STAR AUTOMOTIVE SERVICE CENTERS

TRUCK | BUS | VAN

PRIVACY POLICY

The controller as per the EU General Data Protection Regulation (GDPR) is:

Star Automotive Hellas Single-Member S.A.
Thivaidos 20
145 64 Nea Kifissia, Greece
email: privacy@starautomotive.gr

1. Data Protection

We appreciate you visting our website and your interest in our company and products. We take the protection of your personal data seriously. In this Privacy Policy, we will explain how we collect your personal data, how we use it, for what purposes and on what legal basis, as well as the rights and claims arising from it.
Our Privacy Policy regarding the use of our websites does not apply to your activities on social networking sites or other providers accessed through the links on our websites. Information about their own terms of data protection can be found on the websites of these providers.

2. Collecting and processing your personal data


a. When you visit our webpages, we specifically store information about the browser program and operating system you are using, the date and time of your visit, the way you accessed (e.g., if you accessed a webpage or received an error message), the use of the website’s features, the search terms you may have entered, the frequency of your access to specific websites, the name of the files you accessed, the amount of data transferred, the website from which you accessed our websites, and the websites you visit through our websites, either by clicking on links on our websites or by entering a domain directly into the address field of the same tab (or window) of your browser in which you opened our websites. Additionally, for security reasons, especially to prevent and detect attacks on our websites or attempts at fraud, our Company will store your IP address and the name of your internet service provider for up to thirty days.

b. We further store personal data only if you provide it to us, e.g., in the context of any registration, contact form, chat, survey, competition, or when executing a contract, and only to the extent permitted by your consent, for contract execution, or to take pre-contractual measures upon your request or based on applicable law (see Paragraph 7).

c. You have no legal or contractual obligation to provide us with your personal data. However, certain functions of our websites may depend on the transmission of personal data. Failure to transmit personal data in these cases may result in the inability to use or in limited functionality.

3. Purposes of use

a. We use the personal data collected during visits to our webpages to make them as user-friendly as possible and to protect our IT systems from attacks and other illegal activities.

b. If you provide us with further personal data, e.g., in the context of any registration, chat, contact form, survey, competition, or when executing a contract, we will use them for the purposes stated, for customer management, and – if necessary – for processing and settling commercial transactions, to the extent deemed necessary each time.

c. We and, if necessary, selected third parties use your data for other purposes (e.g., maintaining choices you make such as username, language, or region, and providing enhanced and more personalized features) if you have given your consent (= consent) in the Cookies Settings section at the bottom of the website.

d. Additionally, we use personal data to the extent required by law (e.g., storage for compliance with commercial and tax filing obligations, disclosure based on administrative or judicial decision, e.g., to a law enforcement authority).

4. Transfer of Personal Information to Third Parties, Social Plugins, Use of Service Providers

a. Our webpages may also contain offers from third parties. When you click on such an offer, we transmit data to the respective provider to the extent necessary (e.g., information that you found the offer on our website and, if necessary, further details you have already provided on our website regarding this).

b. When we install so-called “social plugins” from social networks such as Facebook and Twitter on our websites, we integrate them as follows: When you visit our websites, the social plugins are deactivated, meaning no data is transmitted to the operators of these networks. If you want to use any of these networks, you can click on the respective social plugin and connect directly to the server of the respective network. If you have a user account on a network and are logged in there when activating the social plugin, the network may register your visit to our website on your user account. If you want to avoid this, you can log out of the network before activating the social plugin. Visiting any other websites activated from the starautomotiveservicecenters.gr website cannot be registered by any social network until you activate the corresponding social plugin there. Once you activate a social plugin, the network transfers the available content directly to your browser, which integrates it into our websites. In this case, data originating from and controlled by the respective social network may also be transmitted. When you connect to a social network, the transmission of data between the network and your system, as well as your interactions on that platform, are governed solely by the data protection terms of the respective network. The social plugin will remain active until you deactivate it or delete the cookies from your device (see Paragraph 5).

c. When you click on a link to an offer or activate a social plugin, personal data may be transferred to providers located in countries outside the European Economic Area, which, in the opinion of the European Union (“EU”), do not ensure EU standards for the “appropriate level of protection” for the processing of personal data. Please consider this condition before clicking on a link or activating a social plugin and initiating the transmission of your data.

d. For the operation, optimization, and security of our websites, we use, among other things, providers of specialized services (e.g., IT service providers, advertising companies). We only transmit personal data to these providers to the extent required for the provision and use of the websites and their functions, for the achievement of legitimate interests, for compliance with legal obligations, or to the extent you have consented to this (see Paragraph 7). More information about the recipients can be found in the Cookies Settings section at the bottom of the website.

5.Cookies

During your visit to our webpages, cookies may be used. Cookies are small files that are stored on your computer, laptop, or mobile phone when you visit a website and are read later. Through them, one can determine, for example, if there has been a previous connection between the device and the websites, which language or other settings you prefer, or learn about your interests based on usage. Cookies may also contain personal data.

The use of cookies when you visit our webpages depends on the areas and functions of our websites that you use and whether you agree to the use of cookies, which are not necessary for technical reasons. More information and options can be found in the Cookie Settings section at the bottom of the website. In addition, the use of cookies depends on the settings of the internet browsing programs you use (e.g., Microsoft Edge, Google Chrome, Apple Safari, Mozilla Firefox). Most internet browsing programs have automatic cookie acceptance as the default setting, but you can often change this setting. Stored cookies can be deleted at any time, while Web/DOM Storage and Local Shared Objects can be deleted separately. A detailed description of this function is included in the instructions of the browser or device you are using.

Consent and rejection or deletion of cookies from your device, as well as their use, concern the respective internet browsing program you are using. If you use multiple devices and/or internet browsing programs, you can make different choices and/or settings each time.

If you decide not to allow the use of cookies or to delete them, you may not have access to all the features of our website, or certain individual features may be available to you in a limited manner.

 

6. Security

We take technical and organizational security measures to protect the personal data we manage against unauthorized processing, loss, destruction, and unauthorized access by individuals. Our security measures are continuously improved in line with technological advancements.

7. Legal Foundations of Data Processing

a. If you have provided us with consent to process your personal data, then this constitutes the legal basis for their processing (Article 6, para. 1, point a) of the GDPR).
b. For the processing of personal data for the purpose of entering into or performing a contract with you, the legal basis is Article 6, para. 1, point b) of the GDPR.
c. If the processing of your personal data is required to comply with our legal obligations (e.g., for data retention), our Company is authorized to do so in accordance with Article 6, para. 1, point c) of the GDPR.
d. Additionally, we process personal data for the exercise of our legitimate interests as well as the legitimate interests of third parties in accordance with Article 6, para. 1, point f) of the GDPR. Maintaining the functionality of our IT systems, (direct) marketing of our own and third-party products and services (where not carried out with your consent), as well as the lawful documentation of our business contacts, are among these legitimate interests. As part of the assessment process of the interests required in each case, we take into account various factors, including the type of personal data, the purpose of processing, the conditions of processing, and your interest in the confidentiality of the personal data concerning you.

8. Deleting your personal data

The IP address and the name of your internet service provider, which we store only for security reasons, will be deleted within thirty days. Otherwise, we will delete your personal data as soon as the purpose for which we collect and process the data is fulfilled. Beyond this point in time, the data will only be stored if required by laws, regulations, or other legislative provisions of the European Union to which we are subject, or according to legislative provisions in third countries where there is an appropriate level of data security. If deletion is not feasible in some cases, the respective personal data will be marked to limit further processing.

9. Rights of the Data Subject

a. If the processing concerns your personal data, you have the right to access (Article 15 of the GDPR), rectify (Article 16 of the GDPR), erase (Article 17 of the GDPR), restrict processing (Article 18 of the GDPR), and the right to data portability (Article 20 of the GDPR).

b. If you have consented to the processing of your personal data by our company, you have the right to withdraw your consent at any time. The legality of the processing of your personal data until the withdrawal is not affected retroactively by the withdrawal. Likewise, further processing of this data is not affected by any other legal basis, such as compliance with legal obligations (see Paragraph 7 – “Legal basis of processing”).

c. Right to object: You have the right to object at any time, for reasons related to your particular situation, to the processing of your personal data based on Article 6(1)(e) GDPR (processing for the performance of a task carried out in the public interest) or Article 6(1)(f) GDPR (processing based on legitimate interests). If you object to the processing, our company will only continue processing the personal data concerning you if we demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms or for the establishment, exercise, or defense of legal claims. Additionally, if we process your personal data for direct marketing purposes based on legitimate interests, you have the right to object at any time without providing reasons.

d. Please address your requests or statements, if possible, to the following contact address: privacy@starautomotive.gr.

e. If you believe that the processing of your personal data violates legal provisions, you have the right to lodge a complaint with the competent supervisory authority for data protection (Article 77 of the GDPR).

 

10. Data transmission to recipients outside the European Economic Area

a. When using service providers (see Paragraph 4.d.) and transferring data with your consent to third parties (see Paragraph 3.c), it is possible to transfer personal data to recipients located in countries outside the European Union (“EU”), Iceland, Liechtenstein, and Norway (collectively referred to as the European Economic Area) (so-called third countries) and process them in these countries. You can find information about the transferred data, data recipients or categories of recipients, as well as the purposes of processing in the Cookies Settings section at the hyperlink at the bottom of the website.

b. The EU determines the countries to which it provides “adequate protection levels” in accordance with EU standards for the processing of personal data (via “adequacy decisions”). With recipients in other countries for which there is no EU adequacy decision, our company enters into agreements to implement EU standard contractual clauses, binding corporate rules, or other permissible mechanisms to ensure “adequate protection levels” in accordance with legal requirements. For more information, please use the contact details provided in Paragraph 9.d. above.