GDPR POLICY

This Privacy Policy (hereinafter referred to as "Policy") is in line with the requirements of the new Personal Data Act, the General Data Protection Regulation (Regulation 2016/679), which has entered into force in all EU Member States. E. from 25 May 2018. Therefore, your policy provides all the necessary and useful to briefing about the identity of the business Lazaros Hadjiforados & Sons Ltd (Mr. Bricolage Cyprus) , its relations with third parties, the provisional Spades data collected by or for you and process, process and information about the rights you have.

This Policy applies regardless of whether you access our website through your personal computer , mobile device or any other technology or device. For any questions, you can contact the Ministry of Liability Privacy enterprise P.L.P. DPO SERVICES LTD (HE 3857 48) to the email address ap@dposervices.com.cy (Data Protection Officer).

1. Purpose
1. Our Organization

The company Lazaros Hadjiforados & Sons Ltd (called "the Company") is a limited liability company duly registered in Cyprus under the Law on Capital Laws Chapter 113. The Company has signed a cooperation contract with Mr. Bricolage, a French retail chain of home improvement products and do-it-yourself, for brand development in Cyprus. The purpose of the collaboration is the development of stores of Mr. Bricolage all over Cyprus. In the company's stores, you can find all the solutions for your DIY. The store has products from the following categories: • Decoration • Home Equipment • Garden • DIY • Plumbing - Heating.

2. Data Processing Responsibility

In the context of providing the company's services and in order to improve its effectiveness, some personal data concerning you are collected. The Company, as the Data Controller, determines all the procedures, means, and purpose of the processing of personal data, in accordance with the requirements of the respective European and national legislation on personal data (General Data Protection Regulation - Regulation 2016/679) and L.125 (I) / 2018 as amended and / or as amended from time to time.

3. Jointly liable for data processing

In any case, the Company processes data in collaboration with another company, jointly determining the purposes and means of processing, these two legal entities become, in accordance with the legal provisions of the General Data Protection Regulation , " jointly responsible for processing " , on the basis of an express and written agreement specifying their respective responsibilities and duties. The agreement stipulates that epic point fiber for underlying data (customers-parties) are the Company and in particular the Data Protection Officer appointed.

In addition, the Company may delegate to third parties (natural or legal) assigning certain unites by its operations , such as for example auditing firms , attorneys -economic company s or data storage companies or payroll payment to the clerical staff of the Company . In this case, the third party becomes the "executor ". K c in this case take all the necessary safeguards for the protection and lawful processing of personal data (ie written contracts with explicit delegation of powers, etc.)

2. Categories and uses - data collected Umea

3. Principles of data processing legalization

All personal data processing procedures are carried out in accordance with the legal principles established under the General Data Protection Regulation. Particularly:

Accountability Principle:The Controller, the company may at any time prove compliance t th with the General Regulations . As it is emphasized below, all the necessary technical and organizational measures are taken for the security of the data, which proves the compliance of the organization (see section on "Security").

Principle of legality - principle of limitation of purpose: as demonstrated above in the practices used for data processing, the legal basis for processing the data is stated as well as the purpose of processing.

Principle of data minimization:the data collected each time processed and processed are absolutely necessary and appropriate, depending on the purpose of processing. Especially with regard to this principle, some special cases are mentioned, such as:

• In accordance with the Laws on the Sale of Goods and on Legal Agreements (Cypriot national law),
• Copies of employees' contracts are kept in accordance with national social security legislation.
• In case of consent of the customer to process his personal data for purposes other than the original (as shown in section B), the data stored are the name, email , email address and telephone number.

Principle of accuracy: the company shall take all necessary measures to ensure that the personal data being processed is accurate or deleted or corrected without delay. This is in accordance with the previous principles mentioned.

Principle of limitation of the storage period: the data are kept only for as long as it takes to carry out their processing purposes. See in particular a section on "Data storage".

Principle of integrity and confidentiality: all personal data is processed under high security guarantees. See in particular, the "Security" section below.

4. Exclusion of personal data

We will not assign, disclose or rent your personal information to any third party / organization / body in a manner other than that described in this Policy . However, I reserve the right to disclose your personal information to third parties:

1. In case of compliance with any legal or regulatory obligation, as described above in section B.
2. In order to cooperate with the law enforcement services for the enforcement of laws, as well as for the investigation and prosecution of illegal activities such as e.g. scams, financial crimes, property damage. Deuterium with the right to disclose information As relevant to you , in law enforcement bodies and in brine Luce competent bodies when is necessary or related to any investigation of fraud or other illegal activity.

In short, these principles are:

• Judicial authorities
• Police prosecuting authorities
• Financial & Tax emphasis s Service s Cyprus Republic
• Working Principles & Services Cyprus Republic
3. In case of establishment, exercise or support of legal claims, it is possible to disclose personal data
4. we will not be known poetry we confirm your personal data to third parties outside the European Union in countries where there is an appropriate data protection regime. However, if you need to place such a data transfer, it will be in accordance with with the necessary guarantees have been b ASEI European legislation (Regulation 20 16/679), the National Law (125 (I) / 2018) as amended following previous cooperation with the National Supervisory Authority for the Protection of Personal Data, ie the Office of the Commissioner for the Protection of Personal Data of the Republic of Cyprus.

5. Time data exercise dimensions
• Your data is stored only for as long as necessary for the purpose for which it was collected, in accordance with the principles el achistopoiis th data and limitation of the storage period.

Based on these principles , your data will only be retained during the period required to carry out the collection / processing purposes. Therefore, and the vibrating which have been provided by you and processed, maintained throughout the period of cooperation you to the company and up to end any difference your financial or other relationship or cooperation with t not company.

After the expiry of the contractual you ve relationship , the data you and especially your credit card number, ID number , the d iefth your es , will be retained for a period of up to six (6) years, according to the provisions of specific national laws ( company law, law on the prevention and control of money laundering).

The retention of data for longer periods of time for historical, research and statistical purposes is permitted , upon receipt of the necessary and appropriate technical and organizational measures (see section "Safety"). Such periods are defined as six (6) years, which are added to the initial data storage time. After this time period, your data will be completely deleted.

If exercise legal claims in relation to exchange, check, credit card, overdrafts on accounts or other relevant economic differences, the data is maintained until the completion of the purpose and Seq outhos deleting century.

For companies / organizations / other entities, after the end of their contractual relationship with the company , their data will be kept falsified for six (6) years, with the possibility of extension for another four (4) years, for social, statistical and research purposes. After this time period, the data will be completely deleted.

In addition, we emphasize the preservation of your data with possible variations resulting from the exercise of your personal data protection rights . However, in some cases, specific personal information may be retained beyond this time limit due to possible legal obligations, legitimate interests, etc. Such cases are possible issues related to:

• Money laundering
• Taxation
• Economic Pending
• Legal Obligation
• Any other legal issues

6. Data Storage
1. The data of customers retained and stored in special areas to store and / or storage and / or the Department of Accounting of the company . In parallel, a separate file on the necessary personal identification of clients required for the conomic purposes (onomatepo surname, identity number , address, credit card number) is kept in the Department Accountants tiriou of ht Aires . Finally, the Marketing and Sales Department of the Company maintains a special form / register / book in which the name, address and transactions of the customers are obligatorily assigned . In all cases, the storage and retrieval of data takes place under the full supervision of the Head of the respective Departments. After the end economic difference customers with t not PARTNERS Funds kept and stored psefdonymopoiimena and encrypted, the indispensable personal data (as defined in Section B) in the Accounting Department (for economic purposes).
2. Data of other persons (such as suppliers or other persons cooperating with any form of contractual relationship with the company ), ie different from those of paragraph 5.1., Are kept and stored in the Company's Accounting Office , under the absolute supervision of the Head of the Office. Members of the company 's management can access this data.
3. Data of clerical staff keep safe sontai and stored in the Department of Accounting or coal oh RESOURCES , under the ultimate supervision of the Manager of the Department. Employees of the Accounting Department may have access to this data in order to perform their financial duties. Access to such data may be members of the management of the company r e limit .

7. The rights of the protection of your personal data
1. At all times, while retaining or processing your data, you retain the following rights in accordance with the statutory requirements of the General Data Protection Regulation (Articles 13 et seq.) And you may submit a request through your personal account:
• Right of revocation of consent: if the legal basis for processing your personal data is your consent, you may withdraw it at any time without prejudice to the lawfulness of the processing based on the consent prior to its revocation.
• Right to information - have the right to deliver Rize either be collected and processed personal data , as well as to receive information about the identity of Mr. century the contact details of the controller, the contact details of the DPO, the dust broths data and the legal processing base, the possible intention of TEN transmission controller omenon in a third country or third body, the period of storage of your data as well As the right Panorama assist glycol complaint to a supervisor.
• Right of access - Have either the right of access to personal s ince we maintain about you
• Coll aioma correction - have a right to correct inaccurate or incomplete are not vibrating we maintain c k you, such as being omateponymo, email address, preferences declared in the selection room and other information.
• Right to delete - you may request that the data we keep for you from our files be deleted and we are obliged to satisfy your request in specific cases , when our law allows it.
• Restriction right t th Editing asian - have the right to ask to restrict the processing of your personal data and we are obliged to satisfy this request , when specific conditions apply.
• Right p portability data - have the own DMA to zit isete in digital form ( of cd ) personal data processed for you as well be transferred t a data n th adhere resorts to another body . This right shall not apply when the processing of data is for the purposes of the public interest.
• Right of opposition - you have the right to object to the processing of personal data concerning you , under certain conditions . For example, if the company maintains personal data of its customers for statistical purposes, a former customer has the right to object.
• Right to object to automated decision including the training profile: The EDF ireia process your personal data, both customers and employees in order to collect if forecasts interests or preferences of a client or the ability to perform a task on behalf of the employee. In this case, the legitimacy of the data processing is valid as long as no prior objection has been exercised by the subject. The right of objection is not exercised when there is a need for the performance of a contract (eg in the field of labor law during the recruitment process necessary personal information is given), or by law or consent has been given for simple data. In addition, automated data processing does not apply to specific data categories (formerly "sensitive"), such as health data, unless consent has been given or there is a public interest reason (eg in the case where the company is called upon to pay health benefits). to provide information from the employee about possible inconveniences).
2. We will evaluate your request and respond to you regarding its progress (request approval, partial request approval, request rejection) as soon as possible and definitely within one month of its submission.
3. If the request vain you exercised repeatedly or require disproportionate technical effort or may affect the privacy of third persons, or we can reject as unfounded or to demand the payment of a reasonable fee. In any case , the answers to your requests will be justified and notable to you (either in print or electronically).
4. You have the right to file a complaint directly with the National Supervisory Authority for Personal Data Protection in Cyprus and with the Data Protection Officer.

8. Data protection polict for minors
1. R t Buenos not undertake any minor data processing and specifically for people aged under 14 years, unless it has provided prior co testimony of a parent or guardian them or ASCO ynton of parental responsibility.

9. Processing of industrial data - installation of a closed circuit monitoring system

The Company uses closed video surveillance circuits, through which your personal data is processed, such as your image. The installation and use of these circuits is done only to safeguard and protect the safety of the facilities and to prevent or investigate criminal acts. In areas where establishments dardised are distinct markings with letters to inform both customers and employees and for the purpose of video surveillance. It is noted that all necessary technical measures are taken for the proper and secure protection of the data being processed as well as for their safe deletion (such as for example only image and not audio recording as well as certain data storage time, which is defined in fifteen (15) days. After the expiration of this period, the data is completely deleted , unless used at the request of a national authority.

Furthermore , the Company uses system decline olouthisis / position (motion capture) the employer films or vehicle work that he uses by Council stamens GPS ( Global Positioning System ). H using such viruses systems become bleed cent only for the preservation of property assets of the company , the distribution of the products of the company as s and the routes and destinations of drivers since it constantly vary.

10. Security
1. The Company takes all necessary, appropriate and appropriate measures to ensure that your personal data is processed, in order to prevent or minimize any infringement. These measures are in line with both modern best practices and the requirements of European law. Indicatively, the techniques of pseudonymization and cryptography are mentioned. Of course, other methods are being used, such as creating strong security codes, monitoring and locating actions under legal conditions, and strict adherence to political confidentiality. All of these actions are intended to protect data from misuse, unauthorized access or disclosure, loss, alteration or destruction.

11. Advertising Messages

The sending of advertising messages in any way (electronically or on paper) for products and / or services limits the Company effected solely at ensuring free and explicit consent of the subjective mind, which is administered in relatively consent forms.

12. Cookie Policy

The website of the company we use "cookies" to activate all functions for better performance during your visit.

"Cookies" are small files with information that a website (specifically the web server) stores on a user's computer, so that every time the user connects to the website, the latter recovers the information and offers to the user with these services. A typical example of such information is the user's preferences on a website, as stated by the user's choices on that website (eg selecting specific "buttons", searches, ads, etc.). The cookies help us to improve our service to you and to upgrade our website.

The installation of "cookies" is allowed only with the consent of the user and after appropriate updating, according to European and national legislation (Directive 2009/136, art. 5 as well as Law 1212 (I) 2004, art. 99 par. .5).

As an exception to the general obligation to inform and obtain consent, European law prescribes any technical storage or access, the sole purpose of which is to transmit a communication via a network of electronic communications or which is absolutely necessary. The information society service provider may have explicitly requested that the subscriber or user provide this service.

The "cookies" that are excluded are essentially those that are considered technically necessary to make the connection to the website or to provide the service online. For example, such "cookies" are those that are deemed necessary when completing an online form by the user or for registering the user's purchases in an online store (eg by selecting the "Add to Cart" button), " C ookies" that are installed for the security of the subscriber or user, such as "cookies" that detect incoming failed attempts to log in to a user's account on a specific website as well as "cookies" that "remember" his options subscriber Calibrator or user of the presentation of the website (eg «cookies» on the choice of language or display search results in a website).

13. Changes in the political disclosure

Given the changing conditions and diversity of the services provided by the Company as well as the evolution of the legal regulatory framework, the company's personal data protection policy is subject to regular review, constant updating and updating, while providing optimal protection of your personal data. Any information will be communicated to you through the existing website or by mail or electronic communication.

14. Definition of ministry of data protection

In accordance with the requirements of European legislation (Regulation 2016/679, no. 37 et seq.) We inform you that the Data Protection Officer, the Company P.L.P. DPO SERVICES LTD (HE 385748) If at any time you believe that we do not comply with the provisions of this Policy or any other matter relating to data protection, please contact the Data Protection Officer via the following contact details.

Email: ap@dposervices.com.cy

Tel: 24 252584