phone
bookmark

No products in the cart.

PERSONAL DATA PROCESSING AND PROTECTION POLICY (NATURAL PERSONS & LEGAL ENTITIES – HEALTHCARE PROFESSIONALS) — PAPAPOSTOLOU N. S.A.

Protecting your personal data is important to us. This Personal Data Protection Policy (hereinafter the “Policy”) concerns the terms and conditions for the collection, storage, and use of your personal information by the public limited company engaged in the trade and representation of medical instruments and equipment under the name “PAPAPOSTOLOU N. S.A., COMPANY FOR THE TRADE AND REPRESENTATION OF MEDICAL INSTRUMENTS AND MACHINES” (hereinafter “PAPAPOSTOLOU”), headquartered in Thessaloniki at 4 Sindrivani Square, and legally maintaining a branch in Neo Psychiko, Attica at 93 Ethnikis Antistaseos Street, website: www.papapostolou.gr
, tel: , email: info@papapostolou.gr
. For any questions, please do not hesitate to contact us.

The Company:

PAPAPOSTOLOU N. S.A. is a company for the trade and representation of medical instruments and equipment, certified to ISO 9001:2015, 13485:2012, 14001:2015, 27001:2013, 45001:2018 and in accordance with Ministerial Decision Υ.Α. ΔΥ8δ/Γ.Π.οικ. 1348/2004.

1. What is the Company’s purpose

According to the Company’s Articles of Association, its main purpose is to engage in trade by purchasing for resale or otherwise disposing for profit of all kinds and types of medical instruments and equipment for the outfitting of clinics, medical practices, and hospitals. It also undertakes representations and supplies all kinds of medical items to clinics, medical practices, and healthcare institutions. It carries out any commercial act for undertaking and executing public procurements or orders from any natural or legal person under public or private law or from any institution. Likewise, the Company’s purpose includes the establishment and operation of workshops and industries for the manufacture and repair of medical machines, devices, and furniture, as well as any related items.

The leasing or rental and subleasing of any kind of medical machine.

The storage and repair of any kind of machine.
Storage against remuneration; rental of space or premises.

The leasing and subleasing of movable and immovable property. The organization of conferences. The undertaking and organization of exhibitions, events, conferences, and seminars, as well as any related event.

The importation, trading, leasing, rental, acquisition via financial leasing of all kinds of movables, all kinds of vehicles and self-propelled movables and machines—passenger, trucks, mixed-use buses, motorhomes, self-propelled or non-ambulances, mobile operating theaters and mobile hospital units—either in Greece or in countries outside Greece; security vehicles; special type and construction vehicles; luxury construction with special specifications; armored vehicles of any type and construction; motorcycles, two-wheelers, three-wheelers, motorhomes; as well as the provision of services for the installation, maintenance, and repair of these movable assets, as well as medical, hospital, or other machinery of any kind. Also, the provision of services for equipment studies for hospital units, diagnostic centers, clinics, and medical or electromechanical installations in these units, as well as studies and undertaking of complete turnkey equipment (turn Key) of medical, hospital, hotel, electromechanical nature in new or existing hospital units either in Greece or abroad. Participation, in any legal or other form, in other companies with the same or similar purpose headquartered in Greece or abroad. Cooperation with any natural or legal person in the private or public sector to serve this purpose. Representation of foreign companies with the same or similar purpose.

Wholesale trade of perfumes and cosmetics (KAD 46451000), colognes, lotions and other hair-care and grooming preparations, lip and eye make-up preparations, beauty and skin-care preparations.

2. What are personal data?
The term “personal data,” as used in this Policy, refers to information of natural persons, whether private individuals or professionals, such as full name, postal address, contact telephone, email address, identity card number, Tax ID (AFM), etc., which may be used to determine the identity of a natural person, hereinafter “Personal Data” or “Data.”

3. What is Personal Data Processing?
Personal Data Processing is any act or series of acts performed with or without automated means on personal data, such as collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure to third parties, dissemination, correlation, combination, restriction, erasure, and destruction of personal data of natural persons.

4. Which Data do we collect?

A) When placing an order or entering into service agreements or sales contracts for medical items:
We receive the personal data indicated on the relevant order form, invoice, sales receipt, or service receipt, or any accompanying document of the order or sale. Specifically, the Data include:
First name, last name, address, postal code, profession, Tax ID (AFM), tax office (DOY), contact telephone, and email address.

B) When visiting and browsing our website:
We do not collect your Data.

C) When registering as a user on our website and completing the relevant expression-of-interest form:
We collect the Data: first name, last name, email address, telephone, and depending on the requests, personal details such as profession or business needs.

D) When placing an online order:

E) Only in the case of a main supply or service agreement, and only for the purposes of executing that main sales agreement for services and/or goods, we process special-category personal data, specifically regarding your business needs, any professional data, and your customer list details.

As applicable, and depending on the service, we may collect additional personal data referred to in the Special Terms of those services, for example, the installation of high-technology medical items.

5. For what purpose do we process your Data
We collect your Data solely for the purposes of: (a) the service provided by the company (indicatively: sale, provision of maintenance services, repairs), (b) compliance with obligations imposed by applicable legislation (e.g., issuing an invoice, retaining data for a minimum period, etc.), and (c) statistical purposes, ensuring an appropriate level of security.

6. What is the legal basis for processing your Data by the Company?

Processing is carried out for the performance of the main supply or service agreement, within the framework of applicable legislation.
Your Data, such as Tax ID (AFM), Tax Office (DOY), and invoice/receipt details, are collected and retained in order to comply with a legal obligation imposed by applicable tax legislation.
In parallel, the sender’s and recipient’s consent is requested for processing data in the context of the postal / courier service provided.
In the case of processing special-category Data, processing is carried out following explicit consent and specific authorization from the customer.

7. Are the Data used for other purposes, e.g., promotion of products and/or services?

Data are used following lawful consent within the framework of the company’s purposes of promoting products and services, commercial transactions, and as required by applicable legislation (e.g., retention of records for tax purposes).

8. Who are the recipients of the Data

Recipients of the Data are: (a) PAPAPOSTOLOU N. S.A. and the strictly necessary personnel of the company, who are bound by confidentiality, (b) cooperating businesses, which process your Data as Processors on our behalf and according to our instructions, (c) third parties insofar as this arises from contractual obligations or is necessary for the performance of the main agreement and any postal/courier service, (d) public or judicial services or independent authorities, insofar as this arises from a legal provision, prosecutor’s order, or court decision/order.
Transfer of Data to third countries outside the EU is possible only within the framework of a relevant agreement and requires the prior explicit consent of the data subject.

9. How do we ensure that Processors respect your Personal Data?

Processors have agreed and are contractually bound to PAPAPOSTOLOU N. S.A.:

10. For how long are your Data retained?

The retention period for the Data is determined by the retention obligation imposed by the applicable legal framework governing commercial companies and by the legal framework governing the tax obligations of PAPAPOSTOLOU N. S.A. The retention period may be extended for evidentiary purposes before courts regarding the fulfillment of contractual obligations by the company, or where required by law or to comply with instructions from public or independent authorities.

11. Are your Data secure?

PAPAPOSTOLOU N. S.A. is committed to safeguarding your Personal Data. We have taken appropriate organizational and technical measures for the security and protection of Data against any form of accidental or unlawful processing. Security measures are reviewed and amended whenever deemed necessary.
Processing of your Data in any manner is permitted only to persons authorized by us—our employees and partners—exclusively for the purposes stated above.
PAPAPOSTOLOU N. S.A. carries out regular checks and audits to verify data security and the implementation of the Policy.

12. What are your rights?

You have the right of access to your personal data.
This means you have the right to be informed by us whether we process your Data. If we process your Data, you may request information on the purpose of processing, the type of Data we hold, to whom we disclose them, how long we store them, whether automated decision-making takes place, and your other rights such as rectification, erasure, restriction of processing, and lodging a complaint with the Data Protection Authority.

You have the right to rectification of inaccurate personal data.
If you find that there is an error in your Data, you may submit a request for us to correct them (e.g., correction of name or update of address change).

You have the right to erasure / the right to be forgotten.
You may request that we delete your Data if they are no longer necessary for the processing purposes stated above.

You have the right to data portability.
You may request to receive, in a readable format, the Data you have provided, or ask us to transmit them to another controller.

You have the right to restriction of processing.
You may request that we restrict processing of your Data for as long as your objections to processing are under review.

You have the right to object to the processing of your Data.
You may object to processing of your Data or withdraw your consent, and we will stop processing your Data unless there are other compelling and lawful grounds overriding your rights.

13. How can you exercise your rights?

To exercise your rights, you may send us a relevant request describing the right you wish to exercise either to the Company’s postal address (4 Sindrivani Square, Thessaloniki – 93 Ethnikis Antistaseos, Neo Psychiko, Attica) with the indication “Exercise of right of access/ rectification/ erasure/ restriction/ objection,” or to the email address (info@papapostolou.gr
) with the subject “Exercise of right of access/ rectification/ erasure/ restriction/ objection,” describing your request, and we will examine it and respond as soon as possible.

14. When do we respond to your requests?

We respond to your requests free of charge without delay and in any case within one (1) month from receipt of your request. However, if your request is complex or there is a large number of requests, we will inform you within the month if we need an extension of an additional two (2) months, within which we will respond.
If your requests are manifestly unfounded or excessive, in particular due to their repetitive nature, PAPAPOSTOLOU N. S.A. may charge a reasonable fee, taking into account the administrative costs of providing the information or carrying out the requested action, or may refuse to act on the request.

15. Where can you contact us regarding the status of your requests?

For more information you may call 210 6790000 or email (info@papapostolou.gr
) using the subject: “Request Status”.

16. Do we use automated decision-making / including profiling when processing your Data?

No, we do not make decisions nor do we perform profiling based on automated processing of your Data.

17. What is the applicable law when we process your Data?

We process your Data in accordance with the General Data Protection Regulation 2016/679/EU and, in general, the applicable national and European legislative and regulatory framework for personal data protection.

18. Where can you обратиться if we violate applicable personal data protection law?

You have the right to lodge a complaint with the Hellenic Data Protection Authority (postal address: 1-3 Kifisias Ave., P.C. 115 23, Athens, tel. 210-6475600) if you believe that the processing of your Personal Data violates the applicable national and regulatory framework for personal data protection.

20. How will you be informed of any amendments to this Policy?

We will update this Policy whenever necessary. If there are significant changes to the Policy or to how we use your Personal Data, we will notify you either by posting a notice in a prominent location before the changes take effect, or by any other appropriate means. We encourage you to read this Policy periodically so you know how your Data are protected.

PAPAPOSTOLOU N. S.A. is the data controller for personal data of natural persons or legal entities or sole proprietorships or healthcare professionals that it receives.

If you wish to contact us regarding any matter related to processing of your Data and the exercise of your rights, you may contact PAPAPOSTOLOU N. S.A. at 210 6790000 or via email: info@papapostolou.gr

This Policy is effective as of 25/5/2018.