This privacy policy (“Policy”) outlines how personally identifiable information (“Personal Data”) you may provide to the website “www.endoscopiki.gr” (“Website” or “Service”) is collected, protected, and used. It also explains your options regarding our use of your Personal Data and how you can access and update this data. This Policy is a legally binding agreement between you (referred to as “User,” “you,” or “your”) and ENDOSCOPIKI SA (referred to as “ENDOSCOPIKI SA,” “Company,” “we,” “us,” or “our”). By accessing and using the Website and Services, you acknowledge that you have read, understood, and agree to the terms of this Policy. If you do not agree to comply with the terms of this Policy, you are not authorized to access or use the Website and Services.
The data controller of your personal data is the corporation ENDOSCOPIKI SA, a commercial medical supplies company, based in Athens, at 12 Zagoras Street, postal code 11527, VAT number 094504367, General Commercial Registry (GEMI) number 2972201000, telephone: 210-7488820, Email: info@endoscopiki.gr. In the daily operations of our website, we process data related to natural persons, including:
➢ Website visitors
➢ Other interested parties (employees, suppliers)
Our Company complies with the General Data Protection Regulation (EU 2016/679 GDPR) and any other European and national legislation concerning personal data protection, electronic communications, etc., and is committed to always ensuring the protection of your Data:
➢ Data is collected for specific, clear, and legitimate purposes and is not processed in ways incompatible with those purposes.
➢ We collect only the necessary personal data for each processing purpose, and we process it lawfully, fairly, and transparently concerning the data subjects.
➢ We strive to ensure the data is accurate and up-to-date, keeping it only for as long as necessary for the purposes for which it is processed.
➢ The criteria we use to determine storage periods are based on compliance with relevant legal requirements and the principle of data minimization.
➢ We process Data both electronically and manually, taking appropriate measures to protect personal data, including protection from unauthorized or illegal processing and against accidental loss, destruction, or damage, using suitable technical or organizational measures.
Collection, Purpose, Legal Basis for Processing, and Data Retention Periods
1. Data Collected Automatically through Our Website
The website “www.endoscopiki.gr” uses SSL (Secure Sockets Layer) protocol, which employs data encryption methods to ensure a secure connection between two devices (most commonly computers), resulting in the protection of your personal data.
When you visit our website, our server collects log files containing:
➢ Date and time of access
➢ Data volume transmitted in bytes
➢ Browser and operating system used for access
➢ Internet Protocol (IP) address at the time of your visit.
Although we cannot identify you solely through this data, the IP address, along with the date and time of your visit, constitutes personal data.
The legal basis for collecting your IP address and storing it in special logs (log files) is our legitimate interest in processing this data to ensure network, information, and service security from accidental events or illegal or malicious actions compromising data availability, authenticity, integrity, and confidentiality (e.g., DDOS attack prevention), as well as our legal obligation to provide a secure environment for processing your personal data (GDPR Article 6(1)(f) and (c)). Data will not be transferred or used in any other way. However, we reserve the right to check server log files if there are specific indications of unauthorized use.
2. Data Collected through Email and Contact Form
During communication between us via email and the Contact Form, we collect your name, email address, and any other information you provide to us. This data is stored and used solely to respond to your request. To fulfill requests you submit via the contact form and/or to provide updates on adverse reactions, it is necessary to consent to the processing of data marked with an asterisk (*). Without this mandatory data or your consent, we cannot proceed further. However, information requested in fields not marked with an asterisk and your consent to receive promotional material is optional, and not providing them has no consequences.
In any case, even without your prior consent, the Data Controller may process your data to comply with legal obligations deriving from laws, regulations, and EU law, exercise rights in legal proceedings, pursue its legitimate interests, and in all cases provided by GDPR Articles 6 and 9. Processing occurs both digitally and on paper, with the application of security measures required by current legislation.
The legal basis for processing your personal data is your consent (GDPR, Article 6(1)(a)). Your data will be deleted after final processing of our communication, once the purpose and scope of our communication are completed, provided there are no legal retention requirements.
3. Supplier Data
To execute our contract, we collect supplier data such as name, address, contact details, shipping details, and financial data provided by you. The legal basis for processing your data is the performance of a contract and compliance with legal obligations (GDPR Article 6(1)(b) and (c)), and we retain it for up to twelve years from the last service provision, or as required by tax and other relevant legislation.
4. Purpose and Method of Data Processing
Data is processed for the following purposes:
(i) To handle requests submitted via the Contact Form, follow-up communications, or provision of information. The legal basis for this processing is your consent (GDPR Article 6(1)(a) and 9(2)(a)) and the performance of a contract you are party to;
(ii) To manage adverse reaction reports submitted via the Website or Forms. The legal basis for this processing is your consent (GDPR Article 6(1)(a) and 9(2)(a)), as well as any public interest (GDPR Article 9(2)(i)) and legal obligations;
(iii) To receive advertising materials (direct marketing) from us, with your consent.
Selecting the appropriate boxes signifies agreement to this data processing. Data may still be processed, even without your consent, for purposes of legal compliance, EU law compliance (GDPR Article 6(1)(c)), obtaining website usage statistics, and ensuring proper website functionality (GDPR Article 6(1)(f)).
Personal data is stored in our information system in full compliance with data protection legislation, including security and confidentiality profiles, following best practice, legality, and transparency principles for processing. Data is stored only as long as necessary to fulfill its collection purpose, with criteria based on statutory timelines and principles of data minimization, limited storage, and effective record management.
Data is processed using both printed and automated means, ensuring an appropriate level of security and confidentiality.
5. Principles Applied During Processing
We are permitted to process your personal data to provide personalized services, in accordance with the law (Article 6(1)(b) of Regulation (EU) 2016/679) and the relevant National Implementing Law. Your personal data will not be used for purposes other than those described in this Declaration, unless we obtain your prior consent or unless required or permitted by law.
Personal data is processed in a manner compatible with the purpose for which it was collected.
The principle of proportionality applies to the processing of personal data, which entails an obligation not to collect personal data without necessity.
The personal data used must be accurate and up-to-date.
Personal data that is no longer accurate or complete must be corrected or deleted.
Except in cases where the law requires retention for a longer period, personal data will not be stored for longer than necessary for the purposes for which it was collected or processed.
The processing of personal data is conducted in accordance with the principles of good faith.
This means that data subjects can expect data processors to exercise due care in all matters concerning data processing.
Data subjects whose personal data has been processed will be informed accordingly, upon request. Specifically, they have the right to know the purposes for which their data is being processed, the type of data involved, and the identity of the data recipients. Where deemed necessary, data subjects also have the right to request the correction, non-transmission, or deletion of their data.
The aforementioned rights may only be restricted if such restriction is provided for by law. This applies particularly in the context of scientific research.
In particular, personal data is protected against unauthorized disclosure and any unlawful processing. Measures implemented ensure a level of security appropriate to the nature of the data to be protected and the risks that may arise from its processing.
The data controller is responsible for ensuring compliance with and implementation of Regulation (EU) 2016/679 and the National Implementing Law.
Our employees involved in the processing of personal data are adequately informed and trained. Procedures for processing third-party personal data by agreement will be defined in writing, ensuring that the contracting third party processes personal data securely and complies with the principles set out in this Declaration and the EU GDPR.
If the third party is deemed unable to ensure an adequate level of security for personal data, we will terminate the collaboration.
6. Personal Data Security
The Data Controller implements reasonable technical and organizational policies and procedures to protect personal data and information from loss, misuse, alteration, or destruction.
Additionally, we strive to ensure that access to your personal data is limited to those who need to know. Individuals with access to the data are required to maintain its confidentiality. However, it is important to note that the transmission of information via the internet is not entirely secure. Although we take all reasonable measures to protect your personal data, we cannot guarantee the security of data transmitted to our website. Once your data is received, we will implement strict security measures and procedures in an attempt to prevent unauthorized access.
We make every reasonable effort to retain personal data only for as long as is necessary for the purposes outlined in this Privacy Policy or as required by applicable law.
7. Newsletter Subscription
With your consent, we will collect your email address in order to send you newsletters with updates from our company and articles that you may find of interest. The legal basis for this processing is your consent (GDPR, Article 6, paragraph 1(a)), and you have the right to withdraw it at any time.
8. Who Has Access to Your Data? Data Transfers.
Your data is accessible to our employees, as well as to any other authorized persons who process your data as part of their duties. Additionally, we collaborate with third parties, whether individuals or legal entities, such as professionals, independent consultants, etc., who provide us with commercial, professional, or technical services (e.g., website hosting, accounting services) for the purposes mentioned above and support our company in whole or in part regarding our activities.
In each case, these individuals or entities will act as Joint or Independent Data Controllers, Processors, or authorized persons to process personal data for the same purposes mentioned above, with the same security measures, and in accordance with applicable legal obligations.
Before any third party receives Personal Data, we must:
- Complete a privacy assessment to evaluate the privacy practices and risks associated with these third parties.
- Obtain contractual guarantees from these third parties that they will process Personal Data in accordance with our instructions, this Policy, and applicable law, that they will promptly notify our company of any Personal Data Protection or Security incidents, any failure to comply with the standards outlined in this Policy and existing legislation, that they will cooperate to remedy such incidents, assist us in responding to the rights of individuals set out below, and allow the Data Controller to audit their processing for compliance with these requirements.
Finally, data may be transferred to public authorities, institutions, and our legal representatives (lawyers and insurance companies) for legitimate purposes.
Apart from the above, the Data will not be disclosed to third parties, whether individuals or legal entities, and will not be disseminated.
Our company does not transfer Personal Data outside the EU, and if necessary (for example, to use Cloud services), this will be done under the terms and conditions outlined in Articles 44 and following of the GDPR, such as with your consent, the application of standard contractual clauses approved by the European Commission, or to countries deemed secure by the European Commission.
9. Use of Cookies
For the proper functioning of the website and to improve your browsing experience, as well as to better provide our services, we use cookies (see our Cookies Policy).
10. Links to Other Websites
Our website may contain links to other websites, which are governed by different privacy statements, and the content of which may differ from this Privacy Statement. Please review the privacy policy of each website you visit before submitting any personal data to it. Although we strive to provide links only to websites that share our high standards and respect for privacy, we are not responsible for the content, security, or privacy practices of other websites.
11. Rights of Data Subjects
If you wish, you can request at any time to exercise the rights outlined in Articles 15-22 of the GDPR Regulation, to be informed about the personal data we hold about you, their recipients, the purpose of their retention and processing, as well as their modification, correction, or deletion, by sending a related email to the email address mentioned above, from the email address you provided, filling out the request form which can be provided by the Data Controller, along with a copy of your identification card. Additionally, you have the right to review your personal data that we maintain and generally exercise any right provided by data protection law.
The personal data you disclose to the Data Controller via https://www.endoscopiki.gr, either during registration or at a later stage, are collected and processed in accordance with the applicable provisions of the new European General Data Protection Regulation (EU) 2016/679.
You retain the following rights in detail:
➢ Right to Information about Your Personal Data: Upon request, we will provide information regarding the personal data we hold about you.
➢ Right to Correct and Complete Your Personal Data: If you notify us, we will correct any inaccurate personal data we hold about you. We will complete any incomplete data, provided you notify us, as long as such data is necessary for the purposes of processing.
➢ Right to Delete Your Personal Data: Upon request, we will delete the personal data we hold about you. However, certain data will only be deleted after a set retention period, for example, because in certain cases we are legally required to retain the data, or because the data is needed to fulfill our contractual obligations with you.
➢ Right to Restrict Your Personal Data: In certain cases provided by law, we will restrict the data if you request it. Further processing of restricted data will only occur in very limited circumstances.
➢ Right to Withdraw Your Consent: You may withdraw your consent for the future processing of your personal data at any time. The legality of the processing of your data remains unaffected by this action, up to the point of withdrawal of your consent.
➢ Right to Object to the Processing of Your Data: You may object at any time to the processing of your personal data in the future if we process your data based on any of the legal grounds provided in Article 6(1e or 1f) of Regulation (EU) 2016/679. If you object, we will cease processing your data unless there are legitimate grounds for further processing. Processing your data for advertising purposes does not constitute a legitimate ground.
12. Changes to this Policy
The Data Controller regularly reviews this Policy and may periodically modify or revise it at their discretion. When any changes are made, we will record the modification or revision date in the Policy. The updated Policy will apply to you and your information from that date. We encourage you to periodically review this Policy to check for any changes in the way we manage your personal data.
13. Contact Us
If you have any questions, comments, or complaints regarding the management or protection of your personal data by us, or if you wish to modify your personal data or exercise any of your rights as a data subject, please contact us by mail or email at the addresses listed above.
14. Statement of the Data Controller “Regarding the Protection of Personal Data”
The increasing economic and scientific collaborations, as well as the mutual expectations for data processing services, result in the exchange of personal data—a trend further enhanced by the ever-growing use of modern telecommunication means. For these reasons, it is essential that data processing is carried out with care. The Data Controller declares that compliance with the principles governing data protection for the processing of such data is one of its goals, as it is committed to respecting the individual rights and privacy of individuals. The Data Controller handles personal data with special care and always in accordance with EU Regulation 2016/679, the applicable National Law, and the current legislation.
This document serves as a Compliance Statement with the provisions of EU Regulation 2016/679 and the applicable National Law.
The document was last updated on 17.12.2021.
Kimon Kaloglou
President & CEO
17 / 12 / 2021