Privacy Policy

PRIVACY POLICY

The website www.hlb.gr (hereafter Website) belongs to the Company HLB Hellas S.A., 184 A Kifissias Avenue, Halandri, P.C. 152 31, Greece, taxpayer identification number (TIN) 800379204, (hereinafter referred to as “the Company”) Tel: +30 210 67 72 981, email: privacy@hlb.gr.

The Company has taken the appropriate measures which ensure that processing of your personal data complies with the General Data Protection Regulation (EU) 2016/679. The Company adopts internal policies and implements measures which meet the principles of data protection by design and data protection by default.

SCOPE AND AIM

The Company processes personal data of clients, partners, employees, users of the Website, etc. The present Privacy Policy (hereafter Privacy Policy) describes the type of personal data which are subject to the processing, the way and the context in which your personal data are collected, the purposes and means of the processing of your personal data, the entities to which your personal data may be disclosed, the purpose limitations, the storage period and measures we take to ensure lawful and fair processing and the principles relating to processing of personal data. It also includes information about your rights and data protection. We collect and process personal data for the purposes of the Website’s services and operation. We also collect personal data through our pages on social media, cookies, analytics tools etc. In this case data processing may be subject also to another privacy policy (e.g. LinkedIn / Google privacy policy).

DEFINITIONS

For the purposes of the Privacy Policy:

(1) ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

(2) ‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

(3) ‘data controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;

(4) ‘processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;

 (5) ‘consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;

(6) ‘recipient’ means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;

(7) ‘third party’ means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;

(8) ‘supervisory authority’ means an independent public authority which is established by a Member State pursuant to Article 51 G.D.P.R.

(9) ‘restriction of processing’ means the marking of stored personal data with the aim of limiting their processing in the future;

(10) ‘profiling’ means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;

OUR PRINCIPLES RELATING TO PROCESSING OF YOUR PERSONAL DATA

We process your personal data lawfully, fairly and in a transparent manner (‘lawfulness, fairness and transparency’).

We collect your personal data for specified, explicit and legitimate purposes. Your data are not further processed in a manner that is incompatible with those purposes (‘purpose limitation’).

Furthermore, your personal data that we process are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’).

Your personal data are also accurate and, where necessary, kept up to date. We take every reasonable step to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’).

Your personal data are kept in a form which permits identification of you for no longer than is necessary for the purposes for which the personal data are processed (‘storage limitation’).

Your personal data are processed in a manner that ensures appropriate security of them, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’).

DATA CONTROLLER 

For any processing of personal data from the Company, solely for the following purposes, HLB Hellas S.A. is the data controller (Tel: +30 210 67 72 981, email: privacy@hlb.gr). The Data Controller determines the purposes and means of the processing of your personal data. 

PERSONAL DATA WE COLLECT AND PROCESS – LAWFULNESS OF PROCESSING – PURPOSES – RETENTION PERIOD – DATA STORAGE

We collect and process personal data of our existing or potential clients, partners and suppliers, if processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract. In this case, we process their personal data either to provide them with our services or to decide if we are going to get in a contract with them.

We process the personal data of our employees because it is necessary for the performance of the work contract between the Company and the employee, under the purpose of fulfilling the requirements of the contract. We may also process personal data of our employees (existing or potential) in order to comply with the relevant standards that the Company is obliged to implement.

We may also process personal data if the data subject has given consent to the processing of his or her personal data for one or more specific purposes.

When you contact us, by sending an e-mail to the Company’s mailbox at mailbox@hlb.gr, you provide personal information such as your e-mail address and your message. We may process your personal data collected this way, for contacting you. We will store your personal data for up to one year from the last time you have contacted us. 

When you send us your CV, expressing your interest for our firm, we will keep your it for up to two years in case a job position that matches your qualifications turns to be available.  

We also, collect your Personal Data (profile name, comments, reviews, contact details, messages) you share with us when visiting our pages / profiles on social media platforms (LinkedIn etc.). This information is processed when you contact us, make a request or interact in another way with us, through our social media pages, so as to respond or communicate with you in any way. Your personal data will be retained for as long as you remain a fan / follower / subscriber of our pages. By using the above-mentioned services (social media) you acknowledge that your interaction (like, comment, message) with our pages / profiles / channels etc. gives us the right to process your personal data on the basis of your consent. You can also read the privacy policy of LinkedIn here: https://www.linkedin.com/legal/privacy-policy).

This Website has access to and stores cookies and related technologies on your computer. Our site and third parties may store cookies on your device. For more information read the Cookies Policy.

The Company may process your IP and the operating system which you are using, through Google Analytics technology. We can also measure the time you spend on each web page of hlb.gr. 

Google Analytics Data Privacy and Security Information: https://support.google.com/analytics/answer/6004245?p=privpol_data&hl=el&visit_id=636852664111108818-758842679&rd=1

We collect and process your personal data only for legal purposes, as the above mentioned. We may process your personal data for purposes other than those for which your personal data were initially collected, only where the processing is compatible with the purposes for which your personal data were initially collected. 

We may process your personal data, if processing is necessary for compliance with a legal obligation to which the Company is subject or if processing is necessary for the purposes of the legitimate interests pursued by the Company.

Data subjects may sometimes be obliged to provide their personal data (e.g. in case of a contract with the Company). If you refuse to provide the requested information, we will not be able to fulfil the above-mentioned data processing purposes.

Your Personal data are generally kept in electronic form in the Company’ s data bases, either locally or to a cloud service. We may also keep crucial documents in hard copy format. Your e-mails are stored in our mailbox server and through Outlook locally at our Company’ servers. Information collected from Google Analytics technology is stored at Google Data Center. Google complies with the EU-US Privacy Shield Framework.

ONLINE CONSENT

At hlb.gr we may ask you to give your consent to the processing of personal data relating to you. This may include ticking a box while browsing through different webpages of the Website. Ticking that box, is a clear affirmative action, which is considered as a freely given, specific, informed and unambiguous indication of your agreement to the processing of your personal data. You may withdraw your consent at any time, without affecting the lawfulness of processing based on your consent before your withdrawal.

We will provide you all the information you need to express your prior agreement (consent) to the processing of personal data relating to you, if processing is based on your consent.

YOUR RIGHTS

The Company protects your personal data and respects your rights and freedoms. 

As Data Subject you have the right to be informed on the processing of your personal data, the right of access to your personal data and to information relevant to processing, the right of rectification of your personal data , the right to erasure of your personal data, the right to restriction of processing, the right to data portability, the right to object to the processing of your personal data, the right not to be subject to a decision based solely on automated processing, including profiling and the right to withdraw your consent at any time. To be informed about or exercise the above rights, you need to apply by writing to hlb.gr (e-mail: privacy@hlb.gr). We are ready to handle your request with respect to your rights. Otherwise, you could lodge a complaint to a supervisory authority, if the Data Controller does not take action on your request.

We take all efforts to facilitate the exercise of Data Subjects’ rights. We will not refuse to act on any request of yours for exercising your rights, which are described above, unless we are not in a position to identify the Data Subject. 

We will respond in writing to such requests from you, without undue delay and in any event within one month of receipt of your request. In this case we will provide you with information on action taken on behalf of your request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests. We will inform you of any such extension within one month of receipt of the request, together with the reasons for the delay.

We will communicate any rectification or erasure of personal data or restriction of processing to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort.

Otherwise, if we do not intend to take action on your request, we will inform you without delay and at the latest within one month of receipt of the request, of the reasons for not taking action.

ONLINE SECURITY OF PERSONAL DATA

Hlb.gr uses an SSL certificate.

DISPUTE RESOLUTION

In case of controversy or claim of any nature regarding the process of your personal data and the context of this Privacy Policy, applicable law is the law of the Greek state. For all actions or legal procedures, the Courts of Athens will be in charge.

UPDATES TO OUR PRIVACY POLICY

The Company reserves the right to amend this Privacy policy. Any changes will be post in this link. You should periodically check whether changes have been made.

x
x

Share to:

Copy link:

Copied to clipboard Copy