Privacy Policy
Introduction
As a Greek company with a proud history of ΧΧΧ years of performing and innovation, TOI MOI is conscious of its responsibility for maintaining exemplary business practices, not only with and by its staff, but also in relation to the community and itsof customers and suppliers. TOI MOI is committed to ensuring that all personal data associated with its business is processed and stored securely and in line with the legal obligations of the General Data Protection Regulations (GDPR) (Regulation (EU) 2016/679).
The following Policy is intended to demonstrate how TOI MOI collects and stores personal data. As a data controller and data processor, TOI MOI collects, stores and processes data to fulfil its contractual and legal compliance obligations. The purpose of this Policy is to ensure that all individuals associated with the Company understand its principles, procedures and standards for handling personal data, and to establish individuals rights.
Personal data is defined as any information which can identify or be associated with an individual. This includes, but is not limited to: names, addresses, phone numbers and email addresses.
Sensitive personal data includes, but is not limited to: medical details, financial information and other sensitive personal information.
Data subjects are defined as any individuals (e.g. employees, customers, suppliers, contractors) associated with the Company.
TOI MOI has a legitimate interest in processing personal data. The personal data TOI MOI holds is business critical and essential to its legal and contractual compliance and for achieving its business objectives. The data TOI MOI processes allows it to maintain business relationships to consistently high standards.
How TOI MOI uses your information
TOI MOI uses external data subjects information (this means that of TOI MOI’s customers, suppliers, franchisees, contractors, agents) collectively referred to as “you” in the tables below, in a number of different ways. What TOI MOI does depends on the information. The tables below set this out in detail, showing what TOI MOI does, and why it does it.
Your name and contact details
| How TOI MOI uses your name & contact details | Why? |
|---|---|
| Τo progress and deliver your eshop orders to you This may be facilitated by TOI MOI sharing this information with its agents and distributors as appropriate | This is part of TOI MOI’s business contract with you as it wants to make sure you receive what you have ordered. |
| To send you information by email, sms, phone call or post, about TOI MOI’s new products and news. This may be facilitated by TOI MOI sharing this information with its 3rd party marketing automation provider eg MailChimp® or marketing specialists | To keep you up to date. TOI MOI only sends this info to you with your permission (members that give appropriate consent). |
| For fraud prevention and detection | To prevent and detect fraud against either you or TOI MOI, absolutely essential for you and TOI MOI’s business. |
Your payment information
| How TOI MOI uses your payment information | Why? |
|---|---|
| To take payment and give refunds | This is part of TOI MOI’s business with you. |
| To make payments and give refunds | This is part of TOI MOI’s business contract with you. |
| For fraud prevention and detection | To prevent and detect fraud against either you or TOI MOI, absolutely essential for you and TOI MOI’s business. |
Your contact history with TOI MOI
Every time you contact TOI MOI by email, phone, text or social media.
| How TOI MOI uses your contact history | Why? |
|---|---|
| To provide professional customer service and support | This is part of TOI MOI’s business with you and makes sure you receive the best customer service from TOI MOI. |
| To provide professional and personal interaction with suppliers | This is part of TOI MOI’s business contract with you and to make sure you receive all the information that you require to supply TOI MOI appropriately. |
| For training and best practice purposes | To make sure you always receive the best and efficient service possible. |
Purchase history
What you have bought from TOI MOI and what TOI MOI has bought from you over the time.
| How TOI MOI uses your purchase history | Why? |
|---|---|
| To provide service and support and handle your returns | This is part of TOI MOI’s business contract with you and TOI MOI wants to make sure all receive the best service and most effective interaction. |
| For fraud prevention and detection | To prevent and detect fraud against either you or TOI MOI, absolutely essential for you and TOI MOI’s business. |
Information about your pc, smartphone, tablet or laptop, and how you use TOI MOI’s website
Information you give TOI MOI when you browse its site, including your IP address and device type and, if you choose to share it with TOI MOI, your location data, as well as how you use TOI MOI’s website.
| How TOI MOI uses information about your phone or laptop, and how it uses TOI MOI’s website and app | Why? |
|---|---|
| To improve TOI MOI’s website and set default options for you. | To always improve TOI MOI’s service and offering. |
| To protect TOI MOI’s website | o prevent and detect fraud against either you or TOI MOI, absolutely essential for you and its business and meet legal obligations about data. |
Information from social media accounts you link to TOI MOI
What TOI MOI does if you link your Facebook, Twitter, Instagram or LinkedIn to it
| How TOI MOI uses information from accounts you link to it | Why? |
|---|---|
| To provide product suggestions and keep you informed about TOI MOI | So you can easily see TOI MOI’s new products and keep yourself updated with news and info. |
Your responses to customer surveys, competitions and promotions
| How TOI MOI uses information from your responses to surveys, competitions and promotions | Why? |
|---|---|
| TOI MOI reviews and analyses the information. This process may be facilitated by TOI MOI collecting and sharing this information with its 3rdparty survey automation provider SurveyMonkey® or cooperating marketing companies | To be better able to gauge customer satisfaction to allow us to improve customer service. |
TOI MOI also anonymises and aggregates personal information (so that it does not identify you) and use it for purposes including testing its IT systems, research, data analysis, improving its website and developing new products and services. TOI MOI also may share this information with trusted third parties.
Our principles
1.The principles of the Policy require that personal information must:
• be processed fairly and lawfully and in accordance with the data subject’s rights;
• be processed in a manner that would be reasonably expected by the data subject;
• be used for the purpose it was collected for;
• be processed in the Company’s legitimate interest;
• be adequate, relevant and not excessive for the purpose it was collected;
• be processed with the correct level of confidentiality;
• not be transferred outside of the EU, unless that country or territory can ensure a suitable level of protection for the rights and freedoms of the data subjects whose personal data is being processed;
• be retained for as long as deemed appropriate and deleted thereafter. Low-risk paper documents are recycled and higher-risk documents with more sensitive personal data must be shredded.
2. Informed consent
• Transparency about the personal information TOI MOI holds on individuals is central to this Policy;
• At the first point of contact, individuals must be made aware of what information is collected and why;
• Failure to object or respond does not mean that consent has been given and consent must be as easy to give as it is to take it away;
• Consent should be reviewed at appropriate intervals.
3. Records
• Records relating to processing, storing and erasure of personal data are kept so that TOI MOI can understand and provide traceability for the full scope of its data handling activities;
4. Data disclosure and a secure business network
• TOI MOI has a responsibility to ensure that it both maintains its business relationships to consistently high standards and that it collects, processes and stores personal data in line with GDPR;
• Personal data held by TOI MOI will not be transferred to any country outside of the EU without obtaining the data subjects consent or otherwise complying with the relevant privacy legislation;
• TOI MOI has an international network of agents, suppliers, contractors and external third parties that help it to provide the best quality service and achieve its day-to-day business objectives. For sales and compliance purposes, it may disclose personal information (such as contact information) to such trusted third parties inside and outside of the EU. Such business associates are bound by this Policy and will process personal data only when they can offer adequate measures to protect it;
• TOI MOI may disclose personal information if required by law.
5. Appropriate confidentiality at all levels
• Data stored in different formats is treated with the same level of security and safeguarding. Where electronic documents are password protected or have restricted access, paper versions are locked in filing cabinets or desk drawers;
• All sensitive personal data is held with the appropriate safeguards and access is limited;
• Profiling and credit checks are carried out against customers, suppliers and contractors by a third party. All results are held securely;
• CCTV cameras on site are for security purposes. Certain members of staff have login access via a browser. This is only accessed for security reason.
6. Effective internal regulation
• This Policy empowers Senior Management and the Privacy Protection Officer to carry out internal data audits and compliance checks;
• Data protection procedures and guidelines should be reviewed annually by the Privacy Protection Officer to ensure compliance and good practice, and that all queries regarding data protection internally and externally are being dealt with effectively and in compliance with this Policy;
• All employees should receive general awareness training and/or sufficient information and guidelines on the implications of GDPR;
• All personal and Company-issued electronic devices are covered by GDPR and are verified for password checks. Employees working remotely should work on TOI MOI’s VPN where accessible and log in and out of each session;
• A password change policy is in place managed by the IT department;
• In an employee’s absence, IT support will be contacted and the absentee’s emails may be forwarded to another team member;
•Employees should avoid leaving documents with personal data out overnight.
Individual rights
1. Right to Access
All data subjects have the right to know what data TOI MOI holds on them. TOI MOI has one month to reply to all requests. If the request is excessive or unreasonable, TOI MOI has the right to charge a fee.
In all instances below, TOI MOI has the right to request one or two pieces of identification, to ensure the identity of the person who requests the information.
General response times are as detailed. If the response is unsatisfactory for the individual, they have the right to repeat their request. In this instance, TOI MOI has two weeks to review the objection with the Managing Director. The decision made in this second review is final.
All requests should be made in writing to the individual’s manager or Company contact.
2. Right to Portability
Data must be provided in a format that the individual can understand and that another data controller could easily import. If requested, TOI MOI must send to the data to a third party. TOI MOI should provide the data in whatever format it is requested where this is a commonly used and readily available format to TOI MOI. TOI MOI is not responsible for protecting the data that has been received by the data subject or third party.
3. Right to Object
Data subjects can object to the processing of their personal information. Objections to direct marketing should be made automatically through the ‘unsubscribe’ link at the bottom of the marketing email, or in their account preferences. TOI MOI has one month to review and respond to objections to processing for HR purposes. TOI MOI may have a legitimate interest to override the request.
4. Right to Erasure (right to be forgotten)
Data subjects may request for their personal information to be deleted. The legitimate interest of the Company may override the request. The HR department and the Privacy Protection Officer will respond without undue delay.
5. Right to Rectification (right to correct administrative mistakes)
Data subjects have the right to request for any mistakes made in recording personal data, such as spelling mistakes or incorrect information, to be rectified. TOI MOI has one month to correct the mistake and inform the individual.
Security breach
All individuals will report any actual, near miss, or suspected data breaches to TOI MOI’s Privacy Protection Officer for investigation. Lessons learnt during the investigation of breaches will be relayed to data controllers and processors to enable necessary improvements to be made.
The Privacy Protection Officer and Managing Director are responsible for assessing the level of security breach and informing the Authorities and data subjects where necessary. In the event of a security breach, TOI MOI has 72 hours to respond.
TOI MOI Privacy Protection Officer: