GENERAL PROVISIONS
1. Who is responsible for your data?
The Data Controller for your personal data is the company under the name "VERANOUDIS E.P.E." with the trade name "FORCE" (hereinafter "Company"), headquartered in Kalamaria, at 5 Ilektras Street, legally represented by Panagiotis Veranoudis, with telephone number +30 2310-805180 and contact email info@force.gr.
2. General principles the Company follows regarding transparent information
2.1
All information provided to you in this document, as well as any information you may request in the future, is provided free of charge unless the request is manifestly unfounded, excessive, or repetitive (see more in section 2.3).
2.2
For each of the rights you exercise, the Company will respond within one (1) month from the receipt of the request or, in the case of objective difficulty, complexity of the request, or large number of requests, within a maximum period of three (3) months, either by fulfilling your request or justifying a lawful refusal to comply, in accordance with the General Data Protection Regulation (GDPR) 2016/679, and our internal procedure.
2.3
If the Company deems that any of the aforementioned rights are exercised in a manifestly unfounded or excessive way or have a repetitive nature, it reserves the right to charge a reasonable fee for providing further information (initially provided free of charge) or to refuse to act on the request.
2.4
If the Company has reasonable doubts about your identity when submitting a request to exercise any of your rights, it may request additional information necessary to confirm your identity before proceeding.
2.5
If the Company delays its response beyond a reasonable time or if you believe your rights are being violated, or the Company is not complying with its data protection obligations, you have the right to lodge a complaint with the competent supervisory authority (Hellenic Data Protection Authority).
2.6
You have the right to withdraw your consent at any time by submitting a relevant written request. You may also submit any requests regarding the exercise of your rights to the following email address: gdpr@force.gr
3. What are your rights regarding the personal data you provided?
3.1 Right to Information
You have the right to request information about your personal data that we have received and are processing for one or more purposes described below. This document constitutes a basic form of information and understanding of the regulatory framework governing your personal data protection. You can receive updates, clarifications, and elaboration upon request.
3.2 Right of Access
You have the right to request access to your data held by the Company and confirmation of whether it is being processed. More specifically, you may obtain information on the purposes of processing, categories of data, recipients or categories of recipients, duration of data retention, right to lodge a complaint, source of the data if not provided directly by you, existence of automated decision-making (including profiling), methodology, safeguards for data transfers to third countries, and receive a copy of your data.
3.3 Right to Rectification
You have the right to request that the Company corrects your data if any of the information we are lawfully processing is inaccurate or has changed.
3.4 Right to Erasure
You have the right to request the full or partial deletion of your data that we are legally permitted to retain and process, either because it is no longer necessary for the purposes collected, or because you withdraw your consent, or because the data was collected unlawfully. The Company will respond within a reasonable time (no longer than one month, or three months if justified) confirming the deletion or explaining why certain data cannot be deleted (e.g., legal obligations, public interest, freedom of expression, or exercise of legal claims). In such cases, you may file a complaint or seek legal remedies.
3.5 Right to Restriction
You have the right to request the restriction of processing of your data quantitatively, temporally, or in terms of purpose, specifically:
(a) while the Company verifies the accuracy of contested data,
(b) when you oppose deletion and prefer restriction,
(c) when the Company no longer needs the data but you request retention for legal claims,
(d) while it is being determined whether your rights override the Company’s legitimate processing reasons.
3.6 Right to Data Portability
You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit it to another controller, provided the processing is based on your consent. You may also request direct transmission to the new controller. This right is subject to the limitations of the right to erasure (see 3.4) and must not adversely affect others' rights and freedoms.
3.7 Right to Object
You have the right to object to the processing of your data, unless the Company demonstrates compelling legitimate grounds that override your interests, or the processing is necessary for legal claims.
4. Special Provisions for Clients, Suppliers, and Employees
4.1 For Clients
The Company collects and processes your personal data when:
You express interest in its products/services,
You communicate with the Company,
You sign a contract for the provision of services or the purchase of products.
The data collected may include:
Full name,
Contact information (address, phone number, email),
Tax Identification Number (TIN),
Bank account details,
Transaction history,
Information necessary for compliance with legal and tax obligations.
The legal bases for processing include:
The performance of a contract (e.g., service agreement),
Compliance with legal obligations (e.g., tax laws),
The Company’s legitimate interests (e.g., customer service, dispute resolution),
Your explicit consent where required.
4.2 For Suppliers
The Company collects and processes personal data of its suppliers and their representatives for the purposes of:
Evaluating and selecting suppliers,
Executing contracts,
Fulfilling financial and tax obligations,
Managing and maintaining the business relationship.
The data may include:
Identification details,
Contact information,
Tax and banking information,
Transaction and communication records.
Legal bases are similar to those for clients:
Contractual necessity,
Legal compliance,
Legitimate interests (e.g., supply chain management).
4.3 For Employees and Candidates
The Company collects and processes personal data of its employees and job applicants for the purpose of:
Recruitment and personnel selection,
Payroll and insurance,
Compliance with labor and social security law,
Internal evaluation and training,
Security and access control.
The data processed may include:
Personal identification and contact information,
Academic and professional qualifications,
Social security and tax details,
Work history,
Medical or sensitive information (only when legally required or with explicit consent).
Processing is based on:
Employment contract,
Legal obligations,
Legitimate interests (e.g., HR management, workplace safety),
Consent (e.g., for storing CVs for future openings).
5. Final Provisions
5.1 Data Retention
The Company retains personal data only for the time required to fulfill the purposes for which it was collected, or as mandated by applicable legal and regulatory obligations (e.g., tax and labor law). Once the retention period expires, the data is securely deleted or anonymized, unless further storage is required for legal claims or ongoing legal procedures.
5.2 Data Security
The Company applies appropriate technical and organizational measures to ensure the protection of personal data from accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. These measures include:
Access control,
Encryption and pseudonymization where necessary,
Secure file storage,
Antivirus protection and firewall systems,
Internal data protection policies and regular audits,
Staff training and confidentiality commitments.
The Company has also appointed a Data Protection Officer (DPO), who oversees compliance with applicable data protection legislation and supports the implementation of this policy.
5.3 Data Transfers to Third Parties
Your data may be disclosed or transferred to:
Public authorities and institutions (e.g., tax offices, social security organizations),
Legal or tax advisors, banks, and insurance companies,
External service providers who support the Company’s operations (e.g., IT services, payroll, legal services),
Only to the extent necessary and always under appropriate confidentiality and data protection safeguards.
In cases where personal data is transferred to third countries outside the European Economic Area (EEA), such transfers will be conducted in accordance with the General Data Protection Regulation (GDPR), using appropriate safeguards such as Standard Contractual Clauses (SCCs) or ensuring adequacy decisions are in place.
5.4 Changes to the Policy
The Company may update this Policy from time to time to reflect changes in legislation, technological advancements, or Company practices. Updated versions will be posted on the Company’s website and made available upon request. We encourage all data subjects to periodically review this Policy.
Contact – Exercise of Rights
If you wish to exercise any of the rights described in this Policy, or if you have questions or concerns regarding the processing of your personal data, you may contact the Company at:
Email: gdpr@force.gr
Phone: +30 2310 805180
Address: 5 Ilektras Street, Kalamaria, Thessaloniki, Greece
Alternatively, you may lodge a complaint with the Hellenic Data Protection Authority (HDPA):
Website: www.dpa.gr
