Introduction

The data controller responsible for your personal data is the company FLOROS CHRISTOS & PANAGIOTIS OE, with its registered office at 35 Papaflessa, Postcode 564 29, Nea Efkarpia, Thessaloniki, Tel.: 2310 684070, E-mail: info@florοil.gr, Tax Registration Number 099931471.

Flor Oil is active in the production and wholesale distribution of lubricants and mineral oils. The company was founded in 1963 and is now one of the largest and most reputable small-scale manufacturers in the sector, having built up a client base across Greece and in neighbouring Balkan countries.

Our product catalogue features a wide range of lubricants and specialised products, designed to successfully meet your needs. Flor Oil’s priority in Thessaloniki is to offer consumers top-quality lubricants that protect every machine. This is something we have achieved after 53 years of continuous research and repeated testing of each individual product.

In our day-to-day operations, we process data relating to individuals, including:

  • Customers
  • Visitors to our website
  • Other stakeholders (employees, suppliers)

Our Company complies with the General Data Protection Regulation (2016/679 EU, GDPR) and all other European and national legislation concerning the protection of personal data, electronic communications, etc., and undertakes to ensure the protection of your data at all times:

  • Data is collected for specific, explicit and legitimate purposes and is not further processed in a manner incompatible with those purposes.
  • We collect only the personal data necessary for each processing purpose and process it lawfully, fairly and in a transparent manner in relation to the data subjects.
  • We ensure that it is, as far as possible, accurate and up to date, and we retain it only for as long as is necessary for the purposes for which it is processed.
  • In any event, the criterion we use to determine the retention period is based on, and takes due account of, the need to comply with any relevant legal requirements, as well as the principle of data minimisation.
  • We process Data electronically and manually and take all appropriate measures to protect personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.

Collection, purpose, legal basis for processing and retention period of your data

  1. Data we collect automatically via our website

The website www.floroil.gr uses the SSL (Secure Sockets Layer) protocol, which employs methods to encrypt data exchanged between two devices (most commonly computers), establishing a secure connection between them via the internet, thereby protecting your personal data.

When you visit our website, our server collects what are known as server log files, specifically:

• The date and time of your visit to the website.
• The volume of data transmitted in bytes.
• The browser and operating system you used to access the website.
• Your Internet Protocol (IP) address when you access the website. Your IP address constitutes personal data, together with the date and time of your visit, although we cannot identify you solely on the basis of this data.

The legal basis on which we collect your IP address and store it in specific files (log files) is our legitimate interest in processing this data in order to ensure the security of networks, information and services against accidental events or unlawful or malicious acts that compromise the availability, authenticity, integrity and confidentiality of stored or transmitted data (e.g. defence against DDoS ‘denial-of-service’ attacks), as well as our legal obligation to provide a more secure environment for the processing of your personal data (GDPR Article 6(1)(f) and (c)). The data will not be transferred or used in any other way. However, we reserve the right to check server logs (server logs) if specific indications of unauthorised use are detected.

  1. Customer Data

When you visit our company, we may collect your personal data, such as your full name, telephone number, email address and, where applicable, other contact details.

The purpose of processing your data is to provide you with the products you have requested, and the legal basis for the processing is the performance of the contract between us (Article 6(1)(b) and Article 9(2)(h) of the GDPR). Your data will be retained for as long as required by tax legislation.

  1. Data we collect via email, the contact form or for the purpose of sending our newsletter

When communicating with us via email or via the on our website, or for the purpose of sending our newsletter, we collect your name, email address and any other information you provide to us. This data is stored and used exclusively to respond to your enquiry. The legal basis for the processing of your personal data is your consent (GDPR, Article 6(1)(a)). Your data will be deleted once processing of our correspondence. This will take place once the purpose and scope of our correspondence have been fulfilled, provided there are no legal requirements for the storage of such data.

  1. Social media pages

Our Company maintains pages on social media platforms – Facebook, Twitter and LinkedIn. You can contact us via our pages to receive further information about our products and services by ‘Send a message’ option. In order to respond to your enquiries, we collect and process your social media username, as well as other information that is publicly available via your profile.

The very act of sending a message for the purpose of communicating with us implies your consent to the aforementioned processing of your data.

If you choose to ‘connect’ with our page (by clicking ‘add’), this implies that you are giving your consent to view the news and promotional activities (via the newsfeed) carried out by the Company through its social media page. If you do not wish to receive such updates, you may at any time click on the ‘Delete’, ‘Unfollow’ or similar option.

We take all necessary security measures (both technical and organisational) to ensure the security of data processing via Facebook and other social media platforms, such as, for example, restricting the number of people who have access to manage our social media account. Our company accepts no liability for the manner or means by which social media platforms process your data. You can find out more about how your data is processed by social media platforms such as Facebook, Twitter and LinkedIn.

  1. Supplier data

In order to fulfil the contract between us, we collect data from our suppliers, such as full name, company name, address, contact details, delivery details and financial data, which you provide to us yourselves. The legal basis for processing your data is the performance of a contract and our compliance with legal obligations (GDPR Article 6(1)(b) and (c)), and we retain this data for a period of up to twelve years from the last provision of services, or for as long as required by tax and any other relevant legislation.

6.Submission of a CV

When you submit a CV to our Company online or at our offices, you provide us with the personal data contained in your CV, such as your first name and surname, your education, experience, professional skills and preferences, etc., as well as any other information you may wish to disclose to us, such as your photograph.

We retain your personal data for up to three years to consider the possibility of recruiting you, and the legal basis for processing your personal data is your consent, as well as your request prior to entering into a contract with us (GDPR Article 6(1)(a)and (b)).

Who has access to your data. Data transfers.

Your data is accessible to our employees, as well as to any other person authorised to process your data in the course of the course of their duties. Furthermore, we work with third parties, whether individuals or legal entities, professionals, independent consultants, etc., who provide us with commercial, professional or technical services (e.g. website hosting, accounting services) for the purposes set out above, and support our Company in whole or in part, in connection with our activities.

Where applicable, these natural or legal entities will act as Joint or Independent Data Controllers, Data Processors or persons authorised to process personal data for the same purposes as set out above, with the same security measures and in accordance with applicable legal obligations.

Before the third party receives the Personal Data, we must: (1) complete a privacy audit to assess the privacy practices and risks associated with these third parties (2) obtain contractual assurances from these third parties that they will process Personal Data in accordance with our instructions and in accordance this Policy and applicable law; that they will immediately notify our company of any Personal Data Protection or Security incidents, failure to comply with the standards set out in this Policy and existing legislation, that they will cooperate in remedying any such incident, that they will assist us in fulfilling the rights of individuals set out below, and that they will allow the Data Controller to monitor their processing with regard to compliance with these requirements.

Finally, the data may be further disclosed to public authorities and institutions, as well as to our legal advisers (solicitors and insurance companies), for legitimate purposes.

Apart from the above, the Data will not be disclosed to third parties, whether individuals or legal entities, nor will it be disseminated.

Our Company does not transfer Personal Data outside the EU, and if necessary (for example, in order to use cloud services), this will be done in accordance with the terms and conditions set out in Articles 44 et seq. of the GDPR, such as with your consent, the use of standard contractual clauses approved by the European Commission, or to countries deemed safe by the European Commission.

Data relating to minors

Our company does not process data relating to minors

Cookies and similar technologies

Like most websites, we use cookies and similar technologies when you access and browse our Website, in order to make your experience as convenient and efficient as possible.

Cookies are small text files stored on the hard drive of the computer or other electronic device used by the user to access the website. Cookies are unique to each web browser (e.g. Google Chrome, Mozilla Firefox, Internet Explorer, Opera, etc.) and contain anonymised information relating to the websites you visit and the devices you use.

Types of cookies we use:

  1. a) Technical and functionality cookies (essential)

    These cookies are responsible for the basic functions of our website and application. They are essential for you to be able to navigate our website and access its various sections. The provision of the website’s basic services of the website is not possible without these cookies.

    b) Statistical analysis and performance cookies

    These cookies collect information about how you use our website, such as the website from which you arrived, the pages you visit most frequently, the browser you used, etc. We use this information to analyse website traffic and improve the performance of our website. It collects aggregated, anonymous statistical information that cannot be used to identify individual visitors.

    Information about the Google Analytics service

    We use Google Analytics to track visitor traffic and improve our website. Google Analytics uses cookies to store certain information, such as the duration of the visit to the website, the used, the location from which the visit originated and the frequency of visits. In order to access this data, we allow Google Analytics to place cookies on the hard drive of the visitor’s computer or any other electronic device.

    The Google Analytics service is owned by Google Inc. Further information on Google’s data processing policy can be found here, and on the use of cookies the context of the Analytics service, here. Technical information about Google Analytics cookies is available here.

    You can opt out of the collection of your data via Google Analytics altogether by installing the following add-on in your browser:

    https://tools.google.com/dlpage/gaoptout

    c) Cookies for marketing/targeted advertising

    We use cookies (including, where applicable, third-party cookies such as DoubleClick/Google, etc.) to display personalised adverts tailored to your preferences. A unique identifier (ID) is used to recognise information such as your IP address, the browser you are using, which advert has already been displayed in your browser, whether you have accessed a website via an advert, and the geographical location from which your visit originates. You have the option to refuse the installation of these cookies, in which case the adverts shown to you will not be personalised.

Managing cookies

You can decide, on a case-by-case basis or collectively, whether to accept cookies during

visiting our website. You can also configure your browser so that you are notified of cookie settings and can decide whether to accept or block them. Each browser differs in the way it manages cookie settings. This is described in each browser’s help menu, which explains how you can change your cookie settings. Follow the links below depending on which browser you use:

Internet Explorer

Firefox

Chrome

Safari

Opera

Please note that you will need to adjust the settings separately for each browser and on each device you use. We would also like to inform you that restricting cookies will prevent you from making full use of some of our services and will not allow us to improve and personalise your browsing experience on our website.

You can find more information about cookies on the websites www.allaboutcookies.org and www.youronlinechoices.eu.

Alternatively, you can disable the use of third-party cookies via the relevant service provided by the Network Advertising Initiative.

See here for a detailed list of the cookies we use.

Data Subjects’ Rights

You can contact us by telephone, post or email at the addresses listed in the ‘Introduction’ section above to exercise your rights in accordance with Articles 15 et seq. of the GDPR, namely the rights to be informed, to access, to rectification, to erasure (where applicable), to restriction of processing or to object to processing.

You may, for example, request an up-to-date list of the individuals who have access to your data, receive confirmation as to whether or not we are processing personal data relating to you, check its content, source, accuracy and location (including in relation to any third country), to request a copy, to request their rectification and to restrict their processing, or even request their erasure, where applicable.

You may always submit comments and lodge complaints with the Hellenic Data Protection Authority, 1–3 Kifissias Avenue, GR 115 23, Athens, Call Centre: +30-210 6475600 or at http://www.dpa.gr/