AGROCONSULTANTS ENERGY

Privacy Policy

Personal data protection policy

GEORGIOS P. KALFOUNTZOS & CO G.P. – AGROCONSULTANTS ENERGY is committed to protecting your privacy and handling your personal data in an open and transparent manner, in accordance with Regulation (EU) 2016/679 (General Data Protection Regulation – GDPR) on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.

The collection and processing of personal data depends on the service or project assigned or agreed in each individual case, on the contractual relationship with the data subject, on the legal obligations imposed by applicable law, on the legitimate rights we are granted, as well as on the data subject’s explicit consent where applicable.

Processing is carried out strictly for defined purposes and in line with the principles of lawfulness, fairness and transparency, purpose limitation and storage limitation, data minimisation, accuracy, integrity and confidentiality, and within the framework of necessity and proportionality that governs every processing operation. We ensure data protection by design and by default, adopt appropriate technical and organisational security measures to comply with the above principles, and review/update these measures periodically.

Scope of this Privacy Notice

This Notice defines the personal data protection framework applicable to processing activities carried out by the company. It addresses and applies to individuals who interact or transact with the company, and to any person whose personal data come into our possession by any means (including prospective and current partners/associates, clients, suppliers, etc.). It sets out the rules under which such processing is conducted. This Policy may be amended and updated at the company’s discretion, in line with the applicable legal framework. The updated version is posted on our website: https://agrosymbouloi.gr

  1. Company Details

GEORGIOS P. KALFOUNTZOS & CO G.P. – AGROCONSULTANTS ENERGY is a private-law legal entity in the form of a partnership (O.E.) with registered seat in Larissa, 10–12 Farsalon Street, where its head offices are located. It was established on 13/10/2003 and is registered with GEMI under No. 27114140000.

The company acts as Data Controller of personal data. The Controller’s representative/contact is Panagiotis Kalfountzos.
Contact details: Address: 10–12 Farsalon & 1A Profiti Ilia, 41335 Larissa · e-mail: pkalf@agrosymbouloi.gr · Tel.: 2410 672 240

The company’s Data Protection Officer (DPO) is Evita Kalfountzou.
Contact details: Address: 10–12 Farsalon & 1A Profiti Ilia, 41335 Larissa · e-mail: ekalf@agrosymbouloi.gr · Tel.: 2410 672 240

At the above postal and e-mail addresses, you may submit any type of request provided for in this Policy and by law, either electronically or in writing (personally by the data subject or through a third party with an officially certified authorisation).

  1. Technical and Organisational Security Measures

From the outset (by design and by default), the company adopts appropriate technical and organisational measures to ensure the protection of personal data and to restrict access solely to the Controller or other persons duly authorised by the Controller, and exclusively for the lawful purposes for which the data were collected, in accordance with the applicable regulatory framework.

  1. Definitions

For the purposes of this Notice, the definitions of the GDPR apply. Indicatively:

  • “Personal data” means any information relating to an identified or identifiable natural person (data subject); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person.
  • “Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means (such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction).
  • “Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
  1. How We Collect Personal Data and How Long We Keep Them

We collect and process personal data only within the context of a transactional/contractual relationship and for the purposes of our business activities, depending on the type of contract, service or project assigned. Such data may indicatively include: identity details, contact details (address, telephone number, e-mail address), VAT/Tax Office, Social Security No. (AMKA), and tax/billing information as required in each case.

These data may reach the company following submission by the data subjects in the context of a transactional or contractual relationship or in view of entering into such a relationship, from publicly accessible sources, or from diagnostic centres with which the data subjects collaborate.

Personal data are retained for as long as the contractual or business relationship between us lasts, or for as long as your relevant consent remains in force, or for a reasonable lawful period to serve our rights or legitimate interests, to establish, exercise or defend legal claims, or to comply with applicable law. You may withdraw your consent to processing at any time by informing us in writing of your request; however, such withdrawal does not affect the lawfulness of processing based on consent before its withdrawal, nor does it oblige the company to comply with the request where another overriding legal basis exists.

  1. Processing of Special Categories of Data and Children’s Data

We do not process special categories of personal data (e.g., data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, etc.) for the purpose of identifying you as a data subject.

We also do not process personal data relating to minors. Should such processing be required in the future, it will take place only subject to prior consent from parents or legal guardians, as provided by law.

  1. Purposes of Processing

We carry out the necessary and proportionate processing of personal data for the following purposes, indicatively:

  • Conclusion and performance of contracts / provision of services
  • Compliance with legal or contractual obligations, or processing based on legitimate interests, or protection of vital interests
  • Promotion of products and services, subject to the lawful conditions for such activities

We do not require personal data that are not mandated by applicable law for entering into a contract, and we do not refuse to enter into a contract where the data subject consents to providing the legally required data.

As a rule, we do not use automated decision-making for entering into transactions or taking decisions.

  1. Recipients of Personal Data

Access to your personal data is restricted to the Controller, its representatives, processors acting on its behalf, or other duly authorised persons, strictly within their remit and for the proper performance of the company’s contractual, legal and regulatory obligations.

We do not disclose or transfer personal data to third parties, except to:

  • Public Authorities or bodies of the wider public sector, where required
  • Partners/associates (e.g., accountants, lawyers) for the lawful exercise of contractual rights and fulfilment of legal obligations
  • Electronic transmission and storage companies, electronic service providers and cloud providers for electronic data management
  • Credit institutions and payment institutions for the fulfilment of monetary and credit obligations and rights

We ensure, in accordance with the law, that processors acting on our behalf meet the necessary requirements, provide sufficient security guarantees to implement appropriate technical and organisational measures, and are bound by confidentiality, so that processing does not infringe the rights of data subjects.

Furthermore, we do not transfer personal data to third countries or international organisations, unless required by the applicable regulatory or legislative framework.

  1. Rights of Data Subjects

In accordance with the GDPR, you have the following rights, which you may exercise by submitting the relevant requests electronically or in writing, as described above:

  • Right of access (to be informed about and obtain copies of your personal data)
  • Right to rectification (to correct inaccurate or erroneous information)
  • Right to erasure (“right to be forgotten”, subject to GDPR limitations)
  • Right to restriction of processing (under the conditions set out in the GDPR)
  • Right to data portability (direct transmission of your personal data to another organisation, at your instruction, in a structured, commonly used, machine-readable format)
  • Right to object (provided there are no compelling legitimate grounds for processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims)

We respond to your requests free of charge, without undue delay and within one month of receipt, except in specific cases where this period may be extended by up to two additional months due to complexity or volume. In such cases, we will inform you within one month of receipt about the extension and the reasons for the delay. If a request is manifestly unfounded or excessive, we may charge a reasonable fee based on administrative costs, or refuse to act on the request.

If your request cannot be satisfied, we will inform you without delay and at the latest within one month of receipt, stating the reasons and informing you of your right to lodge a complaint with the Hellenic Data Protection Authority (HDPA) (1–3 Kifisias Ave., 11523 Athens, Tel.: +30 210 647 5600, e-mail: contact@dpa.gr) and your right to seek an effective judicial remedy.

  1. Cookies

Cookies are small text files that a website (the company’s server) stores on a user’s terminal device via the user’s browser. Cookies may be stored only with the user’s consent, which can be provided through the user’s browser or another application, for the purposes of processing mentioned above. The user may delete stored cookies from their device at any time.

Our website uses cookies primarily to ensure functionality and easy accessibility for users.

Note: This English version is provided for clarity and convenience. In case of discrepancies, the Greek version may prevail as the official text, unless otherwise required by law.