INCOM Ltd. with address at :12 Tinou & Roumelis St., Nea Ionia, 142 35, Athens, Greece , phone no. (0030) 210 865 3046, email: firstname.lastname@example.org (hereinafter referred to as “the Company”), addresses with respect and as primary concern issues of personal data and privacy. In this context, we are addressing you this Notice in accordance with Article 13 of Regulation (EU) 2016/679 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95 / 46 / EC (General Data Protection Regulation) (hereinafter referred to as “GDPR”) to inform you about how we collect and process your personal data when visiting our website (www. http://incomconsulting.gr )
It shall be noted that personal data is any information relating to an identified or identifiable natural person.
1.1. For the purposes of this policyt text, the following definitions apply:
“GDPR” shall mean Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
“Applicable Data Protection Law” means all applicable laws, regulations, legislative and regulatory requirements, and codes of practice applicable to the processing of personal data, including all the provisions of the GDPR, and any other relevant laws, regulations or instruments, as amended or superseded from time to time and together with any regulations or instruments made thereunder, that are applicable to a controller or processor.
“Personal Data” means any information relating to an identified or identifiable natural person (hereinafter “Data Subject”); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of such a natural person.
“Controller” is the natural or legal person, authority, organization or other agency that makes decisions individually or together with other parties regarding the purposes and means for processing Personal Data.
“Processor” is a natural or legal person, authority, organization or other agency that processes Personal Data on behalf of the Controller.
“Sub-processor” is the contractual partner of the Processor, engaged to carry out specific processing activities on behalf of the Controller.
“Third Party” means a natural or legal person, public authority, agency, or body other than the Data Subject, Controller, Processor, Sub-processor, and persons who, under the direct authority of the Controller, Processor or Sub-processor, are authorized to process Personal Data.
The terms used in this policy text such as “processing” (and “process”), “transfer of data”, “categories of data”, “personal data breach” and “technical and organizational measures” shall have the meaning ascribed to them in the Applicable Data Protection Laws.
The Controller is the Company as defined above. This means that the Company determines he purposes and manner of processing your personal data in accordance with the GDPR and the general applicable legislation.
3. SOURCES OF PERSONALDATA COLLECTION
The Company collects your personal data directly from you via your pc device and not from third parties and/or directly from you when you submit your cv or when you complete the “contact” form.
4. PROCESSING OF PERSONAL DATA & LEGAL BASES
The following table lists the purposes of processing personal data collected by the Company for the purposes indicated below when you use our website, the categories of such data, as well as the legal basis for their processing.
5. DISCLOSURE TO THIRD PARTIES & RECIPIENTS
Access to your data shall also be available to IT professionals in the context of providing relevant services to the Company if this is necessary in the context of their services. Your cv shall be processed by our designated personnel and may be revealed to our third party project partners when evaluating your candidature for that project. Your name and email that you provide when completing the contact form are not revealed to any third party.
The Company shall process your personal data in a manner that ensures its protection by taking all appropriate organizational and technical measures for data security and its protection against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access and any other form of illicit processing.
This section presents your rights with respect to your personal data. These rights are subject to certain exceptions, reservations or limitations. Please submit your requests responsibly. The Company will respond as soon as possible and in any case within one (1) month of receipt of the request. If the review of your request is going to take longer, you will receive relevant information. To exercise your rights, you can contact the email: email@example.com
The Company ensures the exercise of your rights:
7.1 THE RIGHT TO INFORMATION
You have the right to request and receive clear, transparent and easily understandable information about how we process your personal data in accordance with the Company’s policies and procedures.
You have the right to access your personal data free of charge in accordance with the relevant policies and procedures of the Company, except in the following cases where there may be a reasonable charge to cover the administrative expenses of the Company:
-manifestly unreasonable or excessive / repeated requests, or
-additional copies of the same information.
7.3 THE RIGHT TO RECTIFICATION
You have the right to ask for your personal data to be corrected if it is inaccurate or incomplete, in accordance with the relevant policies and procedures of the Company.
7.4 THE RIGHT TO ERASE («TO BE FORGOTTEN»)
You have the right to request the deletion or removal of your personal data when it is no longer necessary for the purposes collected or there is no legitimate reason to continue processing it in accordance with the Company’s policies and procedures. The right of deletion is not absolute, to the extent that there is a particular legal obligation or other legitimate reason for the retention of your personal data by the Company.
7.5 THE RIGHT TO RESTRICTION OF PROCESSING
In some cases, you have the right, in accordance with the relevant policies and procedures of the Company, to restrict or remove further processing of your personal data. In cases where processing has been restricted, your personal data remains stored, without further processing.
7.6 THE RIGHT TO DATA PORTABILITY
You have the right to request your personal data, which you have provided to us in a structured, commonly used and machine readable format, and to transfer that data to another controller in accordance with the relevant policies and procedures of the Company.
You have the right to oppose, at any time and for reasons related to your particular situation, to the processing of your personal data based on Article 6 (1) (a) & (f) of the GDPR (consent, processing for reasons of lawful interest of the Company), on the basis of that provision. In such a case, the Company as controller will no longer submit the personal data unless it demonstrates imperative and legitimate reasons for processing that override the interests, rights and freedoms of the subject, or the filing, exercise or support legal claims.
7.7 RIGHTS ON AUTOMATED DECISION-MAKING MECHANISMS
The Company does not make automated individual decision-making, including profiling.
7.8 HOW TO EXERCISE THE RIGHT
The exercise of the aforementioned rights takes place with the submission of a written application to the Company in accordance with its policies and procedures. The Company reserves the right to reply no later than one month after receiving the request, in accordance with the terms of the GDPR.
8. TIME OF RETENTION OF PERSONAL DATA
For each category of personal data, the Company determines the retention time in accordance with the provisions of the law and its policies and procedures. Regarding especially CVs, they are retained for a two-year period after their receipt but you may always update your cv.
9. COMMUNICATION OFFICER FOR PERSONAL DATA ISSUES
10. CONTACT OF THE DATA PROTECTION AUTHORITY
For further information and advice on your rights or to submit a complaint, you can contact the Greek Data Protection Authority (www.dpa.gr ):
Postal Address:Data Protection Authority Offices: Kifissias 1-3, 115 23 Athens, Greece
Call Centre: +30-210 6475600
Fax: +30-210 6475628
11. AMENDMENTS OF THE PRESENT NOTICE
We aim to review and keep up-to-date the present Notice in order to comply with privacy laws and new developments. Any updates to this Notice will be communicated to you immediately.
Publication date: July 26, 2018