Our Company conducts its business actions in accordance with privacy principles, applying ethical and responsible practices.
Current legislation defines our standards for the management and protection of your Personal Data, so as to provide you with the maximum possible security.
These principles, which ensure the protection of your personal information, apply to all our activities that involve the collection and processing of information about individuals, including, but not limited to, research, production, commercial activities, corporate support and data transfers.
For example, this Policy applies to:
- Promotional and commercial activities: evaluating markets for our products/advertising, marketing, selling, distributing and delivering our products/communicating with our customers and other end users of our services/sponsoring and conducting events
- Corporate support: hiring, managing and compensating employees/conducting employee performance and talent evaluations/providing training/managing ethics and privacy issues/managing and securing our assets and infrastructure/procuring and paying for products and services /meeting our environmental, health and safety commitments/communication with the media.
This Policy applies to all natural persons whose data we process including clients, candidates and partners.
Accordingly, every employee of the Company, and third parties who process data for our company, are responsible for understanding and complying with their obligations towards this Policy and existing laws.
The privacy principles described below summarize the standards and basic conditions for the collection and processing of individuals' personal data by our company.
Personal data:
- are lawfully and legitimately processed in a transparent manner in relation to the data subject ("lawfulness, objectivity and transparency"),
- are collected for specified, explicit and legitimate purposes and are not further processed in a manner incompatible with those purposes ("purpose limitation"),
- are appropriate, relevant and limited to what is necessary for the purposes for which they are processed ("data minimization"),
- are accurate and, where necessary, updated ("accuracy"),
- are kept in a form that allows the identification of the data subjects only for the period required for the purposes of the processing of the personal data• ("storage period limitation"),
- are kept in a form that allows the identification of the data subjects only for the period required for the purposes of the processing of the personal data• ("storage period limitation"),
1. Necessity - data minimization
- Before collecting, using or distributing Personal Data, we determine and record the specific, legitimate business purpose served.
- We determine and record the period of time for which Personal Data is used for the specified business purposes, which is defined on a case-by-case basis depending on the nature and type of activity.
- We do not collect, use or share more Personal Data than is necessary and we do not retain Personal Data in an identifiable form for longer than is necessary for the specified business purposes.
- We anonymize data when operational or legal requirements make this necessary and when information about the activity or process is retained for a longer period of time.
- We ensure that these necessary requirements are incorporated into any assistive technologies and that third parties supporting the activity or processing are informed.
2. Legality, Objectivity and Transparency
We do not process Personal Data in ways that are unfair to data subjects.
We determine whether the proposed collection, use or other form of processing of Personal Data poses a risk of actual or unspecified harm to individuals, always aiming to prevent such harm.
If the nature of the data, the types of people, or the activity contains an inherent risk of actual or unspecified harm, we ensure that this risk does not outweigh the corresponding benefits for those individuals.
In cases where it is necessary to process Personal Data of special categories ("sensitive"), this is done only with the express consent of the individuals or as required or expressly permitted by existing laws.
We document the risk analysis and design any necessary mechanisms to obtain and record evidence of consent to assistive technologies. We do not process Personal Data in ways or for purposes that are not transparent.
All individuals whose Personal Data is processed in accordance with this Policy shall have the right to a copy of this Policy posted online. The Data Protection Officer will provide digital and/or physical copies of this Policy upon request to the addresses listed below.
When Personal Data is collected directly from individuals, we inform them through a prominent and easily accessible privacy notice or similar means, providing them with the following information:
- the identity and contact details of the controller
- the purposes of the processing
- if the processing is based on legitimate interests of the controller, what those interests are
- the recipients of the personal data
- any data transmission
- the period of time for which the data will be stored
- the existence of the right to submit a request to the controller for access and correction or deletion of personal data or restriction of processing
- where the processing is based on the consent of the subject, the existence of the right to withdraw his consent at any time, without prejudice to the lawfulness of the processing based on the consent before its withdrawal
- the right to submit a complaint to the Personal Data Protection Authority
- the legal nature of the provision
- the possibility of automated decision-making
If new legitimate business purposes are identified for Personal Data already collected, we ensure that either the new business purpose (including a substantially similar purpose) is compatible with the purpose as described in the privacy notice or other transparency mechanism previously provided to the individual; or we obtain the individual's consent to the new use of their Personal Data.
We are responsible for maintaining the security and privacy of Personal Data when it is transferred to or from other organizations
We transfer Personal Data or allow them to be processed by third parties only if the following conditions are met, which we are responsible for ensuring.
If the role of the third party is to process Personal Data on behalf of or to secure vital interests of the company, before the third party receives the Personal Data, we:
- complete a legal audit to assess the privacy practices and risks associated with these third parties;
- we attempt to obtain written contractual guarantees from these third parties that they will process Personal Data in accordance with our company's instructions, and in accordance with this Policy.
- We ensure that they notify us promptly of any Security Incident and that they agree to cooperate when deemed necessary.
- If the role of the third party is to provide Personal Data to our company, before we obtain the Personal Data from the third party, we ensure that the requirements of Transparency are met for the collection of Personal Data from other sources and not specifically under the supervision of our company, and we obtain guarantees through an agreement document from the third party that it does not violate any Law or the rights of any third party by providing Personal Data to our company.
- If the third party's role is to receive data from our company for processing that is not specifically under our company's supervision, before we deliver the data to the third party, we ensure that the third party will only use the data for business purposes defined by the agreement and in accordance with existing legislation.
3. Data Quality, Integrity and Confidentiality
We keep Personal Data accurate, complete and up-to-date, and consistent with its intended use.
- We ensure that periodic data audit mechanisms are built into assistive technologies to validate data accuracy.
- We ensure that Sensitive Data is validated as accurate and up-to-date before it is used, evaluated, analyzed, reported or otherwise processed, which carries the risk of injustice to individuals if inaccurate or out-of-date data is used.
- In case of change of personal data, the subject bears the responsibility to inform our company so that the necessary modifications can be made.
We incorporate security safeguards to protect Personal Data and Sensitive Data.
- We have implemented a comprehensive information security program and security controls that are based on the sensitivity of the information and the magnitude of the risk of the activity, using the best practices of modern technology. Policies to protect against loss, misuse, unauthorized access, disclosure or destruction include, but are not limited to, business continuity and disaster recovery standards, identity and access management, information classification, information security incident management, network access control, physical security and risk management.
4. Rights of Access, Rectification, Erasure, Portability, Restriction of Processing and Objection to Processing
You have the right to access your personal data.
This means that you have the right to be informed by us if we are processing your Data. If we process your Data, you can ask to be informed about the purpose of the processing, the type of your Data we keep, to whom we give it, how long we store it, whether automated decision-making takes place, but also about your other rights, such as correction, deletion of data, restriction of processing and filing a complaint with the Personal Data Protection Authority.
You have the right to correct inaccurate personal data.
If you find that there is an error in your Data you can submit a request to us to correct it (eg correct a name or update a change of address).
You have a right to erasure/right to be forgotten.
You can ask us to delete your data if it is no longer necessary for the aforementioned processing purposes
You have the right to portability of your Data.
You can ask us to receive the Data you have provided in human readable form or ask us to transfer it to another controller
You have the right to restrict processing
You can ask us to restrict the processing of your Data pending the consideration of your objections to the processing.
You have the right to object to the processing of your Data.
You can object to the processing of your Data or withdraw your consent and we will stop processing your Data, unless there are other compelling and legitimate reasons that override your right.
To exercise your rights you can send us a relevant request, describing the right you want to exercise either to the postal address of the Company "Alenia" with the indication "Exercise of the right of access/correction/deletion/restriction/objection", or to the address email: info@alenia.gr with the title "Exercise of the right of access/correction/deletion/restriction/objection", with a description of your request and we will take care to examine it and answer you as soon as possible
We respond to your requests free of charge without delay, and in any case within (1) one month of receiving your request. However, if your request is complex or there are a large number of your requests, we will inform you within the month if we need to obtain an extension of another (2) two months, within which we will respond to you.
If your requests are manifestly unfounded or excessive in particular due to their repetitive nature, the Company may charge a reasonable fee, taking into account the administrative costs of providing the information or carrying out the requested action, or refuse to proceed with the request . You have the right to file a complaint with the Personal Data Protection Authority (Kifisias 1-3 postal address, Athens/ www.dpa.gr ), if you consider that the processing of your Personal Data violates the applicable national and regulatory legal framework for the protection of personal data.
Terms you should know:
Anonymization. Altering, deleting, erasing or otherwise limiting or transforming Personal Data so that it cannot be used to identify, locate or communicate with the individual.
Legislation. All laws, rules, regulations and advisory orders having the force of law.
Privacy. All data about an identified or unidentified individual, including data that identifies the individual or that could be used to locate, track or contact that individual. Personal Data includes both direct identification information such as name, identification number or job title, and indirect identification information such as date of birth, telephone number and coded data.
Privacy Event. Violating or violating this Policy or a privacy or data protection law. The determination of whether a privacy incident has occurred and whether it has physical substance will be made by the Data Protection Officer and the Legal/Compliance Department.
Processing. Carrying out any process or series of processes on data about people, with or without automated means, including, but not limited to, collecting, recording, organizing, storing, accessing, adapting, transforming, retrieving, using, evaluating, analyzing, reporting , distribution, disclosure, transmission, disposal, alignment, blocking, deletion or destruction.
Security Incident. Access by an unauthorized person to Personal Data or disclosure of Personal Data to an unauthorized person or our company reasonably suspects that this has occurred. Access to Personal Data by or on behalf of our company without the intent to violate this Policy is not a Security Incident, provided that such Personal Data is then used and disclosed only as permitted by this Policy.
Sensitive data. Any type of data about people that contains an inherent risk of potential harm to individuals, including data defined by law as sensitive, including, but not limited to, data related to health, heredity, race, national origin, religion, political or philosophical beliefs or beliefs, criminal record, precise geographic location information, bank or other financial account numbers, government-issued registration numbers, minors, sex life, labor union relations, insurance, social security and other employer or government benefits .
Third person. Any legal entity, organization or person that is not owned by our company, or in which our company does not have a controlling interest, or that does not work for our company. Except as expressly set out in this Policy, no area of our company is required to comply with the requirements of a third party under this Policy, as all subsidiaries and areas are required to process data about people in accordance with this Policy.
Changes to this Policy
This Policy may be revised from time to time, in accordance with the requirements of existing legislation. Whenever this Policy changes in a natural way, a notice will be posted on our company website.
Dispute Resolution
We inform you that in the event that any dispute arises from the transaction between us for the resolution of which you have sent us a relevant written request but we have not been able to reach a common agreement between us, you have the option of turning to the Online Dispute Resolution platform, at address webgate.ec.europa.eu/odr/ which is directly connected to the competent independent Authority "Consumer Advocate" www.synigoroskatanaloti.gr On this platform you can submit a request for the resolution of the dispute in which case the company can then be called us from the competent Authority at the email address: info@alenia.gr
We also bring to your attention that our Company recognizes in good faith the advisory nature of the decisions of the Authority to be taken and is not committed to the enforceability of these decisions. In any case of non-conciliatory resolution of the dispute through the HED platform, the civil courts are competent.
You can read the E-Commerce Consumer Code of Conduct as published in the Official Gazette