1. Object and purpose of the policy

DHI Global Europe LTD. collects and processes personal data in accordance with the provisions of the General Data Protection Regulation (hereinafter GDPR) 679/2016 of the European Parliament and Council of the 27th April 2016 that relates to the protection of natural persons with regard to the processing of personal data and on the free movement of such data (following the repeal of the Directive 95/46/EC). Furthermore, DHI commits to comply with the national and European legislation regarding the protection of personal data. This policy is provided by DHI Global Europe LTD in order to define and make known the terms and conditions met by this company, on the protection of processed personal data. In particular, the personal data subjects, the categories of the personal data collected, the purpose of the collection, the legal basis for the processing, the transfer of personal data to third countries, other recipients or data processors as well as the storage and retention period of such data are specified. The purpose of this policy is to inform the data subjects about their rights regarding the processing of their personal data. The company takes all necessary technical and organizational measures required for the security of the personal data collected.

DHI Global Europe LTD. has the right to amend or update this policy, without prior notice, if required to do so in accordance with applicable national or European legislation, or where necessary as a consequence of our continuous effort to improve the protection of personal data. For these reasons, a regular review of this policy is needed to inform the interested parties.

  1. Data controller

As data controller is appointed DHI Global Europe LTD., located in Athens, 30 Vouliagmenis Avenue, Greece, P.C. 11743, Telephone: +302109211630, E-mail: [email protected], which is the legal entity that collects and processes the personal data and specifies the way and purpose for which it collects such data.

The company DHI Global Europe LTD. may also act as processor on behalf of DHI’s Global Medical Group Companies. More specifically, the company acts as data processor on behalf of DHI’s Clinics on the purpose of providing support to external partners and customers during leave periods. Moreover, the company acts as data processor on behalf of DHI’s Clinics for the purposes of using data including photographs from the diagnosis records of potential clients, for marketing purposes. In addition, our company acts as data processor on behalf of LONDON HAIR RESTORATION TRAINING ACADEMY Ltd. Finally, DHI Global Europe LTD. manages requests from the data subjects regarding the rights of the latter deriving from GDPR, on behalf of DHI’s Clinics. The company DHI Global Europe LTD. processes personal data on behalf of these companies under contracts with the above-mentioned data controllers, that fully comply with GDPR. It should be noted that the DHI Global Europe LTD., bears every responsibility incumbent on the data controller under GDPR (obtaining the consent from the data subject when necessary, determination of the data retention period, informing the data subjects over their rights etc.)

  • Information on the collection and processing of personal data

 

  1. Personal data collected by potential clients for appointments

The company collects and processes personal data from potential clients as well as special categories of personal data with a view to provide such data at DHI’S CLINICS which are responsible for the creation of the client records. More specifically, the company collects and processes identification details, contact information, location and health data which are indicated as follows: First name, Last name, City, Region, E-mail address, Phone number, Photograph (provided the data subject wishes to), free text regarding his/her medical history, Facebook profile, message content (health problem description, contact information and photographs of the symptoms). Our company also collects the above personal data for marketing and newsletter purposes. The data are provided by the client himself either through our website or through our Facebook or Whats up application. DHI’S CLINICS act jointly as data controllers for the data collected through our website or through Facebook.

  • Purpose of data processing

The above-mentioned personal data are collected in order to assist the data transfer to DHI’S CLINICS, which are responsible for the creation of the client records as well as for advertising/promotional purposes (marketing and newsletter).

  • Lawfulness of data processing

The collection and processing of personal data is lawful since the explicit consent of the data subject is always requested for each of the aforementioned purposes prior to the data processing by the company. More specifically, the consent is given by the potential client during the completion of the contact form upon his visit to our website and after having firstly confirmed that he/she was informed on the personal data collected, the purposes and the means of processing, as mentioned in the General Data Protection Regulation and that he consents to it. In addition, an explicit electronic consent of the data subject is given to our company for the creation of a client record for marketing and newsletter purposes.

  • Transfer of personal data

The data are not transferred to countries of the EU or to other third countries. However, data are transferred to the following service providers that the company uses as data processors: WhatsApp, Skype, ΕRP Technical Support, Maximizer Technical Support, Rackspace, www.justhost.com, WordPress, Maximizer and Facebook Messenger. It should be noted that the above service providers comply with the personal data protection rules according to GDPR. DHI Global Europe LTD remains responsible for the processing of the personal data and also signs a specific contract annex with the companies used as data processors in order to ensure that processing is done in accordance with the applicable legal framework.

  • Retention period of personal data

Personal data shall be retained in a form that allows the identification of data subjects only for the period required for the purposes of the personal data processing. More specifically, the data collected for the transfer of data to DHI’s Clinics for the creation of the client records and for advertising purposes are kept for a period of 20 years and shall be immediately deleted once that period ends, or otherwise data are deleted after the withdrawal of consent by the data subject. It should be noted that the electronic statement of consent is kept by our company for up to six months after the withdrawal of the subscriber or user’s consent or after the suspension of the promotional actions by the data controller.

  1. Personal data collected by potential clients during diagnosis

The company receives the medical history of the potential client in order to provide MPG services and in particular, it receives the file “Personal Analysis-Questionnaire”. The company collects and processes personal data as well as special categories of personal data. More specifically, the company collects and processes identification details, contact information, location and health data, and photographs. In particular, the potential client provides the following information, by filling in the form “Confidential Medical History”: First name, Last name, Phone number, Mobile number, e-mail, Address, Postal Code, City, Country, Occupation, Date of birth, Brief history (regarding other treatments, heredity etc.) and photographs. DHI’S CLINICS act jointly as data controllers for the data collected through our website or through Facebook.

  • Purpose of data processing

The company collects and processes the above-mentioned data in order to provide MPG services and for the medical researches of the company carried out through research institutions and Universities. In addition, the company collects the above-mentioned personal data in order to provide newsletter services and the photographs for advertising purposes.

  • Lawfulness of data processing

The legal basis for the collection and processing of the data for the purpose of provision of MPG services is the intention to perform a contract and establish a diagnosis for the choice of treatment (provision of a service or product). The collection and processing of the special categories of personal data (health data) is lawful as the processing is necessary for the purposes of medical diagnosis and the provision of health care or treatment. In addition, an explicit consent of the potential client is always requested for the collection and processing of his/her photographs. Furthermore, the explicit consent of the potential client is obtained by completing a special form of consent for the use of hair follicles, stem cells and for the study of hair diseases and the psychopathology of the potential clients for medical-research purposes. An explicit consent is given by the data subject for the collection of personal data for advertising purposes and for the provision of newsletter services.

  • Transfer of personal data

The data are not transferred to countries of the EU or to other third countries. However, the data are processed by the following service providers used by the data controller as data processors: WHATSΑΡP, ΕRP TECHNICAL SUPPORT, MAXIMIZER TECHNICAL SUPPORT, RACKSPACE and MAXIMIZER that perform their duties in compliance with GDPR.

  • Retention period of personal data

When the data are collected for purposes of MPG services provision, the data of the potential clients are kept by our company for 20 years since the last visit of the patient. The data collected for medical research shall be kept for a period of one year or until the consent of the data subject is withdrawn. Photographs and personal data collected for advertising and newsletter purposes are kept for 20 years or in each case they are deleted immediately upon the withdrawal of the client’s consent. It should be noted that the electronic statement of consent is kept by our company for up to six months after the withdrawal of the subscriber or user’s consent or after the suspension of the promotional actions by the data controller.

  1. Personal data collected by clients who have received our services

DHI Global Europe collects and processes personal data of clients who have received services from our company as well as special categories of data (health data). More specifically, the data of natural persons collected are as follows: First and Last name, Father’s name, Contact Information (phone number, mobile number, e-mail, Address, City, Occupation, Country, Date of birth, Postal Code, Occupation, answers regarding the patient’s medical history included in the DHI ALOPECIA TEST, Detailed personal medical history, evaluations included in the form of DHI’s invasive procedure, photographs and videos. All companies of the DHI Medical Group act jointly as data controllers for the collection and processing of the photographs and videos.

  • Purpose of data processing

Our company collects and processes the above-mentioned personal data in order to provide services to the clients (MPG services), to monitor their progress and to promote products and services. In addition, the company collects and processes personal data including photographs and videos for advertising purposes (marketing, happy client services and magazine) by publishing them in electronic or printed form, though posting them on the social media or on DHI’s website. All companies of DHI Medical Group act jointly as data controllers for the collection and processing of the photographs and videos for marketing purposes. DHI ‘s Clinics acts jointly as data controller for the collection and processing of the data regarding the provision of happy client services. Finally, the company collects and processes client data, including photographs and videos, in order to post them on the website of the company DHI’s clinics act jointly as data controllers for the collection and processing of the aforementioned.

  • Lawfulness of data processing

The company collects and processes personal data of the clients in order to provide services to the clients and to lawfully monitor the progress of the operation as processing is necessary for the performance of the contract between the company and the client. Moreover, the company lawfully collects and processes special categories of personal data, as processing is necessary for the purposes of preventive or occupational medicine, assessment of an employed person’s ability to work, medical diagnosis, provision of health care or social care or treatment or management of social care and healthcare systems and services in conformity with EU law or the law of a member state or under a contract with a professional of the health industry. In addition, DHI receives an explicit consent by the clients prior to the collection and processing of personal data, including photographs and videos of its clients for advertising/promotional purposes and contact information for the provision of happy client services.

  • Transfer of personal data

Personal data are transferred to countries of the EU or other third countries on the basis of an adequacy decision of the Commission on the companies of the DHI Medical Group acting jointly as data controllers. Data processing is also performed by the following service providers that the data controller uses: WHATSΑΡP, ΜΑΧΙΜΙΖΕR TECHNICAL SUPPORT, RACKSPACE, MAXIMIZER, ΕRP TECHNICAL SUPPORT and EASY SMS, which act in conformity with GDPR.

  • Retention period of personal data

Personal data collected for the purpose of service provision to the clients and monitoring of the progress of the operation are kept for 20 years since the last visit of the patient. As regards the collection and processing of personal data, including photographs and videos for advertising/promotional purposes and the collection and processing of contact information for the provision of happy client services, the data shall be retained for a period of 20 years and are immediately deleted upon withdrawal of consent by the client.

  1. Personal data collected by employees

The data collected  by employees are the following: identification details, contact information, financial and health data. More specifically, the data collected are: CV with detailed particulars, inventory record, ΤΙΝ (Tax Identification Number), SSRN(Social Security Registration Number), ID card, account number, criminal record, payroll data, employee’s card, working hours, first name, last name, father’s name, address, region, payroll analysis, IBAN number and amount, card number and time of entry and exit per day. In addition, in case of sickness of our employees, the company collects in addition, forms and medical opinions of the Social Security Institution .Finally, in the event of termination of an employment contract, the company collects in addition the notice of the termination of the employment contract that includes detailed particulars of the employee and the reasons for the dismissal, as well as proof of payment (clearance).

  • Purpose of data processing

The purpose of processing the aforementioned data is the due performance of the relevant employment contracts through the creation of employee files, the management of payroll issues (such as the deposit of regular remuneration of the employees through e-banking programs at the payroll account of the employees), the facilitation of labor needs and the management of leaves of absence, the management of retirement and insurance issues and procedures of the employees, the termination procedure of an employment contract as well as the compliance with any applicable legal provision in the sector of employment regarding health and safety of the employees, taxation and social security.

  • Lawfulness of data processing

The processing of the aforementioned data is necessary for the performance of the employment contract, of which the employee is a contracting party and for the fulfillment of the company’s by law obligation to maintain its employees’ register for reasons  arising from the contractual employment relationship and from the obligations of the company to the competent supervisory public authorities (such as the recruitment of an employee and his announcement on the electronic platform “Ergani” or taxisnet). The collection and processing of special categories of personal data, such as health data is lawful on the basis of need to fulfill the data controller’s obligations in the field of labor law and social security and social protection law.

  • Transfer of personal data

The data are not transferred to countries of the EU or to other third countries. However, data are transferred to the following service providers that the data controller uses as data processors: ΕRP TECHNICAL SUPPORT and MAXIMIZER TECHNICAL SUPPORT which have potential access to the data, RACKSPACE (e-mail server), ΜΑΧΙΜΙΖΕR where data are kept, PWC that performs actions to provide payroll, COURIER that transfers physical records, BANK which keeps the aggregated state of banks for payroll actions. These companies respect during the processing of the data, the contract they have entered into with us and the annex of the contract on the protection of personal data. In addition, the data are transferred to “Ergani”and taxisnet, as recipients of personal data.

  • Retention period of personal data

The data of the employees’ file must be kept in a form that allows the identification of the data subjects only for the period required for the accomplishment of the purposes of processing not exceeding the period of 20 years.

  1. Personal data collected by potentials employees

The company collects and processes personal data of potential employees such as CVs and transfers them to DHI ΑΤΗΕΝS and DHI’S CLINICS in order to assess the qualifications of the candidates. In particular, the data collected are the following: first and last name, phone number, e-mail, CV that additionally includes the name of the father and mother, address, marital status, mobile number, date of birth, position applied for, other notes. It should be noted that DHI ΑΤΗΕΝS and DHI’S CLINICS act jointly as data controllers for the collection of the aforementioned data.

  • Purpose of data processing

The company collects and processes the above personal data in order to transfer them to DHI’S Clinics so that they can assess the qualifications of the potential employees and whether they are suited for the positions they have applied for.

  • Lawfulness of data processing

When collecting CVs, the company receives a written or electronic consent by the potential employees for the purpose of their assessment and they are informed over the privacy policy followed by the company in order for the potential employee to know his/her rights and how to exercise them as required by GDPR.

  • Transfer of personal data

The data are not transferred to countries of the EU or to other third countries. However, data are transferred and processed by the following service providers: Whats app, Rackspace, www.justhost.com, WordPress, Skywalker that process the data in compliance with GDPR.

  • Retention period of personal data

The CVs of the potential employees that weren’t selected for the position applied, are kept for the strictly necessary period that serves the purpose of their processing, namely up to six months. Further retention and processing of such data shall only take place as provided for by the law or if the potential employee explicitly requests it in order to be considered for a future employment position or new employment. The CVs of the selected candidates are retained for the duration of their employment in the company and are deleted after five years following the termination of employment.

  1. Personal data collected by clients for the execution of business or other activities between the company and the clients

The company collects and processes the following data: identification details, location data, contact information, financial and heath data.

  • Purposes of data processing

The company processes the above data for the needs of its business activities, its transactions and in order to draw up trade agreements (drawing up contracts, issuing invoices, payments and collections, debtors’ notifications etc.) The record of the clients also facilitates the monitoring of the progress of trade agreements.

  • Lawfulness of data processing

The processing of the above data is necessary in order to fulfill the data controller’s by law obligation while the processing of the special categories of data (health data) is necessary in order to carry out the data controller’s obligations in the field of labor law.

  • Transfer of personal data

The data are not transferred to countries of the EU or to other third countries. However, data are transferred to the following service providers that the data controller uses as data processors: ΕRP TECHNICAL SUPPORT and MAXIMIZER TECHNICAL SUPPORT which have potential access to the data, RACKSPACE (e-mail server), ΜΑΧΙΜΙΖΕR where data are kept, PWC that performs actions to provide payroll and Paypall that provides services for the e-shops. The above-mentioned data processors commit to respect and comply with GDPR’s provisions. In addition, the data are transferred to taxisnet, as a recipient of personal data.

  • Retention period of personal data

The company retains the data of its clients for 15 years, starting from the first day of the year that follows the one during which the service was provided or received.

  1. Personal data collected by external partners

The company collects and processes personal data by its external partners, such as First name, Last name, E-mail, Company, Phone number as well as financial data (e.g. invoice details).

  • Purpose of data processing

The company processes the above data for the needs of its business activities, its transactions and in order to draw up trade agreements (drawing up contracts, issuing invoices, payments and collections, debtors’ notifications etc.) The record of the clients also facilitates the monitoring of the trade agreements progress.

  • Lawfulness of data processing

The processing of personal data is necessary in order to fulfill the data controller’s by law obligation.

  • Transfer of personal data

The data are not transferred to countries of the EU or to other third countries. However, data are transferred to the following service providers in their capacity as data processors: ΕRP TECHNICAL SUPPORT and MAXIMIZER TECHNICAL SUPPORT which have potential access to the data, RACKSPACE (e-mail server), ΜΑΧΙΜΙΖΕR where data are kept, PWC that performs actions to provide payroll. The above data processors commit to respect and comply with GDPR’s provisions. In addition, the data are transferred to “Ergani” and taxisnet, as recipients of personal data.

  • Retention period of personal data

The company retains the data of its clients for 15 years, starting from the first day of the year that follows the one during which the service was provided or received.

  1. Personal data collected during camera recording of the company’s facilities

The company collects videos that may include movement of potential clients, employees, potential employees and of anyone entering the facilities of the company. The video recording is limited to the  entrance of the company and the area where the cash register is kept.

  • Purpose of data processing

Purpose of the above-mentioned video recording is the protection of the facility and the goods in the area from illegal actions with a general view to the safety of life, physical integrity, health and property of third parties that are lawfully located at the supervised area.

  • Lawfulness of data processing

The video recording is done upon communication to the public of the recording being done at the area of the cash register and at the entrance of the building through visible and conspicuous signs indicating the data controller, the purpose and the individual with whom the interested parties can contact in case they wish to exercise their rights. The purpose of the protection of individuals and/or the goods is justified by the legitimate interest or the legal obligation of the owner or the manager of a facility to protect that facility as well as the goods in the area from illegal actions.

  • Transfer of personal data

The data are not transferred to countries of the EU or to other third countries.

  • Retention period of personal data

The data must be kept for a certain period of time in view of the pursued at the time purpose of processing. In any case, the data shall be deleted within in fifteen (15) working days at the latest, provided that no event that falls within the scope of the pursued purpose result from the recording of images saved, or from live recording. In case of an illegal act against the individual or goods of the data controller, the images recording the illegal act are kept in a separate file for thirty days. If the illegal act concerns a third party, the company keeps the images for 3 months. When the illegal act concerns the company itself and requires further investigation (e.g. investigation of fraud or corruption as part of the company’s internal control), the data are kept for the strictly necessary period of time.

  1. Personal data collected by clients during the provision of prosthetics services

The data provided to the company in its capacity as data controller, for the provision of prosthetics services are identification details, contact information, location and health data.

  • Purpose of data processing

The above-mentioned data are processed for the purpose of the creation of an order file for the provision of prosthetics services.

  • Lawfulness of data processing

The processing of special categories of data (health data) is lawful as processing is necessary for preventive or occupational medicine purposes, assessment of an employed person’s ability to work, medical diagnosis, provision of health care or social care or treatment or management of social and healthcare systems and services in conformity with the Union law or the law of a member state or under a contract with a professional of the health industry.

  • Transfer of personal data

The data are not transferred to countries of the EU or to other third countries. However, data are transferred to the following service providers in their capacity as data processors: ΕRP TECHNICAL SUPPORT and RACKSPACE (e-mail server). The above-mentioned data processors act in compliance with GDPR during the provision of their services.

  • Retention period of personal data

As regards the data collected for the provision of prosthetics services, these are kept for a decade since the last visit of the patient if it concerns private practices or other primary healthcare units. In any other case, the data are kept for a period of twenty years since the last visit of the patient.

  1. Personal data kept via our e-shop and website

Our company, in its capacity as administrator of the following websites http://dhi.gr/paragelia/ and http://dhiproducts.com/, receives data from the clients, such as identification details, contact information, location and financial data for their convenience regarding orders made by the latter  through the above-mentioned e-shops. In particular, the company receives the following data: First name, Last name, Company name, Fax number of the company, E-mail address, Phone number, Country, Address, City, Region, Postal Code, Shipping address, order details, registration details, order history, clients personal code. Furthermore, the company, in its capacity as administrator  of the website http://dhi.gr collects and processes identification details, contact information and location data.

  • Purpose of data processing

DHI Global Europe collects and processes the above-mentioned data through the e-shops in order to provide services of delivery of products ordered by the client, account creation and subscription of the client to the newsletter service. Furthermore, the company collects and processes personal data of the clients through its website in order to provide free services for promotional purposes, subscription of the client to the newsletter service and marketing purposes.

  • Lawfulness of data processing

The processing of data collected by our company through our e-shops is necessary for the performance of a contract between us and the data subject regarding the management of product orders made by clients. The processing of data collected through our website, as well as the one carried out through our e-shops for the creation of accounts, the communication with the client for promotional purposes of the products and the subscription at the newsletter is carried out upon consent of the data subject for the processing of data.

  • Transfer of data

The data are not transferred to countries of the EU or to other third countries. However, data are transferred to the following service providers in their capacity as data processors depending on the case: ΕRP TECHNICAL SUPPORT and MAXIMIZER TECHNICAL SUPPORT which have potential access to the data, RACKSPACE (e-mail server), ΜΑΧΙΜΙΖΕR where data are kept, www.justhost.com, WordPress, Paypall that provides services for the e-shops, Courier that transfers physical records, Bank which keeps the aggregated state of banks for payroll actions, PWC that provides accounting services. The above-mentioned data processors commit to respect and comply with GDPR’s provisions in compliance with the Annex regarding the protection of personal data included in the contract, signed by both parties. In addition, the data collected through the e-shop are transferred to taxisnet, as recipient of personal data.

  • Retention period of personal data

The data collected through our e-shops and website are kept from the company for up to ten (10) years or in any case up until the withdrawal of consent of the data subject for advertising or promotional purposes. The electronic statement of consent is retained for up to six months from the suspension of promotional actions of the data controller or from the withdrawal of the subscriber or user’s consent.

  1. Personal data collected during the management of requests of the data subjects

The following data are collected from the applicants during the management of requests of the data subjects by the Data Protection Officer (hereinafter DPO): identification details, contact information and any other information included in the request of the data subject.

  • Purpose of data processing

The purpose of the collection and processing of the above-mentioned data is the management of requests of natural persons who are also treated as data subjects, by our company’s DPO, which are the ones identified for each data subject according to GDPR.

  • Lawfulness of data processing

The collection and processing of these data is deemed necessary according to GDPR that provides, inter alia, for the obligation to designate a DPO, who is responsible for managing the requests regarding the exercise of the data subjects’ rights, as well as for monitoring the compliance of the company with GDPR.

  • Transfer of personal data

The data are not transferred to third countries.

  • Retention period of personal data

The data are kept during the entire period of collection and processing of the data subjects’ personal data, as established above for each category separately.

  1. Data subjects’ Rights

Any natural person whose data are processed by the company, shall enjoy the following rights:

Right to information and access: The data subject shall have the right to be informed of and have access to the data and to receive additional information regarding data processing.

Right to rectification: The data subject shall have the right to obtain the rectification of incorrect data or the completion of incomplete data concerning him or her.

Right to erasure (“right to be forgotten”): The data subject shall have the right to obtain the erasure of his/her personal data and the data controller shall have the obligation to erase them provided that a) the personal data are no longer necessary in relation to purposes for which they were collected or otherwise processed; b) the data subject withdraws consent on which the processing is based, and there is no other legal ground for the processing; c) the data subject objects to the processing and there are no overriding legitimate grounds for the processing; d) the personal data have been unlawfully processed; e) the personal data have to be erased for compliance with a legal obligation to which the data controller is subject; f) the personal data have been collected in relation to the offer of information society services.

Right to restriction of processing:

The data subject shall have the right to obtain from the data controller restriction of processing were one of the following applies: a) the accuracy of the personal data is contested by the data subject, for a period enabling the data controller to verify the accuracy of the personal data; b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead; c) the data controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims; d) the data subject has objected to processing pending the verification whether the legitimate grounds of the data controller override those of the data subject.

Right to data portability: The data subject shall have the right to transmit the personal data to another data controller without hindrance from the data controller to which the personal data have been provided, where: a) the processing is based on consent or on a contract; and b) the processing is carried out by automated means.

Right to object: The data subject shall have the right to object at any time to processing of personal data concerning him or her when processing is necessary for the purposes of the company’s legitimate interests and for the purposes of direct marketing and profiling.

Right to withdrawal of consent: The data subject shall have the right to withdraw his or her consent given for each specific purpose at any time without affecting the lawfulness of processing based on the consent before its withdrawal. Right to lodge a complaint to DPA: The data subject shall have the right to lodge a complaint with the Data Protection Authority (www.dpa.gr) Data Protection Authority, Offices: Kifissias 1-3, 115 23, Athens, Call Center: +30-210 6475600, Fax: +30-210 6475628

  1. VUse of Cookies

The internet websites managed by the company make use of cookies. Cookies are small text files that a website downloads at your computer or portable device each time you visit and use this website. DHI Global Europe uses functional cookies in order to allow users to browse and use the functions of the website, such as log in services, access to safe areas or use of functions required by e-commerce as the purchase and payment of products. The company also uses cookies in order to allow the website to remember the user’s choices such as log in data and contact information, in order to provide improved and personalized functions to the user the in order to collect information regarding the way visitors use the website. These data are anonymous information that do not identify a specific visitor and they are used exclusively to improve the performance of the website.

In addition, DHI Global Europe uses cookies in order to provide targeted advertises/offers through the provision of context that applies to the user’s interests or through the limitation of advertising or the measurement of the effectiveness of an advertising campaign (advertising cookies). This information is shared with the advertisers, namely Facebook/Instagram/Whatsapp and Google’s advertising network or is being used in order to better comprehend the visitors’ interests.

The company also uses third party cookies for marketing purposes, by cloudflare.com, doubleclick.net, Facebook, google.com, google.gr, gstatic.com, onesignal.com and collectcdn.com from the users that have visited any website of the company without any personalized, identifiable information being collected. Furthermore, the company uses google analytics for the statistical analysis of the number of visits to a website and the implementation of digital marketing action. The company also uses Google advertising and Facebook advertising for the collection and processing of cookies in order to implement digital marketing actions. Technically, the above-mentioned cookies are not collected by the company, and neither we have access to them, but the processors of the visitors’/users’ computers undertake, upon their consent, the download of such data that allow the identification of users in their platform. The content and type of data collected through cookies are set out by their data controllers (cloudflare.com, doubleclick.net, Facebook, google.com, google.gr, gstatic.com, onesignal.com and collectcdn.com). The company processes these data in its capacity as data processor without being able to identify in any way the visitor/user.

The users/visitors of the websites give their explicit consent to the company for the promotion of personalized advertising, the provision of functional social media and the analysis of the number of visits through cookies. Each user of the website may give his consent for the use of cookies through the website of the internet service provider with the use of appropriate mechanisms or he/she may fully reject the use of cookies. In addition, the user may withdraw the consent that he/she gave for the use of cookies and delete them from his/her computer or portable device. Finally, you should be informed that certain functions are available only by using cookies and should you choose to reject cookies, these functions may not be available as without cookies we cannot provide efficient operation of our website. The above-mentioned cookies do not lead to the identification of the user.

For more information you may contact the Data Protection Officer (DPO) of the company DHI Global Europe via e-mail at e- [email protected] or by telephone on +302109211630.