PRIVACY AND PROTECTION POLICY REGARDING THE PERSONAL DATA
I. General Principles regarding the Personal Data
1. Who is accountable for your data? – Where shall you address to for the exercise of your rights?
2. Controller of your Data is the SA company under the name “Marmor SG Société Anonyme Processing of Marble and Granite”, under the distinctive title “STONEGROUP INTERNATIONAL”, seated in Kavalari Thessaloniki, as legally represented, with the following telephone number 23940-20440 and e-mail address firstname.lastname@example.org (“the Company”).
3. The above Controller Company has appointed a Data Protection Officer with contact e-mail email@example.com. You can address all requests for exercising all of your rights (hereinunder 3.1 – 3.7.) to the abovementioned email address of the Data Protection Officer.
1. Company’s general principles regarding the transparency of information
1. Any piece of information that is provided with the present and any other more thorough information that may be requested in the future, as provided in order for your specific right to be informed, is provided free of charge, subject to the requirement not to be repeated, excessive or manifestly unjustified (see under 2.3).
2. For each of the rights (hereinunder 3.1-3.7) that you exercise, the Company will reply within one (1) month from the receipt of the request or in the case of objective difficulties, complexity of the request or a multitude of requests, the Company shall respond, within a maximum deadline of three (3) months in total, either by satisfying your request or by justifiably refusing to perform what you have requested for legitimate reasons expressly specified in General Data Protection Regulation EE/2016/679.
3. In the event that the Company considers that one of your rights is being exercised in a manner that is manifestly unjustified or the request is excessive or is unjustifiably recurrent, the Company is entitled to charge you with a reasonable fee in order to provide further information (which in principle is free of charge) or to refuse to respond to the request.
4. In case the Company has reasonable doubts as for your identity when you submit a request for exercising one of your rights, it may ask you to provide further information, necessary for verifying your identity, before the processing of your request.
5. In the event that the Company delays beyond a reasonable period of time to respond to your request, and in any other occasion that you consider that any of your rights is being violated, or the Company doesn’t comply with its obligations regarding the retention of your data, you have the right to submit a complaint to the supervisory authority (Hellenic Data Protection Authority, Athens, Kifisias 1-3, P.C. 115 23, Athens, firstname.lastname@example.org, +30-210 6475600).
6. You reserve the right to withdraw at any time your previously given consent by submitting a relative written request to the Data Protection Officer’s email email@example.com. (see above 1.2)
1. What are your rights in relation to the Personal Data that you provided to us ?
1. Right to be informed
You have the right to request information in relation to the personal data which we have received from you and we maintain for one or more purposes, as they are described below under IIA to IID. The present text constitutes in its entirety a manual of basic awareness and understanding of the philosophy of the regulatory framework that runs through the protection of your personal data. Following your request for the exercise of your right to be informed you shall receive updated, and more thoroughly explained information, and clarifications on this (see how in 1.2)
2. Right to access
You have the right to request from our Company access to your data that we maintain and confirmation as to whether it is being processed, and more specifically, information about the purposes of the processing, the categories of personal data, the recipients or the categories of recipients, the time period for which the data will be stored and processed, the right to lodge a complaint with the Hellenic Data Protection Authority, any available information about the origin of the data (in case the data has not been obtained from you), whether automated decision – making (including profiling) takes place and the related methodology, safety measures implemented when transfers to third countries are being carried out, and a copy of the personal data being kept and processed. (see how in 1.2)
3. Right to rectification
You have the right to request from our Company rectification of your data, in case any of the data that we have the right to process has been altered or incorrectly submitted. (see how in 1.2)
4. Right to erasure
You have the right to request from our Company the complete or partial erasure of your data that we are entitled to store and process, either because they are no longer necessary for the purposes for which they were collected, either because you withdraw your consent, or because your data were collected for a purpose that you consider illegal. Our Company, within a reasonable period of time (no more than one month, and under circumstances, if there is difficulty, no more than three months in total) shall reply to you by confirming the complete or partial erasure of your data or the inability to erase some data, if their maintenance is required by law, or the performance of a task of public interest, or the freedom of expression, or the defense against legal claims. In such a case, you have the right, to lodge a complaint with the Hellenic Data Protection Authority, and/or seek an effective judicial remedy. (see how in 1.2)
5. Right to restriction
You have the right to request from our Company to restrict the processing of your data, in terms of quantity, time or in relation to the purpose of their processing, and more specifically (a) either because you contest the accuracy of your data and for as long as the Company is in the process of verifying its accuracy, (b) either because you consider the processing to be illegal, and instead of the erasure of the data you opt for its restriction, (c) either because its use from the Company is no longer needed, however, you don’t wish its erasure since their preservation shall be needed for a claim before court, (d) or, in case you have objections to the processing of the data and until it is verified that your rights as a Data Subject are overriding the Company’s legitimate grounds for processing (see how in 1.2).
6. Right to portability
You have the right to receive the personal data you have provided to us, in a structured, commonly used and machine-readable format, as well as the right to transfer them further without objection, given that the processing is being carried out on the grounds of your consent. In the context of the exercise of this right, you may also request direct transfer from the Company to the third entity without your own intervention.
The present right is exercised, subject to the conditions of erasure, as described above (under 3.4) and its exercise shall not adversely affect the rights and freedoms of others.
7. Right to object
1. You have the right to object to the use of your personal data for the purpose of direct marketing purposes and especially to profiling related to this direct marketing. (see how in 1.2)
2. There is no such right in the case of filling in the data -electronically or physically- in the CV’s Submission form, because this data is not transferred to the Marketing Department and they do not undergo such treatment.
4. Is there any possibility that we transfer your data somewhere else?
There is no provision that your data shall be transferred to any organization other than the Company itself and its subsidiaries, with the exception of (a) the service providers for our Company’s electronic systems and networks – and for the sole purpose of the performance of the contract to support our Company and (b) the competent tax authorities considering our mandatory obligation to comply with the tax legislation insofar as it is required.
We assure you that the Company shall take any technical and organizational data protection measures necessary and shall make only the optimum, minimum and absolutely necessary use and processing of your Data, as defined by the law, and strictly and exclusively for the purpose for which you have provided them to us.
II. Specific clauses, regarding the individual categories of Data Subjects, that apply in parallel to and additionally to the above general provisions of the Policy.
(A) RECΙPIENTS OF COMMUNICATION
A.1. Purpose: The receipt, processing and retention of your Data that was given exclusively in the framework of communication, is executed for the sole purpose of keeping you updated about our Company’s products and news. The entirety of your Data is kept only for this purpose and undergoes processing only from the Marketing Department of our Company.
A.2. Legitimate Basis of the Processing: Your consent to the processing of your Data, in order to fulfil the abovementioned relevant purposes, constitutes the legitimate basis of this processing, in accordance with Article 6(1)(a) of the Regulation on the protection of personal data.
A.3. Data Retention Period: In order to fulfil the abovementioned purpose of the processing, your updated information about products and news, we consider it reasonable and necessary to store your relevant Data for a period of five (5) years. After five years from the time you provided your consent, the relevant Data shall be deleted, unless you provide us with your new consent under the above conditions.
(B) CUSTOMERS – SUPPLIERS and POTENTIAL CUSTOMERS – SUPPLIERS
B.1. Purpose – Legitimate Basis:
(a) during the pre – contractual phase and especially in case of filling in an electronic contact form on our website, or direct sending e-mail, or communication by telephone, or filling in a hardcopy document (if in this way you provide us with your full name/e-mail address or/and telephone number or/and address or/and profession or/and our products that you are interested in), the purpose of the processing is the evaluation of a possible transaction with the Company and legitimate basis the service of the Company’s legitimate interest to pursue its commercial purposes, responding to the requested communication to investigate the possible transaction with you.
(b) In case that a transaction with the Company is realized, the Data that you have provided us with during the pre-contractual phase (as well as all that you shall provide us with in the framework of our transaction) shall be processed for the purpose of implementing the contract between us and of our compliance with tax legislation. In this case, legitimate basis of the processing is the performance of the contract between us and our compliance with the legislation [Article 6(1)(b) and (c) of the Regulation on the protection of personal data].
B.2. Data Retention Period.
We shall keep the above under B.1.(a) Data for five (5) years and afterwards we shall erase them. The above under B.1.(b) Data, shall be reserved for as long as it is necessary according to tax legislation.
(C) POTENTIAL EMPLOYEES
C.1. Purpose: The evaluation of your possible recruitment by the Company.
C.2. Legitimate Basis of the Processing: Legitimate basis for processing the Data you have provided to us, in the process of the evaluation of your possible recruitment by the Company, is your consent in accordance with Article 6(1)(a) of the Regulation on the protection of personal data.
C.3. Data Retention Period: In order to fulfil the above- mentioned purpose related to assessing possible candidates for recruitment in our Company, we consider it reasonable and necessary to keep your relevant Data for a period of twelve (12) months. After twelve (12) months from the time we have received your CV, the relevant file with the entirety of your information shall be erased.
(D) VISITORS OF OUR COMPANY’S ESTABLISHMENTS
D.1. Purpose: In order to ensure the safety of the visitors of our Company’s various facilities (offices, factories) as well as the Company’s property, a Close Circuit TeleVision (CCTV) operates in certain areas (either entrance or storage of the equipment or products of particular value) and continuously records the movements at the above areas. In addition to that, when a third person (visitor or associate – contractor) first enters our Company’s facilities, his /her data (name and surname) is written down for security reasons, while special safety instructions are being provided to him/her.
D.2. Legitimate basis of the Processing: The retention of the above data is being carried out in favor of the Company’s legitimate interests, as described above (under D.1) in detail.
D.3. Data Retention Period: The CCTV’s data shall be erased automatically after (30) days from their receipt, while the entrance data shall be kept under protocol form in order to be able to confirm the receipt of safety instructions.