Πολιτική Απορρήτου

PRIVACY AND DATA PROTECTION POLICY

Summary

The company under the tradename "STIQ SOLE SHAREHOLDER COMPANY," with its headquarters located at 2, Papanikoli St, Chalandri, Athens, Greece, Business Registry No 162941601000 and (TIN) VAT Number 801766890 operates in restaurant services through telephone and internet platforms, specifically through the websites stiq.gr, leafy.gr, healthyconcept.gr, mageireuto.gr, smashtheburger.gr, proteingarden.gr, lapantera-negra.gr & dinanikolaou-comfort.gr. These websites serve as promotional and advertising platforms for our services, as well as facilitate order placements and communication forms (hereinafter referred to as "Website").

Ιn our capacity as Data Controller of Personal Data, we have developed this Privacy and Data Protection Policy, to exclusively address individuals who engage in transactions with our Company. This Policy pertains to  the Processing of personal data in accordance with the General Data Protection Regulation (GDPR) 2016/679, the relevant Greek legislation, and the decisions/recommendations of the Hellenic Data Protection Authority.
Personal Data refers to any information that can be used to a natural person, such as their name, identification number, etc. (hereinafter referred to as "Personal Data"). Our Company processes (i.e., collects, stores, and uses) non-sensitive Personal Data, which is voluntarily provided or will be provided by individuals, solely for the purpose of delivering our  services and promoting any newservices we offer. Your explicit consent is required for the collection, storage, transmission, and use of your Personal Data.
The Company ensures that your Personal Data is securely stored and not transferred to third parties. You have the right to be informed and have access to your Personal Data, update or correct it, request its deletion (partially or completely), declare  restriction on processing for  general or  marketing purposes, and withdraw your consent at any time by notifying the Company accordingly.

For any inquiries or concerns regarding the Processing (i.e., use, collection, transmission, and storage) of your Personal Data and matters  connected to this Privacy and Personal Data Protection Policy (hereinafter referred to as the "Privacy Policy"), you can contact our Company at +30 2107004650,  send a  letter to  our store address mentioned above or email us at  customersupport@stiq.gr.
The Company reserves the right to periodically modify, adapt, and update this Privacy Policy by publishing a new version on its website.
If you do not agree with the terms and conditions of personal data protection stated herein, we kindly request that you refrain from using the Company's services. While providing the requested personal information is not obligatory, please be aware that omitting this action may prevent us fromcooperating with you and/or providing our services.

Purpose of this Privacy Policy

The protection of your personal data is important to our Company. Through this Privacy Policy, we aim to inform you about the data collection practices of the Company, including the categories of data that may be collected, retained, and processed, the purpose of such collection, the categories of individuals to whom the data may be disclosed, and your rights. The Company takes every possible measure to protect your personal data, provided that the personal information you provide us is accurate and truthful. The Policy also outlines the security measures we have implemented to maintain data  confidentiality and highlights certain personal data  categories and processing activities that the Company has chosen not to engage in.

Company Commitments

The Company places great emphasis on  the privacy and  security of customer data and is committed to providing personalized services that meet their requirements while  ensuring their privacy.
Personal information (personal data) is solely used by the Company and its authorized employees and partners to respond to your requests and better serve you in accordance with this policy. Individuals handling personal information are trained in the use of appropriate procedures. The representatives and service providers of the Company keep your personal information confidential and refrain from using it for purposes other than those directly related to our services. 
The Company collects and uses information about individuals with whom it collaborates in order to operate and conduct its activities. These individuals may include the general public, current of former employees, customers, suppliers, and those who avail themselves of our services.. The handling and treatment of such Personal Data is conducted appropriately and lawfully, regardless of the method of collection, recording, and use, be it  in printed form, computer records, or through other means.
It is the responsibility of every employee of the Company to adhere to this Privacy Policy within their functional or operational responsibilities, set an example, and provide guidance to Data Users in their areas of responsibility. All Data Users are expected to comply with the principles and rules outlined in  this Policy, and to recognize when they are  collecting, processing, disclosing, or using Personal Data. Data Users must be aware of the general conditions and principles of confidentiality that govern Personal Data and know when to escalate matters to the Data Protection Officer.

SPECIFIC INFORMATION

Regarding our Data Protection Policy

I. Granting and Withdrawal of  Consent:

For the collection, processing, use, and storage of your Personal Data, the Company has obtained your explicit consent. Your Personal Data will not be utilized for purposes other than those explicitly described in this Data Protection Policy, unless we obtain your prior authorization, or such usage is required or permitted by law. If you do not concur with any aspect of this Data Protection Policy, we kindly request that you refrain from granting  consent for the collection and processing of your Personal Data.
However, we wish to emphasize that you retain , the right to withdraw your consent at any time by issuing a formal  declaration to the Company. Such withdrawal can be accomplished by either (a)  sending a letter to our postal address at 2 Papanikoli Street, Postal Code 15231, or (b)  sending an email to customersupport@stiq.gr. 

II. Collection and Processing of Personal Data:

The Company engages ibn the processing (including collection,, transmission, storage, and uses) of your Personal Data, which  you voluntarily provide to us when availing yourself of our services,  contacting us to obtain  services for yourself or on behalf of a third party, completing the electronic form available on our website, or placing an electronic order or sending an email to inquire about or utilize the services provided by the Company.

The Personal Data that the Company may collect, store, and utilize includes: 
    • Identification Data: Full name, phone number

Contact Data: Postal address, email address, phone number

Transaction Data: Type, location, and time of provided products or services
    • Conventional Relationship Data: Information and consent forms, electronic statements of intent
    • Transactional Behavioral Data: Information related to interests, preferences, and participation in events, contests, surveys, etc.

It is important to note the Company does not collect any special categories ("sensitive") of personal data from its customers, such as data revealing racial or ethnic origin, political opinions or membership  in trade union organizations, religious beliefs,  genetic data, health data, data concerning sex life or sexual orientation, or data concerning criminal convictions and offenses.
Customers are obligated to abstain from providing such data concerning themselves or third-party data subjects. If a customer inadvertently provides such data to the Company, it will be promptly deleted upon discovery.. The Company assumes no responsibility towards customers or third parties for any provision or processing of sensitive data resulting from acts or omissions of customers in violation of the aforementioned obligation.

Furthermore, the Company does not collect or process personal data of minors unless it intends to collect and process personal data of a minor for a specific purpose (e.g., entering into life insurance contracts and medical care for its employees and their family members). In such cases, the Company undertakes to obtain the consent of the person exercising parental responsibility over the child (parent or legal guardian) through direct communication.

III. Purpose of using your Personal Data:

The Company collects, uses, and retains your Personal Data for the following reasons:
    • Service Provision/Contract Execution: The Company utilizes your Personal Data to provide you with  personalized information and to fulfill the contracts it has entered into with you (e.g., contracts with customers, employees, partners, suppliers, etc.).
    • Transactions: Your personal information may be used by the Company to process your transactions such as orders, deliveries, payments, etc.

    • Promotion/Information: The Company may utilize your personal data  to promote and inform  you about (new) services and offers it provides , particularly through its website, or by physically sending you special informational brochures or leaflets, or by sending promotional material to your email address.
    • Legitimate use: The Company reserves the right to collect, store, disclose, and generally process your personal data when required by the General Data Protection Regulation and/or the Law, or when necessary to protect or defend its own and your interests.

IV. Transfer of Personal Data:

Access to your Personal Data is exclusively granted to authorized employees or collaborators of the Company within the scope of their duties, in accordance with proper execution and fulfillment of the purposes of use, collection, and storage , as disclosed in this policy.
The Company does not transfer or disclose your Personal Data to any third party (legal or natural person) unless required by the relevant legislative framework or by Judicial Authorities.

V. Protection of Your Personal Data:

The Company has implemented appropriate legal, organizational, and technical measures to protect your Personal Data from loss, misuse, alteration, modification, unauthorized dissemination or access, or  unlawful processing and use. Our security measures undergo  continuous review and updates, in accordance with the latest technological advancements.

VI. Retention Period of Your Personal Data:

The Company retains your Personal Data for as long as necessary to achieve the purpose for which it was collected, specifically for the duration necessary to provide its services and/or fulfill its business purposes, or for legal reasons, as otherwise provided by the applicable legislation.

VII. Amendment of this Privacy Policy:

The Company reserves the right to modify this Privacy Policy periodically and at its discretion, always within the framework of relevant legislative provisions. In the event of any modification to this Privacy Policy, the Company commits to record the date of such modification herein. In the case of substantial amendments to the Privacy Policy, the Company undertakes the obligation to publish a relevant announcement on its Website and inform you by sending an email message.

VIII. Use of the Internet/Website:

If you communicate with the Company through the Internet, we may occasionally use email to communicate with you regarding our services and products, provided that you have given us your consent.
To ensure smooth usage of our Website and enhance  navigation , we utilize w cookies, i.e., small text files stored on the user's browser. These files are either deleted after the browser is closed or remain to enable user recognition during their subsequent  visits. The user can decide to accept or decline cookies for specific cases, through the Website’s settings. However,  not accepting cookies may limit the functionality of the Website.  Users may object to the collection of cookies at any time through the Website.
Communication through the Website platform: In the event that a user contacts us through the contact form or  any other means, the provision of personal data by the user is voluntary and based solely on the their  free will. We will process the provided personal data only to the extent necessary for the specific communication purpose.
Special Categories of Data: We kindly request that you refrain from sending us sensitive personal data via email or disclosing such data through the use of the communication platform. The processing of personal data of this nature does not serve, under any circumstances, the purpose of processing as defined above.

CV Data 

Data from  Curriculum Vitae, Job Applications, and accompanying documents are directly collected solely from the interested party for the purpose of evaluating their suitability for  specific collaborations. Furthermore, it should be noted that by voluntarily submitting the personal data and information contained in the aforementioned Curriculum Vitae and accompanying documents, the interested party consents to the collection, storage, use, processing, and disclosure of such data for the purposes outlined in this notice. To ensure the secure processing of the personal data provided through the submitted Curriculum Vitae and Job Application, the Company employs all necessary technical and other means.
Access to personal data from  Curriculum Vitae and Job Applications is limited to authorized personnel of the Company. Regarding the personal data transmitted by the interested party in the context of submitting or depositing the Curriculum Vitae and Job Application,  processing is intended for the purpose of considering a collaboration agreement following the interested party's application, verifying their qualifications before entering into an employment contract, the minimal necessary processing of this data to assess the Curriculum Vitae and determine its relevance to the specific employment position within the Company, as well as safeguarding the Company's interests.
Data from the Curriculum Vitae and Job Application, once the relevant employment position for which the interested party submitted or deposited this information has been filled and if they were not hired, will be securely destroyed/erased/anonymized within a period of six (6) months from the position being filled. However, if explicit consent from the interested party has been obtained, the data may be retained for a period of two years, unless the Company is lawfully entitled or obliged to retain them.

Rights of Data Subjects and Exercise of Rights:

As a data subject, you retain the following rights derived from the provisions of the General Data Protection Regulation (GDPR) and applicable legislation. Specifically, you have the right:
    • to access personal data concerning you, including the purposes of processing, relevant categories of personal data,  recipients or categories of recipients, and the retention period.
    • to rectify inaccurate personal data and complete incomplete information.
    • to request the erasure of  personal data concerning you.
    • to request the restriction of processing of your personal data.
    • to lodge a written complaint with the competent supervisory authority, namely the Hellenic Data Protection Authority (for more information, please visit the Authority’s website at www.dpa.gr) regarding the protection of your personal data.
    • to seek  a judicial remedy if  you believe that your personal data has been violated.
    • to withdraw your consent regarding the processing of your personal data (without retroactive effect).

In other words, you are entitled to request and receive, free of charge, information about the personal data stored concerning you. You also have the rightto object to the processing of your data with perspective effect and to withdraw your consent. Furthermore, in accordance with  applicable provisions, you possess  the right to request rectification, restriction of processing, data portability, erasure of the aforementioned data, and the ability to lodge a complaint with  a supervisory authority.
To exercise your rights, you may submit a formal  request r to the Company through either our postal address at  2 Papanikoli Street, Chalandri, 15232, Attica) or our  email address customersupport@stiq.gr . Please include the subject line "Exercise of Right of Access/Rectification/Erasure/Restriction/Opposition/Withdrawal of Consent," accompanied by a comprehensive   description of your request. We will diligently review  and respond to your request within a reasonable timeframe, but no later than  one (1) month from the date of submission. However, if your request is complex or numerous, , we will inform you within the aforementioned month if an extension of an additional two (2) months is necessary to provide a response.

It is important to note that the Company reserves the right to partially or fully reject your request if such  rejection is mandated  by applicable legislation or is necessary to establish, exercise, or support the  legitimate rights of the Company.