PRIVACY AND PERSONAL DATA PROTECTION POLICY
1.1. The Controller of your Data is both the Société Anonyme ‘SAMARAS & ASSOCIATES SA – CONSULTING ENGINEERS’ and the Limited Partnership ‘SAMARAS D. & ASSOCIATES TECHNICAL LP’, seated in Thessaloniki and lawfully represented, call centre: 2310 552110, contact e-mail: [email protected] as well as each company of the ‘Samaras & Associates Group’, as presented on the company website, namely: (a) SAMARAS AND ASSOCIATES LLC (e-mail: [email protected]), (b) DELTA ENGINEERING – CONSULTING ENGINEERS (e-mail: [email protected]), (c) LEVER LEARNING PC (e-mail: [email protected]), (d) POINTERS PROPERTY SERVICES SA (e-mail: [email protected]), (e) GEOMELETITIKI TECHNICAL LP (e-mail: [email protected]) (jointly referred to as “the Companies”).
1.2. The e-mail address of the Data Protection Officer appointed by the Companies is [email protected]. You can address all your requests for the exercise of your rights below (under 3.1 – 3.7) to the e-mail address of the Data Protection Officer.
2.1. All information provided herein and any information you may request in the future is provided free of charge, provided the request is not exercised repeatedly, excessively or is manifestly unjustified (see more under 2.3).
2.2. For each of the above rights you exercise, the Companies will respond (via the DPO) within one (1) month from the receipt of your request or, in the event of objective difficulties, complex requests or large volume of requests, the Companies will respond within a total of three (3) months at the latest as regards the completion of the request or the reasoned refusal to carry out your request for legitimate reasons expressly laid down in General Regulation 679/2016.
2.3. In the event that we find that any of your above rights is being exercised in a manifestly unfounded manner or that the request is excessive or is being exercised repeatedly, we have the right to impose a reasonable charge for the provision of additional information (which is initially free of charge) and to refuse to continue processing the request.
2.4. In the event that we have reasonable doubts concerning your identity when you submit a request to exercise any of your above rights, we may request the provision of additional information necessary to confirm your identity before processing the request.
2.5. In the event that we delay responding to your request beyond the justified period of time and in the event that you believe your rights are being infringed or that we are not consistent with our obligation to safeguard your data, you have the right to lodge a complaint with the supervisory authority (Hellenic Data Protection Authority, Athens, 1-3 Kifissias Street, GR-11523, [email protected] 210 6475600).
2.6. You retain the right to withdraw the consent (if any) you granted at any time by sending a relevant written request to the e-mail address of the Data Protection Officer: [email protected] (see 1.2.).
You reserve the right to request information in relation to the personal data we have received from you and retain for one or more purposes as described below under sections A through D. This text constitutes in its entirety a manual of basic awareness and understanding of the philosophy of the regulatory framework that governs the protection of your personal data. Updates, further explanations, and clarifications regarding this text can be provided to you following a request for the exercise of your right to be informed (see how under 1.2).
You reserve the right to request from our Companies (via the DPO) access to your information that we retain and confirmation as to whether they are being processed, and more specifically, information about the purposes of the processing, the categories of personal data, the recipients or the categories of recipients, the period for which the data will be stored and processed, the right to lodge a complaint with the Hellenic Data Protection Authority, any available information about the origin of the data in the event the data have not been obtained from you, the existence or not of automated decision-making including profiling and the related methodology, safeguards about the policy we follow when transfers to third countries are being carried out, and a copy of the personal data being kept and processed (see how under 1.2).
You reserve the right to request from our Companies (via the DPO) rectification of your data in the event that any of the data that we have the right to process has been altered or incorrectly submitted (see how under 1.2).
You reserve the right to request from our Companies (via the DPO) the complete or partial erasure of your data that we are entitled to store and process, either because they are no longer necessary for the purposes for which they were collected, or because you withdraw your consent, or because your data were collected for a purpose that you consider illegal. We will reply to you within a reasonable period of time (no more than one month, and under certain conditions, if facing difficulties, no more than three months in total), confirming the complete or partial erasure of your data or the inability to erase certain data, if any law or the performance of a task carried out in the public interest, or the right of freedom of expression and information, or the exercise or defence of any legal claim requires their retention. In this event, you have the right to lodge a complaint with the Hellenic Data Protection Authority and to exercise a judicial remedy (see how under 1.2).
You reserve the right to request from our Companies (via the DPO) to restrict the processing of your data, in terms of quantity, time or in relation to the purpose of their processing, and more specifically (a) because you contest the accuracy of your data and for as long as we need in order to verify their accuracy; (b) because you consider the processing to be illegal, and instead of the erasure of the data you opt for its restriction; (c) because its use on our part is no longer needed, but do not desire their erasure as their retention will serve a judicial claim; or (d) in the event that you object to the processing of the data and until it is verified that your rights as a Data Subject override the our legitimate grounds for processing (see how under 1.2).
You reserve the right to receive the personal data you have provided us with in a structured, commonly used and machine-readable format, as well as the right to transfer them further without objection, given that the processing is being carried out on the grounds of consent. In the context of the exercise of this right, you may also request direct transfer from us to the third entity without your own intervention.
This right is exercised under the restrictions of the right to erasure (see above under 3.4) and its exercise shall not adversely affect the rights and freedoms of others (see how under 1.2).
3.7.1. You reserve the right to object to the use of your personal data for the purpose of direct marketing purposes and particularly to profiling related to this direct marketing (see how under 1.2).
3.7.2. There is no such right in the case of Potential Employees, as these data are not transferred to the Marketing department and they do not undergo such treatment.
It is not envisaged to transmit your data to any organization other than the Companies, with the exception of (a) the providers of supports services for our Companies’ electronic systems and networks – and for the exclusive purpose of the performance on their behalf of the contract to support our Companies; and (b) the competent tax authorities within the context of our mandatory compliance with tax legislation and to the extent (and provided) that this is necessary. As regards Associates who provide services to the Companies and/or have concluded project contracts with them, in particular, apart from the transmissions of the preceding indent, their personal data may be transmitted to third parties that are counterparties of the Companies (Customers – Suppliers and/or potential Customers – Suppliers) exclusively in the context of discharging the obligations deriving from the contract concluded between the Associate and (each) Company.
We assure you that the Companies shall use any technical and organisational Data protection means and shall solely engage in the optimal, minimum and absolutely necessary use and processing of your Data, as required by law, and strictly and exclusively for the purpose for which you have provided them to us.
Specific provisions regarding the individual categories of Personal Data Subjects that apply cumulatively with the above general provisions of the Policy
(Α) COMMUNICATION RECIPIENTS
Α.1. Purpose: The purpose of the receipt, processing and retention of your Data that were given exclusively in the context of communication (any or all of the following: full name, e-mail address, telephone number, address, capacity) is to inform you about the products, actions and news of the Companies, including the potential dispatch of commemorative gifts – company calendars and/or greeting cards.
Α.2. Legitimate basis for processing: The legitimate basis for the processing of your data is your consent with this processing for the fulfilment of the foregoing purposes, in accordance with Article 6(1)(a) of the Regulation on the protection of personal data.
Α.3. Data Retention Period: In order to fulfil the foregoing processing purpose, i.e. informing you about our products and actions, we consider it reasonable and necessary to retain your data for a period of ten (10) years. After ten years have lapsed from the time your consent was granted, the data in question will be erased, unless you renew your consent under the above terms.
(Β) CUSTOMERS – SUPPLIERS – ASSOCIATES and POTENTIAL CUSTOMERS – SUPPLIERS
Β.1. Purpose – Legitimate Basis:
(a) during the pre-contractual phase and particularly in the event of completion of an electronic contact form on our website or direct dispatch of e-mail or communication by telephone or completion of a written form (whereby you provide us with your full name/e-mail address or/and telephone number or/and Address or/and capacity or/and our services that you are interested in), the purpose is the evaluation of a potential transaction with any of the Companies, and the legitimate basis is the service of each Company’s legitimate interest to pursue its commercial purposes, responding to the requested communication in order to evaluate the potential transaction with you (or the legal person you are representing).
(b) In the event that a transaction with any of the Companies takes place, the Data that you have provided us with during the pre-contractual phase (as well as any data you provide us in the context of our transaction, including the personal data of the legal representatives of legal entities and your agents) shall be processed for the purpose of implementing the contract between us and of our compliance with tax legislation. In this case, the legitimate basis for the processing of your data is the performance of the contract between us and our compliance with the legislation (Article 6(1)(b) and (c) of the Regulation on the Protection of Personal Data). As regards the personal data of your agents and/or (in the case of a legal person) legal representatives, in particular, the legitimate basis for the processing of these data is the service of the Company’s legitimate interest to duly discharge its foregoing contractual obligations.
It is clarified that your data under 3(b) above may be transmitted by the counterparty Company to the other Companies. In this case, the legitimate basis for the processing of your data (by the other Companies) is the service of their legitimate interests (Article 6(1)(f) of the Regulation) and, in particular, the organisation and unhindered operation of all the legal persons comprising the ‘Samaras & Associates Group’ for the fulfilment of their statutory purposes. It is self-evident that in the event of non-transmission of your data, the Controller of your Data under 3b is solely the counterparty Company.
Β.2. Data Retention Period:
We shall retain the data above under B.1.(a) for ten (10) years and afterwards we shall erase them, while the data above under B.1.(b) shall be reserved for as long as required under tax legislation.
(C) POTENTIAL EMPLOYEES:
C.1. Purpose: The evaluation of the possibility of your recruitment by any of the Companies (to which you sent your CV).
C.2. Legitimate basis for processing: For the data you provided to us in the context of evaluating the possibility of your recruitment by any of the Companies, the legitimate basis if your consent under Article 6(1)(a) of the Regulation.
C.3. Data Retention Period: In order to fulfil the processing purpose relating to examining your recruitment at a post, we consider it reasonable and necessary to retain your relevant data for a period of twelve (12) months. After twelve (12) months have lapsed from the time your CV was received, the relevant file with the entirety of your details will be erased.
It is clarified that in the event of non-transmission of your data to the other Companies, the Controller of your specific Data is solely Company to which you submitted your data. It is self-evident that you can receive information at any time on any intra-group transmissions by exercising the foregoing right to information.