Legal framework for data protection

The General Data Protection Regulation (EU) 2016/679 (GDPR) and Law 4624/2019 constitute the legal framework, which govern the processing of personal data and ensures the protection of the rights and freedoms of natural persons when their data is processed. This policy describes how the OLYMPIOS GROUP collects and uses your personal information and how you can exercise your rights.

Definitions

  • Personal data: any information relating to an identified or identifiable natural person (‘data subject’) (name, surname, email)
  • Special categories of personal data: Special categories of personal data are personal data that reveal racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data, data concerning health or data concerning a natural person’s sex life or sexual orientation shall be prohibited.
  • Processing of personal data: Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
  • Subject: personal data subject is any natural person connected via one or more attributes with OLYMPIOS GROUP and the personal data of whom are processed in the framework of this transaction or other relation or/and attribute
  • Consent of the data subject: consent’ of the data subject means any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
  • Personal data breach: Personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed.
  • Controller: the person defining the purposes and the processing manner of personal data

Controller of personal data

OLYMPIOS GROUP
3 Agiou Andreou Str., P.C. 15343, Ag. Paraskevi,  Athens, Greece
Tel +30 2106004600
Email: info@olympiosgroup.gr

Personal data collected and processed by OLYMPIOS GROUP

OLYMPIOS GROUP keeps a file and processes personal data provided by the Subjects themselves. The processing of this personal data is done with the consent of the Subjects and only to the extent that is necessary depending on the purpose of the processing and the time required in each case. Each time, we collect the personal data that is absolutely necessary to implement the action or service requested by the Subject.

Purpose of the processing of personal data

We process your personal data only for the specified purpose we intend to pursue. Depending on the case, we may process the personal data to:

  • respond to any questions we receive from you and satisfy any requests you may have.
  • fulfil our contractual relationship with you.
  • receive updates via newsletter.
  • manage the staff and human resources of OLYMPIOS GROUP
  • administrate our website and offer the user the best services.

Process the Subjects’ personal data for the purpose of:

  • Carrying out audits provided by legislation.
  • The prevention, deterrence and suppression of illegal acts.
  • The upgrade of the provided services.

Data security

In OLYMPIOS GROUP, we recognize the importance of protecting your privacy and we always control and improve, the protection measures of your personal data from non-authorized use, random loss, dissemination, or destruction.

We take all necessary measures and procedures to avoid illegal access and the misuse of information and personal data. The measures we take include preventive security procedures, technical and physical mechanisms of access restrictions and control of the granting of access rights to authorized personnel.

Your personal data will be processed within the Company by the necessary personnel for this purpose, in compliance with a confidentiality obligation.

If we use a third party provider (subcontractor) or business partner who processes personal data on our behalf, we will ensure that the third party processing on our behalf has adequate security and privacy measures in place, such as the law defines and processes the personal data only to fulfil its contractual obligations to us and always in accordance with the instructions we have given and for no other reason.

In some cases, your personal data may be transferred to the competent police or judicial authorities to defend our legal rights, and only in cases where this is required by applicable law.

Principles related to processing of personal data

The processing of the personal data of the Group is carried out in accordance with the principles of protection of personal data, as defined in article 5 of the GDPR and are the following:

  • personal data shall be processed lawfully, fairly and in a transparent manner in relation to the data subject (lawfulness, fairness, and transparency)
  • collected for specified, explicit and legitimate purposes and not further processes in a manner that is incompatible with those purposes. Further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes or statistical purposes shall, in accordance with article 89 (1), not be considered to be incompatible with the initial purposes (purpose limitation)
  • adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed (data minimisation)
  • accurate and, where necessary, kept up to date, every reasonable step must be taken to ensure that personal data thar are inaccurate, having regard to the purposes for which they are processed, are erased, or rectified without delay (accuracy)
  • kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed. Personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes.
  • processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organizational measures (integrity and confidentiality)
  • the controller shall be responsible for and be able to demonstrate compliance with (accountability)

Lawfulness of processing

Processing shall be lawful only if and to the extent that at least one of the following applies:

  • The processing is necessary for the execution of the contract.
  • The processing is necessary for the fulfilment of a legal obligation of the Company.
  • The processing is necessary for the pursuit of a legitimate interest of the Company if the pursuit of a legitimate interest does not have serious consequences for the fundamental rights and freedoms of natural persons.
  • The processing is based on the user’s consent if the user is fully informed of the purpose of the processing of personal data.

Data subject’s rights

In the framework of the collection and process of the personal data concerning you, you have a series of rights based on the provisions of the legislation framework regarding personal data protection. More specifically, you have the right of information regarding the process of your personal data, the right to access your data, the right to correct, the right to delete your data after a consultation with us so as to determine if the suitable conditions are fulfilled, the right to data portability, the right to data process limitation, the right tο object to data process as well as the right to object to the automated decision making.

RIGHT OF ACCESS: As the data subject you have the right of access so that you can verify the lawfulness of the processing. You have the right to be informed whether and how we process the personal data we have stored about you and receive additional information about the processing we have carried out.

RIGHT OF RECTIFICATION: The data subject has the right to request the rectification of inaccurate data or the completion of incomplete data.

RIGHT TO DELETION: You can ask us to delete or remove your personal information in certain circumstances such as if we no longer need it.

RIGHT TO DATA PORTABILITY: The individuals have the right to receive personal data they have provided to a controller in a structured, commonly used, and machine-readable format. They have also the right to request that a controller transmits this data directly to another controller.

RIGHT TO RESTRICTION OF PROCESSING: The data subject has the right to request the restriction of the processing of personal data and the Company needs to react immediately if the data subject objects to its accuracy and until it is verified.

OBJECTION TO PROCESSING OF PERSONAL DATA: The data subject has the right to object at any time at the processing of personal data or to withdraw the consent.

Procedure for the exercise of the Rights

Data subjects may submit their requests for the exercise of their rights by completing the special form {……….} and can be submitted either by post to the offices of the Group (OLYMPIOS GROUP, 3 Agiou Andreou Str., P.C. 15343, Ag. Paraskevi,  Athens, Greece) or electronically at the email address dpo@olympiosgroup.gr.

The Group completes the review of the request and responds to the subject without delay and on any case within 30 days of confirmation of your identity. This deadline may be extended by a further two months if required, if the request is complex or there are a large number of requests to be handled.

In principle, the response to your request is free of charge. However, if a request is clearly unfounded or excessive, a reasonable fee be charged.

If you have exercised some or all of your rights and you still feel that your concerns regarding the way we use your personal data hasn’t been dealt satisfactorily by us, you have the right to appeal to the Hellenic Data Protection Authority (DPA), 1-3 Kifisias Ave., P.C. 115 23, Athens, Greece. At the relevant website of the Authority, you can find information regarding the way to submit a complaint (http://www.dpa.gr).

Storage period of personal data

We only process your personal data as long as it is necessary for the fulfilment of the respective purpose, unless there is a legal provision for their further storage, or we need them to cover and fulfil our legal requirements.

The Group has the ability to store personal data for a longer period than the specific storage period, if the personal data is to be processed solely for archiving purposes, for scientific or historical research purposes or for statistical purposes, without prejudice to the implementation of the appropriate technical and organizational measures to safeguard the rights and freedoms of data subjects.

Transfer of personal data outside EU/EEA

Your personal data is not sent to our knowledge in non-EU / EEA countries. If your personal data is transferred to such countries, we will take all necessary measures to ensure an adequate level of protection for personal data in accordance with applicable law. In the event that we are informed and/or suspected by our partner or a third party of sending or processing data to countries outside the EU/EEA, and in connection with ensuring the lawful processing of your personal data, we will make every effort to investigate the matter as quickly as possible and act accordingly. At the same time, we will endeavor to inform you, where it seems appropriate by the manner that the Group finds suitable.

Cookies definition and use

Cookies are small text files including information stored in your computer’s browser during your visit to OLYMPIOS GROUP website.

The cookie policy provides further details on the use of cookies and inform you about how you can delete or prevent the storage of specific cookies on your computer or mobile device.

Social Media

Our Company has a page on a social networking site (LinkedIn). We remind you that this page is publicly accessible and any content, comment, personal information you provide will be visible to the general public and you should be careful with the content of the information you post.

Information on the processing of personal data by social media can be found in its privacy terms.

Policy updating

It is possible that from time to time we change or modify the present policy and respectively modify the review date mentioned at the end of the page. We recommend that you visit this page periodically so as to always be updated regarding the way we process and protect your personal information.

Last update of personal data protection policy.

Date: 8/12/2023