GDPR Policy

Home » GDPR Policy

1. Introduction

This policy tells you what to expect us to do with your personal data (PD) when you make contact with us or use one of our products/services.

Moreover, this Privacy Policy aims to inform you (the natural person) what PD we collect, why we collect it, what is the legal basis for processing this data and how to update, manage, export and delete your personal information.

Furthermore, declares our compliance with the EU General Data Protection Regulation 679/2016 and also our respect for the protection of privacy and security of personal data.

This Privacy Notice applies to personal data provided to or collected by Us (as the data controller) in connection with the services and products we offer.

This Privacy Policy was posted on our website on 27/03/2019 and replaces any earlier post.
This Privacy Policy generally applies to any natural person who has or intends to have any kind of cooperation with us.

2. Who we are

Established in 1974, VIOPOL is today one of the most dynamic and fast growing Greek-based companies in the production and marketing of polyurethane systems. Experience, continuous research for innovative solutions and long standing collaborations with international corporations are the pillars of our expertise & know-how. This makes it possible for us to meet the highest and most complex market demands.
At the heart of our philosophy lay support and close partnership with our clients in assessing their needs and meeting their requirements. Our highly skilled and talented people turn great ideas into advanced solutions for any polyurethane system application. Our polyurethane systems stand out for their excellent quality and performance. Every product bearing VIOPOL’s logo offers our clients a world of advantages, supporting the end-result of their work and actively contributing to their success. In both Construction and Industry, VIOPOL is the power of development and expertise, your strategic partner in excellence.
Having by our side the biggest international PU corporations, defines the quality of our products and the refinement of our know-how. VIOPOL holds powerful, strategic partnerships with top international corporations, for the development of new products and solutions
and the joint implementation of major projects. Through these resourceful partnerships, at VIOPOL we have unlimited access and involvement in international research & development, regarding PU systems applications and innovations. Sharing the vast experience of our international partners, we grant our clients successfully tested solutions in any PU systems application, bringing unique benefits in local Industry and Construction. VIOPOL PU systems are the passport to international quality and know-how, in a new era of solutions and benefits.

Further information about us is available at the website https://viopol.com.

3. What personal data is being proccessed

Personal data (PD) means any information that can be used to identify directly or indirectly a specific individual (you as a natural person).

We have to collect PD for the effective execution of our everyday business functions and services and, in some occasions, for the compliance with relevant legislation and regulations.

You are not required to provide us the personal data that we request, but if you choose not to do so, we may not be able to provide you with our products or services, or with a high quality of service or respond to any queries you may have.

When you call us, visit our website, ask questions or order one of our services/products, we may ask you for relevant information (PD such as: name, address, email, telephone number, date of birth) depending on the type of our relationship.
Furthermore, it is likely that you choose to voluntarily disclose to us additional PD (as in the case of sending a CV or disclose tax data in order to conclude a purchase).

4. How do we get information (PD)

We may collect personal data from a variety of sources. This includes:

Personal data you give us directly,
Personal data we collect automatically, and
Personal data we collect from other sources (eg advertising networks, our customers or third parties).

Most of the PD we process is provided to us directly by you for one of the following reasons:
You are interested in our products/services.

Information you disclose when you contact us or visit our website.
Information we receive from your usage of our products and services or our partners’ services.
We use various kinds of technologies for the collection and storage of the information, including the use of cookies (see §11).
Our web server collects information (such as ΙΡ address, search engine, ….) used for activities such as calculating number of visitors at our website, identifying points of interest, checking communication effectiveness, etc.
You have made an information request, a complaint or enquiry to us.
You wish to attend, or have attended, an event.
You have applied for a job or secondment with us.
You are representing your organisation.

We also receive personal information indirectly, in the following scenarios:

We have seized personal information as part of an investigation.
From our partners or cooperating organizations.
An employee of ours gives your contact details.
Your personal information is publicly available.

When you contact us, we keep a record of our communication messages so as to resolve any issues you may have. We do not allow any unauthorized entities, especially without your consent, to access your information.

5. How we use your PD

We process (i.e. collect, store, disclose, delete etc) your personal data (PD) only for specific and limited purposes. Moreover, we will only use your personal data, where we have a legal ground to do so, in order to:

Process your order and shipping the product
Provide you with personalized and updated services/products
Contact you to inform you about new services or products that may interest you
Process your payment or prevent or detect potential frauds
Respond to your questions or complaints
Implement the framework of this Privacy Policy
Develop and improve our products, services, communication methods and the functionality of our websites
Provide personalised communications and targeted advertising

6. How long we keep your personal data

We keep your personal data for only as long as we need to. It depends on what we are using it for, as set out in this Privacy Policy.

For example, we may need to use it to answer your queries about a product or service and as a result may keep personal data while you are still using our product or services. We may also need to keep your personal data for accounting purposes (legislation relevant to tax authorities or financial investigation units).

If we no longer need your personal data, we will delete it or make it anonymous by removing all details that identify you.

Additionally, the period for which the personal data are stored depends on the lawfulness of the processing (legal basis), as follows:

If processing is necessary for the purposes of the legitimate interests pursued by us (the controller) then the processing of personal data will take place for as long as is necessary to achieve the controller’s intended purpose and for as long as it is required until the period for related claims has elapsed.
If personal data are provided by the natural persons themselves, then we will retain data for as long as we have a contractual relationship with you or until your consent is withdrawn or for as long as relevant legislation allows. In the event that for any reason your consent is withdrawn, we will keep them until the period for relevant claims has elapsed.
If you (the data subject) have given consent to the processing of your personal data and we have no other legitimate reason to continue this processing, and your consent is withdrawn, we will delete your personal data, as long as it is permitted by relevant legislation. However, when you unregister (e.g., from marketing communications), we will retain your email address to ensure that we will not send you any further communication.
If processing of data is necessary for the performance of a contract to which you (the data subject) is party or to take steps at your request prior to entering into a contract, then we will retain your data for as long as we have a contractual relationship or as long as relevant legislation permits or until the period for relevant claims has elapsed.

7. Disclosure of your information

We do not disclose or share your PD with any third parties for the purposes of direct marketing.

In the following circumstances we share information:

With your own consent: we share your personal information with companies, organisations and natural persons when we have your explicit consent.
For external processing: We use data processors, who are third parties, who provide elements of services for us. We have contracts in place with our data processors. This means that they cannot do anything with your personal information unless we have instructed them to do it. They will not share your personal information with any organisation apart from us. They will hold it securely and retain it for the period we instruct.
For legal purposes: We share personal information with public services when it is reasonably necessary and in order to comply with laws, regulations, legal procedures or governmental demands.
For scientific research: We may provide non-identifiable data for scientific research or statistical studies.

8. Your data protection rights

Under data protection law, you have rights we need to make you aware of. The rights available to you (as our clients, user of our products, our website visitor etc) depend on our reason for processing your personal information (PD) and relevant legislation.

Your right to be informed: You have the right to be provided with clear, transparent and easily understandable information about how we use your personal data and your rights. This Privacy Policy is providing you with relevant information.
Your right to access and rectification: You have the right to access, correct or update your personal data at any time.
Your right to PD portability: You can receive your personal data, which you have provided to us, in a structured, machine-readable and interoperable format, and to transmit it to another controller. This right should apply where your personal data have been provided on the basis of your consent or in the framework for the performance of a contract.
Your right to erasure: You have the right to ask us to erase your personal information in certain circumstances. The exercise of your right can always be done in accordance with legal requirements (eg you cannot ask for a deletion of your PD when the labor law or tax authorities require to be retained it for 7 years).
Your right to restriction of processing: You have the right to ask us to restrict the processing of your information in certain circumstances, including processing for direct marketing.
Your right to submit a complaint to the Hellenic Data Protection Authority, http://www.dpa.gr/ or any national Data Protection Authority about how we process your personal data.
Your right to withdraw consent: If you have given your consent to anything we do with your PD, you have the right to withdraw your consent at any time (although if you do so, it does not mean that anything we have done with your valid consent up to that date is unlawful). You can withdraw your consent to the processing of your PD at any time by contacting us, through ‘’Contact Us’’ at Section 13.

To exercise your rights, see Section 10.

Further information and advice about your rights can be obtained from the Hellenic Data Protection Authority, http://www.dpa.gr/ or any national Data Protection Authority in your country.

9. Our Obligations

The principle of accountability is among the principles that govern processing of PD (legitimacy, objectivity and transparency, purpose limitation, minimisation of PD, accuracy of PD, limitation of storage period, security, integrity, and confidentiality).

We will only process your personal data where we have a legal ground to do so. We determine the legal grounds based on the purposes for which we have collected and used your personal data. In every case, the legal ground will be one of the following:

Consent: the data subject (you) has given consent to the processing of his or her personal data for one or more specific purposes. For example, where you have provided your consent to receive our news or our marketing emails. You can withdraw your consent at any time by submitting an email to “Contact Us’’ (Section 13).
Our legitimate interests: when processing is necessary for the purposes of the legitimate interests pursued by the controller (us), except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject (you). Where it is necessary for us to understand our customer, promote our products/services and operate our sites and apps efficiently. For example, we will rely on our legitimate interest when we analyse what content has been viewed on our sites and apps, so that we can understand how they are used. It is also in our legitimate interest to carry out marketing analysis to determine what products and services may be relevant to the interests of our customers and potential customers.
Performance of a contract with you (or in order to take steps prior to entering into a contract with you): For example, where you have purchased a product from us and we need to use your contact details and payment information in order to process your order and deliver your product/service.
Compliance with law: processing is necessary for compliance with a legal obligation to which the controller (us) is subject (tax or finance legislation).

In addition, we implement the appropriate technical and organizational measures to protect us, you and our partners against unauthorized access or alteration, tampering or destruction of the PD we have in our possession. Specifically:

We encrypt many of our services.
We control data collection, storage and processing practices, including security measures, to protect against non authorized access to systems.
Access to personal information is limited & controlled, and subject to strict contractual obligations of confidentiality.
In case that outside partners (for maintenance or support purposes) have potential access to PD, certain appendices of the existing cooperation contracts cover the requirements of the data protection regulation.

Throughout the entire processing cycle of PD (from collection to destruction), we take the appropriate technical and organizational measures to ensure the confidentiality, integrity and availability of PD. Similar measures are required by third parties handling or processing PD.

Our services, products and website are not indented for children under the age of 16. We do not knowingly process personal data about children under 16.

10. Access to your own information

Within the scope of the rights granted to you by the Data Protection Regulation, you can request access, correction or limitation of processing or deleting your PD (see your rights, in detail, in Section 8).

To satisfy your request (ie one of your rights) you are invited to fill in a Subject Access Request (SAR) form. We shall provide information on action taken on your request without undue delay and in any event within one month of receipt of the request.
COMPLETION OF A SAR APPLICATION NOW?

Moreover, you can exercise your rights by sending an email to ‘’Contact Us’’ (Section 13) asking for a Subject Access Request (SAR) form, and submitting the properly filled SAR form through the “Contact Us” (Secton 13).

11. Use of Cookies

Like most websites, Viopol uses “cookies” to improve the visitor experience of the website. Cookies are small files, consisting of a series of letters and numbers, which are placed by web servers. Help the website administrator to distinguish you / recognize you from other users of the site. Cookies cannot be executed as passwords or used to transmit viruses and cannot give us access to your hard disk. We cannot read any information from your hard disk even if we store cookies on it.

On our website we use cookies to manage sessions, provide personalized webpages, and customize advertising and other content to reflect your particular needs and interests. Cookies can also be used to compile anonymous, aggregated statistics that allow us to understand how the public is using our site and helping to improve its structure and content. We cannot verify your personal identity from this information. You can modify browser settings to reject some or all cookies. You should be aware that some features are only available through the use of cookies and if you choose to disable cookies, these features may not be available. Some of the cookies we use are ‘’absolutely necessary cookies’’. These are essential for the proper operation of the website and allow you to browse and use its features. The absolutely necessary cookies do not recognize your individual identity. Without these, however, we cannot provide efficient operation of our site.

NOTE: Even after your initial choice, you can change your cookie settings for our website at any time by visiting ‘’cookie settings’’.
Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set, visit www.aboutcookies.org or www.allaboutcookies.org.

12. Links to other websites

Where we provide links to websites of other organisations, this Privacy Policy does not cover how that organisation processes personal information. We encourage you to read the privacy notices on the other websites you visit.

Unfortunately, sending information via the internet is not completely secure. Although we will do our best to protect your personal data once with us, we cannot guarantee the security of any personal data sent to our site while still in transit and so you provide it at your own risk.