Privacy statement
Valid from May 2023
The following data protection information provides an overview of the collection and processing of your data.
Responsible handling of personal data is of particular importance to us and is a matter of course. If we receive personal data from you, we use or process it in compliance with the applicable national and European data protection regulations. Personal data in the sense of this information is all information that relates to your person.
The following data protection information provides you with an overview of how we process your personal data and your rights under data protection law.
1. Responsible body
The responsible body is:
Ermes LTD
11th km Thessalonikis – Moudanion
Cosmos area - 57001
Thessaloniki | Greece
Tel: +30 2316 025 966
Vat nr: EL 801931144
2. Source of personal data
We process personal data that we receive from you in the course of your visit to our websites or in the course of your contacting us.
3. Categories of personal data that are processed
(1) During a purely informative visit to our websites, we do not collect any personal data with the exception of the data that your browser transmits to enable you to visit the website.
Your IP address, which is shortened in the last segment.
The remote host (name of the computer requesting the page), if transmitted by the network.
The date, the time, the status, the amount of data transferred.
The Internet page from which you came to the requested page (re-ferrer), if transmitted by the browser.
The product and version information of the browser used (user agent), if transmitted by the browser.
If your user name is also transmitted by your network, this will not be stored by us.
This data is not merged with other data sources. The collection of this data is based on Art. 6 para. 1 p. 1 lit. f) DSGVO. The website operator has a legitimate interest in the technically error-free presentation and optimization of its website - for this purpose, the server log files must be collected.
(2) Your browser also stores so-called cookies. Cookies are small text files that are assigned to the browser you are using or stored on your device and which provide the party setting the cookie (in this case, us) with certain information. Cookies are used to make the website as a whole more user-friendly and effective.
This website uses the following cookies:
Transient cookies: these are automatically deleted when you close the browser. These include, in particular, session cookies. These store a so-called session ID, with which various requests of your browser can be assigned to the common session. The session cookies are deleted when you log out or close the browser.
Persistent cookies: these are automatically deleted after a specified duration, which may differ depending on the cookie. You can delete the cookies in the security settings of your browser at any time.
The collection of this data is based on Art. 6 para. 1 p. 1 lit. a) or f) DSGVO.
(3) In addition to the purely informational use of our website, we offer various services that you can use if you are interested. For this purpose, you usually have to provide further personal data, which we use to provide the respective service. This data is collected on the basis of the legal basis stated for the respective service.
4. Contact form
When you contact us by e-mail or via the contact form, your e-mail address and, if you so indicate, your name, address and telephone number will be stored by us in order to answer your questions.
The collection, processing and use of the data relates to the purposes of contract initiation and execution and serves to protect our own legitimate business interests with regard to the advice and support of our customers and interested parties, as well as the needs-based product design.
We use your data (company, name, address, product interest) to occasionally send you information about our products by mail. You will only receive advertising by telephone or e-mail if you have given us your express consent to do so.
The processing of your personal data in the context of the contact form is based on consent pursuant to Art. 6 para. 1 p. 1 lit. a) DSGVO.
5. Purposes for which the personal data is to be processed and legal basis of the processing.
We process your personal data in compliance with the applicable national and European legal data protection requirements. In this context, the processing is lawful if at least one of the following conditions is met:
a. Consent (Art. 6 para. 1 p. 1 lit. a) DSGVO).
If you have given us consent to process your personal data for certain purposes (e.g. cookie use, contact form, use of data for marketing purposes), this processing is lawful on the basis of your consent. Consent given can be revoked at any time with effect for the future.
b. For the fulfillment of contractual obligations or for the implementation of pre-contractual measures (Art. 6 para. 1 p. 1 lit. b ) DSGVO).
In order to fulfill our contractual obligations in individual cases or also to carry out pre-contractual measures, which take place upon request, we process personal data for the fulfillment of the contract. The purposes of the data processing result primarily from the specific contractual relationship and may include, among other things, needs analyses and consulting. Further details on the data processing purposes can be found in the contractual documents and terms and conditions.
c. Due to legal requirements (Art. 6 para. 1. p. 1 lit. c) DSGVO)
Process-Pack Germany is subject to various legal obligations (e.g. commercial and tax retention requirements under the German Commercial Code and the German Fiscal Code). The purposes of the processing include, among others, the fulfillment of control and reporting obligations under tax law and also risk assessment and control within the company and within the Group.
d. Within the framework of the balancing of interests (Art. 6 p. 1 para. 1 lit. f) DSGVO).
To the extent necessary, we process your data beyond the actual fulfillment of the contract to protect legitimate interests of us or third parties. Examples:
Ensuring IT security and IT operations,
Assertion of legal claims and defense in legal disputes,
Prevention, clarification and prevention of criminal acts.
6. Categories of recipients of personal data
We have individual of the aforementioned processes and services carried out by carefully selected service providers who have been commissioned in accordance with data protection requirements. These external service providers are bound by our instructions and are regularly monitored. They will not pass on your data to third parties.
With regard to the transfer of data to other recipients, we will only pass on information about you if this is required by law, you have given your consent or we are authorized to do so. If these conditions are met, recipients of personal data may include:
Public authorities and institutions (e.g. tax authorities, law enforcement agencies) in the event of a legal or official obligation.
Other companies or comparable institutions to which we transfer personal data in order to carry out the business relationship with you (e.g. network operators, credit agencies).
Other companies within the group (e.g. for the processing of payment transactions or for risk management due to legal obligations.
7. Intention to transfer personal data to a third country or an international organization
An active transfer of personal data to a third country will only take place if this has been expressly indicated in the context of the aforementioned services and if the conditions of Art. 44 et seq. DSGVO are given. A third country is a country outside the European Economic Area (EEA) in which the GDPR is not directly applicable. For the USA, the EU Commission has not issued an adequacy decision pursuant to Art. 45 (1) of the GDPR.
8. Criteria for determining the duration for which the personal data are stored.
The criteria for determining the duration of storage are measured by the end of the purpose and subsequent legal retention period. If the data are no longer required for the fulfillment of contractual or legal obligations, they are regularly deleted, unless their - temporary and possibly limited - further processing is necessary for the following purposes:
Fulfillment of retention obligations under commercial and tax law: These include the German Commercial Code (HGB) and the German Fiscal Code (AO). These stipulate retention and documentation periods of up to 10 years.
Preservation of evidence within the framework of the statutory limitation provisions: According to §§ 195 ff. of the German Civil Code (BGB), the regular period of limitation is 3 years, but under special circumstances up to 30 years.
9. Data protection rights
At any time you can request information about the stored data, the purpose of the storage or its origin. In addition, you can have your personal data blocked, corrected or deleted at any time. A corresponding request or a request for correction, blocking or deletion of personal data should be addressed to:
Ermes LTD - info(at)ermes.com.gr
All requests for information, correction, blocking or deletion of data, as well as the revocation of consent granted for the collection, use or processing of data, should be addressed to this office. You also have the right to lodge a complaint with the data protection supervisory authorities.
You may revoke your consent to the processing of personal data at any time with effect for the future. This also applies to the revocation of declarations of consent given to us before the applicability of the General Data Protection Regulation, i.e. before May 25, 2018.
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Art. 6 (1) p. 1 lit. f) DS-GVO (data processing on the basis of a balance of interests); this also applies to profiling based on this provision within the meaning of Art. 4 No. 4 DS-GVO.
If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes.
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
The objection can be made form-free and directed to the above contact details.
10. Obligation to provide data and possible consequences of failure to provide data
In the context of our business relationship, you must provide the personal data that is required for the establishment and performance of a business relationship and the fulfillment of the associated contractual obligations, or which we are required to collect by law. Without this data, we will generally not be able to conclude the contract with you or to execute it.
11. Existence of automated decision-making including profiling
For the establishment and implementation of the business relationship, we generally do not use automated decision-making pursuant to Article 22 DSGVO. Should we use this procedure in individual cases, we will inform you of this separately, insofar as this is required by law.
12. Data security
We protect your information through modern security systems and comply with data protection and security regulations within the framework of the DSGVO.
We maintain up-to-date technical measures to ensure data security, in particular to protect your personal data from risks during data transmissions and from third parties gaining knowledge. These are adapted to the current state of the art.
Online forms on our website are sent with SSL encryption to protect the data you enter. However, we cannot guarantee that the information sent cannot be read by third parties during transmission. Therefore, you should not send passwords, credit card numbers or other information that you wish to keep secret.