This document sets out the Privacy Notice proposal in accordance with the Regulation (EU) 2016/679 oftheEuropeanParliamentandofthecouncil of 27th April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
The principles described in this Privacy Notice document are handled in accordance with the Regulation (EU) 2016/679 oftheEuropeanParliamentandoftheCouncil of 27th April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). The aim of these principles is to provide participants with basic information on the processing of personal data, their protection and methods of processing.
Glossary of terms used in this Privacy Notice:
“Personal Data” means any information relating to an identified or identifiable natural person;an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
“Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data;
“Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
“Recipient” means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not.
This document is intended to inform you about the ways we handle your personal data as well as to ensure you they are of the utmost importance for us therefore we constantly protect them. Our employees treat your personal datacomplying with the applicable legislation of Greece and the EU.To ensure we always handle your personal datain the best and most secure way possible, our IT systems and processes are being regularly revised by external professionals.Being fully aware of the fact,your personal data do not represent our property, we truly appreciate the trust you have put in usthrough sharing them with us. Whether we obtain them from public sources or you entrust them to us, we always inform you about this fact.In case we wanted to use your information for otherpurposes than those stated here, we would ask for your affirmtve consent with such personal data processing (lacking other lawful basis).
Who are we and who can access your personal data?
We would like to be sufficiently transparent with you, therefore we inform you about who can access and process your personal data, eventually contact you for the purposes described below. The data controller administering your personal data within the territory of Greece is Response S.A.
We also store your personal data at other companies (processors).These processors maintain the utmost secure internal systems and storage for us. This concerns in particular the Microsoft International Corporation while your data are always being stored exclusively in the countries of the European Union. The security of our systems is provided by our suppliers, which may also have the access to your personal data. To prevent any unathorized processing or a processing you could not have expected, the activity of these suppliers is under permanent controlwhile they are bound by the contractual terms and the processing contracts.When transmitting and processing yourpersonal data,we strictly follow the applicable codes (the code of conduct) of our company.
We never proactively disclose your personal information. Your personal information remains completely safe with us. If we need to transfer your personal information to another recipient, we will inform you of this fact.
What happens if you don't provide us with your personal data? Should such a situation arise, we will not be able to conclude a contract with you and/or provide you with our services.
We keep your data safe and we want to tell you how do we do it!
The personal data entrusted to us,as well as the ones obtained from the public sources remain under constant physical, electronical and procedural control.We ensure maximum possible protection of the processed data by using the frontier control, technical and security mechanisms, efficiently preventing your personal data from any unauthorized access, transfer, as well as their loss, damage or other potential misuse. Every person handling your personal data, whether within their work or contractual obligations, is subject to legal or contractual obligation of secrecy.
Handling your personal data is essential for our work - we want you to know all our processing operations are undertaken in accordance with the law.
In order to be able to offer you our service, we do have to handle your personal data, thereforea majority of processing operations is based on the contractual terms agreed by you and Response S.A.There are other types of personal data, we may useonly based on yourfreely given consent, which does not affect the other services we provide for you. Certain requirements are also set by the legislature - we also process the information required by the laws of Greece.
Should you disagree with processing or should you have any questions, please do not hesitate to contact us.
Your trust in our services is essential for us, and you can contact us at any time. Once we verify your identity, we enable you to withdraw your consent free of charge.
Should you wish to assert your rights, you can contact us via email email@example.com or via our central telephone number+302108021145.You can also visit us at the above mentioned address,and we will gladly handle all your requests immediately.
We would like to inform you, how do we use your personal data in case you entrust them to us.
As our main focus is Training and Consulting Services, we conduct related activities trying to deliver the service in the highest quality possible. This concerns namely the following types of processing activities:
- Tests and assessments
- Direct marketing (world news, etc. …), the aim of which is to keep you informed
- CV processing
- Public event management, enabling us to be in closer contact with you, and introduce you new approaches and opportunities created by the labour market
- Maintaining our relationship, by conducting professional interviews, planning meetings and updating all the information in our information system; we will include you in the information system, after you contact us through our website
If you share your personal data with us, we will process only the ones we truly need and have to process.
We handle your personal data carefully and responsibly, with special regard to your safety. In order to offer you the best services possible, we have to maintain certain personal information about you. We keep the following types of information in our system:
- Personal identification data, such as the name, surname, address, telephone number, eventually other contact information you share with us
- Personal information, such as the age, gender, nationality
- Current job situation, such as the current employer, key job responsibilities, specialization and the professional experience you have acquired within your current work position
- Pictures, that can not be considered the biometric data and that you have included in your CV, we do not provide photographic services
- Professional experience, expertise, qualifications, certificates and references
You may not share all these kinds of information directly, thoughwe may obtain them during the interviews or during your visit of our website, therefore we want to inform you about their typical nature:
In case we obtain the information about you from a different source than from yourself, we inform you about it and you can assert your rights. We provide you with the information at the latest one month after we obtain it and before the start of the processing process. We would like to ensure you, we will not process any information of such type prior to informing you.
We do not keep your information forever. For how long will we holdit?
We will not keep your information forever, but for the period necessary to be able to offer you new work opportunities. In accordance with our business purpose, we store your personal data for a period of maximum 5 years since our last contact. However, you can appeal against this time frame by submitting an objection to the processing. In case we have the legal obligation to store the information about you for a longer period of time, we will store it longer, but if you assert your rights, we will inform you about it. You can always request the restriction of processing or erasure of your personal data. You can also withdraw your consent with the personal data processing, which will bereflected immediately. Please take note, that as a result of withdrawal of consent,we will not be able to offer you our services, requiring personal data processing anymore,
Do we always process the most up-to-date information available
We regularly update all the personal information we keep about you.Taking into account your situation, as well as your experience may evolve in course of time, we regularly encourage you to update your personal data and avoid processing incomplete or out-dated information about you. We will highly appreciate, if you help us to maintain our contacts database up to date, through informing us about eventual change in your personal data, for example through email, telephone or personal contact.
All legal relationships following from or relating to the personal data processing shall be governed by the legislation of the Greece, regardless of where were they accessed from. Any potential disputes arising from the privacy protection between you and Response S.A. shallbe referred to and resolved by the Greek courts. We may and will regularly amend the text of this Privacy Notice document. We will notify you in advance of any such change by email or telephone at least 30 days before the change takes effect.
This privacy notice took effect on May 25, 2018.