ELMI SYSTEMS is active in three areas of technology: the distribution of microelectronics consumer products (with emphasis on CASIO products), the distribution and installation of retail management systems and the provision of integrated IT solutions to companies. Our company has many years of business experience in the Greek market of modern technology and the provision of computer solutions, contributing to the spread of the use of technologically advanced products and applications of microelectronic technology.

Our Company conducts its business activities in accordance with the principles of privacy, applying ethical and responsible practices.

Current legislation sets out our standards for the management and protection of your Personal Data, so that you are provided with the maximum possible security. These privacy policies apply to all of our activities that involve the collection and processing of information about individuals, including, but not limited to, research, corporate support and data transfer.

Indicatively, this Policy applies to:

1. Corporate support: hiring, managing and compensating employees / conducting employee performance and talent assessments / providing training  managing ethics and privacy issues / managing and securing our assets and infrastructure / sourcing and paying for products and services fulfilling our commitments on the
environment, health and safety / communicating with the media.

2. Online presence: for the use of our website “elmisystems.gr”, with the following mechanisms and features described in the relevant chapter concerning privacy.

This Policy applies to all individuals whose data we process. Respectively, every employee of the Company, and third parties who process data about our company, are responsible for understanding and complying with their obligations under this Policy and existing laws.

Principles to be followed

The privacy principles described below summarize the standards and basic requirements for the collection and processing of personal data of individuals by our company.
Personal data:

(a) are processed lawfully and lawfully in a transparent manner in relation to the data subject (“legality, objectivity and transparency”), (b) are collected for specified, explicit and legitimate purposes and are not (“Purpose limitation”), (c) are appropriate, relevant and limited to what is necessary for the purposes for which they are processed (“data minimization”, (d) be accurate and, where necessary, updated (“accuracy”); (e) maintained in a form which allows the identification of data subjects only for the period (f) are processed in such a way as to guarantee the appropriate security of personal data, including their protection against unauthorized or unlawful processing and accidental loss, destruction or deterioration, using appropriate technical or organizational measures (“integrity and confidentiality ”).

1. Legitimacy, Objectivity and Transparency

We do not process Personal Data in ways that are unfair to the data subject. We determine whether the proposed collection, use or other processing of Personal Data poses a risk of actual or indefinite harm to individuals, always aiming to prevent it. If the nature of the data, the types of people or the activity contain an inherent risk of actual or unspecified damage, we ensure that this risk does not outweigh the corresponding benefits to those individuals. In cases where it is necessary to process Personal Data of special categories (“sensitive”), this is done only with the explicit consent of individuals or as required or explicitly permitted by existing laws. We record the risk analysis and design any mechanisms required to obtain and record evidence of consensus in assistive technologies. We do not process Personal Data in ways or purposes that are not transparent. All persons whose Personal Data is processed in accordance with this Policy, will have the right to a copy of this Policy, which is posted on our website. The Data Controller will provide digital and / or physical copies of this Policy upon request to the addresses listed below.

2. Collection of data for specified, explicit and legitimate purposes

When Personal Data is collected directly from individuals, the

we inform through a clear and easily accessible privacy notice or similar means, providing them with the following
information:

-the identity and contact details of the controller

-the purposes of processing

-If the processing is based on the legitimate interests of the controller, what are those interests?

-the recipients of personal data

– no data transfer

-the period for which the data will be stored

-the existence of a right to submit a request to the controller for access to and correction or deletion of personal data
or restriction of processing

-when the processing is based on the subject’s consent, the existence of the right to revoke his consent at any time,
without prejudice to the legality of the processing based on the consent before its withdrawal

-the right to file a complaint to the Personal Data Protection Authority

-the legal nature of the benefit

-the possibility of automated decision making

If new reasonable corporate purposes for Personal Data already collected are identified, we ensure that either the new corporate purpose (including a substantially similar purpose) is compatible with the purpose as described in the privacy notice or other transparency mechanism previously provided to the individual. , or we obtain the consent of the individual for the new use of his Personal Data.

We are responsible for maintaining the security of the privacy of your Personal Data when it is transferred from or to other organizations – companies.

We transfer Personal Data or allow it to be processed by third parties only if the following conditions are met, for the provision of which we are responsible.

If the role of the third party is to process Personal Data on behalf of or to secure the vital interests of the company, before the third party receives the Personal Data, we:

(a) complete the legal review to assess the privacy practices and risks associated with these third parties;

(b) we seek to obtain guarantees through a written agreement from these third parties that they will process Personal Data in accordance with our company instructions, and in accordance with this Policy.

(c) We ensure that they will inform us in a timely manner of any Security Incident and that they agree to cooperatewhen necessary.

(d) If the role of the third party is to provide Personal Data to our company, before we obtain the Personal Data from the third party, we ensure that the Transparency requirements for the collection of Personal Data from other sources are met and not specifically under the supervision of the company. and we obtain guarantees through a written contract from the third party that it does not violate any Law or the rights of any third party by providing Personal Data to our company.

(e) If the role of the third party is to obtain from our company data for processing that is not specifically under the supervision of our company, before handing over the data to the third party, we ensure that the third party will u

3. Necessity – data minimization – storage period limitation

Before collecting, using or distributing Personal Data, we determine and record the specific, legal business purpose that is served. We determine and record the period of time for which the Personal Data is used for the defined business purposes, which is defined on a case-by-case basis depending on the nature and type of activity. We do notn collect, use or share more Personal Data than is necessary and do not retain Personal Data in an identifiable form for longer than is necessary for the specified business purposes. We anonymize data when business or legal requirements make it necessary, as well as when information about the activity or process is required to be retained for a longer period of time. We ensure that these necessary requirements are incorporated into any assistive technologies and that third parties supporting the activity or processing are informed. 

We retain your Personal Data for as long as necessary to fulfill the purposes set forth in this Privacy Policy, unless a longer retention period is required by applicable law. Your Personal Data related to product purchases are retained for a longer period of time in order to comply with our legal obligations, tax and commercial legislation and for
warranty purposes. At the end of this retention period, your data will be completely or anonymously deleted, for example by aggregation with other data, so that it can be used in an unrecognizable manner for statistical analysis and business planning. If your order included a warranty, the relevant personal data will be retained until the end of
the warranty period.

To protect the confidentiality of your information, we will ask you to verify your identity before making any request under this Privacy Policy. If you have authorized a third party to submit a request on your behalf, we will ask them to prove that they have your permission to act for this purpose.

4. Data Accuracy, Integrity and Confidentiality

We keep the Personal Data accurate, intact and up to date and in accordance with their desired use. We ensure that periodic data control mechanisms are integrated into assistive technologies to validate data accuracy. We ensure that Sensitive Data is validated as accurate and up to date before use, evaluation, analysis, reporting or other processing,
which carries the risk of injustice to individuals if inaccurate or up-to-date data is used. In case of change of personal data, the subject is responsible for informing our company to make the necessary modifications. We integrate safety valves to protect Personal Data and Sensitive Data. We have implemented a comprehensive information security
program and security controls based on the sensitivity of the information and the magnitude of the risk of the activity, using the best practices of modern technology. Loss, misuse, unauthorized access, disclosure, or disaster protection policies include, but are not limited to, disaster recovery and access recovery, identity and access
management, information classification, information security incident management, network access control, physical security and risk management.

We clarify that the provision of the Data to our Company may be necessary to achieve the purposes set out in this Privacy Policy or be optional. If you refuse to provide the information that is marked as mandatory, it will be impossible to achieve the main purpose of collecting this Data, and it may, for example, make it impossible for our
Company to fulfill the sales contract or provide the other services are available. The provision of additional Data to our Company, in addition to those that are marked as mandatory, is optional and does not have consequences for the main purposes of data collection, but their provision serves to optimize the quality of services provided.

You may also be asked for copies of the documents you provide to prove your age or identity when required by law (such as a copy of a police or student ID). For example, these copies may include details of your full name, address, date of birth and picture of your face (photo). If you provide a passport, the details will also include your place of
birth, gender and nationality. Remember, if you choose not to share the Data with us or to refuse certain communication rights, we may not be able to provide some of the services you have requested. For example, if you asked us to let you know when a product is available again, we may not be able to help you if you have withdrawn
your general consent to receive updates from us.

Our Company processes your Data in order to fulfill its contractual relationship, to process the order of products and / or services, to provide customer service, to comply with legal obligations, to oppose, raise or exercise legal requirements. If we do not collect your Data when completing the order either from our physical stores or from our
online store, we will not be able to process your order and comply with our legal obligations. Your Data may need to be transferred to third parties for the supply or delivery of the product or service you have ordered. In addition, we may retain your Data for a reasonable period of time in order to meet our contractual obligations, such as product
returns, as required by law.

Our company uses your Data to respond to your requests / inquiries, refund requests and / or complaints. The information you share with us, enables us to manage your requests and respond to you in the best possible way. We may also maintain a record of your inquiries / requests to us in order to better respond to any future communication.

We do this based on our contractual obligations to you, our legal obligations and our legitimate interests in order to provide you with the best possible service and to be able to improve our services based on your personal experience.

Sometimes, we will need to share your Data with a third party that provides a service (such as a courier delivery or a technician visiting your home).

Data Subjects Rights (Access, Correction, Deletion, Portability, Restriction of Processing
and Opposition to Processing)

– You have the right to access your personal data. This means that you have the right to be informed by us if we process your Data. If we process your Data you can ask to be informed about the purpose of processing, the type of your Data we hold, to whom we give it, how long we store it, if automated decisions are made, but also about your
other rights, such as correction, deletion of data, restriction of processing and submission of a complaint to the Personal Data Protection Authority.

– You have the right to correct inaccurate personal data. If you find that your Data is incorrect, you can ask us to correct it (eg, name correction or change of address notification).

– You have the right to delete / forget. You can ask us to delete your data if it is no longer necessary for the above mentioned processing purposes.

– You have the right to portability of your Data. You can ask us to receive in readable form the Data you have provided or ask us to pass it on to another processor.

– You have the right to restrict processing. You can ask us to restrict the processing of your Data for as long as your processing objections are pending.

– You have the right to object to the processing of your Data. You may object to the processing of your Data or withdraw your consent and we will terminate the processing of your Data unless there are other compelling and legitimate reasons prevailing over your right. To exercise your rights you can send us a relevant request, describing the right you want to exercise either at the postal address of the Company (165 Athens Avenue, Chaidari Attica PC 12461, 12462) with the indication “Exercise of access right / correction / deletion restriction / objection “, or through the contact form that you will find on our website (https://elmisystems.gr/epikoinonia), entitled” Exercise of the right of access / correction / deletion / restriction / objection “, with a description of your request and we will make sure to consider it and respond to you as soon as possible. We respond to your requests free of charge without delay, and in any case within one (1) month from the time we receive your request. However, if your request is complex or there is a large number of your requests, we will let you know within the month if we need to receive an extension of another two (2) months, within which we will answer you. If your requests are manifestly unfounded or
excessive, in particular because of their recurring nature, ELMI SYSTEMS may impose a reasonable fee, taking into account the administrative costs of providing the information or performing the requested action or refusing to proceed on request.
You have the right to file a complaint to the Personal Data Protection Authority (postal address 1-3 Kifissias, Athens / www.dpa.gr), if you consider that the processing of your Personal Data violates the current national and regulatory legal framework for protection of personal data.

Use of the Website

Below we will inform you about the way and the purposes that we manage your personal data on the above mentioned website of our company. The person in charge of the processing of personal data management is “ELMI SYSTEMS HELLENIC MECHANICAL SYSTEMS SA Societe Anonyme Commercial and Industrial Company ” with the distinctive title“ ELMI SYSTEMS ”, No. Γ.Ε.ΜΗ 000309601000, Α.Φ.Μ. 094075071, located in Chaidari, Attica, 165 Athens Avenue.

This site uses the SSL (Secure Sockets Layer) protocol, which uses methods to encrypt data exchanged between two devices (usually PCs), establishing a secure connection between them over the Internet, resulting in the protection of your privacy. data, as well as other sensitive data (eg commands or inquiries of the controller). You can recognize
that you are in a secure connection by looking at the https: // characters and by the lock symbol that appears in your browser’s address bar.

A) Data Collection

When you visit the site only for information, ie you do not provide any of your personal data (eg contact form), then the only data we collect is that which your browser transfers to our server, the so-called server log files, and specifically:

Date and time of entry to the site.
The volume of data sent in bytes.
The browser you used when logging in to the site.
The operating system you used when logging in to the site.
IP Your IP (Internet Protocol address), when you log in to the site.

The processing of data is carried out in accordance with article 6 par. 1 par. F of the General Regulation of Personal Data Protection (GDPR) based on our legitimate interest in improving the stability and functionality of our website. The data will not be transferred or used in any other way. However, we reserve the right to check server log files if specific indications of illegal use are found.

Β) Cookies

Cookies are small text files that are sent to your device when you visit a website. The cookies are then sent to the website of origin on each subsequent visit or to another website that recognizes this cookie. Cookies act as a memory on a website, allowing that website to remember your device on your next visit. Cookies can also remember
your preferences, improve your user experience, as well as tailor the ads you see to what interests you. For more information about cookies, including how you can view cookies set on your device and how to manage and delete them, visit www.aboutcookies.org.

Types of Cookies

– Temporary and permanent Cookies. We may use them temporarily, which are available until you close your browser. We may use permanent cookies, which are kept for a longer specific period of time.

– Third party cookies. Our website may allow the installation of third party cookies that appear on our website. These third party cookies are not under our control. For further information on their use, you can visit the relevant third party website for further information. Details about possible third party cookies are presented in the table below. 

– Cookies used on this website.
Below is a summary of the cookies used on our website.
Cookie Name Login Session cookie
Purpose Necessary for user browsing
Expiration Upon leaving the site is deleted
Google Analytics Cookie Name And Google Tag Manager
Purpose To record statistics for the site
More information at the link
https://policies.google.com/technologies/types

You can configure your browser in such a way that you are informed about the setting of cookies and you can either decide individually to accept them or as a whole, or to exclude the acceptance of cookies in certain cases. Each browser differs depending on how it manages the cookie settings. This is described in the help menu of each browser, which explains how you can change your cookie settings. Follow the links below depending on your browser:

Internet Explorer: https://support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-managecookies Firefox: https://www.mozilla.org/en-US/privacy/websites/#cookies

Chrome: https: //support.google.com/accounts/answer/61416? Co = GENIE.Platform% 3DDesktop & amp; hl = en

Safari: https://support.apple.com/en-gb/guide/safari/manage-cookies-and-website-data-sfri11471/mac

Opera: https://help.opera.com/Windows/10.20/en/cookies.html

Please note that the operation of our website may be limited if cookies are not accepted

C) Contact form

In the context of communication between us (eg via the contact form or e-mail), personal data is collected. The data collected in this case is exactly what you fill in on this form. This data is stored and used solely for the purpose of responding to your request or for our contact and technical management. The legal basis for the processing of this
personal data is in our legitimate interest, so that we can respond to your request, which applies to article 6 par. 1 of the General Regulation on Personal Data Protection (GDPR). If the communication is aimed at concluding a contract between us, then the additional legal basis is based on article 6 par. Your data will be deleted after the final
processing of our communication. This will happen if it can be concluded from the circumstances that the communication was completed, provided that there are no legal requirements for the storage of this data.

D) Web Analysis Services Google Analytics

Our site uses Google Analytics, a service

Google Analytics, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (& quot; Google & quot;). Google Analytics uses so-called cookies, which are text files stored on your computer, to help our site analyze how users use it. The information generated by cookies about the use of this website (including the IP address) is generally transmitted to and stored on a Google server in the USA. On our behalf, Google will use this information to evaluate the use of the website, to compile reports on the activity of the website and to provide us with other services related to the use of the website and the Internet. The IP address transmitted by your Google Analytics browser does not merge with any other Google data. You can refuse the use of cookies by selecting the appropriate settings in your browser, as listed above. However, it should be noted that in this case, you may not be able to use the full functionality of this site. You can definitively refuse Google to collect data generated by cookies about the use of the website (including the IP address) and to process it. You can download and install the browser plugin available at the following link:

https://tools.google.com/dlpage/gaoptout?hl=en=GB

More information on how the above service works can be found here:

https://support.google.com/analytics/answer/6004245?hl=en

Operation of CCTV Systems

In order to protect our customers, premises, assets and associates from crime, we operate CCTV systems in our stores that capture images for security. If we detect any criminal activity or alleged criminal activity through the use of CCTV, fraud monitoring and suspicious transaction monitoring, we will process this Data for the purpose of preventing or detecting illegal acts. Our goal is to protect our customers, employees and associates from criminal activities.

Terms you need to know:

Legislation: All laws, rules, regulations and mandates of opinions that have the force of law. 

Personal Data: All data about an identified or unidentified person, including information that identifies the person or that could be used to locate, monitor or contact them. Personal Data also includes immediate identification information such as name, identification number or job title, and indirect identification information such as date of birth, telephone number and encrypted data. 

Sensitive Data: Any type of data about humans that contains an inherent risk of harm to individuals, including data that is legally defined as sensitive, including, but not limited to, data relating to health, heredity, race, ethnicity, religion, political or philosophical beliefs or convictions, criminal record, exact geographical location information,
bank or other financial account numbers, government-issued registration numbers, minors, sex life, trade union relations, security, social security and more employer or state benefits.

Processing: The conduct of any process or series of processes in human data, with or without automated means, including, but not limited to, collection, recording, organization, storage, access, customization, conversion, retrieval, use, evaluation, analysis, reporting, distribution, disclosure, transmission, disposal, alignment, obstruction, deletion or destruction.

Anonymization: The change, cut, deletion or other restriction or conversion of Personal Data, to make it impossible to use them for identification, tracking or communication with the individual.

Privacy Incident: Violation or breach of this Policy or a privacy or data protection law.

Security Event: Access by an unauthorized person to Personal Data or disclosure to an unauthorized Person of Personal Data or our company’s reasonable suspicion that this has occurred. Access to Personal Data from or on behalf of our company without the intention of violating this Policy is not a Security Event, provided that the specific Personal Data was then used and disclosed only as permitted by this Policy.

Third Party: Any legal entity, organization or individual that does not belong to our company, or for which our company has no audit interest or that does not work for our company. Unless expressly stated in this Policy, no part of our company is required to meet the requirements of a third party under this Policy, as all sectors are required to
process human data in accordance with

Changes to this Policy

This Policy may be revised periodically, in accordance with the requirements of existing legislation. Our company is constantly expanding, updating and improving its website and will update this policy accordingly. We encourage you to read this process at regular intervals to be informed of any changes to the content of this privacy policy. This
policy will be modified from time to time without prior notice to users.

General terms

Applicable Law is the Greek Law, as formulated in accordance with the General Regulation for the Protection of Personal Data 2016/679 / EU, and in general the current national and European legislative and regulatory framework for the protection of personal data.

The competent courts for any disputes arising related to your Data are the Courts of Athens.

To exercise your rights you can submit a relevant request to the Data Protection Officer Ms. Ourania Sourvinou contact phone 210 2002200 email dpo@elmisystems.gr.

February 2019
For the company