Privacy Policy

Indicatively, this Policy applies to:
• Promotional and commercial activities: evaluation of the markets related to our products / advertising, marketing, sale, distribution and delivery of our products / communication with our customers and other end users of our services / sponsorship and conduct of events
• Corporate support: hiring, managing and compensating employees / conducting employee performance and talent assessments / providing training / managing ethics and privacy issues / managing and securing our assets and infrastructure / sourcing and payment for products and services / fulfillment of our commitments related to the environment, health and safety / communication with the media.
This Policy applies to all individuals whose data we process, including clients, candidates and partners.
Respectively, every employee of the Company, and third parties who process data about our company, are responsible for understanding and complying with their obligations under this Policy and existing laws.
The privacy principles described below summarize the standards and basic requirements for the collection and processing of personal data of individuals by our company.

Personal data:
(a) are processed lawfully and fairly in a transparent manner in relation to the data subject ("legality, objectivity and transparency");
(b) are collected for specified, express and lawful purposes and are not further processed in a manner incompatible with those purposes ("limitation of purpose");
(c) are appropriate, relevant and limited to what is necessary for the purposes for which they are processed ("data minimization");
(d) is accurate and, where necessary, updated ("accuracy");
(e) are kept in a form which allows the identification of data subjects only for the period required for the purposes of the processing of personal data; ("limitation of the storage period");
(f) be processed in such a way as to guarantee the appropriate security of personal data, including its protection against unauthorized or unlawful processing and accidental loss, destruction or deterioration, using appropriate technical or organizational measures ("integrity and confidentiality"); ).

1. Necessity - data minimization
• Before collecting, using or distributing Personal Data, we determine and record the specific, legal business purpose that is served.
• We define and record the period of time for which the Personal Data is used for the defined business purposes, which is defined on a case-by-case basis depending on the nature and type of activity.
• We do not collect, use or share more Personal Data than is necessary and do not withhold Personal Data in an identifiable form for longer than is necessary for the specified business purposes.
• Anonymize data when business legal requirements make it necessary as well as when information about the activity or process is retained for a longer period of time.
• Ensure that these necessary requirements are incorporated into any assistive technologies and that third parties supporting the activity or processing are informed.

2. Legitimacy, Objectivity and Transparency
• We do not process Personal Data in ways that are unfair to the data subject.
• We determine whether the proposed collection, use or other form of processing of Personal Data is a risk for existing or indefinite harm to individuals, always aiming to prevent them.
• If the nature of the data, the types of people or the activity contain an inherent risk of actual or unspecified damage, we ensure that this risk does not outweigh the corresponding benefits to those individuals.
• In cases where it is necessary to process Personal Data of special categories ("sensitive"), this is done only with the explicit consent of individuals or as required or explicitly permitted by existing laws.
• We record the risk analysis and design any necessary mechanisms for obtaining and recording data that demonstrate consensus on assistive technologies. We do not process Personal Data in ways or purposes that are not transparent.
•All persons whose Personal Data is processed in accordance with this Policy will be entitled to a copy of this Policy posted on the Internet. The Data Protection Officer will provide digital and / or physical copies of this Policy upon request to the addresses listed below.
• When Personal Data is collected directly from individuals, we inform them through a clear and easily accessible privacy notice or similar means, providing them with the following information:
- the identity and contact details of the controller
-the purposes of processing
-If the processing is based on the legitimate interests of the controller, what are those interests?
-the recipients of personal data
- no data transfer
-the period for which data will be stored
-the existence of a right to submit a request to the controller for access to and correction or deletion of personal data or restriction of processing
-when the processing is based on the consent of the subject, the existence of the right to revoke his consent at any time, without prejudice to the legality of the processing based on the consent before its revocation
-the right to file a complaint to the Personal Data Protection Authority
-the legal nature of the benefit
-the possibility of automated decision making
• If new reasonable corporate purposes for Personal Data already collected are identified, we ensure that either the new corporate purpose (including a substantially similar purpose) is compatible with the purpose as described in the privacy notice or other transparency mechanism previously provided to the individual , or we obtain the consent of the individual for the new use of his Personal Data.
We are responsible for maintaining the security of the privacy of your personal data when it is transferred from or to other business organizations.
We transfer Personal Data or allow it to be processed by third parties only if the following conditions are met, for the provision of which we are responsible.
• If the role of the third party is to process Personal Data on behalf of or to secure the vital interests of the company, before the third party receives the Personal Data, we:
(a) complete the legal review to assess the privacy practices and risks associated with these third parties;
(b) we seek to obtain guarantees through a written contract from these third parties that they will process Personal Data in accordance with the instructions of our company, and in accordance with this Policy.
(c) We ensure that they will inform us in a timely manner of any Security Incident and that they agree to cooperate when necessary.
(d) If the role of the third party is to provide Personal Data to our company, before we obtain the Personal Data from the third party, we ensure that the Transparency requirements for the collection of Personal Data from other sources are met and not specifically under the supervision of the company and we obtain guarantees through a written contract from the third party that it does not violate any Law or the rights of any third party by providing Personal Data to our company.
(e) If the role of the third party is to obtain from our company data for processing that is not specifically under the supervision of our company, before handing over the data to the third party, we ensure that the third party will use the data only for the operational purposes defined by the contract and in accordance with existing legislation.

3. Data Quality, Integrity and Confidentiality
We keep the Personal Data accurate, complete and up to date, and in accordance with their desired use.
• Ensure that periodic data control mechanisms are integrated into assistive technologies to validate data accuracy.
• We ensure that Sensitive Data is validated as accurate and up-to-date before use, evaluation, analysis, reporting or other processing, which carries the risk of injustice to individuals if inaccurate or out-of-date data is used.
• In case of change of personal data, the subject bears the responsibility to inform our company to make the necessary modifications.
We integrate safety valves to protect Personal Data and Sensitive Data.
• We have implemented a detailed information security program and security controls based on the sensitivity of the information and the magnitude of the risk of the activity, using the best practices of modern technology. Loss, misuse, unauthorized access, disclosure, or disaster protection policies include, but are not limited to, disaster recovery and access recovery, identity and access management, information classification, information security incident management, network access control, physical security and risk management.

4. Rights of Access, Correction, Deletion, Portability, Restriction of Processing and Opposition to Processing
You have the right to access your personal data.
This means that you have the right to be informed by us if we process your Data. If we process your Data you can ask to be informed about the purpose of processing, the type of your Data we hold, to whom we give it, how long we store it, if automated decisions are made, but also about your other rights, such as correction, deletion of data, restriction of processing and submission of a complaint to the Personal Data Protection Authority.
You have the right to correct inaccurate personal data.
If you find that your Data is incorrect, you can ask us to correct it (eg name correction or change of address notification).
You have the right to delete / forget.
You can ask us to delete your data if it is no longer necessary for the above mentioned processing purposes
You have the right to portability of your Data.
You can ask us to receive in readable form the Data you have provided or ask us to pass it on to another editor
You have the right to restrict processing
You can ask us to restrict the processing of your Data for as long as your processing objections are pending.
You have the right to object to the processing of your Data.
You may object to the processing of your Data or withdraw your consent and we will terminate the processing of your Data unless there are other compelling and legitimate reasons prevailing over your right.

To exercise your rights you can send us a request, describing the right you want to exercise either at the postal address of the Company: Aristomenous 36 - Kalamata, with the indication "Exercise of access / correction / deletion / restriction / objection", or to the e-mail address: This email address is being protected from spambots. You need JavaScript enabled to view it. with the title "Exercise of the right of access / correction / deletion / restriction / opposition", with a description of your request and we will take care to examine it and answer you as soon as possible.
We respond to your requests free of charge without delay, and in any case within (1) one month from the time we receive your request. However, if your request is complex or there is a large number of your requests, we will inform you within a month if we need to receive an extension of another (2) two months, during which we will respond to you.

Terms you need to know:
• Anonymization. Changing, cutting, deleting or otherwise restricting or modifying Personal Data to make it impossible to use it to identify, locate or communicate with the individual.
• Legislation. All laws, rules, regulations and advice orders that have the force of law.
• Privacy. All data about an identified or unidentified person, including information that identifies the person or that could be used to locate, monitor or contact them. Personal Data also includes immediate identification information such as name, identification number or job title, and indirect identification information such as date of birth, telephone number and encrypted data.
• Privacy Event. Violation or breach of this Privacy Policy or data protection law. Determining whether a privacy event has taken place and whether it is physical will be done by the Data Protection Officer and the Legal / Compliance Department.
• Processing. Carrying out any process or series of processes on human data, with or without automated means, including, but not limited to, the collection, recording, organization, storage, access, customization, conversion, retrieval, use, evaluation, analysis, reporting , distribution, disclosure, transmission, disposal, alignment, obstruction, deletion or destruction.
• Security Event. Access by an unauthorized person to Personal Data or disclosure to an unauthorized person of Personal Data or the reasonable suspicion of our company that this has occurred. Access to Personal Data from or on behalf of our company without the intention of violating this Policy is not a Security Event, provided that such Personal Data is then used and disclosed only as permitted by this Policy.
• Sensitive data. Any type of human data that contains an inherent risk of harm to individuals, including data that is legally defined as sensitive, including, but not limited to, data relating to health, heredity, race, ethnic origin, religion, policy or philosophical beliefs or convictions, criminal record, exact geographical location information, bank or other financial account numbers, state-issued registration numbers, minors, sex life, trade union relations, security, social security and other employer or government benefits .
• Third person. Any legal entity, organization or individual that does not belong to our company, or for which our company has no audit interest, or which does not work for our company. Unless expressly provided by this Policy, no part of our company is required to meet the requirements of a third party under this Policy, as all subsidiaries and sectors are required to process human data in accordance with this Policy.

Changes to this Policy
This Policy may be revised periodically, in accordance with the requirements of existing legislation. Whenever this Policy changes in a natural way, a notice will be posted on our company website.