Alfa logo

PRIVACY POLICY

Personal Data Protection Policy

We are committed to protecting your personal data and process it in compliance with the applicable data protection legislation.

Please read this personal data protection policy carefully so you are properly informed about the type of data we process.

  1. General information and the controller of your data

ATHENIAN BREWERY S.A., headquartered at 102 Kifissou Avenue, Egaleo 122 41, Athens, with VAT number 094000362, registered at the Athens Tax Office for Sociétés Anonymes, as legally represented (hereinafter the “Company”) is the controller responsible for the collection, storage and general processing of the personal data of users of this website, as collected and stored through it, and of social media pages linked to the website.

  1. What personal data do we collect from you, and how?

We collect and process the following personal data:

  • Participation in campaigns, prize draws, and competitions

If you take part in any competitions, prize draws or other events/campaigns, you will be asked for your name, email address, telephone number and answers to any open questions in the competitions. We need this information to process your entry and to be able to contact you about your prize.  You may also be asked for your home address or other details necessary to send you prizes/tickets/products by post. All information regarding your participation in our campaigns, prize draws and competitions is retained by us for a maximum period of 6 months after the end of the competition. The information will not be used for other purposes unless you have been expressly informed about them and/or your consent has previously been requested. Please note that for participation in company competitions etc. we also collect information from the Company’s social media (e.g. LinkedIn, Facebook, Google or Twitter) that is necessary to register or login, such as your name and email address, which you have permitted your social media provider to share with us. The collection of other information may depend on your privacy settings with your social media provider, so please review the privacy statement or policy of the relevant service.

  • Information when you contact us

If you visit our website and have a question or comment, you can submit it to our Company by completing the contact form available on our website. You will be asked to provide your name and email address, as well as information about your request/question/comment. We will use this information only to respond to your question/request/comment. We will retain records of your requests, questions or comments and our responses, and of any related action taken to manage your request/communication. All information will be retained for 6 months after your question or complaint has been answered or after any case before the courts, investigative bodies and/or other supervisory authorities has been closed.

  • Information about your visit and use of the website

We collect certain information when you visit our website, such as your IP address, the pages you visit, what category of device you are using, your browser and the type of web browser you use, and your clicks and impressions. Information about your use of the website and our services enables us to group visitors or customers into categories with shared characteristics, such as age, gender or region. We may assign you to one of these categories. We use the categories to customise the website and, for example, to change the order of search results or the location where certain offers are displayed, so you are more likely to see them. We may also use categories to display online advertisements we think are relevant to you and to send you commercial messages. We use this personal data as necessary and in our legitimate interests to promote our products and services to consumers and visitors to our website, to be able to attract more consumers, and to improve sales of our products and services. We retain personal data for a maximum of 14 months.

  • Marketing
    In some cases, we combine information about your online searches (clicks and impressions), your settings on our website, your customer service requests and your communication history. This information enables us to use different channels to manage relationships and market our products and services to you via email, direct mail, social media, telephone or online advertising, which may include tailoring the website’s content and offers to your preferences. You can opt out of receiving newsletters, direct mail, social media communications or telephone calls, and you can object to our use of your personal data for direct marketing purposes (for more information about this process, see the following paragraphs of this policy). We use this personal data as necessary and in our legitimate interests to promote our products and services to customers and visitors to our website, to be able to attract more customers, and to improve sales of our products and services. We retain personal data for a period determined by the purposes for which it has been collected (e.g. when you contact us, when you visit our website, to participate in prize draws). Personal data is usually deleted or made anonymous within a maximum period of 14 months.
  • Maintenance and optimisation of our website

 We also use your personal data to maintain and analyse our website, resolve performance issues, improve availability, and enhance the user experience. We log all uses of our website. Our use of your personal data for these purposes is necessary for our legitimate interests, and the information is retained for a maximum period of 14 months. Records of your use of our website will be deleted within 14 months of being created.

  1. Purposes of processing
  2. Support of information systems/improvement of services provided: We use your personal data to detect problems on the server and to ensure the proper functioning of our website. The Company uses the personal data of users, which we collect through the website, to offer new services through the website or to improve the services already provided.

Legal basis of the processing: The legitimate interest of the Company to ensure the smooth functioning of our website and to improve the services we provide.

  1. Compliance with our legal obligations: When we receive relevant orders from the courts or public authorities, we process your personal data in response to these requests.

Legal basis of the processing: Compliance with our legal obligations.

  1. Organisation of company competitions: We process personal data that you submit through the website and the social media connected to it so that you can take part in the Company’s competitions.

Legal basis of the processing: Execution of a contract (by participating in the competition you accept the terms under which it is held and enter into a contract with the Company).

  1. Promotion of the Company’s products and services: Information about the use of our website and services enables us to create “segments” that group together visitors to our website and consumers with shared characteristics, such as age, gender and region. The segments are then used to customise our website e.g. by changing the order of your search results or to show you an advertisement that we believe is of interest to you. We are also able to process data you have published on social media (e.g. if you take part in a company competition via a social network), if you have given the social media provider permission to share it with us.

Legal basis of the processing: The legitimate interests of the company.

  1. Legal protection of the company: Ensuring the terms of use of our website are applied, and protecting our legal rights.

Legal basis of the processing: The legitimate interests of the Company.

  1. Cookies

A large part of the information mentioned in this Privacy Policy is collected through the use of cookies and similar techniques. Cookies are small text files containing small amounts of information, which are downloaded and can be stored on your user device, e.g. your computer, smartphone or tablet. The techniques we use that may be similar to cookies are tracking pixels, Java scripts, tags and web beacons. These cookies and similar techniques are sometimes required to store your account settings, language and country, but they also enable us to measure and analyse your behaviour on our website and to show you customised advertising on our website or on third-party websites. Where applicable, your consent to the use of cookies will be requested. For more information about the cookies we use and how we use them, please see the separate Cookie Policy (https://www.alfabeer.gr/cookies/).

  1. Rights of access, rectification, erasure, restriction of processing and data portability

You have the right to request an overview of your personal data processed by us or on our behalf. You have the right to rectify, erase or restrict the processing (as applicable) of your personal data. You can exercise these rights by contacting and submitting a request to our Company’s Data Protection Officer (“DPO”) at [email protected].

Please note that requests failing to meet the requirements laid down by the applicable legislation may have to be resubmitted or may be rejected, and that certain personal data may be exempt from such requests for access, rectification and erasure, in accordance with applicable data protection laws and other laws and regulations.

You have the right to receive the personal data you have provided to us in a structured, commonly used and machine-readable format, and in certain circumstances we will transmit your data to another controller at your request, where technically feasible.

  1. Right to object

In certain circumstances, you also have the right to request that we cease processing your personal data, but where there are compelling legitimate grounds, we will continue to do so.

In any event, you have the right to object to our use of your personal data for direct marketing purposes, including profiling, and if you do so, we will comply with your request.

In the event that you have consented to our use of your personal data, you have the right to withdraw your consent without this affecting the lawfulness of our processing of the data in question prior to the withdrawal of your consent.

Requests from users regarding the exercise of the above rights can be sent to our Company’s Data Protection Officer (“DPO”) at [email protected].

Users can also submit complaints to the Hellenic Data Protection Authority regarding the exercise of their rights (www.dpa.gr). As per the Authority’s website, complainants must first submit their complaint to the controller or the data protection officer.

  1. Retention of personal data

Users’ personal data is retained only for the period of time necessary to fulfil the purpose for which it was collected, in full compliance with the applicable legislation. Once the purpose of processing your personal data has been fulfilled, it is deleted. The specific retention periods for each of the relevant purposes are set out above.

  1. How and with whom we share your personal data (recipients of personal data)

We may need to share your personal data with third parties to help us provide you with services and products and to manage our website. These third parties are:

  • HEINEKEN group companies, for the purpose of storing personal data processed via the website, due to shared information systems,
  • service providers, when required, to provide us with a service and to provide data analysis services,
  • service providers that help us organise campaigns and promotions,
  • first- and third-party advertising companies,
  • media agencies for marketing and research purposes,
  • in the event of HEINEKEN selling all or part of the assets or shares of a HEINEKEN group company to which personal data has been transferred to third parties, your personal data may be provided to these third parties.

These third parties may be based in the European Union, in other countries in the European Economic Area (EEA), or in other regions of the world. When we store personal data outside the EEA, we ensure that the transferred data has an appropriate level of protection. When we are to transfer your personal data to a third country, i.e. a country outside the EEA or to an international organisation, you will be informed before the transfer, in accordance with Article 13(1)(f) of the EU’s General Data Protection Regulation (GDPR).

We require service providers to take appropriate measures to protect the confidentiality and security of personal data.

Finally, we may need to provide personal data to law enforcement bodies to comply with a legal obligation or court order.

  1. Data security

The Company assures users that we take all appropriate technical and organisational measures to ensure the security of their personal data and the confidentiality of its processing, and to protect it from accidental or unlawful destruction/loss/alteration, unauthorised disclosure or access, and any other form of unlawful processing.

Although every effort is made to protect personal data, the Company cannot guarantee the security of data transmitted to our website, as the transmission of information via the Internet can never be completely secure.

Our website may contain links to other websites.

We are not responsible for the personal data protection practices, content, or security of other websites, which are not governed by this personal data protection policy, and we therefore advise that you always carefully review the personal data protection policies of those websites. Furthermore, if you choose to share information from our website through social media, we advise you to read the personal data protection policies of the social media sites carefully.

  1. Protection of Personal Data of Children

Our website is not intended for use by persons under the age of 18. In order to verify your age and grant you access to our website, we ask for your date of birth. Please do not provide us with any personal data if you are under 18.

  1. Applicable Law

Any dispute arising from the use of this website shall be subject to the exclusive jurisdiction of the Greek courts.

  1. Amendments

This Personal Data Protection Policy has been drafted in accordance with the provisions of the EU’s General Data Protection Regulation No. 2016/679/EU. In the event of an update, any changes will be posted on the COMPANY’s official website, showing the date of revision.

  1. Data Protection Officer

For issues related to the processing of your personal data, you can contact the Company’s Data Protection Officer at [email protected].