General Data Protection Regulation

Dear Customers,

Please read carefully the following information regarding the processing of your personal data in the context of the services we provide to you in accordance with European Council General Regulation 2016/679 for the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and the relevant Greek legislation.

1. What personal data we process and where we collect them

The company processes (receives, maintains and uses) the following categories of personal data:

a) Personal identity and contact information (full name, telephone numbers, e-mail address, etc.). These data are provided when you contact us directly, and when you visit our corporate website in signing up to facilitate delivery of the selected services on your behalf, as well as to enable communication with you if necessary.

b) Tax information (VAT registration number, tax office code, etc.), where these are required for issuing tax returns.

c) Financial transaction data (bank account details, IBAN numbers, etc.) used in fulfilling the necessary financial obligations in the context of service delivery and/or contract between you and us.

2. What is the purpose of – and legal basis for – processing your personal data

We process your personal data in a manner that is both appropriate and legitimate, and for clearly defined purposes, as listed below. The data processed by us are strictly limited to what is necessary towards achieving these goals.

The purposes for which we process your personal data are:

a) Implementation of the contract between you and us for the provision or receipt of services and products

b) Ensuring our ability to communicate with you, if necessary

c) Issuing the required tax documentation and keeping a record of payments

d) Keeping up to date with our company news and the new services we offer

The legal basis for the above purposes is:

a) The contract between you and us for the provision or receipt of services and products

b) Compliance with all applicable tax legislation, which requires the collection of your data towards correctly issuing relevant documentation.

c) The consent you provide in order to receive news for offers, services etc from our company.

d) Preserving and protecting your and the company’s legal interests

3. Who are the recipients of your personal data

The data we collect from you are processed within the company for the purpose of providing or receiving services and products.

The company may transfer your personal data to a third party or parties to whom it may assign the processing of said data on its behalf (including, but not limited to, service providers). In such cases, the company shall remain responsible for the processing of your personal data, set out the details of the processing and specifically contract with said third party or parties to ensure that the processing is carried out in accordance with the applicable legal framework and in the context of project implementation.

We also notify – where applicable – your data to competent tax authorities and social security organizations, as well as wherever else is required by order of a court or public prosecutor.

We will not send your data to a third country (outside the EEA) unless this is authorized by you and the provisions of the applicable legislation are complied with.

4. How long will your personal data be retained for

Your personal data will be retained no longer than the period that is necessary for the purposes for which they are being processed, as per the applicable legislation. In the event of a claim,your personal data will be retained for the time that is required to irrevocably resolve said claim.

Your personal data will be retained up to 10 years after the expiration of our contractual relationship, and as long as is required to resolve in the case of resolving any legal/judicial/tax cases.

5. What are your rights as pertaining to your personal data

You can at any time, by request to us, exercise your rights regarding your data, as follows:

a) Right of access, meaning to request to know what personal data we are processing, for what purpose, whether we share these with third parties and to whom, as well as other relevant information. You also have the right to receive a free copy of your personal information upon request.

b) Right of correction, meaning to request that inaccurate data be corrected and missing data be filled in.

c) Right of deletion of your personal data in the following cases: (i) when your personal data are no longer necessary in relation to the purposes for which they were collected; (ii) when you withdraw your consent on which your personal data were processed, and there is no other legal basis for processing; or (iii) when your personal data were processed without the necessary legal basis.

d) Right to limit the processing of your personal data in the following cases: (i) when you dispute the accuracy of your personal data, and until accuracy can be verified; (ii) when you object to the deletion of your personal data and you are requesting the limitation of its use, rather than its deletion; (iii) when your personal data are not required for processing purposes, but are nonetheless necessary for you in establishing, exercising and substantiating legal claims; (iv) when you object to the processing of your personal data, and until such time as it can be verified that there are legitimate reasons that involve us and supersede the reasons for which you oppose said processing.

e) Right of portability, meaning to send your personal data in a suitable electronic medium and/or in printed form, to you, a person that you suggest, or another party that will process the data.

f) Right to withdraw at any time your consent for issues related to personal data protection.

In order to exercise you rights as set out above, as well as for all communication regarding your personal data, please contact TEMAK S.A. at the following address: 62 TATOIOU Str. (Ex 254), GR 136 77, ACHARNES (MENIDI), ATTICA, tel +30 210 25 81 583,

email info@temak.gr

You also have the right to submit a complaint at any time to the competent Personal Data Protection Authority (tel: +30 2106475600, email: contact@dpa.gr, web: http://www.dpa.gr), if you believe that your personal data are in any way affected.

6. Security of your personal data

TEMAK S.A. has taken all the appropriate technical and organizational measures to ensure compliance with the applicable legislation and the appropriate level of security for your personal data, and has properly trained its staff through its Personal Data Protection Policies and Procedures. TEMAK S.A. also binds all its partners, who act on the company’s behalf as Process Executors under contracts that are governed by the prevailing legal frame.