Data controller

The Greek corporation Northern Aegean Canning S.A with the trading name “KONVA S.A.” (ΚΟΝΒΑ Α.Ε.), holding the following TIN 094148240, having its registered seat in the Industrial Area of Stavrohori, Kilkis, processes personal data of its suppliers.


This policy describes how we use and collect our suppliers’ personal data (categories, legal basis, purpose, protective measures, rights, etc.). It is uploaded on our company’s website ( and may be occasionally modified / updated. You will be informed of all significant changes, whereas you may find online at any time the updated/valid version.

We assure you that all the information we collect about you, is used exclusively for a legitimate purpose, while it is protected by high-security systems.

Which categories of data we collect


The categories of our suppliers’ personal data (and their employees’ as applicable) which we process are the following: name, surname, father’s name, registered seat, telephone number, mobile telephone number, e-mail address, identity card number, TIN, bank accounts, tax and social security clearance, financial data, and basic elements for the identification of the legal entities’ representatives.

What do we use your personal data for?


We process your personal data for the purpose of the conclusion, the execution, the performance and the termination of our contract and in general for managing our contractual relationship, for our company’s compliance with its obligations before the law (Income Tax Code, etc.), as well as for the establishment or defense of legal claims before Courts, Authorities etc. More specifically, we process your personal data in order to handle orders, to invoice and process quality control of products or services.

Legal bases for the processing


The legal bases for the processing are as applicable: (a) the legal interest that we pursue (the company’s functioning) (b) Our compliance with our legal obligations (c) The execution (conclusion, functioning, termination) of our contract (d) Your consent.


Who do we share your personal data with?


The company does not share your personal data with third-party recipients. Your personal data is processed only by authorized staff under total confidentiality. Exceptionally, your personal data may be shared as follows: (α) with public authorities for the company’s compliance to its legal obligations, (b) with third parties who offer their services to the company, such as human resources companies, lawyers/law firms (in case of extrajudicial or legal actions regarding the conclusion of contracts and the company’s legal claims). Those parties, which are acting as processors on behalf of the Company, guarantee full compliance with the applicable legislation (European and Greek) regarding personal data, and (c) with Courts for the exercise and defense of the company’s rights.

Processing principles and Protection


Our company (the following is indicative and not exhausting):


  • Processes exclusively personal data that are necessary for the abovementioned purposes
  • Implements the appropriate technical and organizational measures to ensure the security of the personal data (ensuring confidentiality, integrity, and availability) by design and by default
  • Disposes and applies procedures and systems regarding the confidentiality of the processing of personal data, as well as their protection from accidental or unlawful destruction, incidental loss, alteration, unauthorized disclosure or access, and every other form of unlawful processing (for example, the use of tools for access control and data loss prevention)
  • Has provided information to data subjects (both consumers and employees), in accordance with Regulation (EU) 2016/679 (GDPR)
  • Complies with the data minimization principle
  • Ensures the exercise and the satisfaction of the subject’s rights
  • Has proceeded to the drafting of documents, policies and procedures that prove its compliance with the accountability principle(privacy policy, cookies policy, data mapping, record of processing activities, etc) as mentioned in GDPR
  • Has formed a corporate data protection team
  • Proceeds to the training and awareness of its employees regarding the protection of personal data
  • Amends the agreements with processors on its behalf, in accordance with article 28 of the GDPR for the purpose of its full compliance.

How long will we store your personal data?


We retain your personal data for as long as it is necessary, according to legislation, so that tax and insurance authorities will be able to audit our company lawfully. When the processing of personal data is no longer necessary, your data will be erased safely.

What are your rights and how to exercise them


You have the following rights: a) to request  access  to  the  personal  information  we  process  about  you, information  about the purpose of their processing, as well as the duration that they are stored (right of access),

  1. b) to request for the correction and/or the completion of your personal data, so as for them to be complete and accurate (right of rectification). You should provide every necessary document from which the need of correction or completion arises,
  2. c) to request the restriction of processing of personal data (right of restriction of processing),
  3. d) to refuse and/or to object to any further processing of your personal data (right to object),
  4. e) to transfer your personal data to another processor of your choice (right to data portability),
  5. f) to request the deletion of your personal data from our records (the right to be forgotten).


With respect to the abovementioned rights, please note the following:


  • The company, in any case, has the right to refuse a request for restriction of processing or deletion of your personal data or your right to object, if the processing or the maintenance of personal data is necessary for the establishment, the exercise, the support of its legal rights or the fulfillment of its obligations.
  • The exercise of your right to data portability, does not entail the deletion of your data from our records, which is subject to the terms of the previous paragraph and the conditions of Regulation 679/2016.


  1. g) to lodge a complaint with the Hellenic Data Protection Authority (, if you consider that your rights are violated in any way (right to lodge a complaint with an Authority).


In order to exercise your rights, you may contact our company in writing in the following address: Industrial Area of Stavrohori, Kilkis, or via e-mail address: [email protected].


KONVA SA will undertake all possible efforts to fulfill your request within thirty (30) days of its submission. Upon the company’s absolute discretion, the above mentioned deadline may be extended by sixty (60) additional days, if it is considered necessary, depending on the number and the complexity of the requests, after you get notified within reasonable time limit.