This Privacy Policy presents how the company “Alexandros Kouris and Co.” [hereinafter referred to as “Nissos, or Cyclades microbrewery in Tinos] uses and processes your personal data and for what purpose when using this website or in your interaction with Nissos. It also explains the rights you have in relation to your personal data.
References to “processing” contained in this Policy may mean any operation performed on personal data, for example collection, storage, recording, modification, retrieval, restriction or deletion.
For the purposes of this Policy, “personal data” means: any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one whose identity can be verified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or one or more factors specific to physical, physiological, genetic, psychological, economic, financial, social, cultural or other factors specific to the data subject’s physical, physiological, genetic, social, economic, cultural, social or personal identity.
This Policy is designed to help you make informed decisions when using our website or interact with Nissos. Please read carefully and make sure you understand the terms of the processing of your personal data set out in this Policy.
PRINCIPLES OF PROCESSING OF PERSONAL DATA
The use of your personal data considers the processing principles provided by law and more specifically your data:
- Is used lawfully, fairly and in a transparent manner
- Is collected only for the purposes intended, which will be made clear to you, and not used in a way incompatible with those purposes,
- Only the data necessary for the specific purpose pursued is used
- The data is used for the purpose in question is accurate and up to date,
- Is Retained only for as long as necessary for the purposes pursued
- Is Retained in a secure manner
LEGAL BASIS FOR PROCESSING
Your data will not be processed if there is no legal basis to do so. The processing of personal data in the context of using the website or your interaction with Nissos and in the context of managing requests or managing customers/consumers will be based mainly on legitimate interest [ if the interests of the data subjects are not overridden], consent [if the requirements of the law are met] and legal obligation depending on each case.
PURPOSE OF PROCESSING PERSONAL DATA
If you are a visitor to the website [or microsite] your personal data will be processed to administer and improve the website and to ensure that the content is relevant and presented in the most effective way for you and that you as a visitor have a positive experience when navigating the website. In addition, certain information is used to ensure that only adults of legal drinking age interact with the website. It is also intended to keep the site secure, to manage the site for internal functions, including troubleshooting, data analysis (including traffic data analysis), and statistical purposes. The website uses cookies to help improve your experience when browsing it and to ensure that the content is relevant to you. More information on how cookies are used within this website can be found in the cookies policy.
In the context of these purposes they may be used on a case by case basis:
- Technical information [e.g. Interent IP protocol address, browser type and version, time zone setting]
- Cookies
If you are a visitor on social media (e.g. Facebook, Instagram, LinkedIn), your data will be processed when you interact with posts via likes, comments that you submit or you send messages in the chat channels of Nissos’ beer social media. Please note that social media sites are owned by third parties. This means that Nissos does not have full control over these sites and any information you may choose to share on the social media sites may also be used by the social media provider for their own independent purposes, which are not covered by this policy – please read the social media providers’ privacy statement for more information on how they may use your personal data. As such, we encourage you to share information with great care when visiting these pages.
In the context of these purposes, profile account data with which you appear on social media may be processed when you interact on social media posts by adding likes, comments, etc. and/or messages that you send to the social media communication channels.
In the context of processing messages, requests, orders and customer and consumer management, the necessary data will be used to fulfill the respective purposes.
In the context of product promotion [e.g. participation in competitions] please refer to the specific terms of participation to see how the personal data of participants are processed.
CHANGE OF PURPOSE
Your personal data will only be used for the intended purposes unless it is considered reasonable that it may be used for another purpose, which is compatible with the original purpose. If your data is used for an additional purpose, you will be informed of the additional processing and the legal basis on which it will be based.
DISCLOSURE OF PERSONAL DATA
Personal data may, depending on the purpose and the legal obligation that may exist, be disclosed to:
- Third party service providers, such as website administrators and providers of support and maintenance services for our systems or other service providers.
- Partners, consultants, regulators where required.
Where your data is shared with third parties in all cases it will be justified that there is a lawful reason for this sharing and that- where required – the necessary contractual commitments for data processing and data protection have been signed.
TRANSFER OF PERSONAL DATA
In some cases, the third parties to whom your personal data is disclosed may be located in countries outside the EU and/or the European Economic Area. When your data is shared with third parties located outside the EU and the European Economic Area, it may be necessary to take certain additional measures to protect personal information. Certain countries outside the EU and the European Economic Area have been approved by the European Commission as providing substantially equivalent protection to EU and European Economic Area data protection laws and therefore no additional safeguards are required for the transfer of your Personal Information to those countries. In countries that do not have these approvals, we will ensure that necessary steps are taken to protect the data, such as signing standard contractual clauses.
RETENTION AND SECURITY OF PERSONAL DATA
Your personal data will be kept only for the period of time necessary for the fulfilment of the respective purpose, unless there is a legal provision for further retention or further retention and use is necessary to fulfil legal claims.
All necessary technical and organisational measures and procedures will be observed to prevent unlawful access and misuse of information and personal data. Measures shall include security procedures of a preventive nature, technical and physical mechanisms to restrict access and controls to assign access rights to authorised personnel.
RIGHTS OF DATA SUBJECTS
As a data subject you have the following rights:
Right of access: you can be informed if and how your personal data is processed.
Right to rectification: you can request the correction of inaccurate information about you or the completion of incomplete information about you.
Right to erasure: You may request that your data be deleted.
Right of portability: You can request that data be downloaded in a readable format or request that the data be transferred to another controller.
Right to restriction: You can request that the processing of your personal data be restricted for as long as any objections to the processing are pending.
Right to object. The withdrawal of consent does not affect the lawfulness of the processing carried out at the earlier stage of withdrawal.
Please note that the above rights are subject to certain exceptions. This may be due to legal obligations.
If you have any questions, concerns or requests regarding this Privacy Policy or you would like to exercise your rights, please contact us at info@nissos.beer, +30 22830 26333.
RIGHT TO COMPLAIN TO THE DATA PROTECTION AUTHORITY
If you have questions that cannot be clarified after contacting us or if you wish to lodge a complaint, you can contact the Hellenic Data Protection Authority, 1-3 Kifissias Street, P.K. 115 23, Athens. For more information on how to file a complaint, please visit the Authority’s website.
UPDATES TO THIS POLICY
Any changes to this Privacy Policy will be posted on this page and, where appropriate, you will be notified. Please check back often to monitor any updates or changes to this Privacy Policy.
This policy was last updated on July 2024.