secure and confidential. Should such a change in the Company's corporate structure occur, then other parties may use your data in the same manner as described in this Privacy Statement.

Your personal data is usually stored in Greece, but we may need to transfer it to another country. If your personal data is transferred to a country outside the European Economic Area (EEA), this will be performed based on EU adequacy decisions, binding corporate rules, standard data protection clauses and approved codes of conduct.

8. Security of your personal data

Recognizing the importance of protecting your personal data, we take the appropriate organizational and technical measures to protect your data from accidental or unauthorized processing. We use modern and advanced methods, in accordance with appropriate standards and in accordance with the terms of this Privacy Statement, to ensure maximum security.

To this end, we have appropriate security policies and we use appropriate technical and operational tools such as anonymization, pseudonymization, cryptography, firewalls, physical security, access control, staff training, internal / external audits, software security updates, as well as compliance with international standards regarding security and business continuity.

9. Automated decision making and profiles

We do not make decisions based solely on automated processing. In some cases, we process your personal information to evaluate your preferences and provide you with targeted information and advice related to our Company products and services that we believe may be of interest to you.

10. Exercise of your rights

For questions regarding this Privacy Statement, as well as any questions regarding to the processing of your data and to the exercise of your rights, you may contact the designated person for Data Protection of our Company at 37 Alexandrou Str., Anatoli, 45221, Ioannina, Greece or via the email address info@biogenesys.gr.

We will respond to your inquiries free of charge, without delay, and in any case within one (1) month after we receive your request. However, if your request is complex or we are dealing with a large number of requests we will let you know within the month if we need an extension of another two (2) months within which to respond.

If your requests are manifestly unfounded or excessive in particular because of their repeated nature, the Company may charge a reasonable fee, taking into account administrative costs for providing the information or performing the requested action or may refuse to respond to the request.

11. Applicable law to the processing of your data

The applicable law is Greek law, as formulated in accordance with the GDPR, and generally the applicable national and European laws and regulations for the protection of personal data. The courts of Ioannina, Greece are the competent courts for any disputes concerning your personal data.

12. Complaints

You have the right to file a complaint with the Hellenic Data Protection Authority (1-3 Kifissias Ave, 115 23, Athens, Greece, tel. 210. 6475600, if you believe that the processing of your personal data is in breach of applicable national and regulatory requirements of the protection of personal data.

13. Validity of Privacy Statement

This Privacy Statement was published by our Company on 03/03/2020 and is subject to periodic improvement and review.