«360U BETTER SKILLS BETTER BUSINESS S.A.»
This privacy statement is intended to inform you of the personal data we collect and process when providing our services and our general communication with you. Its purpose is to define the basic principles and rules according to which our company collects, processes and stores personal data as defined by the applicable national and EU legislation, in particular the European Regulation (EU) 679/2016 (hereinafter referred to as “the rule”).
Contact details of the Company:
Name: 360U S.A. HUMAN RESOURCES AND BUSINESS DEVELOPMENT,
Title: 360U BETTER SKILLS BETTER BUSINESS S.A.
E-mail address: email@example.com
Postal address: Athens, 10 Likavittou str., PC 10671
Contact number: +30 210 00 81 299
General Principles for the Processing of Personal Data
When our company processes personal data, it ensures the following:
- To collect and process these data legally, in accordance with the provisions of the existing legislation and the conditions set by it.
- To process personal data only for specified, explicit, and legitimate purposes.
- To take the appropriate technical and organizational measures to ensure that personal data is processed in a way that guarantees the appropriate security of personal data, including the protection against unauthorized or unlawful processing and accidental loss, destruction or depravation. In addition, it should periodically review the adequacy and effectiveness of these measures.
- To make the necessary efforts to ensure that the personal data maintained and processed is always accurate and up-to-date.
- Not to retain personal data collected for a period longer than the purposes for which it was collected and processed. However, it is possible to maintain it for a longer period of time if processing of such data is necessary:
- to comply with a legal obligation requiring processing under a statutory provision
- to fulfill a duty carried out in the public interest
- for the foundation, exercise or support of legal claims.
Our company collects and processes personal data for the following purposes:
- In order to meet the obligations imposed by the legislation and the provisions of its statutes for its purposes and actions.
- In order to meet its obligations under the legislation, in particular the applicable insurance and tax legislation, with respect to its employees, suppliers and customers.
- In order to be able to recruit staff or to outsource.
- In order to ensure its proper functioning in the context of its statutory objectives and existing legislation.
- In order to ensure the safety of its personnel, facilities and equipment.
- In order to enter into legally binding contracts and to meet the legal obligations they impose.
- In order to participate as a candidate in public procurement procedures for the implementation of projects in the context of its activities.
- In order to implement educational activities and to organize seminars, workshops and educational events.
- In order to inform about the news and its actions whoever consented to receive informative material of the company.
Legal basis for processing personal data:
Our company transparently processes your personal data in accordance with the principles of legality, proportionality, confidentiality and integrity, with purpose and accuracy limitation, specific data retention time, and minimization of data.
The legal basis for processing your personal data on a case-by-case basis may be:
a) your consent,
b) the need to process your data in the context of our contractual obligation,
c) the need to process your data in compliance with our legal obligation,
d) the need to process your data in the context of our legitimate interests.
Categories of Personal Data:
With respect to the above purposes, our company may collect and process personal data, including indicatively:
- Employees: full Name, surname, mother name, birth year, place of birth, gender, citizenship, postal address, email address, contact numbers, ID, tax identification number, bank account number (IBAN), data concerning marital status, previous employment, curriculum vitae.
- Customers/ Suppliers/ External Affiliates: full name, tax identification number, contact numbers, email address, bank account number (IBAN).
- Participants, tutors and/ or moderators in seminars and training activities: full name, postal address, email address, contact number, profession, tax identification number, bank account number (IBAN).
- Persons enrolled in the list of receiving company information and updates:: full name, contact number, profession, company name, email address.
- Image data: In the framework of the implementation of seminars, workshops and related activities and events of the company, it is possible to take photographic material and/ or video recording of the event for posting reasons in social networks’ accounts of the company.
Our company may collect and process data belonging to specific categories of personal data (“sensitive data”) such as health data, in order to meet its insurance obligations.
Similarly, in exceptional circumstances, when required by the applicable law (eg public procurement legislation if our company participates as a candidate in public procurement procedures), our company may collect and process data related to in criminal convictions or offenses, such as copies of a criminal record, always respecting the principle of proportionality.
Per case, our company can process the above data both as a controller and as a third-party processor.
Transmission of Personal Data:
Our company may transfer data to third parties (legal or individuals) who act as processors to support its operations (eg accounting, legal, technical support).
It is also likely that our company will transfer personal data to third parties when this is provided by the existing legislation as an obligation or alternatively under the safeguards provided by the existing legislation. In such cases, the data owners must be adequately informed before proceeding with the transfer.
In case the data is transferred outside the European Union (EU) or the European Economic Area (EEA), our company must check whether:
- The Commission has issued an adequacy decision on the third country to which the transfer is to be made.
- Appropriate safeguards are in place in accordance with the Regulation for the transmission of such data.
Otherwise, the transfer to a third country is forbidden and our company may not transmit personal data to that specific country unless certain of the specific derogations provided from the Regulation apply (eg explicit consent of the data owner and his/ her information regarding the transmission risks are necessary for the execution of a contract at the request of the data owner, the existence of reasons of public interest, it is necessary to support legal claims and vital interests of the data owner etc).
Duration of saving personal data:
Our company keeps your personal data for a limited time, depending on the purpose of the processing, after which the personal data is deleted from our records, unless otherwise required or allowed by the applicable law for another retention period. Where consent is required for the collection and processing of your personal data, you may withdraw the consent at any time without, however, prejudicing the legitimacy of the processing that preceded the revocation.
Data owners Rights:
Our company ensures that the owners of personal data can exercise the rights recognized by the law regarding the collection and processing of personal data. These rights are the following:
- The right of access to data
- The right to correct the data
- The right to delete the data
- The right to restrict the processing of data
- The right to data portability
- The right to object to data processing
Every request of the person/ owner of personal data is submitted to our company at: firstname.lastname@example.org
In case that you exercise one of the above mentioned rights, we will take all possible measures to satisfy your request within a reasonable time but not later than one (1) month from the request and your identification. This deadline may be extended further by two months, if necessary, if the request is complex or if there is a large number of requests. In this case, our company is required to inform you for the delay, as well as the reasons for this delay, within one month from receiving the request. Within this period, our company must notify you of any refusal to comply with the request in full or in part, as well as the reasons for this refusal.
Our company may refuse to wholly or partially satisfy a request from the data owner only when this possibility is provided by the General Data Protection Regulation (EU 2016/679).
In the case when our company processes personal data as processors, it will forward the relevant requests to the controller, who is responsible for reviewing and satisfying them.
In case any employee or affiliate thereof or any third party understands or suspects that a personal data breach may have occurred, it informs our company at: email@example.com
In case that our company processes data as processor, it notifies the controller without delay and makes no disclosures.
Right to Appeal to the Personal Data Protection Authority
f you believe that your right to protection of Personal Data is being violated, you may file a complaint to the competent supervisory authority, namely the Personal Data Protection Authority and any interested person may be further informed by visiting the website http://www.dpa.gr.
This Policy may be modified at any time by our company and will be posted on this website.