Privacy and cookie notice

Our Privacy and Cookie Notice is set out below
Introduction

This website https://www.kykkoswater.com is operated by a member of the Coca Cola HBC group of companies, the ultimate holding company of which is Coca Cola HBC AG (registered in Switzerland with company number CHE – 235.296.902 and registered address at Turmstrasse 26, 6312 Steinhausen, Switzerland).

All references to ‘our’, ‘us’, ‘we’, or ‘company’ within this policy and within the opt-in notice are deemed to refer to Coca Cola HBC AG and its subsidiaries, as appropriate.

Coca Cola HBC AG is committed to preserving the privacy of all visitors to https://www.kykkoswater.com and to protecting any personal data that you may provide to us.

We provide this Privacy and Cookie Notice to help you to understand what we do with any personal data that we obtain from you. By providing your personal data to us, you signify your acceptance of our Privacy and Cookie Notice and agree that we collect, use, and disclose your personal data as described in this Privacy and Cookie Notice. If you do not agree to this Notice, please do not provide your personal details to us.

This Privacy Policy and Cookie notice covers the following areas :

What is personal data?

Personal data is information about an identifiable individual, as defined by applicable law, such as name, email address and telephone number.

Personal data that we collect from you and use of data
collected?

In general, you can visit this website without telling us who you are or revealing any information about
yourself. Our web servers collect the source IP addresses, for IT reasons, enabling you to connect to our
platform providing you with our services, not the email addresses, of visitors. In addition, there are parts of
this website where we need to collect personal data from you for a specific purpose, such as to provide you
with certain information you request and where requested to register you to our website.
We do this through the use of online forms and every time you email us your details. You will find that it is
not compulsory to provide us with any additional information we request which is not necessary or
reasonable in order to provide you with the services you have requested.

Data Subject
Collected Data
Purposes for
the collection
Justification
of the collection
Visitor of
our website
IP address, domain name, your browser version and operating
system, traffic data, location data, web logs
name, email address received from the visitor of our website
name, address, telephone, fax number, email address; received from the visitor of our website
to measure the number of visits, average time spent on the site, pages viewed
to provide you with information about our promotional offers, news, events (newsletters and
other publications), the Investor Relations or copies of our Annual Reports and to administrate subscription-service records (to a corporate webcast service or to an email alert service)
to response to your inquiries or to process your requests in relation to your information
legitimate interest to measure the use and to improve the content of our website
your prior consent by ticking the appropriate box when providing your personal data to us
to take appropriate steps at your request prior to entering into a contract
Business Customer/Supplier name, address, telephone, fax number, email address, tax data, bank account; received from our business customer/supplier credit worthiness, criminal/fraudulent activities, ID documents, credit ratings, politically exposed person and sanctions lists for sales contract, order taking, delivery execution, invoicing, payment allocation, to provide you with the requested services anti-bribery, anti-money laundering, sanctions, Know Your Customer, Credit and Anti-Fraud Checks performance of our services on the basis of the contract between you and us compliance with legal obligations, contract performance, consent (if provided), legitimate interest
Potential Business Customer / Potential Supplier creditworthiness, criminal/fraudulent activities, ID documents, credit ratings, politically exposed person and sanctions lists anti-bribery, anti-money laundering, sanctions, Know Your Customer, Credit and Anti-Fraud
Check		 compliance with legal obligations, contract performance, consent (if provided), legitimate interest
Contact Person of the Customer/ Supplier name, address, telephone, fax number, email address, SMS notification preferences, personal
preferences, favorite restaurants; collected through advertising campaigns by sales teams		 to contact the customer/supplier for business purpose (order taking, service request), maintenance of the customer relationship, providing updates to customers performance of our services on the basis of the contract between your company and us, your prior consent to be provided with updates
Consumer name, address, telephone, fax number, or email address received from the consumer providing any services you have requested from us performance of our services on the basis of the contract between you and us
Job Applicant name, address, telephone, fax number, email address, professional qualifications, experience and education; received from the job applicant candidate management, to assess your application and to contact you via phone or email legitimate interest to assess your application prior to entering into an employment contract
with u

As concerns all personal data required for the performance of our contract with you / your company, if you do not provide us with this personal data we may not be able to deliver the requested service as mentioned in the above. On the contrary, for all data processing’s where you give your consent, you are entitled to refuse or withdraw your consent at any time without any detrimental impact on any contact you may have with us.

When personal data, such as your name and email address, is collected from you with your consent (for example, through the use of online forms or via email) we will let you know at the time of collection how we will use that personal data

Cookie Policy

This website uses cookies to distinguish you from other users of our website. This helps us to provide you
with a good experience when you browse our website and also allows us to improve our website.
A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your
computer. Cookies contain information that is transferred to your computer’s hard drive.

Strictly Necessary Cookies

These Cookies collect information to allow us to improve the website.
These cookies are essential for browsing the website and use its features.

cookieconsent_status Tracks if a user has clicked “ok” on the cookie banner – so it no longer displays it
_ga, _gid The unique client ID assigned to each visitor – this will be unique to you (used to
store language preferences selected at the first visit)
cookiesession1 The FortiWeb Web Application Firewall (WAF) session cookie named is cookiesession1. For the first HTTP/HTTPS request from a client, FortiWeb embeds a cookie in the response’s Set-Cookie: field in the HTTP header. It is named cookiesession1. (FortiWeb does not use source IP addresses and timestamps alone for sessions: NAT can cloak multiple clients; clocks can be altered.)
JSESSIONID This is a cookie set by our server monitoring software. It is not used for tracking
users or user behaviour – it is solely used to differentiate between active user
requests to the website
ZREDIRECT Used for redirecting from Landing to Login pag
OptanonConsent This cookie is set by the cookie compliance solution from OneTrust. It stores information about the categories of cookies the site uses and whether visitors have given or withdrawn consent for the use of each category. This enables site owners to prevent cookies in each category from being set in the users browser, when consent is not given. The cookie has a normal lifespan of one year, so that returning visitors to the site will have their preferences remembered. It contains no information that can identify the site visitor.
OptanonAlertBoxClosed This cookie is set by websites using certain versions of the cookie law compliance solution from OneTrust. It is set after visitors have seen a cookie information notice and in some cases only when they actively close the notice down. It enables the website not to show the message more than once to a user. The cookie has a one year lifespan and contains no personal information.

Performance Cookies
These Cookies collect information to allow us to improve the website.

_gat_UA-9236928-1 This is a cookie set by Google Analytics. It Is used to make ensure that your computer/device doesn’t make too many requests to the Google Analytics servers whilst you’re browsing the CCHBC site

How do I disable/enable cookies?
You have the ability to accept or decline cookies by modifying the settings in your browser. However, you may not be able to use all the interactive features of our site if cookies are disabled.
There are a number of ways to manage cookies. Please refer to your browser instructions or help screen to learn more about these functions. For example, in Internet Explorer, you can go to the Tools/Internet options/Security and Privacy Tabs to adapt the browser to your expectations. If you use different
computers in different locations, you will need to ensure that each browser is adjusted to suit your cookie preferences.
Some modern browsers have a feature that will analyse website privacy policies and allow a user to control
their privacy needs. These are known as ‘P3P’ features (Privacy Preferences Platform).
You can easily delete any cookies that have been installed in the cookie folder of your browser. For example, if you are using Microsoft Windows Explorer:

  • Open Windows Explorer
  • Click on the Search button on the tool bar
  • Type “cookie” into the search box for ‘Folders and Files’
  • Select My Computer in the ‘Look In’ box
  • Click Search Now Double click on the folders that are found
  • Select any cookie file
  • Hit the Delete button on your keyboard

If you are not using Microsoft Windows Explorer, then you should select ‘cookies’ in the Help function for information on where to find your cookie folder

Disclosures. Who are the recipients of your personal data?

The personal data you provide to us will be held in a Data center hosted in Athens, Greece , by a company named OTE Data Centre,whose secondary site is in Hungary, and can be accessed by or given to our staff working outside of Greece and to third parties, to business partners, government bodies and law enforcement agencies, successors in title to our business and suppliers we engage to process data on our behalf, some of whom are located outside the European Economic Area, who act for us for the purposes and justifications set out in this policy.

Categories of the recipient Purpose of the sharing
companies within the Coca-Cola Hellenic group of companies and/or third-party service providers that process data on our behalf to provide our products and services
any third-party service providers any subsidiary/affiliate of Coca-Cola HBC involved by us in the provision of the services you requested or requested by us for the purposes above listed performance of the services you requested
business partner performance of the services you requested
government bodies to fulfil a legal obligation
law enforcement agencies to fulfil a legal obligation
successors in title to our business and suppliers performance of the services you requested
credit reference agencies, fraud prevention agencies, companies within the Coca-Cola Hellenic group of companies and/or third-party service providers that process data on our behalf anti-bribery, anti-money laundering, sanctions,
Know Your Customer, Credit and Anti-Fraud Check

If you submit personal information to us, you agree to such sharing.

Are your personal data transferred outside the EU?

Since Coca Cola HBC operates in many countries, your personal data, in particular the data which you upload through the Careers section of the Site, may be accessed by staff or suppliers in, transferred to, and/or stored at, a destination outside the EU in which data protection laws may be of a lower standard than in the EU. However, we always seek to ensure that your personal data receives the same level of protection as it would had it stayed within the EU, including seeking to ensure that it is kept secure and
used only in accordance with our instructions and for the agreed purpose(s).

Certain countries outside the EU have been approved by the European Commission as providing essentially equivalent protections to EU data protection laws and therefore no additional safeguards are required to export personal information to these jurisdictions (see the full list here http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.htm). In countries which have not had these approvals (such as Russia), we will either ask for your consent to the transfer or transfer it subject to European Commission approved contractual terms that impose
equivalent data protection obligations directly on the recipient unless we are permitted under applicable data protection law to make such transfers without such formalities.

Please contact us as set out in “Contact” us section below if you would like to see a copy of the specific safeguards applied to the export of your personal data.
All of the parties outside the EU to which personal data will be transferred process data, fulfill and deliver orders and provide support services on our behalf. We may also pass aggregate information on the usage of our site to third parties but this will not include information that can be used to identify you. We reserve the right to disclose your personal data as required by law, or when we believe that disclosure is necessary to protect our rights and/or comply with a judicial proceeding, court order, request from a regulator or any other legal process served on us.

Unless required to do so by law, we will not otherwise share, sell or distribute any of the personal data you provide to us without your consent.

Finally, if our business enters into a joint venture with or is sold to or merged with another business entity, your data will be disclosed to our new business partners or owners.

How we protect your personal data

Users aged 16 and under

If you are aged 16 or under, please get your parent’s or guardian’s permission before you provide any
personal data to us. Users without this consent are not allowed to provide us with personal data.

Other websites

Our website contains links to other websites which are outside our control and are not covered by this
Privacy and Cookie Notice. If you access other sites using the links provided, the operators of these sites may collect information from you which will be used by them in accordance with their Privacy Policies,which may differ from ours. We do not accept any responsibility or liability for their policies or processingof your personal data. We encourage you to read the privacy and cookie notices and terms and conditions of any linked, referenced, or interfacing websites you enter before you submit any personal data to such third party websites.

Security of data collected and data retention

We employ strict physical, electronic, and administrative security measures to protect your data from
access by unauthorised persons and against unlawful processing, accidental loss, destruction and damage both online and offline. We will retain your data for as long as necessary for said purpose of the collection and after that we will retain your data as long as the law requires.

CCHBC retains personal data in an identifiable format only for the interval that is necessary as identified by
the purposes of processing for which data are collected.

CCHBC must not keep personal data for longer than necessary to fulfill the identified lawful business
purposes or as long as required by applicable law.

CCHBC establishes a personal data retention period in accordance with relevant laws and regulations as
part of the record of processing activities.

CCHBC must justify the requirements to retain personal data for periods longer than the maximum
retention period as per business and regulatory requirements if required.

Some data must be retained in order to protect the company’s interests, preserve evidence, and generally
conform to good business practices. Some reasons for data retention include:

  • Litigation
  • Accident investigation
  • Security incident investigation
  • Regulatory requirements
  • Intellectual property preservation

Internet-based transfers and disclaimer

Whereas Coca Cola HBC AG employs reasonable measures to protect against viruses and other harmful components, the nature of the internet is such that it is impossible to ensure that your access to the website will be uninterrupted or error-free, or that this website, its servers or emails which may be sent by us are free of viruses or other harmful components.

Contacting us and your rights to access and update your personal data

Accessing, updating and deleting data

You are entitled to see the personal data we hold about you; you may also ask us to make any necessary changes to ensure that it is accurate and kept up to date or to delete the personal data we hold about you.
You may also inform us if you would like to restrict the data processing or object to the processing of personal data we hold about you. If you wish to do this, please contact us using the contact details provided at the Contact us section below. You are also entitled to provide the personal data we hold about you to another service provider of your choice.

Withdrawing the consent

In case we asked you for your consent to process personal data we hold about you, you can withdraw your consent at any time, without affecting the lawfulness of processing based on consent before the withdrawal. If you wish to do this, please contact us using the contact details provided at the Contact us section below.

Complaint

You have the right to lodge a complaint before the national data protection authority by sending your claim to it. Country Data Protection Authority contacts can be found at http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080.

Contacting us

If you have any comments relating to our use of your personal data or any questions about this Privacy and Cookie Notice, please contact us using the following e-mail address:
DataProtectionOffice@cchellenic.com. We welcome your questions and any suggestions you may have about our Privacy and Cookie Notice.
To formally exercise your rights in relation to your personal data we process, please submit a request accessing the below link 
https://privacyportal-eu.onetrust.com/webform/80345bc4-8243-4728-85f4-947ce1988002/793cdc82-6539-40f4-aa69-b942b2a6c99e

How changes to this Privacy Policy and the Cookies Policy
will be made

Please check this Privacy and Cookie Notice periodically to be informed of any changes. Although we reserve the right to modify or supplement this policy, we will provide notice to you on this website of any major changes for at least 30 days following the change and, where appropriate, through email notification.