1. Personal Data
The company gives the utmost importance to the processing, security and protection of the personal data of the involved parties. The company is certified according to ISO 9001: 2015 and has appointed a data protection officer – DPO, with whom interested parties can contactfor the exercise of their rights but also for any clarification regarding this security policy, at the following contact details:
Υπεύθυνος Επεξεργασίας Προσωπικών Δεδομένων: Σπαθάρα Μαρία
Company name: Ergasia Ekpedeftiki Anonymous Company (Εργασία Εκπαιδευτική Ανώνυμη Εταιρεία)
Address: Pantanassis 4, City: Patra, Postcode:26221, phone. 2610450701
Email : firstname.lastname@example.org
The present policy of the company, establishes the measures that have been taken regarding to the personal data, in full compliance with the Regulation of the European Union 679/2016 and the legislation in force.
The term “personal data” refers to information of individuals, such as full name, postal address, e-mail address, telephone number, etc., which identify or can identify their identity. The company collects personal information by various methods but always with the consent of the parties involved.
The keeping of the company’s records is done with confidentiality and they are only accessible to authorized persons, meaning the person in charge of their respective and the Quality Manager.
2. Data Processing – Collection
The Data are collected and processed for legal purposes. The data are kept for a specific period of time, which is characterized as necessary by Law or by the Corporate Policy.
The data are being processed in accordance with legislation in force and the company is pledged to protect it from unauthorized or illegal processing and accidental loss, destruction or damage.
3. Data Concession
The mandatory concession of data is indicated by an asterisk (*) next to personal data of mandatory character, which must be filled to achieve the main purpose of the collection of the specific data.
The concession of additional Data to the Company, in addition to those that are marked as mandatory, with the asterisk, is optional and does not affect the main purposes of data collection, but their concession serves to optimize the quality of services provided.
4. When data are collected
During the contact with the Company and the use of its services, data are gathered, either through the contact form, the form of expression of interest for programs or through the site, or by phone, directly from the company staff or its associates.
5. How data are being used
In order to better serve the interested sides and in the context of personal data protection legislation, the data may be used for:
- Registration of new customer
- Processing of an order
- Payment management and debt collection
- Fulfillment of legal obligation
- Participation in a competition or interest expression
- Show related site content and related ads
- Improvement of website, products/services, experience by the use of data analysis tools
- Personalized proposals for goods and services
- Update on security policy changes
6. Data category that are collected
Identity data: include first name, last name, username or similar identification, marital status, date of birth and gender.
Contact details: include email address, city and phone numbers.
Financial data: include the bank account
Transaction data: include details about payments from you and other details of products and services you purchased from us.
Technical data: includes the Internet Protocol (IP) address, login details, browser type and version, time zone and location, additional browser types and versions, operating system and platform, and other technology on the devices that you use to access this website.
Profile data: include your username and password, purchases or orders made by you, your interests, preferences, comments and answers to inquiries.
Usage data: include information about how you use our website, products and services.
Marketing and communications data: include your preferences regarding the promotion of us and third parties and your preferences for your communication with us.
7. Change of purpose
The data are used only for the purposes for which they are collected. If it’s necessary to be used for another purpose, communication is required in order to obtain consent or to present the legal basis permitting the change of purpose, unless the next purpose is compatible with the original, as required by law.
8. Cookies or other similar technologies
The website uses “cookie” technologies, in order to be able to identify it’s visitors, to record the IP address and the way in which each visitor uses the website. This information are used so that we can provide better services, improving the design of our website, the products, services and promotions. A “cookie” is a small data file that is placed on the hard disk drive of the visitor’s computer. A “session cookie” expires as soon as the browser is closed. A “permanent cookie” stores information on the hard disk so that when the session is over and the visitor returns to the same site later, the cookie information are still available. During the use of the website, the company reserves the right to use both a session cookie and a permanent cookie. “Flash cookies” or other similar technologies may also be used. Flash cookies are not used for promotions or behavioral ads. Flash cookies are different from browser cookies and the cookie management tools provided by the browser do not remove Flash cookies. Visitors have the ability to disable cookies at any time through the browser options, but if they do, the company will not be able to record purchases or allow a purchase from the site. Additionally, it will not be able to identify you as a registered user so that you can access their account information.
9. Child Privacy
The company does not knowingly collect any information from any person who has not reached 15 years of age. People under the age of 15 are encouraged not to use or provide information on this site, not to give any information about themselves, except with the consent of the custodians. In the event that a collection of personal data is found by a child under the age of 15, the information will be deleted immediately.
Η εταιρεία δε συλλέγει εν γνώση της οποιαδήποτε πληροφορία από οποιοδήποτε πρόσωπο που δεν έχει συμπληρώσει τα 15 έτη ηλικίας. Άτομα κάτω των 15 ετών προτρέπονται να μην χρησιμοποιούν και να μην παρέχουν πληροφορίες σε αυτόν τον ιστότοπο, να μη δίνουν καμία πληροφορία για το πρόσωπό τους, παρά μόνο με τη συγκατάθεση των ασκούντων τη γονική μέριμνα. In case in which personal data collection is found regarding a child under the age of 15 the collected information will be erased immediately.
10. Data Security
The company has the necessary physical and technological protection measures (including encryption, anonymization and / or pseudonymization procedures where necessary) in order to prevent the unintentional loss, alteration, disclosure and use or access of personal data in an unauthorized manner. Access to personal data is granted only to those authorized staff, who process the data in accordance with clear instructions and in compliance with the terms of strict confidentiality.
In case of personal data leakage, the Management, the IT Department and any other department are immediately informed and are directly affected by the specific leak.
Next the necessary steps are performed to identify the source of the leak as well as to assess the magnitude of the risk. Necessary actions are taken to stop the leak and to prevent a similar incident in the future. Corrective actions are then decided and carried out, which may lead to a review of existing procedures and / or instructions, removal of suppliers, and even legal action.
Finally, the company informs any involved parties. The above steps are recorded in the Event Log.
11. Retention of information
Personal data are retained for a specific period of time and only for as long as necessary in order to fulfill the purpose of their collection, including the fulfillment of any legal or tax obligation.
Under certain conditions, interested parties reserve the right to request the deletion of their data, as described below.
The interested parties reserve :
• The right to withdraw consent
• The right to disclose their data
• The right of correction
• The right of deletion
• The right to complain to the supervisory authority