By means of this Policy, the Hellenic Recovery Recycling Corporation (hereinafter the Corporation) in its capacity as Controller would like -as part of its commitment to being transparent- to inform you about the manner in which your personal data is used and processed in general, the measures taken to keep it safe, as well as about your rights, in compliance with the applicable regulatory framework on personal data protection.
What categories of personal data do we process and for what purposes?
Our Corporation collects and processes only those data which are necessary to achieve the following lawful and specific purpose, provided that it has the legal basis required for that in all events. More specifically:
|DATA CATEGORIES||PURPOSES OF PROCESSING||LEGAL BASIS|
|Evaluation of candidates to fill a job post||Corporation’s legitimate interests|
(e.g. phone number)
|Data on past service, training, professional experience (e.g. study certificates, seminars)|
|Personal identifiers (e.g. name-surname)||To contact you after comments, complaints, etc. were submitted.||Corporation’s legitimate interests|
(e.g. phone number, email)
|Contact details (e.g. email)||Dispatch of information about our Corporation to anyone interested||Consent|
|Contact details (e.g. email)||Dispatch of Corporation info-leaflets to associates||Corporation’s legitimate interests|
|Cookies||– Proper operation and management of our website
– Exploring and resolving technical issues (e.g. bugs)
– Security or investigation of any fraud or other breaches of the terms and conditions of use of our website.
|Corporation’s legitimate interests|
|Personal identifiers (e.g. name-surname)||Compliance with the obligations imposed by the applicable legislative and regulatory framework and supervisory requirements and decisions of authorities or courts||Legal obligation|
(e.g. phone number)
|Financial Information (e.g. IBAN)|
|Taxation and Social Security IDs (e.g. Tax Reg. No., Social Security No.)|
|Personal identifiers (e.g. name-surname)||Preparation and performance of contracts with you and in general ensuring problem-free operations and discharge of our contractual obligations||Contract Performance|
|Contact details (e.g. phone number, address)|
|Financial Information (e.g. IBAN)|
|Taxation and Social Security IDs (e.g. Tax Reg. No., Social Security No.)|
|Personal identifiers (e.g. name-surname)||Promoting the Corporation’s work and activities||Consent|
|Personal identifiers (e.g. name-surname)||Contacting you to understand your level of satisfaction with our services||Corporation’s legitimate interests|
|Contact details (e.g. phone number)|
|Personal identifiers (e.g. name-surname)||Catering to, managing and satisfying your requests||Corporation’s legitimate interests|
|Contact details (e.g. phone number, email)|
The Corporation processes your data to achieve its legitimate interests only on condition that those interests do not go beyond your rights and freedoms.
If you want to learn more about our Corporation’s policy on cookies used on our website, please click “COOKIES”.
Who can we collect your data from?
In order to achieve these processing purposes, we collect information which you either disclose or which we obtain from publicly accessible sources, including social networks, or which is disclosed to us by third parties (whether natural or legal persons) such as recruitment and job search companies, telephone service providers (such as call centers), market research companies, companies engaged in promotional activities, and companies organizing and managing competitions and events.
Who do we disclose your data to?
In addition to its employees, our Corporation may disclose your data to third parties / recipients (whether natural or legal persons) provided that suitable technical and organizational measures are taken, and that the duty of confidentiality and secrecy is complied with. These include:
- Consultancy and auditing firms
- Database management companies
- Companies providing postal services / companies developing, maintaining, configuring IT applications / email service providers / Internet hosting providers
- Market research companies
- Companies undertaking promotional activities
- Secretarial support companies
- Competition and event organizers / managers
- Supervisory, auditing, regulatory, judicial, municipal, public and/or other authorities and bodies.
- Financial institutions
In all events the Corporation warrants that it will not transfer, disclose, assign your data, etc. to third parties for any purpose or use other than those expressly notified in this Policy. However, we reserve the right to disclose information relating to you, if the legislation obliges us to do so, or if such disclosure is required by the competent supervisory, auditing, independent, judicial, public and/or other authorities.
Moreover, the Corporation does not send your data to countries outside the European Economic Area (EEA). If a need arises in the future, we undertake to provide you with immediate information and take all measures necessary to ensure that your data is protected.
How long will we retain your personal data for?
The Corporation retains your data for such time as the purposes for which they were collected and referred to above remain in effect.
The Corporation may retain your data even after the said collection and processing purposes are met in the following limited cases:
- Where the Corporation has a legal obligation under a relevant provision of law.
- For use before any auditing authority in the context of the statutory limitation period.
- If required for the proper organization and operation of the Corporation.
- Until statute-barring of the relevant claims to defend our Corporation’s rights and legitimate interests before all competent courts and other public authorities.
- Where there is an administrative or judicial dispute relating directly or indirectly to your data, until a final court ruling is handed down.
After the end of the retention period, the Corporation ensures that your data is safely destroyed from our hard copy files and IT systems in compliance with the applicable data retention policy from time to time.
What are your rights?
- Right of access: You are entitled to request information about how your data is processed (such as the purposes of processing, categories of data, recipients, retention period, etc.).
- Right of rectification: You are entitled to ask us to correct or supplement your data.
- Right of erasure: You are entitled to request that all or part of your data be erased (e.g. if the data is no longer needed for the purposes for which it was collected, etc.).
- Right to restrict processing: In some cases, you are entitled to request a restriction on the processing of your personal data (e.g. in the case where you exercise your right of rectification until the accuracy of your data is verified).
- Right of portability: You are entitled to ask to provide you with a copy of your data and to re-use it or share it for your own purposes.
- Right to object: You are entitled at any time to object to the processing of your data which serves our legitimate interests, which are referred to in a previous section hereof.
- Right to withdraw consent: Where the legal basis for processing your data is consent, you are entitled to request that consent be withdrawn at any time. When your consent is withdrawn, we will stop processing your data for the purpose or purposes for which it was initially collected, unless we have another legal basis for lawfully processing it. The withdrawal of consent does not affect the lawfulness of processing based on consent before the consent was withdrawn.
How can I exercise my rights?
If you wish to exercise any of your rights you can contact by email at firstname.lastname@example.org.
If a request is submitted to exercise your rights, the Company will respond to your request within 1 month from submission. Taking into account the complexity of the request and the number of requests being processed, that deadline may be extended by a further two months after you have been notified in advance.
We will respond to that request free of charge. However, if your request is clearly unfounded, excessive or recurring, we may either impose a reasonable fee (we will inform you about this) or refuse to respond to your request.
If you consider that your rights are infringed in any manner, you are entitled to submit a complaint to the competent supervisory authority:
Hellenic Data Protection Authority
Postal address: 1-3 Kifissias Avenue, GR- 11523 Athens
Switchboard: +30-210 6475600
Fax: +30-210 6475628
How do we protect your data?
The Corporation has an information security management system in place to safeguard confidentiality, ensure the security of processing of your personal data and protect data against accidental or unlawful destruction, loss, alteration, prohibited dissemination or access and all other forms of unlawful processing. To this end, the Corporation uses anti-malware software (such as Firewall, WAF, etc.) and password protection mechanisms (such as encryption) in line with international market standards to ensure the confidentiality and integrity of your personal data. Having said that, it is your responsibility to ensure that the device you use is adequately safe and protected against dangerous software (such as Trojan horses, viruses, etc.). You should be aware that without adequate security measures (such as secure browser settings, updated software for viruses, effective firewalls, not using software from doubtful sources, etc.) there is a risk that the data and passwords used to protect access to them may be disclosed to unauthorized third parties.
What else do I need to know?
- Our Corporation does not implement automated individual decision-making, including profiling.
- The Corporation does not collect or acquire access in any manner via its website to special categories of (sensitive) personal data or data relating to criminal convictions and offenses. Visitors to the site are obliged to refrain from providing such data relating to themselves or third parties. Otherwise, the data will be deleted once they come to our attention. The Corporation bears no liability to visitors or third parties for any provision and/or processing of such data due to their acts or omissions in breach of this obligation.
- If you want to learn about the new General Data Protection Regulation (Reg. (EU) 2016/679) click here:
- This Policy may be amended from time to time so that it is always in accordance with legal requirements and the manner in which our business activities are conducted. If we decide to replace this Policy or make major changes to it, we will inform you about this via a notice on this website. To learn about the most recent version of the Policy, check this page regularly.
How can I contact you?
If you have questions or complaints about this Policy, you can contact us in the following ways:
Hellenic Recovery Recycling Corporation
5 Himarras St., Marousi GR-15125
Tel. 2108010962-3, email: email@example.com
«Personal data»: any information relating to an identified or identifiable natural person (“Data Subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
«Processing»: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
«Controllers»: the natural or legal person, public authority or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
«Personal data breach»: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.
«Recipient»: a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not.
«Third party»: any natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
«Data Subject’s Consent» any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.