main content pic
Policy on the processing of Personal Data 

Date of last update: 09/10/2020 


Under this updated Policy for the processing of Personal Data, the Central Market of Thessaloniki S.A. informs the users/visitors of its Website or natural persons-data subjects in general that, within its operations, it may collect and process their personal data provided that the users/visitors grant them to the Company. 
Annex A of this Policy also informs users/visitors of its premises of the data processing it carries out with regard to the video surveillance system installed in its outdoor areas. 

The Central Market of Thessaloniki S.A. is a Société Anonyme and falls under Chapter 1 of Law 3429/2005. 

The protection of personal data is governed by the principles of the General Data Protection Regulation (GDPR) 679/2016 and the National Law 4624/2019. 

Personal data we collect

The Central Market of Thessaloniki S.A. will collect and process only the personal data that are appropriate, relevant and necessary for the processing purpose in question, which, depending on the case, may include, in particular, identification or legalisation data (such as full name, date and place of birth, identity card or passport particulars, etc.), contact data (such as address, landline or mobile phone number, e-mail address), education/work history, and any other piece of information that you may provide voluntarily and in specific cases, information about criminal convictions, etc. The Central Market of Thessaloniki S.A. will not process such data for any other purpose than the one for which they have been collected. 

Users/visitors are requested to share with the Central Market of Thessaloniki S.A. only the particulars/data requested by the latter through the respective call for tenders and the expression of interest for filling a certain position, etc. In the event that the Central Market of Thessaloniki S.A. is not provided with such particulars/data, it may not be possible to carry out and/or complete the operation for which such particulars/data are requested. 

The Website of the Central Market of Thessaloniki S.A. is addressed to adults. 

Purpose of Processing

The Central Market of Thessaloniki S.A. shall use the data it collects solely for the purposes indicated below: 


  • communication purposes, or in the context of submitting tenders following a relevant call for tenders by the Company;
  • awarding of services/projects and evaluation of the relevant tenders;
  • in the context of submitting CVs for filling a certain position and their evaluation; or
  • as may otherwise be specified on the Website of the Central Market of Thessaloniki S.A. in the context of satisfying other legitimate interests of the Company or third parties (such as, for instance, defending the legal rights and interests of the Company or third parties, preventing fraud, etc.); or
  • for the Central Market of Thessaloniki S.A. to comply with its legal obligations or in the context of other legitimate purposes listed in Article 6(1) of the GDPR (such as when the processing is necessary to execute a certain contract to which you are a party and/or to take measures at your request prior to its conclusion, etc.); and
  • automated facilitation of public access to the premises of Thessaloniki Central Market S.A.



Personal Data Processing Period

The storage and processing of our customers' and users' data are carried out solely as permitted by law or following the users' express consent only for as long as necessary to satisfy the purposes of processing (as defined above) or until the user disagrees with the use of the Personal Data by Central Market of Thessaloniki S.A. or until they withdraw their consent. However, whenever required by (mandatory) law, the Central Market of Thessaloniki S.A. will retain the Personal Data for a longer period or whenever the Personal Data is required so that the Central Market of Thessaloniki S.A. can assert or defend itself against legal claims. 

Place of Data Processing

The head office of the Central Market of Thessaloniki S.A. is located in Greece; therefore, all processing carried out in our premises is within the Greek territory. 

Disclosure/Transmission of data to third parties

Access to personal data collected and processed in accordance with this Policy will in principle only be available to competent/authorized members of staff and/or members of corporate bodies of the Central Market of Thessaloniki S.A. and only to the extent required in the context of the above processing purposes. 

Furthermore, the Central Market of Thessaloniki S.A. may, depending on the case, transmit the data in question to third parties, if and to the extent required for the fulfilment of the aforementioned processing purpose, e.g. to its shareholder, consultants and/or partners in general, as well as to any kind of authorities, bodies, services, institutions and/or organisations, etc. 

In the event that the Central Market of Thessaloniki S.A. is interested in establishing a partnership with other persons, this partnership will involve the processing of personal data by these persons - as processors - on its behalf. These persons should comply with the national and EU legal framework for the protection of personal data and sign a contract with the Central Market of Thessaloniki S.A. that will govern the terms and conditions of the data processing carried out in this context and will be in accordance with the applicable provisions. 

How to access and control your Personal Data

Users of the Central Market of Thessaloniki S.A.’s services may request information about their Personal Data from the Central Market of Thessaloniki S.A. at any time and may also request their correction or deletion. The Central Market of Thessaloniki S.A. may delete the data only if there is no legal obligation or if it has no other legal right to retain them. In case a user's data is deleted, the Central Market of Thessaloniki S.A. shall not be able to continue to provide its services to this user, as long as such services require the use of such data. 

Last but not least, users may request the Central Market of Thessaloniki S.A. to restrict any processing of their Personal Data in the following cases: 

1. The Personal Data held by the Central Market of Thessaloniki S.A. is incorrect.

2. They do not agree with one of the above processing procedures. 

Users may contact us for any request or clarification needed via the email addresses listed in the contact information, specifying the information or processing activities related to their request as well as the format in which they want this information. The request will be carefully reviewed and we will work with the user to discuss ways to best fulfil the request.

Cookies and Similar Technologies


The Central Market of Thessaloniki S.A. uses cookies (small text files installed on your device) and similar technologies and services that use your IP address to provide its Website, mobile application and online services. More details about the cookies used by our Website can be found in the Cookies Policy posted on this Website. 

Contact information

The Controller is the Central Market of Thessaloniki S.A. located in Nea Menemeni, Thessaloniki, Postal Code 54628. Phone number: +30 2310 764023 Email address: 

The Central Market of Thessaloniki S.A. has appointed a Data Protection Officer (DPO) and you can contact them at

Changes to the current policy

The Central Market of Thessaloniki S.A. may amend this Personal Data Privacy Statement in order to comply with the applicable data protection practices. Upon making changes to this statement, the "Date of last update" field at the top of this page will automatically change. We encourage you to review this Personal Data Processing Policy from time to time in order to be informed on how the Central Market of Thessaloniki S.A. protects your data. 

Questions about the policy and its implementation

The Central Market of Thessaloniki S.A. is committed to protecting your personal data on the Internet. Should you have any questions or comments regarding our handling of your personal data, please contact us at the address and details listed above in the contact information section.


Information on the processing of personal data through video surveillance (CCTV) 




POSTAL CODE: 54628 - PHONE NUMBER: +30 2310 764023



Purpose of processing and legal basis

We use a surveillance system to protect persons and goods. Processing is necessary in order to pursue our legitimate interests as a Controller (Article 6(1)(f) GDPR). 

Legitimate interests overview

Our legitimate interest consists in the need to protect our premises and the goods located there from illegal acts, such as theft. The same applies to the safety of the life, physical integrity, health and property of our staff and of third parties lawfully located on the premises. We only collect image data and do so only in areas where we have assessed that there is an increased likelihood of committing illegal acts e.g. theft, such as at our counters and entrance gates without focusing on areas where the privacy of the person whose image is taken may be unduly restricted, including their right to have their personal data respected. 


The material held is accessible only by our competent/authorised personnel who are responsible for the security of the site. This material is not transmitted to third parties, except in the following cases. It might be transmitted to (a) the competent judicial, prosecutorial and police authorities when it contains data necessary for the investigation of a criminal offence involving persons or property of the Controller; (b) the competent judicial, prosecutorial and police authorities when they lawfully request data in the course of their duties; and (c) the victim or perpetrator of a criminal offence when it concerns data which may constitute evidence of the offence. 

Data retention time

We retain data for fifteen (15) days, and after the elapse of this time frame it shall be automatically deleted. In case we detect an incident during this period, we will isolate part of the video and keep it for up to one (1) more month in order to investigate the incident and initiate legal proceedings to defend our legitimate interests, and if the incident concerns a third party, we will keep the video for up to three (3) more months. 

Rights of data subjects (individuals)

Data subjects (individuals) have the following rights:

  • Right to access: You have the right to know whether we are processing your image and, if so, to receive a copy of it.
  • Right to restriction: You have the right to ask us to restrict processing, such as not deleting data that you consider necessary for the establishment, exercise or support of legal claims.
  • Right to object: You have the right to object to processing.
  • Right to deletion: You have the right to request that we delete your data.



You can exercise your rights by sending an e-mail to or a letter to our postal address or by submitting the request to us in person at our address. In order for us to review a request related to your image, you will need to identify approximately when you were in the range of the cameras and provide us with an image of you to assist us in identifying your own data and concealing the data of third parties depicted. As an alternative, we offer you the opportunity to come to our premises to show you the images in which you appear. We would also like to point out that the exercise of a right to object or delete does not imply the immediate deletion of data or the modification of processing. In any case, we will reply to you in detail as soon as possible within the time limits set by the GDPR. 

Right to lodge a complaint

Should you consider that the processing of your data infringes Regulation (EU) 2016/679, you have the right to lodge a complaint with a supervisory authority. 

The competent supervisory authority for Greece is the Hellenic Data Protection Authority, 1-3 Kifissias Str., 115 23, Athens, Greece,,Phone number: +30 210 6475600.