This Policy has been drafted in accordance with the regulations of the General Data Protection Regulation of the EU 2016/679 (General Data Protection Regulation, hereinafter “GDPR”) which entered into force on 23 May 2018. This Policy describes the manner in which the Company uses and protects the personal data (hereinafter “Personal Data”) of natural persons (hereinafter the “Data Subjects”) that are disclosed to it either during registration and use of the Website services or through contracts with the Data Subjects (e.g. contracts with employees of the Company).

Furthermore, this Policy describes the manner in which the Company collects, transmits, processes, uses and discloses the Personal Data of the Data Subjects and sets out its practices regarding the secure processing thereof.

By providing Personal Data to the Company (either directly or indirectly by allowing another person to provide Personal Data on behalf of the Data Subjects), the Data Subjects agree that this Policy applies to the way in which the Company uses their Personal Data and consent to the collection, transfer, processing, use and disclosure of such data as described herein. In the event that the Data Subjects do not agree with any part of this Policy, they are requested not to provide Personal Data.

If they do not provide Personal Data, or withdraw the consent they have provided under this Policy, this may affect the Company’s ability to provide services or adversely affect the services that the Company can provide. This Policy does not cover in any way the relationship between Data Subjects who use the Company's Website and any services that are not subject to the control and/or ownership of the Company's Website. Given the nature and volume of the internet, under any circumstances, including in the case of negligence, the Company is not liable for any form of damage suffered by Data Subjects who use the pages, services, options and contents of the Company's Website which they proceed with on their own initiative and with knowledge of the terms of this Policy.

Collection and Use of Personal Data

A. The Company collects Personal Data when:

Data Subjects register as members on the Company’s Website and make use of its services (by sending their order or in any other way) and/or in order to receive the Company’s advertising/information programs to be informed about the Company’s news, as well as about new products and services provided by the Company (hereinafter “Newsletters”) Data Subjects communicate with the Company through its Website enters into contracts with Data Subjects

B. In the above context, the Company may collect, store and use the following types of Personal Data:

information provided by Data Subjects for the purpose of communicating with the Company, registering on the Website (including sending them Newsletters if they choose to do so during their registration) and/or using the services of the Company and/or its Website; any other information that Data Subjects choose to disclose to the Company (whether through its Website or in any other way) and that is relevant for the purpose of fulfilling their personal requests and that is related to the Company's object (e.g. ordering and returning products, proposals for cooperation with the Company); any information that Data Subjects choose to disclose to the Company for the purpose of concluding and executing a contract with it.

Specifically, the information that the Company may collect from Data Subjects either during their registration on the Website (including sending them Newsletters if they choose to do so during their registration) and/or on their behalf through their use of the services of the Website and/or their communication with the Company, or through the general use of services related to the Company's purpose (e.g. ordering and returning products, proposals for cooperation with the Company) are the following:

Personal Information (e.g. Name, Surname, Home Address, Contact Telephone Number, Email Address (E-mail)

Financial Data (e.g. Account Number)

Employment Data (e.g. Employment, Position / Job Title, Place of Work)

C. The Company uses the Personal Data of the Data Subjects for the following reasons:

the provision of the requested services to the Data Subjects

the informational support of the Data Subjects regarding the services provided

the satisfaction of the Data Subjects' orders regarding the services available from and through the Company's Website

the response to questions and requests addressed to the Company by the Data Subjects

the information of the Data Subjects regarding the Company's news, new products and new offers/service categories by sending them promotional/newsletters via e-mails, unless they have requested not to receive such newsletters.

for internal Company purposes and quality assurance purposes

for the purpose of executing a contract entered into by the Company

for other purposes as provided for or required by law (e.g. compliance of the Company with a legal or tax obligation, or for the protection of its vital interests or the interests of the Data Subjects or when processing is necessary for the purposes of the legitimate interests pursued by the Company).

Protection of Personal Data of Data Subjects

The Company takes appropriate legal, organizational and technical measures to protect the Personal Data of Data Subjects, as well as technical measures to protect the Personal Data of Data Subjects in accordance with applicable data privacy and security legislation. The Company uses various technologies and security procedures to protect the Personal Data of Data Subjects from any unlawful destruction, loss, misuse or alteration, as well as from unauthorized or unlawful processing, use or disclosure. The Company will delete or re-identify the Personal Data of the Data Subjects as soon as they are no longer necessary for the provision of its services and/or the execution of its business purposes and/or for the execution on behalf of the concluded contract and/or for legal reasons, or as otherwise provided by the applicable legislation for the protection of Personal Data.

Non-Disclosure of Personal Data to Third Parties

The Company, for the purpose of fulfilling the requests of the Data Subjects regarding the product orders placed by them through the Company's Website or for the return of products or for fulfilling any other related requests of the Data Subjects related to the object of the Company and the services provided by it, communicates the Personal Data of the Data Subjects (name, surname, residential address, contact telephone number) to the courier company cooperating with the Company. Without prejudice to the above paragraph, the Company undertakes: 1) not to sell, rent or in any other way publish or communicate the Personal Data of the Data Subjects to any third party. 2) not to disclose the Personal Data of its Data Subjects to third natural and/or legal persons unless: a) if the Data Subjects have provided their explicit consent and (i) the third party (natural or legal person, partner / supplier / service provider of the Company) has provided clear guarantees regarding the technical and organizational measures governing the processing to be carried out and (ii) the third party (natural or legal person, partner / supplier / service provider of the Company) has concluded a written agreement with the Company which imposes on the third party obligations similar to those imposed on the Company in accordance with the provisions on the protection of Personal Data, b) if this is required due to the Company's compliance with the relevant provisions of the law and to the competent and only any prosecutorial, police, investigative and judicial authorities, in response to their request c) in relation to any legal/judicial proceedings or pending legal/judicial proceedings d) for the purpose of establishing, exercising or defending its legitimate interests, – including providing information to regulatory, law enforcement or other authorities for the purposes of preventing and combating fraud, unauthorized use of services and illegal activity-. The Company undertakes not to transfer Personal Data of Data Subjects to third countries outside the European Union without the prior written consent of the Data Subjects unless the Company and the recipients of the Personal Data have concluded and use standard contractual clauses which have been approved by the European Commission and which are an annex to the Commission Decision of 5 February 2010 on the transfer of personal data to processors established in third countries (2010/87/EU).

Data Subject Rights

Data Subjects may exercise the following rights arising from the provisions of the GDPR as well as the applicable legislation implementing or supplementing it or otherwise relating to the processing of Personal Data of natural persons, together with the binding directives and codes of good practice issued from time to time by the relevant supervisory authorities:

Information about the processing of their Personal Data, as well as the legal basis for such processing and all information related to such processing

Access and correction of their Personal Data in case of processing of Data concerning them

Erase of their Personal Data in case they are not necessary for the provision of a service

Restriction of the processing of their Personal Data

Objection to the processing of their Personal Data

Portability of their Personal Data to another controller, i.e. the right of Data Subjects to receive their data in an appropriate format, so that their transmission to another controller is technically feasible.

To exercise the above rights or for any questions, Data Subjects may contact the Company:

By sending an email to the email address info@fts-hellas.gr.

Data Subjects may also withdraw their consent to the processing of their Personal Data at any time (without retroactive effect) in one of the two (2) ways mentioned above. In addition, Data Subjects retain (a) the right to submit a written complaint to the competent supervisory authority regarding the protection of their Personal Data, namely the Personal Data Protection Authority (1-3 Kifissias Avenue, P.C. 115 23, Athens, +30 210 6475600, e-mail contact@dpa.gr) and (b) the right to legal recourse in case they consider that their Personal Data has been violated.

Links to other websites

The Company may from time to time provide links to third parties or integrate third party websites through its Website. This Policy does not apply to these websites and the Company is not responsible for the privacy policies or practices of these websites. If Data Subjects choose to enter a linked website, they agree that the Company is not responsible for the availability of that website and does not control, endorse, or be responsible in any way for:

the manner in which Data Subjects' Personal Data is handled on those websites

the content of those websites

the use of those websites by others

The Company advises Data Subjects to take care in advance and always check the legal and privacy statements published on each linked website or mobile application before entering any of their Personal Data.

Applicable Law

The management and protection of the Personal Data of Data Subjects is governed by the terms of this section, the provisions of the GDPR which enters into force on 25 May 2018 as well as by the applicable Greek legislation which implements or supplements the GDPR or which otherwise relates to the processing of Personal Data of natural persons, together with the binding directives and codes of good practice issued from time to time by the relevant supervisory authorities (see European Commission).

Amendments

The Company reserves the right to update this Policy from time to time and to post the most recent version on its Website at any time without notice. If material amendments are made, the Company may either post a notice of the changes on its Website or notify Data Subjects by sending a notification via the email address and/or mobile phone number provided by them. The Company encourages Data Subjects to periodically review its Website and check for any amendments, as well as to periodically review this Policy to remain informed about how the Company is protecting the Personal Data it collects. If Data Subjects continue to use the Company’s Website, this implies that they agree to this Policy and any updates. If a Data Subject does not agree with the terms of protection of Personal Data provided for in this Policy, he/she must not use the Company's services. This Policy was last updated on May 23, 2018.