PERSONAL DATA PROTECTION POLICY

 

Update


As of 25 May 2018, the new General Data Protection Regulation 2016/679 of the European Parliament and of the Council, known as GDPR, applies, which strengthens the protection of personal data across the European Union. This Regulation was incorporated into Greek law by Law No. 4624/2019 (29-8-2019). The company “SUSAMI O.E.”, with respect to your personal data, with this privacy policy informs you about how it protects the confidentiality of your communications, collects, processes, uses and stores your personal data and how you can contact us in case of your objection to the processing of your data and the exercise of your rights. Our company reserves the right to amend and update this policy whenever it deems it necessary and your notification will be made when the revised version appears on our Website. We collect personal data only for purposes that are directly related to our business. We handle this data with great responsibility.



Processing Principles



We take care to collect only the strictly necessary data that is appropriate and clear for the purpose for which it is intended. In this context, we follow the following basic principles when processing your data:


Subject to this policy, we do not disclose your personal data to third parties without your consent, unless required by law or permitted by the contract between us.
Your data may be processed: either to enable us to perform the contract between us, or to better serve you, or to comply with the provisions of the law and we maintain full transparency towards you.
We also use the data to communicate directly with you in order to offer you better services.
We limit ourselves to the purpose for which they were collected
We process data only to the extent that it is appropriate and relevant to the purpose for which it was collected.
We use only what is strictly necessary for the purpose we seek (minimisation)
We keep your personal data only for as long as necessary.
We update personal data in relation to the purposes of the processing collected, while taking steps to promptly delete or correct it when necessary.


The types of data – The sources of collection – The purposes – Legal basis for processing

 

The types of personal data we collect and process from you are directly related either to the contract between us or to the services and/or products you choose to provide to you.


What do we collect?

 

E-mail data.
Upon receipt of your CV: Full Name, Father’s Name, Date of Birth, Nationality, Nationality, Military Obligations, Marital Status, Residence, Contact Details, Social Security Number, , Photo, Driver’s License, Financial Data, Educational Level, Previous Experience, Recommendations.
While browsing the www.arosis.gr website we collect: Internet Protocol address, Navigation data within the Website, Preference and service information, User generated file.
Data related to electronic communication under the terms and conditions of this policy in order to respond to requirements and requests and to improve the services offered, as well as to communicate directly with you about information that may be of interest to you.


We collect them on a case-by-case basis:


Before or during the conclusion of a contract between us or the performance of our contractual obligations, when you enter and use the Website, when providing services, when receiving CVs and when resolving complaints. We also collect your data from various sources with your consent and always in accordance with the applicable legal framework. If the processing of personal data is based on your consent, the company “SUSAMI O.E.”, follows the procedures provided by the applicable legislation for informing you and obtaining your consent. In summary, the data may come from information that you choose to share with us, under contract, from our trusted partners with confirmation that they have a legitimate basis to share this information with us, from information that is publicly available. This may be information that you have provided directly to them or they have collected about you through their legal processes. The type and amount of data collected depends on the type of relationship through contract, service provision and the type of processing it will receive. Such data is in each case relevant, relevant and no more than is required in view of the purposes set out below, is accurate and, if necessary, subject to review. The data shall be kept only for the period necessary to fulfil the purposes for which they were collected and processed and shall be deleted at the end of that period.

Why do we collect them ?


To authenticate you – to identify you, to offer you a good service, to contact you either for services or to invoice you, to get your opinion on how to improve our services, to send you personalized offers, to manage and analyze our customer base (buying behavior) in order to improve the quality, variety, and availability of the services we offer, to conduct customer satisfaction surveys and finally


Also, for promotional activities, at your request and to communicate with you in relation to our services and products , to enhance our service experience, to fulfill an obligation under law or contract, to send you informational newsletters with tips and articles about our services.

 

Who else has access to your personal data – Third Party Data Recipients:

 

We do not share your Personal Data with third party private companies for financial or other consideration. Our Company may, after ensuring its confidentiality, provide access or transfer your Personal Data to the processors listed below to enable us to offer services to you or to enhance your service experience.



To consultancy firms for the provision of analytical services.


To third party marketing, advertising, marketing communication, promotion and advertising companies 4


To companies providing maintenance and support services for software programmes with databases.


To the web hosting service provider with whom we maintain a contractual relationship.


To affiliated attorneys, affiliated subcontractors.


To public agencies and government entities.

 

Your rights regarding the protection of your personal data


You have the following rights:


α) To know which personal data concerning you is held and processed by “SUSAMI S.A.”, as well as their origin (right of access). This includes the right to request and obtain a copy of the personal data you have collected.


b) To request the correction and/or completion of such data in order to make it complete and accurate, by providing any necessary document from which the need to complete or correct it arises (right of rectification), which is also an obligation.


c) Request the restriction of the processing of his/her data (right of restriction).


d) To refuse and/or object to any further processing of personal data held by “SUSAMI S.A.” (right to object).


e) To request the deletion of his/her data from the files of “SUSAMI S.A.”, (right to be forgotten).

f) To request “SUSAMI O.E.” to transfer the data you have provided to it to any other controller (right to data portability).


g) Revoke at any time the consent you have given.


η) Our company will respond to any request from you within one month of receiving it. Upon informing you, it is possible that the above deadline may be extended on a case-by-case basis and if necessary taking into account the volume of requests and their complexity. Reasons will be given for any refusal of your request.


i) Our Company reserves the right, if your requests do not meet the requirements of the law, to either impose a corresponding fee taking into account the time required to carry out the requested action, the employment costs for the in-house information and the possible communication, or to refuse to follow up on your request.


ι) If we are in doubt about the identity of the individual making the request, there is a possibility that we may request additional information to confirm the identity of the individual.


λ) Refuse automatic processing, including profiling.

 

How do we safeguard your data?


We do our best to safeguard your Personal Data. We use secure protocols for the communication and transfer of data, and we take all appropriate organizational, technical, physical, electronic and procedural security measures. We use software to protect the website and server. Although we try our best, we cannot guarantee the security of information. However, we promise to notify the appropriate authorities of any potential data breach. We will also notify you if there is a threat to your rights or interests. We will do everything possible to prevent a data breach and assist the authorities if there are any similar breaches. The company processes data exclusively by designated personnel for this purpose who are bound by strict obligations to maintain confidentiality.

 

Cookies and other technologies we use

 

Our company’s website uses “cookies” so that each time the user logs on to the website, the latter retrieves information from them and offers the user relevant services. The installation of “cookies” by us is only allowed with the user’s consent and after appropriate information.


Why we use cookies


We use cookies to make your browsing experience easier and more enjoyable. When you browse the site, cookies may be stored on your computer by third party services such as: for statistical purposes regarding traffic and browsing within the website (analytics), social media or other forms of internet marketing and promotion of the website on the internet (facebook, twitter, etc.), corporate promotion in the form of video playback (youtube, etc.), service of approaching the website’s business via map (google maps, foursquare, etc.), updating data, corporate, financial, statistical or other forms (pdf, excel, word, txt, etc.).


Cookies we use:


▪ Mandatory cookies : they are mandatory for you to make use of some important actions on our website, such as logging in. These cookies do not collect any personal information.


▪ Functional cookies : provide functionality which make it easier to use our services.


▪ Analytics cookies : used to track the use and efficiency of our website and services.


▪ Advertising cookies: used to deliver ads that are relevant to you and your interests. In addition, they are used to limit the number of times you see an advertisement. Often targeted or advertising cookies are linked to the functionality of the website offered by the other organisation.

 

Online forms

 

On our site’s online forms there are check boxes only for the user to accept COOKIES.


Website user obligations


By using the Sites and when providing your personal data, you acknowledge that you have an obligation to provide the true, accurate and complete information requested by our Company. At any time you may inform our Company of any changes to this information in order to keep it up to date and accurate. By using “SUSAMI S.A.”‘s websites, you warrant that you are over the age of sixteen. If you are under the age of sixteen, you must refrain from any use of the Websites and from any transfer of your personal data without the consent of the person exercising parental authority. The Company shall not be liable for any breach of the above obligations.


The Company may delete, cross-reference, supplement or modify the information you provide based on information lawfully collected by third parties, and will notify you accordingly.


You have the possibility to unregister or withdraw your consent from processes and actions that process your data at any time you wish.

 

Retention period of personal data


Your personal data is retained to fulfil the purposes set out in this Policy and if you request us to do so we may remove all information we retain (unless a longer retention period is required by applicable law).


Our company may also retain personal data after the fulfilment of the purposes of collection and processing, for use: before tax, social security authorities, auditing authorities, and any other public authority or competent court, until the limitation period provided by law in each case, or for as long as we consider it necessary to defend our rights and legitimate interests.


After the expiry of the retention period, your personal data will be destroyed/deleted from our files and system in compliance with our company’s policy and always provided that their retention is no longer required for the fulfilment of the stated purposes.

 

Information Leakage

 

In the event that we detect a data breach, we will notify the Data Protection Authority within 72 hours in accordance with the provisions of the Data Protection Regulation.


Jurisdiction and applicable law

 

For the resolution of any dispute arising in relation to this data policy, the courts of Thessaloniki shall have jurisdiction and the applicable law shall be Greek law.