Privacy Policy

Who we are

Our website address is: https://candi.gr.

1. Introduction

This Policy applies to TEAM CANDI (“CANDI”). CANDI is committed to protecting the personal information collected when you use our website and other services. This Website Privacy Policy pertains to CANDI website and sets out CANDI commitment in protecting Personal Data and how that commitment is implemented regarding the collection, use, transfer and retention of Personal Data.

2. Personal Data Collection

CANDI has designed a standard website contact form to initiate communication with any interested individual. This form is used for any inquiries or requests and it directs them to the appropriate department or staff member. CANDI has also implemented a digital solution for the information of investors and the option to use email alerts as well, accordingly to relevant legislation. In order to handle and respond to your inquiries and requests as well as to inform you we might collect and store your full name, email, phone and any other information you might provide to us. This information is strictly used to adequately inform you or respond to your inquiries or requests and will not be disclosed to third parties others than those mentioned in this policy or where disclosure is required or permitted by law. In certain circumstances, our website may be used by job applicants, in which case the data subject should refer to the Privacy Notice.

For processing to be lawful under the General Data Protection Regulation (GDPR), we identify a lawful basis before we can process your personal data. In this case, the legal basis for the data processing effected by us is the granting of your consent to the processing, by submitting the consent form only in case you agree with this policy.

CANDI is committed not to retain personal data for a longer period than it is necessary regarding the reasons that the personal data was obtained. For additional information on retention and deletion periods, please refer to Our Contact Details section below.

CANDI may disclose Personal Data collected to our suppliers or subcontractors insofar as reasonably necessary for dealing with your inquiries or requests. Such transfers will be protected by appropriate safeguards (e.g. appropriate contractual clauses, data processing contracts, intra-group disclosures of personal data, etc.). In addition, we may disclose Personal Data where such disclosure is necessary for compliance with a legal obligation to which we are subject.

3. Rights of Data Subjects

In this section the Company addresses the rights deriving from Regulation (EU) 2016/679 and how these rights can be accessed by the Data Subjects. For any further clarifications please refer to Our Contact Details section below.

3.1 Individual’s Right of Access or Rectification

CANDI assumes that Personal Data collected directly from the individual will be accurate and complete. Individuals can access and update their own Personal Data using the Data Subject Request Form. For a copy, please contact us at info@candi.gr

3.2 Individual’s Right to Erasure

The data subject may request that any information held on them is deleted or removed, and any third parties who process or use that data must also comply with the request. An erasure request can only be refused if an exemption applies. The Right to Erasure can be requested using the Data Subject Request Form. For a copy, please contact us at info@candi.gr.

The Company is obligated to erase personal data where one of the following applies:

  • Personal data is no longer necessary in relation to the purposes for which they were collected or otherwise processed;
  • The data subject withdraws consent and no other legal basis for processing exists;
  • The data subject objects to the processing carried out on the grounds of the Data Controller’s legitimate interests and there are no other overriding legitimate grounds for the processing;
  • The personal data has been unlawfully processed.

If the request to erase Personal Data has been received, identity has been confirmed, the request meets one of the above requirements and there is no legal contrary reason for processing, the company must delete the relevant data in its entirety. The request will be recorded in the Data Subject Request Log.

If cannot actually delete personal data, the Company will ensure that:

  • It is not able, or will not attempt, to use the personal data to form any decision in respect of any individual or in a manner that affects the individual in any way;
  • Does not give any other organization access to the personal data;
  • Protects the personal data with appropriate technical and organizational security; and commits to permanent deletion of the information if, or when, this becomes possible.

3.3 Individual’s Right to Object and to Restrict Processing

The data subject has the right to object at any time to processing of their personal data and to obtain from the controller restriction of processing using the Data Subject Request Form. For a copy, please contact us at info@candi.gr

3.4 Individual’s Right to Data Portability

Upon request and provided that the relevant requirements stipulated in Article 20 of GDPR are met, a data subject should have the right to receive a copy of their Personal Data in a structured format using the Data Subject Request Form. For a copy, please contact us at info@candi.gr

These requests should be processed within one month, provided there is no undue burden and it does not compromise the privacy of other individuals. A data subject may also request that their data is transferred directly to another system. This must be done for free.

If CANDI cannot respond fully to the request within 30 days, the DPO shall nevertheless provide the following information to the Data Subject, or their authorized legal representative within the specified time:

  • An acknowledgement of receipt of the request.
  • Any information located to date.
  • Details of any requested information or modifications which will not be provided to the Data Subject, the reason(s) for the refusal and any procedures available for appealing the decision.
  • An estimated date by which any remaining responses will be provided.
  • An estimate of any costs to be paid by the Data Subject (e.g. where the request is excessive in nature).
  • The name and contact information of the contact person.

4. Amendments

Should CANDI elect to change this Privacy Policy we will post the changes here. Where required by law, we will obtain your consent to make these changes.

5. Our Contact Details

If you need any further information and/or you have any questions about our Privacy Policy, please contact us at info@candi.gr

6. Cookies Policy

To make this site work properly, we might place small data files called cookies on your device but none of them are being used to gather information unnecessarily. The cookies we use do not store personally identifiable information nor can they harm your computer. We want our website to be informative and as user friendly as possible and cookies help us to achieve that goal.

Our website does the following with cookies:

  • All visitors are issued a load-balancing cookie used in distributing web requests across several web servers.
  • All visitors are issued a session cookie to identify their session on the web server.
  • All visitors are issued analytical cookies used by Google Analytics for tracking user activity.
  • In addition to our own cookies, we may also use various third-party cookies to report usage statistics etc.

By using our website, you agree to the use of cookies as set out in this notice. We appreciate some visitors may like more individual control over their visit to our website and can adjust their settings accordingly through the Options or Preferences menu of your browser.