Asprofos SA (hereinafter the "Company") and its affiliated companies (hereinafter "the Group") are strongly committed to privacy issues, and this privacy statement advocates our approach on such issues. We publish this Notice in accordance with Article 13 of the General Data Protection Regulation to inform you about the use of your personal data.
If you have any questions regarding this Notice and the way in which your personal data are processed, please contact us via email: [email protected]
Company Name: ASPROFOS S.A.
Gen. Commercial Registry No.: 121575601000
Address: 284 Eleftherios Venizelos str,, 17675, Kallithea Attica
Phone Number: +30 210 - 9491600
Fax: +30 210 – 9491610
|Purpose of Processing activity||Categories of personal data processed||Legal Basis of Processing|
|Management of communication requests with the Company or / and the Group||Personal Identifiers, Contact info, CV details, student’s application information, information of study visit applications, other request information||Data subject’s consent|
|Website Use Optimization||Connection/Login Information, user’s activity during site visit||Legitimate interests pursued by the Data Controller or by a third party|
The personal data provided by visitors to our website are used exclusively for the purpose for which they were submitted as per the relevant collection point.
The purpose of legitimate interests of the Company and/or the Group is to evaluate the stay on site, measure clicks on each site and make note of suggestions / observations by users in order to improve our online services.
Third party disclosure
The Company and / or the Group may disclose the aforementioned personal data to IT support services providers and web support companies, web hosting companies, and companies providing advisory services on candidates' recruitment processes.
The Company and /or and the Group collect, maintain and process your personal data in a manner that ensures their privacy. Specifically, your personal data are processed solely by authorized personnel or by Company suppliers and/or the Group which are committed towards the Company and/or the Group with the same obligations regarding personal data protection, while all appropriate organizational and technical measures are in place for data security and protection against accidental or unlawful destruction, accidental loss, alteration, unauthorized disclosure or access and any other form of illicit processing.
The personal data that you submit to our website are kept only for as long as it is necessary for the purpose for which they were originally collected or as required by law.
Data subject rights
This section introduces your rights with respect to your personal data. These rights are subject to certain exemptions, reservations or restrictions.
Please submit your requests responsibly. The Company and/or the Group will respond as soon as possible and in any case within one month of receipt of the request. In the event that your request is to be examined causing a delay, we will keep you duly informed. To exercise your rights, please contact via email: [email protected]
The Company and/or the Group shall ensure that you fully make use of exercising the following rights:
The right of access to information/update
You have the right to request and receive clear, direct and easily understood information about how we process your personal data.
The right of access
You have the right to access your personal data for free, except in the following cases, where there may be a reasonable charge of covering the cost of the Company’s and/or the Group’s administrative expenses:
The right to rectification
You have the right to request the rectification of your personal data if they are inaccurate or incomplete.
The right to erasure
You have the right to request the deletion or removal of your personal data when it is no longer necessary for the purpose which they were originally collected for or there is no legitimate reason to continue processing them. The right to erasure is not an absolute right under data protection law, if there is a specific legal obligation or other legitimate reason for your personal data to be retained by the Company and/or the Group.
The right to restrict processing
In certain cases, you have the right to restrict or terminate further processing of your personal data. In cases where processing has been restricted, your personal data remain saved, without being subjected to further processing.
The right to data portability
You have the right to request a copy of your personal data file being processed, submitted to us in a structured and commonly used format machine-readable and forward the data to another data controller.
The right to object
You have the right to object at any time and for reasons relating to your particular situation involving personal data processing, unless the Company and/or the Group demonstrate imperative and legitimate reasons for the processing.
Rights on automated individual decision-making and profiling
The Company and the Group do not make automated individual decision-making, including profiling.
Withdrawal of consent
We inform you that the data subject shall have the right to withdraw his or her consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. The data subject can withdraw his/her consent via email: [email protected]
The right to complain
For any further information in relation to your rights or in case you need to complain contact the Hellenic Data Protection Authority (HDPA), phone number: +30-210 6475600, site: http://www.dpa.gr/
Modifications to the current Privacy Statement
Our goal is to review and update the Privacy Statement, so as to comply with the relevant legislative and regulatory requirements and at the same time provide optimum personal data protection. Any further update shall be notified through this site.
Personal Data: any information relating to an identified or identifiable natural person who can be directly or indirectly identified, in particular by reference to an identifier such as full name, phone number, email, ID number, VAT registration number.
Personal Data Special Categories (Sensitive Personal Data): personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic data processing, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation are prohibited.
Data Subject: the identified or identifiable natural person to whom Personal Data and/or Sensitive Personal Data are referred.
Processing: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise data retrieval, search alignment or combination, restriction, erasure or destruction.
Data Controller: for the purposes of this present Privacy Statement, data controllers are the group of companies which separately or jointly define the purposes and the means of personal data processing.
Processor: means a person or legal entity, public authority, agency or other body which processes personal data on behalf of the controller.
Consent: any freely given, specific, informed and unambiguous indication of the data subject's will, by which he or she, expresses agreement by making a statement it or by taking affirmative action, signifies agreement to the processing of personal data relating to him or her.
Personal Data Breach: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.
To be implemented
Note: This Policy has entered into force on 382 / 20.06.2012 Management Decision
Table of Contents
This Privacy Notice is provided for the following companies:
Data processing controller contact details are as follows:
Gen. Commercial Registry No.:
284 Eleftherios Venizelos str,, 17675, Kallithea Attica
+30 210 - 9491600
+30 210 - 9491610
(Hereafter referred to as "We", the "Group", the "Company", the "Controller")
This notification describes our practices with regard to personal data processing, i.e. the collection, entry, organization, structure, storage, adaptation or alteration, retrieval, search, use, disclosure by transmission, dissemination or any other form of availability, association or combination, restriction, deletion or destruction of your personal data in compliance with Data Protection Regulation.
Personal data confidentiality and protection is of utmost importance therefore effort is made to continuously comply with the National and European Legal and Regulatory Frameworks for personal data protection. Reference is made to third party participants so as to include collaborators, providers, and other third-party members as described in the Definitions section under the entry “third-party”.
The Company reserves the right to modify and update this notice whenever it is deemed necessary, and the changes will take effect upon their notification to you, either by e-mail or by posting them on the Internet or by any other means the Company deems appropriate.
3. Collected Data
During the procedures concerning the Company’s selection of suppliers and associates as well as in the context of the Company's cooperation with them, the Company collects personal data about its partners, legal representatives, employees, subcontractors, partners’ contact persons - its agents, any authorized representatives, agents, and other persons with whom the Company comes into contact, or persons who may have access to and / or provide work / services on the Company’s premises during the cooperation. If you belong to any of the above, depending on the specific circumstances and the applicable legal provisions, the Company may collect all or some of the following information about you:
Some of the above details are necessary in order for us to fulfill our contractual obligations that we have towards you. For example, your Tax ID is required by Law. Other data are required to ensure for the smooth operation of our contractual relationship or overall cooperation. Depending on the type of personal data and the basis on which we rely on the processing of that data, if you refuse to provide us with this data, we may not be able to fulfill our contractual obligations or cooperate and in some extreme cases it may not be possible to continue working together.
4. Personal data collection sources
Personal data collection is mainly done as follows:
(α) By the individual
The company is in need of acquiring certain personal data within the framework of cooperative work with the individual so as to fulfill all obligations in connection with you and third parties. Personal data is collected in a variety of ways and include:
(β) from other sources
Also, the company may receive personal data from other sources. These sources include various third parties who have worked in the past with the group or company, public sources (official government gazette, general commercial registry, professional guidelines) concerning entries in relation to individual professional activity.
(γ) Automatically received personal data
Automated collection of personal data may include:
Communication through servers or company devices including email text messaging, date and time of arrival and departure from various company facilities, through personalized magnetic cards. Audio visual aids (including date and time) of arrival in an area where closed circuit television is installed (CCTV).
The Company needs to know certain information about you in the context of our co-operation in order to fulfill its contractual obligations towards you, as well as its obligations towards third parties. There are a number of ways you share information with us, including:
From other sources
We also receive personal data about you from other sources. These sources include third parties with whom you have previously collaborated who have recommended you to the Company, the limited liability company risk checking system company - TERESIAS S.A., ICAP, public sources (Government Gazette, GEMI, Industry Guides) where there is public information regarding your professional activity.
Automatically received personal data
Your automatically collected personal data includes:
5. Processing objectives
The Company collects and processes your personal data, listed above, for the following purposes:
The Company collects and processes its affiliates’ personal data solely for the aforementioned purposes and only to the extent strictly necessary to effectively serve those purposes. These data are always concise, relevant and not more than required for the purposes as set out above are accurate and, where appropriate, are subject to consultation.
6. Legal Basis
There are several ways in which the Company lawfully processes its affiliates’ personal data; each processing performed by the Company is in accordance with at least one of the following legal bases:
Processing is necessary if the Company is to fulfill its contractual obligations
In order to be able to fulfill its contractual obligations of the Company vis-à-vis you and to monitor the fulfillment of the contractual obligations of its associates, the Legal Basis on which the Company lawfully processes the data of its associates is Article 6, 1 (b) of the GDPR, where it is foreseen that the Company may process data if "processing is necessary for the performance of a contract to which the data subject is a party".
Processing is necessary in order for the Company to comply with its legal obligations
Apart from its contractual obligations, the Company also has to comply with various obligations arising from the current legal framework. In accordance with Article 6 (1) (c) of the GDPR, the Company may process personal data when the processing is "necessary if it is to comply with its legal obligation".
Processing is necessary for the Company to serve its legitimate interests
Pursuant to Article 6 (1) (f) of the GDPR, the Company may process personal data when such processing is "necessary for the purposes of the legitimate interests pursued by the Company unless such interests prevail over those interests or the fundamental rights and freedoms of data subjects that impose the protection of personal data".
The following cases are a non-exhaustive reference to the legitimate interests pursued in order to successfully achieve corporate objectives:
You give us your consent to process your personal data
In extremely limited cases, we may seek for your consent with a positive action (opt-in) before we can make specific edits to your data. For example, we may ask for your consent to promote your information to third parties who may be interested in the services you provide or to publish your information in corporate forms.
7. Data transfer to Third Parties
The Company does not in any way transfer the personal data of its affiliates nor does it interconnect its files for any financial or other consideration with any third-party private enterprises, natural or legal persons, public authorities or services or other organizations.
The Company may provide access or forward the personal data of its affiliates and suppliers to:
Third-party service providers who perform various functions (including security and insurance services) and external consultants, associates, lawyers, accountants, auditors, as well as technical and support service providers and IT consultants on behalf of the Company.
Financial institutions: We may exchange data with financial institutions/banks where you hold a bank account in order to process payments.
Other Group companies in the context of centralized procurement management via the Group's competent supply department.
Furthermore, the Company transfers your data under its regulatory obligations to:
Tax, Audit and other Public Authorities when we believe in good faith that the Law or other regulatory act obliges us to provide access or forward such data.
Competent law enforcement authorities: We may disclose your data to the Police and other competent law enforcement authorities or administrative authorities, if required by the law or by any other lawful enforceable act or order.
Any data transfer to third countries outside the European Economic Area (i.e. outside the EU Member States, Norway, Iceland and Liechtenstein) will only be made in compliance with the data protection legislative framework and only when adequate safeguards are in place to protect your data.
If the Company is merged or acquired by another company in the future, your personal data may be disclosed as part of the merger or the acquisition of the Company.
8. Information Security
How the Company processes personal data is conducted in a way that ensures its confidentiality. In particular, it is carried out solely by authorized Company personnel while all appropriate organizational and technical measures are taken to ensure data security as well as to protect data from any accidental or unlawful destruction, accidental loss, alteration, unauthorized disclosure or access, or any other form of unfair processing.
The company’s third-party personal data are stored in servers that are within Greek boundaries and are not transmitted to third world countries (outside EU/ΕΕΑ).
Countries part of the European Economic Areas are regarded as providing the same degree of personal data protection as that of Greece. In the event that the company transmits personal data that of collaborators, providers or other third-party members outside the European Economic Area, it is required to disclose its collaborators, providers and other third-party members, the purpose of the transmission and guarantee personal data protection when they are being transmitted
10. Retention period
The Company will maintain personal data in accordance with the applicable law and only for as long as it is required to fulfil the purposes as set forth in Sections 5 and 6 or for the time period required by law or for the purposes of the Company defending itself against possible legal action from those in the pursuit of claims against it.
11. Data subject rights
One of the basic principles of the General Data Protection Regulation is natural person protection rights, as far as personal data protection processing is concerned. Within this framework the company’s third-party members have a set of rights associated with the processing of personal data. To be more specific and in accordance with the General Data Protection Regulation the individual has the right to:
(1) Postal Address: Hellenic Data Protection Authority
Office:1-3 Kifissias Boulevard
Postal Code 115 23, Athens,
(2) Telephone: +30-210 6475600,
(3) Fax: +30-210 6475628,
(4)Email: [email protected] (The right to make a complaint)
Should you have any inquiries please contact us:
For further information regarding the aforementioned rights and inquiries concerning this privacy notice you can contact the Company or Group in the following email address: [email protected]
12. Contact details for the Data Protection Officer for the HELPE Group
Data Protection Officer for the HELPE Group:
+30 210 6302252
Do you have any further questions? Contact us
If you have any questions about this Notice, please contact us by e-mail or telephone using the details of the Personal Data Officer provided above.