Privacy Policy
DATA PROTECTION AND PRIVACY POLICY
1. GENERAL INFORMATION
i. The CompanyEHRET AND KLEIN DEVELOPMENT GREECE S.A. (hereinafter referred to as “E+K Development Greece" or "the Company with its registered office in Athens, Attica (G’ Septemvriou Street no. 144), has taken all necessary measures and has developed all appropriate policies in order to be in full compliance with the requirements of the new European General Data Protection Regulation (GDPR) and is committed to protect and respect your privacy and your rights with regard to the Personal Data (hereinafter referred to as "Personal Data") collected and processed in the context of providing our products and services.
The Company wishes all those who deal with us, either electronically or in person, visiting our premises, to be fully informed and have control over the Personal Data they share with the Company and their processing by the Company.
For clarifications, further information or any questions you may have regarding the processing of your personal data, you send an e-mail to e.bairaktari@ehret-klein.gr.
ii. PurposeThis document provides information on the type of your personal data that E+K DEVELOPMENT GREECE processes, the lawfulness and purposes of the processing, the persons to whom the data may be transferred, the way and time of their storage, as well as your rights as a subject of the relevant processing and how to exercise them.
The purpose of this Policy is to ensure that the Company shall comply with the legal and regulatory requirements for the protection of personal data and ensure that all personal data is processed in accordance with the interests and rights of the data subjects. Data Protection legislation includes provisions that promote responsibility and accountability and therefore the Company has put in place comprehensive and effective governance measures to comply with these provisions. The objective of these measures is to minimize the risk of violation and protection of Personal Data.
This Policy also serves as a document and reference point for all employees and associated third parties on the responsibilities for the use and access to personal data as well as the mechanisms for handling data subjects' requests. The Company shall review, revise and update this Policy periodically and, in any case, whenever it is deemed necessary, taking into account the current legal and regulatory framework in force.
iii. Definitions"Personal data" means any information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person is one whose identity can be established, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or one or more factors specific to the physical, physiological, genetic, psychological, economic, cultural or social identity of that person;
“Processing” means any operation or set of operations which is performed, whether or not by automated means, on personal data or on sets of personal data, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction,
"Profiling" means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects of a natural person, in particular to analyse or predict aspects relating to the job performance, financial situation, health, personal preferences, interests, reliability, behaviour, location or movements of that natural person,
“Controller” means the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its appointment may be provided for by Union or Member State law,
"Processor": the natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller,
“Recipient” means the natural or legal person, public authority, agency or other body to whom the personal data are disclosed, whether or not a third party. However, public authorities which may receive personal data in the context of a specific investigation in accordance with Union or Member State law shall not be considered as recipients; the processing of such data by those public authorities shall be carried out in accordance with the applicable data protection rules according to the purposes of the processing,
“Third party” means any natural or legal person, public authority, agency or body, with the exception of the data subject, the controller, the processor and persons who, under the direct supervision of the controller or the processor, are authorised to process personal data,
“Consent” of the data subject: any freely given, specific, explicit and informed indication of the data subject's wishes, by which the data subject signifies their agreement, by a statement or by a clear affirmative action, to the processing of personal data concerning them,
"Personal data breach" means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access of personal data transmitted, stored or otherwise processed,
“Cross-border processing”: (a) the processing of personal data which takes place in the context of the activities of several establishments in more than one Member State of a controller or processor in the Union where the controller or processor is established in more than one Member State; or (b) the processing of personal data which takes place in the context of the activities of a single establishment of a controller or processor in the Union but which.
2. THE PROCESSING OF PERSONAL DATA BY US
i. What does the processing of personal data by E+K DEVELOPMENT GREECE consist of?The processing of your personal data includes the collection, recording, organizing, structuring, storage, alteration, retrieval, information search, use, transmission, restriction or deletion of your personal data that have come or will come to the knowledge of E+K DEVELOPMENT GREECE, in the context and for the purposes of servicing your relationship with it.
E+K DEVELOPMENT GREECE does not carry out automated processing of personal data, does not use video and/or audio surveillance systems of the Data Subjects in the areas where they monitor the services provided by E+K DEVELOPMENT GREECE or systems for monitoring their electronic communications within the Company, does not collect data regarding the visits of the Data Subjects within the Company to websites and webpages and does not process their biometric data. Regarding visits to Company’s Website, please read the Terms of Use and the Cookies Policy.
E+K DEVELOPMENT GREECE takes every reasonable measure to protect your personal data and to safeguard your privacy. We do not disclose, publish or communicate your data to third parties, except in the cases listed below.
The administrative staff of E+K DEVELOPMENT GREECE is aware of your personal data solely for the purposes of performing our administrative functions, servicing employment relationships and complying with the applicable legal and regulatory framework. Any data of your health that may come to its knowledge in the course of performing its duties related to the employment relationship (e.g. sick leave) are limited exclusively and only to those that are strictly necessary for the performance of those duties and remain confidential. All E+K DEVELOPMENT GREECE staff shall be bound by secrecy and confidentiality clauses regarding the information they become aware of.
ii. Where we collect your data fromThe following personal data are collected by E+K DEVELOPMENT GREECE in the following ways:
i) have been submitted by you or by persons whom you have legally authorized to submit them to E+K DEVELOPMENT GREECE and are necessary for the establishment, maintenance, and performance of the contractual relationship between us,
ii) received or come to its knowledge from third parties, natural or legal persons or from public bodies, if they are necessary either for the fulfilment of the objectives pursued or for the fulfilment of the tasks of E+K DEVELOPMENT GREECE that are carried out in the public interest.
This Policy and the processing of personal data that the Company carries out based on it, is based on the following principles, according to which personal data:
1. are processed lawfully and fairly and in a transparent manner in relation to the data subject ("lawfulness, objectivity and transparency");
2. collected for specified, explicit and legitimate purposes and not further processed in a way incompatible with those purposes, with the exception of further processing for archiving purposes in the public interest or for scientific or historical research or statistical purposes ("purpose limitation"),
3. are appropriate, relevant and limited to what is necessary for the purposes for which they are processed ("data minimisation"),
4. are accurate and, where possible, updated. All reasonable steps are taken to ensure the immediate deletion or rectification of personal data which are inaccurate in relation to the purposes of the processing ("accuracy"),
5. be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods, provided that they are processed only for archiving purposes in the public interest, for scientific or historical research purposes or for statistical purposes and that appropriate technical and organisational measures required by the GDPR are implemented to safeguard the
6. processed in a way that ensures appropriate security of personal data, including protection against unauthorised or unlawful processing and accidental loss, destruction or damage, using appropriate technical or organisational measures ("integrity and confidentiality").
E+K DEVELOPMENT GREECE, as the Data Controller, is responsible for compliance with the principles/rules of personal data protection and is at all times able to demonstrate its compliance ("Accountability"), describing in detail and summarizing the measures and controls it has established for data protection and mitigation of processing risks.
iv. Compliance with the conditions for the appointment of a Data Protection OfficerIn the context of the application of the GDPR and taking into account both the size of the Company and the scale of the processing of personal data it carries out, in conjunction with the Guidelines on Data Protection Officers of the Article 29 Working Party on the Protection of Individuals with regard to the Processing of Personal Data, the Company, as a Data Controller, is not obliged to have a Data Protection Officer (DPO). However, it has been appointed a Data Protection Specialist to ensure fuller compliance with the GDPR and to adopt best practices to safeguard your personal data. You may contact our Data Protection Specialist by sending an e-mail at info@vaplaw.eu.
It is clarified that the Company does not process data on a large scale nor does it carry out processing operations that require regular and systematic monitoring of data subjects on a large scale, within the meaning of the GDPR and the above Guidelines. However, if at any point in time the processing carried out by the Company can be considered to fall under the category of "large scale" or "regular and systematic monitoring" or in the event that the Supervisory Authority or the European Data Protection Board adopts or issues relevant directives/decisions/Guidelines, the Company undertakes to comply without delay by taking the necessary actions.
v. To whom your Personal Data is transferredThe Personal Data that you disclose to the Company in any way are fully protected and may not be transferred to third parties except when it is deemed necessary or if you give your consent. Access to your Data is granted to:
1. Competent Officials and Managers of the Company
2. Competent employees of third companies or services that have undertaken to perform certain tasks on behalf of the Company. These persons (processors), acting in accordance with the instructions of E+K DEVELOPMENT GREECE, provide sufficient assurances that appropriate technical and organisational measures are in place so that their processing complies with the requirements of the GDPR and ensures the protection of your rights. Such processors include, but are not limited to, accountancy/technical firms, providers of products and electronic systems and networks, including online systems and platforms, statistical companies, etc.
3. Prosecutorial, judicial, supervisory, public and independent authorities and bodies
4. Personal information will be disclosed when disclosure is necessary for the Company to comply with a legal obligation or is otherwise necessary to protect the rights of the Company, its affiliates, and the rights and safety of any person or the public, customers, potential customers or third parties.
The Company does not transfer the Personal Data to third countries or international organizations, except when it is deemed necessary in accordance with the terms of this Statement. Specifically:
1. for cases required by law, in order for the Company to comply with civil, criminal and public provisions, to defend and promote the rights and safety of the Company, its customers (existing or potential) and any third parties that depend on the Personal Data.
2. for cases where you have given your consent.
E+K DEVELOPMENT GREECE has taken appropriate technical and organizational measures to ensure the confidentiality and legal compliance, processing, protection and safe keeping of your personal data from any unlawful or unlawful processing, accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access, in accordance with the specific provisions of the applicable legislation. These measures shall be reviewed and updated whenever necessary.
The Company has established and implements policies and procedures for security purposes to ensure and provide reasonable protection of Personal Data against loss, misuse, unauthorized access, disclosure and modification. Such measures include security systems, digital encryption, restriction of access and authorization controls. Although the Company is committed to protecting Personal Data, it cannot guarantee complete protection against risks. In the event that the Company becomes aware of any data breach that may adversely affect you, we will notify you without undue delay.
3. INFORMATION ABOUT YOUR PERSONAL DATA IN PARTICULAR
Depending on the relationship you have or want to have with the Company, we process personal data differently and for different purposes. More specifically:
i. ContactIn case you wish to create an informative communication relationship, either to answer your question or to keep you informed through a newsletter, we process as personal data your e-mail and your full name, your phone number, address, and any potential data and information you may provide us, related to your queries.
The processing is carried out exclusively on the basis of your consent, for the above purposes (Article 6 §1a GDPR).
In the first case, we keep your data until your query is answered, and in the second case until your consent is withdrawn.
ii. Pre-contractual Employment relationshipa) What data do we process?
In case you wish to explore the possibility of cooperation between you and our Company, either in the form of external cooperation or dependent employment or any other form of employment, we process the following data:
Identifying information: first name/surname, maiden name.
Other personal data: CV, qualifications/academic qualifications, work experience.
Contact details: mobile phone number or contact telephone number, contact email address.
Any other information you consider appropriate at this stage.
b) For what purpose? On what legal basis?
We process your personal data to examine the possibility of cooperation between you and our Company and the establishment of an employment relationship in the appropriate form.
Even though you voluntarily send us this data, either spontaneously or following the posting of a job opening by us, the processing is lawful in order to take measures at the request of the data subject prior to the conclusion of a contract (Article 6 §1b GDPR).
After refuse or rejection, the contract application, we process your personal data only with your consent, for a limited period of time, in order to inform you either to review our initial decision or to reconsider the initial contract request (Article 6 §1a GDPR).
c) How long do we keep them?
We initially retain this data until we accept or reject the offer of cooperation. Thereafter, and subject to your consent, we keep this data for 6 months. Following this time, they are securely destroyed.
iii. Employment relationshipa) What data do we process?
For the establishment and maintenance of the employment relationship with its Employees, E+K DEVELOPMENT GREECE, in compliance with the applicable legal and regulatory framework, collects, maintains and processes the following personal data, where applicable:
Identification details: first name/surname, maiden name, date of birth, details of identity card, passport or other official identification document,
Other personal information: Tax Identification Number, Social Security Number, CV, photo, qualifications/academic qualifications, whether or not married and any children (marital status),
Contact details: permanent place of residence, home address, mailing address, home telephone number, mobile telephone number,
Information related to the employment relationship: Salaries and benefits of any kind, date of hire/start of relationship, sick leave and other leaves, insurance plan participation and related benefits,
Information and data on the use of bank accounts for depositing remuneration.
Special categories of data: health data, trade union activity
b) For what purpose? On what legal basis?
For all of the above data, except for special category data, processing takes place for the following purposes:
1. the processing of your personal data, both those that you submit to the Company during your recruitment and those that you will need to make available to us in the course of the employment relationship, is necessary for the fulfilment of our contractual employment obligations towards you and our compliance with legal obligations and restrictions. Therefore, any failure to provide them would result in our company behaving in a negligent manner and would make our cooperation impossible.,
2. the processing is necessary for the fulfilment of the Company's obligations under the applicable legal and regulatory framework, as well as its compliance with the decisions of the competent supervisory, administrative, public and judicial/prosecutorial authorities and services,
3. if it is necessary for the fulfilment of a manifestly overriding legitimate interest of E+K DEVELOPMENT GREECE or the Data Subject, in particular when the need to ascertain conduct expressly prohibited by the terms governing the relationship is substantiated and cannot be ascertained by any other milder means,
To the extent that the processing is carried out for the fulfilment of the Company's contractual obligations to you, such as the payment of remuneration/salary, the granting of benefits, performance evaluation, the processing is lawful precisely for this reason (Article 6 §1b GDPR).
To the extent that the processing is done for the Company's compliance with its obligation imposed by law, such as e.g. payment of social security contributions, posting of an employment contract in the electronic system of the Ministry of Labour, the processing is lawful precisely for this reason (Article 6 §1c GDPR).
To the extent that the processing is carried out in order to safeguard an overriding interest of either the Company or the Data Subject, such as a legal dispute or criminal case, the processing is lawful precisely for this reason (Article 6 §1f GDPR).
With regard to special categories of data, these data are processed by our Company exclusively for the following purposes and reasons:
1. processing is necessary for the performance of obligations and the exercise of specific rights of E+K DEVELOPMENT GREECE or the data subject in the field of labour law and social security and social protection law, in accordance with national law, providing appropriate safeguards for the fundamental rights and interests of the data subject, such as the granting of sick leave, teleworking, etc,
2. the processing is necessary for the establishment, exercise or maintenance of legal claims.
In the first case, the processing is lawful under Article 9 §2b GDPR, while in the second case the processing is lawful under Article 9 §2f GDPR.
c) How long do we keep them?
Your personal data are processed, held and stored by E+K DEVELOPMENT GREECE in a secure environment, solely for the purposes for which they are intended and only for as long as necessary to achieve those purposes, without prejudice to the more specific provisions of applicable law.
In any case, We retain the above data for up to twenty (20) years from the termination of the contractual relationship. Retention for such a period of time is deemed to be absolutely necessary, appropriate and proportionate to safeguard the Company's legitimate interests, and in accordance with the purposes and legal basis of Articles 6 §1f GDPR and 9 §2f GDPR. The above time limits do not apply in the event of legal disputes, in which case the prescribed period of data retention is extended until the issuance of an irrevocable court decision. After this period has elapsed, the data shall be securely destroyed.
iv. Other Contractual Servicesa) What data do we process?
For the establishment and maintenance of all contractual relationships with you, as clients receiving our services, E+K DEVELOPMENT GREECE, in compliance with the applicable legal and regulatory framework, collects, maintains and processes the following personal data, where applicable:
Identification details: first name/surname, maiden name, date of birth, details of identity card, passport, or other official identification document, VAT number. These data apply also to the authorized persons or legal representatives of legal entities and companies.
Contact details: permanent place of residence, home address, mailing address, home telephone number, mobile telephone number, e-mail.
Information related to the service provided: any information and data required for the execution of the provided service. These data may include, among others, tax and social security clearance certificates, ownership status of movable or immovable property, judicial documents referring to the status of immovable properties, etc. These data may apply also to the authorized persons or legal representatives of legal entities and companies.
Other details: depending on the client, additional details and information may be processed, regarding personal and financial details (such as country of origin, proof of funds etc.) of either the clients themselves, or their ultimate beneficial owners in case of legal entities, for the Know-Your-Client policy required by AML law and regulation.
Information and data on the use of bank accounts for depositing remuneration.
Special categories of data: not applicable.
b) For what purpose? On what legal basis?
For all of the above data, except for special category data, processing takes place for the following purposes:
1. the processing is necessary for in order for us to provide you with our contractual or pre-contractual services, for the execution and fulfillment of mutual obligations arising from or related to them, whether they derive from applicable legislation or from a contract. The scope and purpose and necessity of the data processing, are determined according to the underlying contract,
2. the processing is necessary for the fulfilment of the Company's obligations under the applicable legal and regulatory framework, as well as its compliance with the decisions of the competent supervisory, administrative, public and judicial/prosecutorial authorities and services,
3. it is necessary for the fulfilment of a manifestly overriding legitimate interest of E+K DEVELOPMENT GREECE or the data subject, in particular when the need to ascertain conduct expressly prohibited by the terms governing the relationship is substantiated and cannot be ascertained by any other milder means,
To the extent that the processing is carried out for the fulfilment of the Company's contractual obligations to you, the processing is lawful precisely for this reason (Article 6 §1b GDPR).
To the extent that the processing is done for the Company's compliance with its obligation imposed by law, such as e.g. submitting of a construction agreement to the competent tax office, the processing is lawful precisely for this reason (Article 6 §1c GDPR).
To the extent that the processing is carried out in order to safeguard an overriding interest of either the Company or the Data Subject, such as a legal dispute or criminal case, the processing is lawful precisely for this reason (Article 6 §1f GDPR).
v. Special categories of dataApart from the above, E+K DEVELOPMENT GREECE does not process personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, nor genetic or biometric data for the purpose of identifying you or data concerning your health or data concerning your sex life or sexual orientation.
4. YOUR RIGHTS
i. Your rights in detailUnder the new Regulation on the protection of natural persons with regard to the processing of personal data and on the free movement of data, you have the right to:
1. Access and Information, i.e. information from the Company on which data have been collected, for what purpose they have been collected, for how long they will be kept and for the recipients to whom they may be transferred, in particular for recipients in third countries.
2. Correction, i.e. correction or completion of any incomplete or incorrect information held by the Company about you.
3. Restriction and objection of processing, i.e. restriction or termination of the processing of Personal Data, if you consider that the Personal Data collected and maintained by the Company is inaccurate or you no longer wish to receive informative and promotional messages about the Company's services and products.
4. Portability, i.e. receiving a copy of the Personal Data held by the Company and relating to you or transferring it to another controller on your behalf
5. Deletion, i.e. deletion of the Personal Data concerning you, i.e. data and information held by the Company, or withdrawal of your consent for their retention and processing by the Company, in accordance with the above, and of course if your data is unlawfully processed in violation of the Personal Data Protection Regulation.
6. Complaining, i.e. to contact the Company for any issues related to the processing of Personal Data.
The Company is the controller of the processing of Personal Data. If you wish to exercise the above rights or have any questions regarding this policy, any issue related to the data collected in person, or electronically, or from the contact forms and blogs on the Website, as well as from your relevant subscriptions to the lists for receiving newsletters or to the e-mail address or any issue related to the data collected through cookies, etc, and in general in any way by the Company, you can contact either in writing to EHRET AND KLEIN DEVELOPMENT GREECE S.A. (at 144 G’ Septemvriou str., Athens, P.C. 11251]) or by e-mail at e.bairaktari@ehret-klein.gr.
The Company will make every effort to respond and satisfy your requests within sixty (60) days. This period may be extended, provided that the Company gives timely notice of such extension.
Furthermore, the authority responsible for the implementation of the regulatory framework regarding Personal Data in Greece is the Personal Data Authority, whose contact details can be found at: http://www.dpa.gr/.
5. SUMMARIZED CONTACT DETAILS:
i. ControllerEhret and Klein Development Greece S.A.
144 3rd Septemvriou street
11251 Athens
TIN: EL 801620618
E-mail: info@ehret-klein-greece.gr
Represented by:
Michael Ehret
Stefan Klein
Nikolaos Tzintzos
Vicky Athanassoglou
c/o VAP LAW OFFICES
4, Karagiorgi Servias
105 62 Athens
Tel: +30 210 32 54 237
E-Mail: va@vaplaw.eu
6. FINAL PROVISIONS
The Company reserves the right to amend this Statement at any time. If, it makes material changes to this Statement, you will be notified either by email or by a notice on its Website and your consent will be requested where necessary.
Date of this publication: [26]/[06]/[2023].