Privacy Policy on the Processing of Personal Data
Last updated: March 10, 2022
1. General Information
-
Scope of privacy policy
Vrontoulakis Ltd (“We” or “Us”) is committed to preserving the privacy and to protecting any personal data that you may provide to us.
This Privacy Policy, together with our website (www.heronengines.com) and any other documents referred to in it, sets out the types of personal information we collect, how we collect and process that information, who we share it with in relation to the services we provide and certain rights and options that you have in this respect. Our privacy policy covers us and the website. You can access the website home page and browse without disclosing personal information.
By using our Services, you are accepting the practices described in our Privacy Policy, including our use of cookies and similar online tools. If you do not agree to the terms of this Privacy Policy, please do not use our Services. We reserve the right to modify or amend the terms of our privacy policy from time to time without notice. Any changes to this Privacy Policy will become effective as of the “last updated” date set forth above. Your continued use of our Services following the posting of changes to these terms will mean you accept those changes.
For the purposes of applicable data protection law (in particular, the General Data Protection Regulation (EU) 2016/679 (the “GDPR”)), your data will be controlled by Vrontoulakis Ltd.
-
Terms and Definitions of GDPR Article 4:
Personal data
Personal data means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Processing
Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Controller
Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
Data subject
The identified or identifiable living individual to whom personal data relates.
Processor
Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Consent
Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
Recipient
Recipient means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.
Third party
Third party’ means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
Enterprise
Enterprise means a natural or legal person engaged in an economic activity, irrespective of its legal form, including partnerships or associations regularly engaged in an economic activity.
Supervisory Advisory
Supervisory authority means an independent public authority which is established by a Member State pursuant to Article 51.
2. Name and address of the Data Controller
The data controller processing your personal data through this website is Vrontoulakis Ltd a duly registered private limited liability company in Cyprus under registration number ΗΕ 387162 with its registered office at Markelinou Ammianou 6, Kato Polemidia, Limassol, Cyprus.
3. Personal data we collect
3.1 Personal data you provide on a voluntary basis
We collect, store and process information about you if you voluntarily provide us with such information in connection with the following:
a) when you browse, complete a form or make an inquiry or otherwise interact on our website or other online platforms;
b) opting in to receive marketing information with us;
c) contacting us by telephone;
d) sending us an e-mail or social media message;
e) subscribing to receive a service from us (e.g. a newsletter, blog or by following us on social media);
3.2 The types of information we may obtain include:
a) identity and Contact Data, including your name, last name, e mail address, phone number;
b) financial data, such as credit/debit card numbers, bank account information, and other invoicing and payment related information;
c) personal data of other people: If you provide information to us about any person other than yourself, your employees, counter parties, your advisers or your suppliers, you must ensure that they have been made aware of how their personal data will be used by Us, and that they have given their consent for you to disclose it to Us and for you to allow Us to use it;
d) any other personal information you choose to give us when you interact with us;
3.3 Sensitive data:
We do not collect or acquire any type of access to special categories of (“sensitive”) personal data or data that concern criminal convictions and offenses of our customers. Customers are obligated to abstain from providing such data that concern them or third data subjects. In case that customers provide such data to HERON ENGINES, these data will be deleted as soon as HERON ENGINES is made aware of them. We at HERON ENGINES bear no liability whatsoever towards customers or third parties for any provision and/or processing of sensitive data due to acts or omissions on the part of customers in breach of the above obligation.
3.4 Personal data we collect automatically
When you visit this website, we may also collect certain data through the use of “cookies” and other automated means. Cookies are small pieces of data that are stored by your browser on your computer’s hard drive. We use cookies to gather data about the visitors to our website, to enable us to improve our website and deliver a better and more personalized service.
Data we collect through such means may comprise the following:
a) technical data, including information collected during your visits to our website, date and time, the Internet Protocol (IP) address, browser type and version, device type, time zone setting, browser plug-in types and versions, geographic location, language preferences, operating system and platform. To learn more about our use of cookies or similar technology please check our cookies policy.
Please note that Heron engines website (www.heronengines.com) uses YouTube API Services, in relation to the videos we showcase. By using the Heron engines website, you agree to be bound by the YouTube Terms of Service applicable to the YouTube API Services. A copy of those YouTube Terms of Service is available at https://www.youtube.com/t/terms .
3.5 Use of Personal Data
We use your personal data only for the following purposes:
a) data Processing for a contractual relationship
Personal data of the prospective customer, customer, or partner can be processed to establish, perform and terminate a contract. This also includes product services for the customer or partner under the contract if this is related to the contractual purpose. Prior to a contract, personal data can be processed to prepare bids or purchase orders or to fulfill other requests of the prospective customer relating to contract conclusion. Prospective customers can be contacted during the contract preparation process using the information that they have provided.
b) data processing for advertising purposes.
When the data subject contacts us with a request for information (e. g. request to receive information material about a product), processing of personal data to meet this request is permitted. Personal data can be processed for advertising purposes or market and opinion research, provided that this is consistent with the purpose for which the data was originally collected. The data subject shall be informed that providing data for this purpose is voluntary. As part of the communication process, consent should be obtained from the data subject.
c) data processing pursuant to legitimate interest.
Personal data can also be processed if it is necessary for a legitimate interest. Legitimate interests are generally of a legal (e. g. collection of outstanding receivables) or commercial nature (e. g. avoiding breaches of contract).
d) security and Dispute Resolution.
We may use Personal Data to protect the security of our Website and Services, to detect and prevent cyber attacks, fraud, phishing, identity theft, and data leaks.
e) development and Customer Service.
For example, to provide customer service and support or assist in protecting and securing our systems and services our development and customer service team may require access to Personal Data. In such cases, our personnel must abide by our data privacy and security requirements and policy and are not allowed to use Personal Data for any other purpose.
f) data processing pursuant to legal authorization or obligation.
The processing of personal data is also permitted if national legislation requests, requires, or allows this.
g) other Purposes
If we intend to use any Personal Data in any manner not consistent with this Privacy Policy, you will be informed of such anticipated use prior to or at the time the Personal Data is processed.
4. On what legal basis we use your personal data?
The Legal basis on which we make use of your information is either one of the following:
a) performance of a contract to which you are a party.
For purposes of communication either at per-contractual stage or on matters relating to your dealings with the Vrontoulakis Ltd, such as when buying a product in order to inform you of its unavailability, to notify you that the order was executed, to communicate with you about the delivery of the product, to inform you know about changes to our Terms of Use or the Privacy Policy and the other policies that the Vrontoulakis Ltd adopts. In order to fulfill our obligations under the Sales Agreement, such as our payment, issue of documents, proper delivery of the product to you, etc., the Vrontoulakis Ltd may process your personal data, such as your address and contact details.
b) any legitimate business interest against which your data protection interests do not prevail.
To manage and protect our business and website (including troubleshooting, data analysis, testing, system maintenance, support, reporting, and data retention). To prevent and deal with cases of fraud and other illegal activities. To collect and recover any financial debts to us. To use data analysis tools to improve the site, our products/services, our relationships with customers.
c) to comply with a legal obligation with which we our bound.
In the context of its activities, Vrontoulakis Ltd is required to process your personal data in order to comply with its obligations under the law, such as for example the maintenance of financial data of transactions for tax purposes, the use of your email for sending a confirmation of your order execution, and so on.
d) if none of the above apply, your consent (which you will always be requested to provide before we process any information).
Your free and informed consent is the legal basis for using your email and/or mobile phone for us to send you direct mail in the Newsletter form to your emails, or for you to receive updates or news. You have the right to withdraw your consent at any time. Your decision to provide your data for such purposes is optional and will no consequence on your ability to stay with us or benefit from the requested services.
5. Sharing personal data
We do not sell, otherwise disclose, or share data we collect and hold about you, except as described in this Privacy Policy.
We may share your personal data with third parties as described below:
a) with a third company which shall perform the processing on behalf of our Company, and shall host and manage our website.
b) with third party courier companies which shall perform the processing on behalf of our Company, and manage and process the shipment of your orders. They shall also perform the receipt and delivery to you of products that you return due to withdrawal or return.
c) with third-party email marketing companies acting in the name of and on behalf of us to send you our newsletters.
d) companies supplying and supporting information systems.
e) with data analysis companies.
f) with research companies.
g) with advertising and marketing companies.
h) with our accountants.
i) with our lawyers.
j) collection Organizations and Fraud Detection and Prevention Organizations.
k) Your retained data may be communicated to the competent judicial, police and other administrative authorities upon their request and in accordance with the applicable laws. Furthermore, in the case of a statutory provision, a service order or a formal preliminary examination, Vrontoulakis Ltd has the right to place the relevant information at the disposal of the respective service.
l) your retained data may be communicated to the competent judicial, police and other administrative authorities upon their request and in accordance with the applicable laws. Furthermore, in the case of a statutory provision, a service order or a formal preliminary examination, Vrontoulakis Ltd has the right to place the relevant information at the disposal of the respective service.
We reserve the right to disclose your personal data to a third party which we reserve the right to choose to transfer all or part of our business. In addition, in the event of a merger or redemption, or other change in our business, new owners, shareholders, administrators etc. have the right to use your personal data in the same way as this privacy statement. Following such a sale or transfer, you may contact the entity to which we transferred your data with any inquiries concerning the processing of that data.
6. Transmission of your personal data to third countries.
Vrontoulakis Ltd generally maintains your personal data within the European Economic Area. In the event that data are to be transmitted to third countries outside the European Economic Area for which there is no European Commission decision or to International Organizations, all the appropriate safeguards provided for in the applicable data protection legislation on the transfers to third countries will be taken and the relevant information will be posted on the company’s website at www.heronengines.com
6. How long we keep personal data for?
Vrontoulakis Ltd only retains your personal data for as long as needed to fulfill the purposes for which it is collected, unless we are required or permitted by law to keep the personal data for longer.
7. Links to other websites.
Our website may provide links to other websites for your convenience and information. These websites operate independently from us. Linked websites may have their own privacy policies, which we strongly suggest you review. To the extent that any linked websites you visit are not owned or controlled by us, we are not responsible for the websites’ content, any use of the websites, or the privacy practices of the websites.
8. Contact form
We give you the opportunity to contact us using the corresponding contact form. The data you provide when contacting us will be transmitted to, and used by, us for the purpose of dealing with your query. At the time of your query, the following data will be collected:
Purpose of Processing
We will use your personal data for the purpose of dealing with your query only. Other personal data will be processed during the sending process for security reasons in case the contact options granted are misused or our IT systems compromised by the contact. We do not collect any other data.
Data we process for this purpose
a) your name
b) your e-mail address
c) your phone number
d) other personal data you provide in the contact form (optionally)
When sending your query, the following data will additionally be processed:
a) your IP address
b) date and time of sending your query
Legal Basis for the Data Processing
The legal basis for the processing of the data transmitted when sending the contact form or an e-mail is Art. 6 (1) 1st subparagraph, lit. (f) GDPR.
If you contact us using our contact form or sending an e-mail with the intention of concluding a contract, like an engagement letter, the legal basis for the data processing is Art. 6 (1) 1st subparagraph, lit. (b) GDPR.
Storage Period
We erase your personal data as soon as they are no longer needed to achieve the purpose for which they are processed. Any personal data that you have transmitted in the context of contacting us via our contact form or e-mail will be erased as soon as the respective conversation with you is closed. The conversation will be considered closed when it is clear from the circumstances that the matter concerned has been resolved.
9. Newsletter
We will only send you marketing communications if you “opted in” to receiving such communications. You have the right to “opt out” of receiving marketing communications, whether by email or otherwise, at any time. You can do this by (i) clicking the unsubscribe link displayed in any of the marketing e-mails you receive, (ii) emailing unsubscribe@.........com to indicate you no longer wish to receive marketing communications, or (iii) writing to us at the relevant address set out in How to contact us below.
Purpose of processing:
We will use your personal master data for sending the newsletter to you. In this context, we check the e-mail address provided in order to verify that you are the owner and/or that the owner of the e-mail address consents to receiving the newsletter. We will process your IP address and the date and time or your subscription for security reasons in case a third party registers on our website without your knowledge or misuses your personal data.
Data we process for this purpose:
a) your name
b) your e-mail address
Legal Basis for the Data Processing:
The legal basis for the processing of the data after your subscription to our newsletter is the consent you have given in this context pursuant to Art. 6 (1) 1st subparagraph, lit. (a) GDPR.
Storage Period:
We erase your personal data as soon as they are no longer needed to achieve the purpose for which they were collected when you chose to opt out of our newsletter. In such case your personal master data will be erased immediately; other data collected in the context of your subscription, like your IP address and the date and time of your subscription, will be erased within … days in a system-defined erase cycle.
10. Publication of Job Advertisements.
On our website, we give you the opportunity to apply for a position offered by e-mail. At the time of your application, we collect and process the following personal data: your name your address, your date of birth, your e-mail address, your work experience, your school education, your language skills and other data that you transmit to us in your cover letter, CV, certificates or references.
If we conclude an employment contract after you have gone through the application procedure, your personal data will be further processed for the purpose of performing the employment contract.
The legal bases for the processing of your personal data are Art. 6 (1) 1st subparagraph, lit. (b) GDPR, Art. 88 GDPR.
Purpose of the Data Processing:
We process your personal data exclusively for the purpose of handling the application procedure.
Storage Period:
We delete your personal data if they are no longer necessary to achieve the purpose for which they are processed. If no employment relationship is established, your data will be erased within ….. months of receipt of the cancellation, unless there are legitimate interests that exclude erasure. Such legitimate interest will be deemed to exist in case of a legal dispute.
Consequences of Non-Provision of Personal Data:
You are not obliged to provide your personal data for the above purposes. If you do not provide the data, we will end the application procedure with the result that no employment relationship can be established at that point in time
11. Your rights as a data subject.
Where we process your personal data, you are a data subject as defined in the GDPR, which means that you have the following rights against us:
Right of access
You have the right to demand access to your personal data that are processed by us at any time. This also includes information on the origin, recipients or categories of recipients, to whom we transmit your data and the purposes for which we process your personal data.
Right to rectification
You have the right to demand prompt rectification and/or completion of your personal data if the personal data are inaccurate or incomplete.
Right to erasure and/or restriction of processing
You have the right to demand prompt erasure of your personal data. If you ask us to, we have the obligation to erase the data without undue delay. The foregoing does not apply, however, if any contractual and/or legal provisions require us to continue processing your personal data. This may be the case, for example, when retention periods under tax law prohibit us from erasing the data. In such case, we will restrict the processing and erase the personal data immediately after expiry of the retention period.
Right to data portability
You have the right to receive your personal data provided to us in a structured, commonly-used and machine-readable format wherever this is technically possible. In addition, you have the right to transmit these data to another controller without hindrance, if you wish to do so.
Automated individual decision-making, including profiling
You have the right not to be subject to a decision based solely on automated processing – including profiling, which produces legal effects concerning you or significantly affects you in a similar way.
Right to lodge a complaint with a supervisory authority
You have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of the personal data relating to you infringes the general data protection regulation. In general, you may address the supervisory authority of your habitual residence, place of work or our domicile. The supervisory authority competent for Vrontoulakis Ltd is:
Office address:
Iasonos 1, 1082 Nicosia, Cyprus
Postal address:
P.O. Box 23378, 1682 Nicosia, Cyprus
Website: http://www.dataprotection.gov.cy/
Phone: +357 22818456
Fax: +357 22304565
11. Changes to our Privacy Policy.
This Privacy Policy is in effect as of the date noted at the top of this Policy. We may change this Privacy Policy from time to time. If we do, we will post the revised version here and change the “last updated date” (the date it applies from) at the top of the statement. You should check here regularly for the most up-to-date version of the statement.
Any changes we may make to our Privacy Policy in the future will be posted on this page.
12. How to contact us.
If you want to contact us about this Privacy Policy as well as for the exercise of your rights, you can reach us at the following email: info@heronengines.com