General Data Protection Regulation (GDPR)
The public limited company "PKF Euroauditing S.A.", which is based in Athens on Kifissias Avenue No.124 and is legally represented (hereinafter referred to as "the Company"), hereby declares that it respects your privacy and its primary concern is the effective protection and security of your personal data.
In this context, the Company commits to maintain and process personal data in accordance with the regulations and provisions of applicable national and EU law, in particular the Company undertakes to safeguard security, confidentiality and privacy of personal data and fulfill the security requirements to prevent, as far as possible, any data loss, unlawful or unauthorized use, and unauthorized access to this data.
1. Objective and procedure for processing personal data
The personal data you provide to us will be processed for the following objectives :
(a) for the objective of providing services to clients.
(b) for the objective of obtaining services from associates (collaborators).
(c) for the objective of projecting and promoting goods and services to existing and prospective clients.
(d) for the objective of selecting and hiring employees for the Company's own staffing but also on behalf of third parties and independent legal entities and clients.
(e) for the objective of performing the payroll of the Company's employees and associates, as well as the payroll of third party employees and clients.
(f) for the objective of accessing online services.
The Company will collect, keep and process only those personal data that are the minimum and absolutely necessary to achieve the objective of processing. The processing of personal data will be both automated and non-automated with hard copy file maintenance.
2. What personal data we collect
Personal Data means any information about a person from which that person can be identified. The concept of personal data does not include any anonymous data from which the natural person cannot be identified.
By virtue of the above processing purposes, as described under -1, we may collect and process personal data that we have categorized as follows:
(a) for the purpose of providing customer service, we collect information: name or surname, registered office, address, landline phone number, mobile phone number, Tax Identification Number competent tax authorities’ office, credit and debit card details, bank account number, email addresses of persons responsible for communication and fulfillment of contractual relationship.
(b) for the purpose of receiving services from affiliates: name or surname, registered office, address, landline telephone number, mobile phone number, Tax Identification Number, competent tax authorities’ office, bank account
(c) for the purpose of projection and promoting products and services to existing and potential customers: name, address, contact telephone number, email address.
(d) for the purpose of selecting and hiring employees for the Company's own staffing but also on behalf of third parties and independent legal entities and customers: name, surname, mother's surname, ID number, address, landline and mobile phone number, electronic mail address, marital status, education information, educational level, vocational training and qualifications, prior experience, personal interview details, resume and any letters of recommendation.
(e) for the purpose of processing the payroll of employees and associates of the Company, as well as the payroll of third party staff and clients: name, surname, mother’s surname, ID number, address, landline and mobile phone number, email address , marital status, education information studies, educational level, vocational training and qualification, prior experience, Social Insurance Identification Number (AMKA) and social security details, Tax Identification Number, competent tax authorities’ office, date of recruitment, salary, remuneration and benefits, bank account details.
f) for the purpose of accessing online services: address, device information (tablet, smartphone, PC).
In any case of collection of Personal Data, we shall keep them in a transparent and accurate manner. To this end, please inform us of any change to your personal information so that it is always up to date.
3. Consequences of non-consent to the provision of personal data
The provision of personal data is in no way mandatory. In any event, failure to provide the personal data that have been designated as "mandatory" may prevent us from fulfilling the above processing purposes or any contractual relationship. Failure to provide other, non-compulsory, personal data may in no way affect our provision of services.
4. Recipients of personal data
Personal data may be processed by individuals and / or legal entities established within and / or outside the European Union acting on behalf and for the Company based on specific contractual obligations.
In addition, the transfer of personal data will only take place in the context of compliance with legal obligations, in the context of enforcement of a public authority order and in the exercise of the Company's rights before judicial and administrative authorities.
5. Transmission of personal data outside the European Union
As part of our contractual obligations, the Company may also transmit and disclose personal data to countries outside the European Union, including by storing it in databases maintained by entities acting on behalf of the Company. Databases and the processing of personal data will always be managed in the context of the processing purposes set and in accordance with the applicable law on the protection of personal data.
6. Data Controller and Personal Data Protection Officer
The Data Controller is the Company.
The Data Administrator has appointed a Data Protection Officer with the responsibilities and duties outlined in the GDPR, which you can contact by e-mail at firstname.lastname@example.org
7. Personal Data Retention Rules
The Personal Data which are submitted for the above, under 1, processing purposes will be maintained by the Company for the period considered absolutely necessary to fulfil these purposes, including the fulfilment of any legal, accounting or information requirements and obligations, as well as and for the performance of any duties performed in the public interest.
With respect to the Personal Data processed to provide the contractual service, the Company may continue to store such Data for a longer period of time as may be necessary to protect and safeguard the Company's legitimate interests in relation to possible liability related to the provision of the Service.
In some cases we may anonymize your personal information so that they can no longer be associated with you and cannot be identified for the purposes of statistical and research purposes, so we may use this information for an indefinite period of time without further notice towards you.
8. The Rights of the Personal Data Subject
You may exercise your rights set out below and within the limits set by the specific provisions of Regulation (EU) 2016/679, in particular:
- The Right of Access to Your Personal Data, which means your right to be informed by the Company if your Data is being processed and to be able to access them (Rule 15 of Regulation 679/2016).
- The right of correction and deletion (the right to be forgotten) means the right to correct any inaccurate information and the right to delete your data if there is a legitimate interest in such deletion (Rules 16-17 of Regulation 679/2016), subject to any express overriding interest of the Company or a legal obligation to retain personal data.
- The right to restrict processing means your right to request suspension of processing when you have a legitimate interest in it (Rule 18 of Regulation 679/2016).
- The portability right means your right to receive data relating to you in a structured, commonly used and machine-readable format, and your right to request that data be transmitted to other processors as well (Article 20 of the Code Regulation 679/2016).
- The right to object means your right to object to the processing of your Data when there is a legitimate interest under the terms and conditions of Rule 21 of Regulation 679/2016, including your right to object to any automated processing of your data and to processing them for any marketing purposes.
- The right to withdraw your consent within the limits and provisions of the legislation.
- The right to lodge a complaint with the competent supervisory authority in the event of illegal processing of your Data.
You can exercise these rights by sending a letter to 124 Kifissias Avenue - Athens or an email to the Data Protection Officer at email@example.com.
You will not need to pay fees to access your personal data or exercise your rights aforementioned. However, we may charge you a reasonable fee if your request is manifestly unfounded or excessive, especially because of its repetitive nature. Also, in such a case, we may refuse to respond to your request.
The Company will make every effort to respond to your requests within one (1) month of their submission. In any case, if the complexity or volume of your requests requires more time, we will keep you informed.
9. Protection of Personal Data
We have taken appropriate technical and organizational measures to protect the personal data you provide us with. In this context, we regularly monitor our security systems and restrict access to your personal data only to assignees and authorized who need to be informed of this data and who are expressly committed to keeping such data strictly confidential.
If you have any questions or concerns about the use of your personal data, please contact us by sending a letter to 124 Kifissias Avenue - Athens, Data Protection Officer or email at firstname.lastname@example.org and we will make any effort