The Company recognizes and respects the importance of the personal data it processes in its activities and has therefore fully adapted its policy to the requirements of the General Personal Data Protection Regulation (hereinafter GDPR) 2016/679 / EU.
With this statement, the Company wishes to inform its counterparties in what capacity, for what purpose and on what lawful basis it processes information relating to them and which can be used to identify them directly or indirectly, that is to say, their personal data, their data categories, the sources of their data (when the data are not provided by the person himself), the criteria for determining the period of storage of their personal data, their ability to exercise, regarding their personal data, the rights of accessibility and rectification and, where appropriate, the rights of erasure, restriction and object to the processing and processing by means of automated decision-making process, including profiling, the eventual transmission of personal data to a third country or an international organization, the ability of individuals to lodge a complaint about any violation of their personal data rights with the Data Protection Authority, as well as the adherence of relevant privacy policies and safeguards by our Company.
To this end, please take a moment to read this statement from the Company.
If you have any questions or concerns, if you wish to receive a copy of this statement or wish to exercise any of the following rights pertaining to your personal data, please contact our Company’s Data Protection Officer, Ms. Alexandra Lavda, at +30 2103245142 and at email: firstname.lastname@example.org
1. Data Protection Officer
Destsetters (referred to as “the Company”), with registered office in Greece, at Kriezi 1, Athens, Greece, P.C. 10553 has processes in its activities the personal data of its counterparties, being the controller.
2. Data sources
We collect your personal data from various sources, including:
- Personal data you give us directly
- Personal Data we collect automatically
We may collect web traffic statistics like:
- Your IP address,
- The time of your visit,
- The request made at our website,
- The headers sent by your browser
Personal data we collect from other sources
3. Categories of data
The personal data we process on a case by case basis is
Regular Personal Data: full name, birthdate, ID number, VAT number, address, phone number, e-mail.
Special Categories of Personal Data: Health Data
4. Purpose of Processing
The reasons we process your data are on occasion to contact you in order to answer your questions and requests, to evaluate your resume, to sign commercial contracts with you, to fullfill our contractual obligations to you, to fulfill the legal obligations arising from national and EU law, to organize our activities in the field of electronic communication with our customers.
5. Lawful basis for processing
In particular, the lawful basis for processing your data are as follows:
- Article 6 par. 1a GDPR. When you have given your consent to process your data for one or more specific purposes. We use this basis, for example, to collect your contact details to send you newsletters etc.
- Article 6 par. 1b GDPR processing is necessary for the performance of a contract to which you, the data subject, are counterparty or in order to take steps at the request of the data subject prior to entering into a contract; On this basis we rely, for example, for processing your data during negotiations of any kind of contract or commercial agreements by disclosing your data when required by a third party recipient, through which we can fulfill our contractual obligations to you.
- Article 6 par. 1c GDPR, when the processing is necessary for compliance with a legal obligation to which the controller is subject
On this basis, we rely to comply with our statutory obligations such as tax or insurance provisions
- Article 6 par. 1f processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.
6. Transmission of personal data outside the European Union
Your personal data is NOT transmitted outside of the European Union.
7. Disclosure to third parties
The Company does not disclose or transfer your personal data to third parties.
The Company may disclose or transmit your data to third parties provided that the legal obligations for that purpose are met, namely when there is:
- your previous consent as data subjects
- Legal Obligation of the Company to provide employee data to Corresponding State Agencies and Organizations and the relevant Judicial and Prosecution Authorities upon lawful and competent request
8.The period for which your personal data will be stored
The Company retains your personal data for as long as the processing purpose persists, and after its expiration, the Company lawfully maintains your personal data when it is necessary to comply with a legal obligation under ΕU or national law (for example, Labor, Tax Insurance and Administrative Law) as well as in the case where the maintenance is necessary for the foundation, exercise or support of the legal claims of the Company.
9. What are your rights
Right of Access
You have the right to receive a) confirmation regarding the processing of your data, and b) a copy of your personal data
Right to rectification
You have the right to obtain from our Company the rectification of inaccurate personal data concerning you, or ask to have incomplete personal data completed, when they are inaccurate.
Right to erasure
You have the right to obtain from our Company the erasure of personal data concerning you, if you no longer wish to have such data processed and if there is no legitimate reason for the Company to own it as a controller
In particular, this right shall be exercised:
- when the lawful basis for processing is your consent and you withdraw it, so the data should be deleted if there is no other lawful basis for processing.
- when your personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed or unlawfully processed or if you object to the processing and there are no compelling and legitimate reasons for processing
It should be noted, however, that this is not an absolute right, as the further retention of personal data by the Company is lawful when necessary for reasons such as compliance with a legal obligation of the Company or the foundation, exercise or support of legal claims.
Right to restriction of processing
As an alternative to the right to erasure and the right to object, you have the right to request that our Company processes your data only in specific cases.
When do you have this right?
- you invoke the inaccuracy your data, and the Company as Controller examines the request
- the processing is unlawful
- the data is no longer necessary for the purpose of processing, but you ask from our Company to retain it for the exercise and defense of your legal claims
- You have exercised the right to objection and the Company as a controller is examining the existence of an overriding legal interest therein
The exercise of this right may be combined with the right to rectification and the right to object.
- If you request the rectification of your inaccurate data, you may request a restriction of processing for as long as the Company examines the rectification request
- If you request the right to objection, you may request at the same time the limitation of the processing for as long as the Company examines the counterclaim
Right to data portability
You have the right to receive your personal data that has been processed by the Company as a controller in a structured, commonly used and machine-readable format (for example XML, JSON, CSV, etc.). You also have the right to ask the Company to transmit this data to another processor without any objection
The right to portability can only be exercised by you when all of the following conditions are fulfilled: personal data are processed by automated means (printed forms are excluded)
- The lawful basis for processing is either your consent or the performance of a contract to which you are a party (Article 6 (1) (b) of the GDPR);
- It is your own personal data as the data subject that is processed and has been provided by you.
- The exercise of the right does not adversely affect the rights and freedoms of others.
Right of objection
You have the right to oppose, at any time and for reasons related to your particular situation, to the processing of personal data concerning you when the processing is based either on (a task performed in the public interest) or on (if the company has a legitimate interest), including profiling
The Company will be required to stop such processing unless it demonstrates imperative and lawful reasons for processing that override your interests, rights, and freedoms, or for the foundation, exercise or support of legal claims.
Right to non-automated individual decision-making including profiling
If the Company needs to make a decision that produces legal effects for you based solely on automated processing the following apply:
- The Company as a controller may lawfully make such a decision only if you have given us your explicit consent or when the decision is necessary for the conclusion or performance of a contract between us or if such a decision is permitted by EU or national law, which provides for appropriate measures to protect the rights of the subject.
- If this decision is made as necessary for the conclusion or performance of a contract between us, namely the Company as a controller and you as the data subject or upon your explicit consent, you have the right to challenge this decision, so that the Company will be obliged to apply measures to protect your rights, ensure human interference in decision-making, or the right to express an opinion and challenge your decision as a subject of the data.
- If the Company intends to perform automated data processing, including profiling, it will provide you, upon receipt of your data (when collected by you) or in a reasonable time (when taken from another source) and the following additional information:
– whether and to what extent automated decision-making takes place, including profiling,
– on the logic followed,
– on the importance and predicted consequences of the processing,
– information on the subject’s right to object, which is clearly and separately described from any other information.
- In any case of profiling, you are entitled to limit the processing at any stage
- The Company will be required to delete the relevant personal data if the basis for profiling is your consent and it is revoked or if you exercise the right to delete its data and if there is no other legal basis for processing in accordance with the provisions of Regulation
- You have the right to oppose at any time and for reasons related to your particular situation to the processing of your personal data when the processing is based on the legitimate interest of the Company, including profiling and the Company will cease submitting the personal data processed unless it demonstrates imperative and legitimate reasons for processing that override the interests, rights, and freedoms of the subject or for the foundation, exercise or support of legal claims.
10. You have the right to submit a complaint to the (Personal) Data Protection Authority
If you find that your personal data is being processed unlawfully or your personal data has been violated, provided that you have previously contacted the DPO for the matter and you have exercised your rights towards the Company, and you either did not receive a reply within one month (extending the deadline to two months in the case of a complex request) and either you believe that the answer you received from the Company is inadequate and your issue is not resolved, you can contact the Data Protection Authority Kifissias Avenue 1-3 TK 11523 Athens email@example.com, fax 2106475628 for more information see the Web Portal www.dpa.gr.
The Company shall implement appropriate technical and organizational measures to ensure an adequate level of protection of personal data in order to prevent the destruction, loss, alteration during any unauthorized access, disclosure or transmission to a non-entitled person or entity in any way.
The Company does have business continuity and disaster recovery plans that are periodically tested and updated and has in fact established and implemented appropriate policies and procedures for the security and protection of the data it processes.
In addition to this, the Company has reviewed the contracts it holds with processors to force them to respect your personal data under the GDPR by taking and enforcing measures to secure them from risks of destruction or loss of altered unauthorized access to disclosure or transmission to a non-entitled person or entity in any way and by signing compliance with a confidentiality clause.
* WP29: Established under Article 29 of Directive 95/46 / EC on the protection of individuals about the processing of personal data and on the free movement of such data. The Group is advisory to the European Commission but is independent. It is composed of a representative of the Data Protection Authorities of each Member State and examines issues of particular gravity or issues of particular interest in the protection of personal data falling within the first pillar of the EU. Consideration of these issues takes place either at the request of the European Commission either on a proposal from the members of the Group. The Group publishes opinions and working papers. Already after the application of the 2016/679 Regulation, it functions as the European Data Protection Board.