Personal Data Protection Policy
Information on the processing of personal data
The Company attributes great importance to the lawful processing, security and protection of your personal data, under any capacity that you collaborate with or contact us (such as, for example, as candidates or active citizens, associates, employees, suppliers, visitors to our website, or in general private citizens and third parties that collaborate with or contact the Company). As Controller of Personal Data, it undertakes the commitment to observe the rules for the protection of individuals’ rights and freedoms against the processing of personal data, in compliance with the General Data Protection Regulation 679/2016 (GDPR), current Greek legislation, and the decisions of the Greek Personal Data Protection Authority (PDPA).
In this Data Protection Policy, the Company provides all the necessary information regarding the use and processing of your personal data, as well as about your rights as a data subject.
1. Who is our Data Processing Officer?
You can contact him at the email address:
dpo@redestos.gr
2. What are personal data, and which personal data does the Company collect?
Personal data include any information, in print or electronic media, which may lead, on its own or in combination with other information, to the identification of a natural person.
The Company, in the context of its activities and transactions, collects the following personal data:
- Your personal identification data, such as full name, address (or email address), tax identification number, phone number (mobile or land line), etc.
- Commercial and financial data, such as debit/credit information, professional information, bank account number, work address, information on previous transactions or commercial contracts/ agreements, etc.
Processing of special categories of personal data: The Company does not collect or process, firstly, personal data related to your racial or national origin, political opinions, religious or philosophical beliefs, participation in trade unions, genetic or biometric data, for the purpose of identifying you as a data subject; and secondly, health data or data pertaining to your sex life or your sexual orientation.
3. What is our legal basis for processing your data?
The Company’s legal basis for collecting and processing your personal data is the following:
- in the context of a contractual relationship between us, provided the processing is necessary for the execution of the contract or before the contract’s conclusion, so that necessary measures may be adopted; or
- due to the Company’s legal obligation, as a Controller; or
- with your own explicit consent. This consent must be provided by you with a clear, positive action and must constitute the free, specific and explicit indication of your agreement to the processing of your personal data. Consent may constitute a written statement, also via electronic means, or an oral statement. Silence and inaction are not perceived by us to signal consent.
4. For which purposes do we process your data?
Based on our contractual relationship or the provisions of the law or your own explicit consent, we process your personal data for the following purposes:
- For the development, fulfillment, and execution of the contract concluded between us. For example, we mention communications with you to impart information or notifications related to our products or services for which the contract has been concluded or the processing of your data for the handling of invoicing and payments, as well as any processing that is necessary to fulfill and execute the contract. The Company may use your email address to send you notices of payment, to send you information regarding changes in our services, as well as other notifications and notices related to the Company’s scope of operations. In general, users cannot choose to opt out of these communications, which are not related to marketing, but are required within the framework of the relevant transactional relationship.
- To provide you with support/service in regards to our Company’s services/projects/products. The Company may collect or process your information in order to answer your requests and questions, to resolve any eventual problems, to inform and answer your recommendations and comments for the improvement of our services, or in order to provide you with the best and fastest service during your next contact/transaction with our Company. Furthermore, the Company may invite you to participate in questionnaires and market research. These questionnaires and research will be generally designed in a way that the answers do not require personal data. Nevertheless, if you do input personal data in a questionnaire or research, the Company may use such personal data to improve its products and services.
- For reasons of ensuring the quality of our services or the Company’s internal operations, such as e.g. to prevent fraud and other criminal offences, for the physical safety and protection of persons and property (e.g. video surveillance), for the fulfillment of the Company’s legal obligations that ensue from the current legislative and regulatory framework, for the management of the Company’s information systems and the improvement of safety procedures.
- For marketing purposes. This purpose includes the processing of your data for the mailing, through various media (email or SMS) of information regarding the Company’s services, new products, educational programs, actions and initiatives. In regards to forms of communication regarding marketing, the Company (i) where required, provides such information following consent (opt in), and (ii) provides the option to opt out if you no longer wish to receive notifications about the Company’s informational and promotional activities.
According to a relevant provision and your consent, the Company may use your name, email and mailing addresses, phone number, professional title, and basic information regarding your work, as well as an interactive profile based on previous interactions, to keep you informed about the latest product and service releases, special offers, and other information regarding the Company’s services (including newsletters related to promotions), as well as the Company’s events, campaigns or collaborations, and in order for relevant content to appear on the Company’s websites.
5. How long are your personal data stored for?
The Company processes and uses your personal data based on the contractual relationship between us or according to your consent or as provided by law. Consequently, the Company shall store your personal data:
(i) For the time period required to satisfy the purposes stipulated above, such as for example the completion of a contract or the solution of any eventual issues. Subsequently, the Company keeps your data for a specific period of time, as this is stipulated by law or by your consent. During this time period, you have the right to object to the use of your personal data and to request that your data be erased by the Company.
By exception, the Company keeps your data if it has a lawful interest or lawful obligation to do so, or whenever your personal data is necessary in order for the Company to claim or defend itself against legal claims.
(ii) In case processing of the data occurs with your consent, until you withdraw your consent. You have the right to withdraw your consent at any time. However, withdrawal of consent does not affect the legality of processing that was based on your consent before it was withdrawn.
You may withdraw your consent that is granted hereby at any time, by cancelling the registration on the website, by sending an email to
dpo@redestos.gr. If you withdraw your consent, the Company will no longer process personal data subject to this consent unless it is legally required to do so. If the Company is obligated to preserve your personal data for legal reasons, your personal data will not be subject to any further processing and will only be preserved for the time period required by law. Furthermore, if the use of one of the Company’s services or promotions requires your previous consent, the Company shall no longer, following your withdrawal, be able to provide you with that service or product.
6. Why must I disclose my personal data?
As a general principle, the granting of any consent and the disclosure of any personal data by dint of this document is entirely discretionary. In general, you will not suffer any harmful consequences should you choose not to grant your consent or not to disclose your personal data. However, there are circumstances in which the Company will not be able to proceed to specific actions if it does not have specific personal data, for example because such data is required for the provision of our services or for the fast and effective service of our customers or to access and receive the Company’s newsletter.
7. How does the Company process my personal data?
Our Company and its staff that is trained in matters of personal data processing observe the processing principles stipulated in the General Data Protection Regulation 679/2016 (lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity, confidentiality, and accountability).
In any case, we adopt appropriate organizational and technical measures in order to ensure that your personal information is transferred, stored, and processed according to the appropriate safety standards and processes and according to the conditions of this Policy and current data protection legislation. At our Company, we employ well-trained and responsible staff and a Data Protection Officer, and we recognize the importance of protecting your privacy and all your personal information. For this purpose, we implement suitable security policies using appropriate technical and operational tools, such as firewalls, properly trained and authorized personnel, and we also conduct frequent internal compliance controls according to Regulation (EU) 679/2016.
8. What are your rights when you provide us with your data?
The Company pledges to keep your personal data confidential and to ensure that you can exercise your rights easily. You can contact us, at no cost, by emailing us at
dpo@redestos.gr and citing the reason of your request and the right you wish to exercise.
Specifically, regardless of the legal grounds based on which we process your data, you have the following rights:
- To request access to and information about the data we keep on you (right of access).
- To request that we rectify your data, so that it is true and accurate (right to rectification).
- To request that we erase your data, subject to the Company’s obligations and legal rights as described above (right to erasure).
- To request that we limit the processing of your data in any of the following cases: (i) you state that your personal data in the Company’s possession are incorrect (but only for as long as the Company needs to check the accuracy of said personal data); (ii) there is no legal basis for the processing of your personal data by the Company and it is required that it limit any further processing of your personal data; (iii) the Company no longer needs your personal data but claims that it must keep said data in order to claim or exercise legal rights or defend its rights against third party claims; or (iv) in case you object to the processing of your personal data by the Company, for as long as it takes for our Company to re-examine whether it has a prevailing interest or legal obligation to process your personal data (right to restriction of processing).
- To request to receive the personal data you have provided to us in order to directly transmit them to some other legal person, without any hindrance from us (right to data portability).
- To object to the processing of your personal data, when this is based on our legal interest. You may refuse the use of your personal data by the Company at any time by sending an email to dpo@redestos.gr. With this action, the Company shall stop using your personal data for the above purposes (i.e. according to the legal interest stipulated above) and shall erase them from its systems within a reasonable length of time, unless the Company is allowed to use said personal data for the purposes stipulated in this Privacy Policy or if it determines and proves a justifiable, urgent legal interest in order to continue processing your personal data (right to object).
Right to file a complaint. If you believe that the Company is not processing your personal data according to the conditions stipulated herein or in the current EU legislation on personal data protection, you may at any time file a complaint with the data protection authorities of the EU country where you live or with the Greek Personal Data Protection Authority. Furthermore, a denial or unjustified delay by the Company in regards to the satisfaction of your requests when exercising your rights entitles you to seek recourse from the Greek Personal Data Protection Authority, as the competent supervising authority.
9. Do we share your data with third parties?
In order to fulfill the purposes cited in our Privacy Policy, it is necessary to allow access to your personal data to legal persons in our group of companies.
Additionally and for the same reasons, we allow access to third parties that provide support for the services we offer you, and specifically:
- to suppliers of technology services;
- to suppliers of services related to customer service, marketing and sales.
10. Changes to our Privacy Policy
We may amend the information contained in this Data Protection Policy when we see fit. In this case, we will notify you in a variety of ways so that you may review the amendments, assess them, and even object or unsubscribe from a service or operation. In any case, we recommend that you review this Policy, which will always be posted on our website, from time to time. This website may contain links to third-party websites.
11. Disclaimer
The Company is not liable for the data protection practices or the content of other websites that are not owned by it.