MEL takes a responsible stance towards the protection of personal data and privacy and believes it to be an issue of supreme importance. We therefore publish this notice in accordance with Article 13 of the General Data Protection Regulation (GDPR) to inform you of how we use your personal data. This document lays out the processing undertaken by the Data Controller, as named below, through the website. It also makes clear that this information applies only to our website. It does not apply to any website to which you may be redirected by our website.
- Data Controller
The Data Controller is the company registered as Macedonian Paper Mills S.S.A. and trading as “MEL”, with offices in Kato Gefyra, Thessaloniki, with Companies Registry No 8638/62/Β/86/472 and General Electronic Commercial Registry (GEMI) No 57183804000; postal address Kato Gefyra, PC-57011, website www.melpaper.com and telephone no +30 2310728000 (hereinafter the “Data Controller” or the “Company”).
Any questions regarding this notice and the manner in which we process your personal data may be directed to the:
Data Protection Officer - DPO
MEL Macedonian Paper Mills S.S.A.
Kato Gefyra, 57011
Contact telephone: +30 2310728139
- Collection and processing of personal data
The table below sets out the purpose of processing personal data collected through our website, the categories of data and the legal basis for their processing:
Purpose of data processing
Legal basis for processing
Managing communication with the Company and/or the Group
Personal information, contact information, CVs, information contained in sundry requests
Optimising website use
Login information, user activity within website
Purposes related to legitimate interests of the Company and/or the Group
- What is the purpose of processing your personal data and what is the legal basis for processing?
The personal data that visitors to our website provide by filling in various forms there (e.g. contact, registering for newsletters) are used exclusively for the purpose for which they were provided, as outlined at each point that such information is collected.
The Company’s legitimate interest lies in evaluating each visitor's stay on this website, counting the number of clicks at each page and receiving suggestions or comments from users to improve our online services.
The Company processes your personal data in a way that ensures their protection, taking all organisational and technical measures to secure and protect data against accidental or unlawful destruction, accidental loss, alteration, unauthorised disclosure or access or any unauthorised form of processing.
- Disclosure to third parties and types of recipients
Your personal data, as described above, may be disclosed to fulfil the purposes of processing, as stated above in par. 3, to companies providing IT and website support, website hosting companies and companies providing consulting services related to evaluating candidates for hire.
The Company (does not) transmit your personal data to third countries or international organisations.
- Retention period
The personal data you submit through the website are retained only for as long as necessary to fulfil the purpose for which they were collected, or as required by law.
- Data identifying geographical location
The website may collect and process data identifying geographical location to provide services requested by the user only with the data subject’s specific consent, which can be revoked at any time. In these cases, consent will be requested through a pop-up window.
- Data subject rights
This section explains your rights with regard to your personal data. These rights are subject to certain exceptions, reservations or restrictions. Please submit your requests responsibly. The Company will respond as soon as possible, and certainly within 1 month of receiving your request. If a review of your request requires more time, you will be notified. To exercise your rights, you may write to the email: email@example.com
MEL ensures that you can easily exercise the following rights:
8.1. The right to information/notification
You have the right to request and receive concise, transparent, intelligible and easy to understand information with regard to the way in which we process your personal data, in accordance with Company policies and procedures in place from time to time.
8.2. Right of access
You have the right to access your personal data free of charge, in accordance with the Company’s policies and procedures in place from time to time, with the following exceptions for which there may be a reasonable charge to cover the Company's administrative costs:
- manifestly groundless or excessive/repetitive requests, or
- additional copies of the same information.
8.3. Right to rectification
You have the right to request rectification of your personal data if they are inaccurate or incomplete, in accordance with MEL’s policies and procedures in place from time to time.
8.4. Right to erasure
You have the right to request the erasure or withdrawal of your personal data when they are no longer necessary for the purposes for which they were collected or when there is no legal reason to continue to process them, in accordance with the Company’s policies and procedures in place from time to time. The right to erasure is not absolute, but depends on the degree to which there is a specific legal obligation or other lawful reason for MEL to retain your personal data.
8.5. Right to restriction of processing
In certain cases, you have the right to restrict or cease further processing of your personal data, in accordance with MEL’s policies and procedures in place from time to time. In the event processing has been restricted, your personal data will remain stored, but will no longer undergo processing.
8.6. Right to data portability
You have the right to request and receive personal data related to you and which you have provided in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller, in accordance with MEL’s policies and procedures in place from time to time.
8.7. Right to object
You have the right to object at any time, on grounds relating to your particular situation, to processing of your personal data based on Article 6(1)(f) of the Regulation (processing for reasons of MEL’s legitimate interests), based on this provision. In such case, MEL, as data controller, shall no longer process the personal data unless it demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
8.8. Rights related to automated individual decision-making and profiling
MEL does not undertake automated individual decision-making, including profiling.
8.9. Right to withdraw consent
In cases where processing of your personal data is based on your prior consent, you have the right to withdraw your consent at any time, and MEL will cease the specific activity to which you had previously consented, unless there is an alternative legal basis which justifies continued processing of your data for this purpose, in which case you shall be notified.
8.10. How to exercise your rights
In order to exercise the aforementioned rights, you must submit a written request to MEL, in accordance with its policy and procedures in place from time to time. MEL reserves the right to respond within no more than 1 month from receiving the request, in accordance with the terms of the Regulation and its own policies and procedures.
- Withdrawal of consent
We inform you that you have the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal, by sending an email to: firstname.lastname@example.org
For further information and advice regarding your rights or to lodge a complaint, contact the Data Protection Authority:
Postal address: Data Protection Authority, Offices: 1-3 Kifisias Ave., GR-115 23 Athens
Telephone: +30 210 6475600
Fax: +30 210 6475628
- Revisions to this notice
Our aim is to review and continually update this notice in order to comply with applicable legislative and regulatory requirements, while providing the best possible protection of your personal data. Any updates will be notified through this website.
“Personal data”: any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
“Special categories of personal data”: personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, physical or mental health, genetic and biometric data, data concerning sex life or sexual orientation, and information regarding criminal convictions and offences. Due to the nature of sensitive personal data, the law is much stricter as to the way in which these data should be processed. The Company processes sensitive personal data only in accordance with the law.
“Data Subject”: the identified or identifiable natural person to whom the personal data and/or sensitive personal data pertain.
“Customers”: any natural person who enters into transactions with the Company for the purpose of buying or selling the Company's products.
“Processing”: any operation or set of operations which is performed, either by automated means or not, on personal data or on sets of personal data, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
“Data controller”: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
“The processor”. The natural or legal person, public authority, agency or other body which processes personal data on behalf of the data controller.
“Restriction of processing”: the marking of stored personal data with the aim of limiting their processing in the future.
“Consent”: any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
“Personal data breach”: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.
Cookies are small text files that the website the user visits sends to the browser. Cookies cannot execute programs or transmit viruses to your computer.
Data processing is performed with the help of electronic instruments, or in any case automated, computerised or telematic instruments with functionality related exclusively to the purposes outlined above and in a way that ensures the security and confidentiality of the data.
Technical cookies (which do NOT require your consent)
According to legislation in effect, and specifically as found in Opinion 4/2012 of the Working Party set up under Article 29 of Directive 95/46/EC, it is not always mandatory to obtain the consent of the data subject. Specifically, consent is not required for these types of “technical” cookies which are used for the sole purpose of carrying out the transmission of a communication over an electronic communications network or where strictly necessary for enabling the use of a specific service explicitly requested by the user. In other words, these cookies are essential for the function of the website or are required to execute the services requested by the user.
Technical cookies, for which consent is not required for their use, also include:
The installation of an SSL data encryption certificate on our website, the use of firewalls, antivirus protection and all other equipment and software which is intended to protect the data centre that hosts our server which in turn hosts our website are all intended to ensure the security of your personal data.
Profiling cookies aim at creating user profiles and are used to send advertising messages based on preferences expressed by the user while browsing the internet. These cookies are used to deliver content most targeted to users and their interests. They can be used to display targeted advertising or limit the number of times a particular advert is seen. Profiling cookies require the user's prior voluntary informed consent, which the website acquires by means provided by the regulation through a banner that appears upon the first visit and through detailed information that allows the user to provide or refuse consent.
First- and third-party cookies
First-party cookies are those set directly on the user’s terminal device by the server of the website the user visits. When browsing the website, users may receive cookies on their terminals from different websites or services (known as “third-party” cookies), which may store certain information (such as images, maps, sounds, specific links to pages with different domain names) which may be present on the website the users themselves visit. In this case, these cookies are generated by a website that is different from the one the user is currently visiting.
Users can choose which cookies to allow through the appropriate process provided for below, and approve, block or delete (all or some) of the cookies through the special function of the browser: However, in the hypothetical case where all or some of the cookies are disabled, access to the website or certain services may not be possible or specific functionalities may not be available or not work properly, and/or users may have to manually adjust or enter some information or preferences every time they visit the site.
How can I disable/enable cookies?
You can accept cookies or reject them by adjusting the settings on your browser. However, it is possible you may not be able to use all of the interactive functionalities on our website if cookies are disabled.
There are various ways to manage cookies. Refer to the browser instructions or the “Help” section to learn more about these functions. For example, if you use Internet Explorer, click on Tools/Internet Options/Security and personal data protection to adjust the browser to your needs. If you use different computers in different locations, you will need to ensure that each browser is adjusted to suit your cookie preferences.
Some modern browsers have a feature that will analyse website privacy policies and allow a user to control their privacy needs. These are known as "P3P" features (Privacy Preferences Platform).
You can easily remove any cookies that have been created in the cookie folder of your browser. For example, if you use Microsoft Windows Explorer:
- Open “Windows Explorer”
- Select the “Search” button on the tool bar
- Enter “cookie” into the search box field for “Folders and Files”
- Select “My Computer” in the “Look In” drop down menu
- Click on “Search Now” Double-click on the folders that are retrieved
- “Select” any cookie file
- Click the “Delete” key to erase the cookie file
If you do not use Windows Explorer, click the “Help” function and enter “cookies” to search for information on how to locate the folder.
Information about cookies
For more information about cookies, their use and the way they are applied to the use of your personal data, please visit the website http://www.aboutcookies.org.
Other information we collect
The Internet Protocol (IP) address is a unique number devices use to recognise and communicate with each other in a computer network using the Internet Protocol Standard. In other words, the IP address is the number assigned to your device (computer, tablet, smartphone) each time you gain access to the internet in order to communicate with other devices. The IP address can also recognise your internet service provider.
Your IP address is recorded when you visit our website for reasons of website security and to prevent malicious activity. IP addresses can also be used cumulatively to analyse website performance and optimise it to enhance your user experience.
This information is essential for the proper function of the website and cannot be disabled.