PRIVACY & PERSONAL DATA PROTECTION POLICY
Effective Date: 05/05/2022
1. Information on the processing of Personal Data
For MESOGEOS S.A. the protection of the personal data of customers, suppliers, partners and its employees, is of paramount importance. For this reason we take the appropriate technical and organizational measures to protect the personal data we process and ensure that their processing is always carried out in accordance with the obligations set by the legal framework, both by the company itself and by third parties who process personal data on its behalf. This Privacy and Data Protection Policy applies to the services we provide to our customers, for communication to any interested party and for its website MESOGEOS S.A. and its electronic services.
2. What is GDPR?
The General Data Protection Regulation (GDPR)2016/679 (EU) is the new regulatory framework of the European Union (EU) in this area. The purpose of the law is to establish the conditions for the processing of personal data the protection of the rights and freedoms of natural persons, and in particular the right to protection of personal data. Personal data, according to the definition given in Article 4 of the GDPR, is information that may be used to identify you and to communicate and transact with you; and especially your name, postal address, e-mail address, Your telephone number, as well as other information when combined with your personal information.
3. MESOGEOS S.A. as controller
MESOGEOS S.A., as the controller of personal data, under the name “MESOGEOS S.A.”, based in Athens, Aiolou street 67, Athens P.C. 10559, with VAT number 099361052 of the Tax Office (FAE Athens) for purposes carries out its business activities collects and processes personal data of its partners, suppliers, employees and customers, in accordance with the applicable national legislation with Law 4624/2019 and European Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of these personal data , as applicable. Therefore, MESOGEOS S.A. acts as a controller, in accordance with Article 4 par. 7 of the GDPR. For any issue regarding the processing of personal data, you can contact MESOGEOS S.A. at the following contact details:
email: dpo@mesogeos.gr
Phone: +30 210 3837748
4. Your personal data that we process
We process your personal data only for a legitimate purpose, if one of the conditions of Article 6 (1) of the GDPR. The «mesogeos.gr» website was designed so that users can visit it without having to reveal their identity and without having to provide personal data unless they wish to do so. In the course of our activities and our cooperation with you, we will need to collect and process some of your personal data in order to offer you certain services and to be able to respond adequately to your needs. More specifically:
4.1 Personal data of our customers
MESOGEOS S.A. collects personal data of its clients and their accountants, such as full names, father’s names, contact numbers, emails, address, VAT number, which are processed business processes such as customs clearance, warehousing, invoicing, payments etc. in order to complete the services to our customers. The legal bases for the above processing are the performance of our contractual obligations (GDPR Article 6 (1) (b) and the legitimate interest of MESOGEOS S.A. (GDPR article 6 (1) f).
4.2 Personal data from the use of electronic services on our website .
When you enter our website you have the opportunity to configure which of your information We collect through cookies by selecting the relevant icon at the bottom of your browser. The necessary data are required for the proper functioning of the website and their deactivation may degrade the user’s browsing experience on the website. The legal basis for the above processing is the legitimate interest of MESOGEOS S.A. (GDPR article 6par.1 (f).
About the possibilities for choosing analysis and personalized presentation of ads from our partners read our Cookies Policy.
4.3 Personal data collected and processed by MESOGEOS S.A. for staff.
The staff of MESOGEOS S.A. is fully trained and aware of its obligations in this regard with the protection of customers’ personal data and professional confidentiality. There is always contractual relationship between MESOGEOS S.A. its employees, with the necessary confidentiality commitments and appropriate organisational and technical measures for the Protection of customers’ personal data.
When a new job position is created, MESOGEOS S.A. collects CVs of candidate employees through the Job find website. At this stage, MESOGEOS S.A. collects and Processes candidates’ personal data, such as name, age, family status, telephone, email, curriculum vitae, degrees, certifications, work experience, job application work etc. MESOGEOS S.A. ensures that the personal data of each candidate are kept intact and secure only for as long as necessary to be selected for the specific job position. The company MESOGEOS S.A. is not responsible for any incident security or bug of the Job find website. You should refer to the respective Policy Privacy of this website.
When MESOGEOS S.A. decides to hire a candidate employee, it collects and processes personal data of employees, such as full name, father’s name, mother’s name, passport/identity card, age, marital status, address, telephone, email, CV note, degrees, certifications, work experience, job position, VAT number, AMKA, IBAN where are located in employment contracts, payroll and employee training documents. These data are necessary for the performance of contractual and legal obligations of MESOGEOS S.A.
The legal bases for the above processing are the performance of our legal obligations (e.g compliance with tax, insurance and labor obligations set by law) (GDPR Article 6par.1 ́c) and the legitimate interest of MESOGEOS S.A. (GDPR article 6 par.1 ́f).
4.4 Personal data of our third party partners/suppliers
We collect and process personal data of our partners/suppliers (e.g. administrators) website, accountants, lawyers, security technicians, etc.) such as name, email, phone, address, VAT number, IBAN, for invoicing and drafting contracts, etc. We also keep a record of categorization, evaluation and development of our partners / suppliers. These elements are necessary in order to be able to communicate, direct and supervise Our partners, always aiming at our excellent cooperation and the satisfaction of our customers.
The legal bases for the above processing are the performance of our legal obligations (e.g compliance with tax, insurance and labor obligations set by law) (GDPR Article 6par.1 ́c) and the legitimate interest of MESOGEOS S.A. (GDPR article 6 par.1 ́f).
4.5 Personal data from video surveillance
Our security cameras and CCTV systems have as their main objective first of all preventing criminal acts and then keeping records that help us We draw safe conclusions in order to have a comprehensive knowledge of the risks of whom we must protect our lives and property. MESOGEOS S.A. ensures that the installation points of the cameras and the way the data is obtained shall be determined in such a way, so that the data collected is not more than strictly necessary for the fulfillment of the purpose of the processing and not to prejudice the fundamental rights of customers, suppliers and our staff. Also, MESOGEOS S.A. takes care to inform customers, before entering the range of the video surveillance system, in a manner that is conspicuous and understandable(sign), that they are about to enter a place that is being filmed. Personal data resulting from the use of control and monitoring methods, shall not be used to the detriment of customers, if they have not been previously informed and it is necessary due to legal malicious Act. Finally, the data resulting from the registration of personnel are not used for actions to evaluate them.
5. Basic principles of processing personal data
- The processing of personal data takes place in a lawful, fair and transparent manner.
- The collection of personal data is carried out only for specified, explicit and lawful Purposes.
- The collection of personal data is adequate and relevant. Personal data is accurate and up to date.
- Personal data that is inaccurate shall be corrected or deleted
- Personal data is kept confidential and stored securely.
- Personal data is not shared with third parties unless it is necessary to provide them services following an agreement that will ensure their protection in compliance with the GDPR.
6. Where is your personal data shared?
MESOGEOS S.A. may transmit the personal data provided by natural persons to third parties, in the following cases and for specific purposes.
6.1 To its external partners
These are experienced professionals, who are adequately informed about the obligations of compliance privacy regarding customers’ personal data. The external partners of MESOGEOS S.A.(e.g. accounting, CSB), have access only to the personal data of the employees who are judged strictly necessary for the performance of their duties. There is always a contractual relationship between company MESOGEOS S.A. and its external partners, with the necessary commitments con fidentiality and taking appropriate organisational and technical measures to protect personal data of customers.
6.2 Other third parties, due to legislation.
We may share your necessary personal data to comply with ourlegislation or to respond to a mandatory legal process (e.g. for tax purposes; customs purposes (ICIS), or to protect the rights or security of MESOGEOS S.A.
6.3 Other third parties for the implementation of services of MESOGEOS S.A.
There are occasions when we need to share the necessary personal data of customers for the uninterrupted operation of some electronic services (data center, hosting, etc.). In every Where appropriate, specific reference shall be made to the relevant service contract.
6.4 Recipients outside the EEA.
The personal data you provide to us will be transferred to and stored on our servers; established in the EEA (European Economic Area). We will not transfer your information outside the European Economic Area (EEA) unless you are a non-EEA user, in which case you may need to transfer your details to deliver your products, to process the payment/refunds or send you promotional information, to which you have subscribed. Will take all necessary measures to ensure the processing of your personal information securely and in accordance with this Policy and legislation for the protection of data, when it takes place from a location outside the EEA. For the avoidance of doubt, in where the United Kingdom is no longer part of the EEA, references to this paragraph in EEA means EEA and UK.
7. Storage Period.
The data storage period is decided on the basis of the following specific criteria Where appropriate: When the processing concerns CVs of prospective employees, they are destroyed outside the selected employee once their evaluation and rejection is over. When processing is required as an obligation by provisions of the applicable legal framework, personal Customer data will be stored for as long as required by the relevant provisions It is set at 10 years for physical records and as long as necessary by the legal framework for electronic archives. When processing is performed on a contractual basis, customers’ personal data is stored for as long as time is necessary for the performance of the contract and for the foundation, exercise, and/or support legal claims under the contract. As far as the personal data of MESOGEOS S.A. employees are concerned, we keep them for 20 years from expiration our contractual cooperation, for the possibility of subsidiary claims of these subjects, which are subject to the 20-year limitation period.
8. Personal Data Security.
MESOGEOS S.A. implements appropriate technical and organizational measures aiming at the safe processing of personal data and prevent accidental loss or destruction and unauthorized and/or unlawful access to, use, modification or disclosure thereof. These technical and organizational Measures are taken both during the design of the processing means (eg encryption of its data servers and company computers, etc.), as well as by default, so that only the personal data necessary for the respective purpose of processing (principle of minimization of personal data). MESOGEOS S.A. does not rest on technical security measures taken so far, but constantly looking for new and modern methods in order toto shield the personal data it collects and processes. In any case, the mode of operation of the Internet and the fact that it is free to anyone, does not allow guarantees to be given that Unauthorized third parties will never gain the ability to violate the applicabletechnical and organizational measures, gaining access to and, where appropriate, making use of personal data for unauthorized and/or unlawful purposes.
9. Actions in case of violation of personal data customer data.
In case of a violation of the personal data of data subjects and the violation this may cause danger to their rights and freedoms, MESOGEOS S.A. is committed to notify without delay and in any event within 72 hours of becoming aware of the fact of the breach, to the Hellenic Data Protection Authority (HDPA) and if deemed necessary and to the data subject.
10 Your rights
Every natural person whose data is processed by MESOGEOS S.A. has the following rights:
10.1 Right to information
You have the right to be informed about our identity and contact details, or that of our representatives, the purposes of the processing for which the personal data are intended as well as the legal basis for the processing, the recipients or categories of recipients of the data Personal. In the context of the principle of transparency that governs the operation of our company, You can contact us asking for further information on how to process your personal data and how to exercise your rights, by submitting them respectively Requests. Your requests will be answered without delay and in any case within month from receipt of the request. That period may be extended by a further two months, where necessary, taking into account the complexity of the request and the number of Requests.
10.2 Right of access
You have the right to be aware of and verify the lawfulness of the processing and to ask us copies of the personal data processed. So, you have Right to access the data and to receive additional information about the processing them. You also have the right to access more specific information about the content and how to exercise your individual rights.
10.3 Right to rectification
You have the right to study, correct, update or modify your personal information data
10.4 Right to erasure
You have the right to request deletion of your personal data when we process it based on your consent or in order to protect our legitimate interests. In all other cases (such as, but not limited to, when there is a contract, obligation to process personal data imposed by law, public interest), this right is subject to specific restrictions or does not exist as the case may be (e.g. we are entitled to refuse the deletion of your personal data for the purpose of establishing, exercising or supporting our legal claims).
10.5 Right to restriction of processing
You have the right to request restriction of processing of your personal data to the following: cases: (a) when you dispute the accuracy of the personal data and until it is done verification, (b) when you object to the deletion of personal data and request instead of deletion there striction of their use, (c) when the personal data are not needed for processing purposes, However, they are necessary for the establishment, exercise, support of legal claims, and (d) when object to processing and until it is verified that there are legitimate grounds for our concern and prevail over the reasons for which you object to processing.
10.6 Right to object to processing
You have the right to object at any time to the processing of your personal data on cases where, as described above, this is necessary for legal purposes interests pursued by us as controllers, as well as in processing for direct information marketing purposes. In particular, you have the right to object to any a decision taken solely on the basis of automated processing, including profiling, which produces legal effects concerning or affects you Exceptionally, you cannot object to your automated decision-making It concerns, when this decision, is either necessary for the conclusion or performance of the contract we have concluded with you, or based on your explicit and free consent.
10.7 Right to portability
You have the right to receive your personal data free of charge in a format that allows you to access, use and edit them with commonly used processing methods. You also have the right to ask us, if technically feasible, to transmit the data directly to another controller. Your right exists for the data you have provided to us and their processing is carried out by automated means based on your consent or in performance of a relevant contract.
10.8 Right to withdraw consent
Where processing is based on your explicit and free consent, you have the right to withdraw it freely, without prejudice to the lawfulness of processing based on your consent, before it Recall. To withdraw your consent, you can contact the Department of Personal Protection Data of MESOGEOS S.A., at the following contact details:
Email: dpo@mesogeos.gr Phone: +30 210 3837748
10.9 Right to complain to the DPA
In case of violation of your personal data, you have the right to file a complaint with Hellenic Data Protection Authority (www.dpa.gr): Call Center: +30 210 6475600,Fax: +30 210 6475628,E-mail: contact@dpa.gr.
11. Third Party Websites
Our Site may provide links to other Sites that are not owned or controlled by us, but who we believe could be useful or interesting to our visitors our websites. In this case, we are not responsible for the privacy practices that are used on others’ Sites or for the validity of their content or for collection in formation from the parties that own and control these websites, or the use of their cookies. Therefore, we are not responsible for any damage or problem that occurs to any of you who will make use of this foreign Website and ultimately, it is up to you whether or not to use one a link to another Website, provided by our Website, in case you do not trust it absolutely.
12. Children
By giving your consent you declare responsibly that you are over 15 years old. If you are under 15years, you may use our website and its services only with the participation and approval of a parent or guardian.
13 Updates and changes
The website www.mesogeos.gr constantly updated and expanded, both functionally and in terms of products and services thus renewing this privacy policy Transaction. We recommend that you read this page at regular intervals in order to you are informed of any changes to the content of this Privacy Policy.
Effective Date: 05/05/2022
The MESOGEOS S.A. Administration