PERSONAL DATA PROTECTION POLICY


1.        Clarifications for the electronic data processing (EDP)

 

1.1        Introduction

We would like to inform and assure you that our company, ATESE S.A., has as its main and primary priority the protection of a persons’ data, with whom it co-operates , in any way. For this reason we take the appropriate measures in order to protect the personal data, we process and to ensure that the collection and processing of them are in accordance with the legal framework, both by the Company itself and by third parties, who process personal data on behalf of the Company.

 

1.2        Data Protection Officer (DPO)

ATESE S.A. Company (website: www.atese.gr) informs that, due to business activity, it processes personal data, for which occurs data identification (indicatively: customers of the Company, suppliers, shareholders, investors, visitors of the website), in accordance with the current national legislation and the European Regulation 2016/679, about the protection of individuals against the processing of personal data and about free circulation of data (General Regulation on Data Protection, hereinafter “Regulation”), as applicable. 

For any issue, regarding the electronic data processing (EDP), please contact our Data Protection Officer (DPO), email: dpo@atese.gr

 

1.3        What personal data we are processing?

The personal data you provide us, like contact details (name, residential address, e-mail address, telephone number and other additional personal information, etc.), the required details, in an employment relationship, (e.g. education, training, special knowledge, skills, professional experience, social security, income tax, etc.), we process them only when there is a legal reason.

 

2.        Which are the legal reasons for EDP?

Legal Reasons of EDP suggest:

  • The execution of a contract, which has been undertaken or is about to be undertaken by our company, for example, the execution of a project or the provision of services, in order to fulfill our contractual obligations.
  • The protection of our legal interests, but also of yours.
  • Compulsory compliance, imposed by law, such as publication of deeds and details of a limited company (including the identity of natural persons, e.g. shareholders), in accordance with article 7b of Law 2190/1920, data processing to support and satisfy legal claims, etc.
  • The consent, you provide, under the specific conditions set by the legal framework.

 

3.        How and why do we use your personal data?

For the fullfilment of our contractual obligations and the maintenance of communication between us

From the contractual relationship (whether it is a work contract with a contractor / subcontractor, supply contract, service contract, etc., or personal data processing at a pre-contractual stage), we collect and use information, which is required for the segue development of the cooperation, such as, the signing of amendments of the main project contract, the management of the financial issues which arise from a cooperation, etc.

Communication and management our relationship with you

We may need to contact with you via email for administrative reasons, such as, answers to your questions or comments through the contact form on our website, in order to improve our business relationship and the quality of our services.

For compliance with the legal obligations

For example, when we publish personal data of Company’s persons (e.g. details of the shareholders-natural persons), on our website, on the GEMI website or on the ATHEX, when it is required to disclose significant participations in the Hellenic Capital Market Commission in accordance with the provisions of Law 3556/2007 etc.

For protection of our legal interests, persons and properties

When we use closed circuit television (CCTV) and security cameras, in order to be able to protect individuals, materials and facilities of the Company.

 

4.        Who can be the recipients of your data?

The Company may transmit personal data to the following categories of recipients:

Public authorities

In cases where is appropriate during the audit (e.g. implementation of financial, stock market, tax, insurance, labor or other general and / or more specific legislation), as well as in all cases, in accordance with the prescribed legal procedures.

Partners of the Company (associates, contractors / subcontractors, banks, insurance companies, auditing company, etc.)

The associates of the company, who are entrusted with the processing of personal data on behalf of the company, such as subcontracting contracts, conducting banking transactions, control of a deed of share transfer by a certified public accountant. In these cases, the Company remains responsible for the processing of your personal data and defines the individual details of processing, also signs a special contract with its partners, who undertake the execution of processing activities, in order to ensure the processing, which is carried out according to the current legal framework and that every person can freely and without restrictions exercise the rights, which are deriving from the legal framework.

In third countries where the Company conducts business activity

In case, when the Company will need to transmit personal data outside the EU. in the context of its lawful activities, it fully complies with the applicable provisions of Chapter V of the Regulation. 

 

5.        Storage Period

The data storage period is decided based on the following criteria, depending on the case:

  • When processing is required as an obligation by provisions of the existing legal framework, your personal data will be stored for as long as the relevant provisions require.
  • When processing under contract, your personal data is stored for as long as necessary for performing the contract and the establishment, exercise, and / or support of legal claims under the contract.

 

6.      What are your rights in relation to your personal data

Every person, whose data is processed by our Company, has the following rights:

Right of access

You have the right to be aware and able to verify the legality of the data processing. so you can access the data that concerns you, and receive additional information about their processing

Right of correction

You have the right to study, correct, update or modify your personal data by contacting the Data Protection Officer (DPO).

Right to delete

You have the right to request deletion of your personal data under the restrictions, that are provided in the cases of Article 17 of the Regulation.

Right to restrict processing

You have the right to request restriction on the processing of your personal data in the following cases: (a) when you dispute the accuracy of your personal data until it is verified, (b) when you object to the deletion of personal data and request instead of deletion the restriction of their use, (c) when the personal data is not needed for processing purposes but is necessary for the establishment, exercise or support of legal claims and d) when you oppose the processing until the verification and there are legitimate reasons that concern us and prevail over the reasons why you oppose the processing.

Right of objection to processing

You have the right to object, at any time, the processing of your personal data in cases where, as described above, it is necessary for the purposes of the legitimate interests we seek as processors.

Right to portability

You have the right to receive your personal data, free of charge, in a format that allows access, as well as its use and processing by commonly used processing methods.

You also have the right to request, if it is technically possible, the direct transmission of the data to another controller. This right exists only for the data you have provided to us and their processing is carried out by automated means based on your consent or in execution of a relevant contract.

Right to withdraw the consent

Where processing is based on your consent, you have the right to revoke it freely, without prejudice to the legality of the processing, based on your consent before revoking it.

In order to exercise any of the above rights you can contact the Data Protection Officer (DPO), postal address: 2 Sorvolou, PC 116 36, Athens, email: dpo@atese.gr

Right of complaint to the HDPA (Hellenic Data Protection Authority)

If you are not satisfied after exercising any of your rights, you can file a complaint to the Hellenic Data Protection Authority (www.dpa.gr), Call Center: + 30-210 92 45 398, Fax: + 30-210 92 11 806, Email: complaints@dpa.gr

 

7.         Personal Data Security

The Company ATESE S.A. implements the appropriate technical and organizational measures aiming at safe processing of personal data, prevention of accidental loss or destruction, unauthorized and / or illegal access to them, their use, modification and / or disclosure. In order to ensure the appropriate level of security against risks and the selection of appropriate technical and organizational measures, the Company takes into account the latest technological etc. developments, implementation costs, nature, context and purposes of processing, as well as the magnitude of the likelihood and risk of accidental loss or destruction, unauthorized and / or unlawful access to personal data, use, modification or and their disclosure, the seriousness of the consequences for the rights and freedoms of individuals.

 

8.        Changes to Privacy Policy

Company privacy information reflects the current state of data processing on our site. In case of changes in data processing, this information will be updated accordingly. There will always be the latest version of this data protection information so that you are aware of the extent of processing.