GDPR Privacy Notice for Suppliers

The controller

PARPANELAS S.A. processes personal data of its suppliers.

This policy determines the principles applied by the Company, while processing supplier’s personal data (categories, legal basis, purpose, protective measures, rights, etc.) and aims to inform the subjects-suppliers about its processing. It is posted on our company’s website ( and may be occasionally modified / updated. You will be informed of all significant changes, whereas you may find online at any time the updated/valid version.

We assure you that all the information we collect, concerning you, is used exclusively for a legitimate purpose, while it is protected by high-security systems.

Which categories of data we collect

The categories of our suppliers’ personal data (and their employees’ as applicable) which we process are the following: name, surname, father’s name, registered seat, telephone number, mobile telephone number, e-mail address, identity card number, TIN, bank accounts, tax and social security clearance, financial data, and basic elements for the identification of the legal entities’ representatives.

Purpose for which we process your personal data

We process your personal data for the purpose of the conclusion, the execution, the performance and the termination of our contract and in general for managing our contractual relationship, for our company’s compliance with its obligations before the law (Income Tax Code, etc.), as well as for the establishment or defense of legal claims before Courts, Authorities etc. More specifically, we process your personal data in order to handle orders, to invoice and process quality control of products or services.

Legal basis for the processing

The legal basis for the processing is as applicable: (a) the legal interest that we pursue (the company’s functioning) (b) Our compliance with our legal obligations (c) The execution (conclusion, functioning, termination) of our contract (d) Your consent.

Whom we share your personal data with

The company does not share your personal data with third-party recipients. Your personal data is processed only by authorized staff under total confidentiality. Exceptionally, your personal data may be shared as follows: (α) with public authorities for the company’s compliance to its legal obligations, (b) with third parties who offer their services to the company, such as human resources companies, lawyers/law firms (in case of extrajudicial or legal actions regarding the conclusion of contracts and the company’s legal claims). Those parties, which are acting as processors on behalf of the Company, guarantee full compliance with the applicable legislation (European and Greek) regarding personal data, and (c) with Courts for the exercise and defense of the company’s rights.

Processing principles and Protection

Our company (the following is indicative and not exhausting):

  • Processes exclusively the personal data, that are necessary for the aforementioned purposes
  • Implements the appropriate technical and organisational measures to ensure the security of the personal data (ensuring confidentiality, integrity, and availability) from the planning and by definition
  • Disposes and applies procedures and systems regarding the confidentiality of processing of personal data, as well as their protection from accidental or unlawful destruction, incidental loss, allteration, unauthorized disclosure or access, and every other form of unlawful processing (for example, the use of tools for access control and data loss prevention)
  • Has provided information to data subjects (both consumers and employees), in accordance with Regulation (EC) 2016/679 (GDPR)
  • Complies with the data minimization principle
  • Ensures the exercise and the satisfaction of the subject’s rights
  • Has proceeded to the drafting of documents, policies and procedures that prove its compliance with the principle of accountability (privacy policy, cookies policy, data mapping, record of processing activities, etc) as mentioned at the GDPR
  • Has formed a team responsible for the protection of personal data
  • Proceeds to the training and the sensitization of its employees regarding the protection of personal data
  • Amends its cooperation agreements with processors on its behalf, in accordance with article 28 of the GDPR for the purpose of its full compliance.

How long will we keep your personal data

We retain your personal data for as long as it is necessary, according to legislation, so that the tax and the insurance authorities will be able to audit our company lawfully. When the processing of personal data is no longer necessary, your data will be destroyed in a safe and proven manner.

Your legal rights

You have the following rights: a) to obtain information regarding which personal data we collect and store, the purpose of their processing, as well as the duration which they are stored (right of access), b) to request for the correction and/or the completion of your personal data, so as for them to be complete and accurate (right of rectification). You should provide every necessary document from which the need of correction or completion arises, c) to request the restriction of processing of personal data (right of restriction of processing), d) to refuse and/or to object to any further processing of your personal data (right to object), e) to transmit your personal data which we keep at another processor of your choice (right to data portability), f) to request the deletion of your personal data from the records that we keep (the right to be forgotten).

With respect to the aforementioned rights, please note the following:

  • The company, in any case, has the right to refuse a request for restriction of processing or deletion of your personal data or your right to object, if the processing or the maintenance of personal data is necessary for the establishment, the exercise, the support of its legal rights or the fulfillment of its obligations.
  • The exercise of your right to data portability, does not entail the deletion of your data from our records, which is subject to the terms of the previous paragraph and the conditions of Regulation 679/2016.

g) to lodge a complaint at the Data Protection Authority (, if you consider that your rights are violated in any way (right to lodge a complaint at the Authority).

In order to exercise your rights, you may contact our company in writing at the following address: Protomagias Street, 570 09 Kalohori Thessaloniki, Greece or

PARPANELAS SA will undertake all possible efforts to fulfill your request within thirty (30) days of its submission. At the absolute discretion of the company, the above mentioned deadline may be extended by sixty (60) additional days, if it is considered necessary, depending on the number and the complexity of the requests, after you get notified within reasonable time limit.