PERSONAL DATA PROTECTION POLICY OF AUDIT SERVICES SA
The present policy applies under the light and in conjunction with the Greek and EU law on personal data protection and electronic telecommunication security.
Article 1: Scope
The present aims to provide a general uniform protective framework of the privacy and security of personal data of subjects, i.e. of any natural person whose personal data are being processed by Audit Services SA, under the applicable law in the frame of its business activity.
This policy binds Audit Services SA as from its upload in the website www.asnetwork.gr and following a relevant notification sent by e-mail to personnel, beyond any other specially envisaged procedure in the latter case.
Article 2: Terms
Recipient: The natural or legal person, public authority or agency or any other organization, to whom data are divulged, disclosed or transmitted, whether a third party or not. It is clarified that public authorities which may receive personal data in the frame of an investigation under the EU or a Member State law are not considered as recipients.
Personal Data File ("file or archiving system"): Any structured set of personal data which are accessible on the basis of specific criteria.
Personal Data: Any information relating to the data subject. Personal data are not considered to be the consolidated data of a statistical nature whereby data subjects may no longer be identified.
Interconnection: A means of processing consisting in the possibility of co-relating the data from a file to the data from a file or files kept by another Controller or Controllers or with data from a file or files kept by the same Controller for another purpose.
Processor: Any person processing personal data on behalf of a Controller, such as any natural or legal person, public authority or agency or any other organisation.
Processing of personal data ("processing"): Any operation or set of operations which is performed upon personal data by Public Administration or by a public law entity or private law entity or an association or a natural person, whether or not by automatic means, such as collection, recording, organisation, preservation or storage, alteration, retrieval, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, interconnection, blocking (locking), erasure or destruction.
Sensitive data-Special Categories of data: Data referring to racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, genetic data, biometric data for undeniable identification of a person, health or data relating to the sexual life or sexual orientation of a natural person.
Data Subject's Consent: Any free, explicit, specific, and fully informed statement of will, expressed in a clear and conscious manner, and in which the subject of the data, after being informed, accepts, with a statement or with a clearly positive action, the processing of the personal data relating to it.
Such information shall include at least information as to the purpose of processing, the data or data categories being processed, the recipient or categories of recipients of personal data as well as the name, trade name and address of the Controller and his /her representative, if any. Such consent may be revoked at any time without retroactive effect, by sending an email to firstname.lastname@example.org or the relevant forms accompanying the consent.
Third party: Any natural or legal person, public authority or agency or any other body other than the data subject, the Controller and the persons authorised to process the data, provided that they act under the direct supervision or on behalf of the Controller.
Controller: Any person determining the purposes and means of the processing of personal data (natural or legal person, or public authority or agency or other organisation). In the case where the scope and means of processing are set by national of EU law provisions, the Controller or the particular criteria for his appointment are determined by national or EU law.
Data subject: The natural person (indicatively: client, partner or employee of Audit Services SA), to whom such data refer and whose identity is known or may be found, i.e., his/ her identity may be determined directly or indirectly, in particular by reference to any ID identifier, e.g. name, ID number, or to one or more factors specific to his/ her physical, physiological, mental, economic, cultural, political or social identity.
Article 3: Principles regarding the collection, processing and use of personal data
The personal data:
I. Are collected fairly and lawfully.
II. Constitute object of processing only for the purpose notified to the subject.
III. Are appropriate, relevant to the matter and not excessive in view of the purpose for which they are used.
IV. Are maintained accurate and updated.
V. Are kept only for the time period required for serving the scope of their collection.
VI. Are processed in such a manner, in order to guarantee the appropriate security of personal data, including their protection against unauthorized or unlawful processing and accidental loss, destruction or deterioration, by using appropriate technical or organizational measures.
Article 4: Information right of data subjects
The data subjects are entitled to be informed about whether their data are or have been processed as well as of:
I. The identity and contact details of the Controller.
II. Their personal data and their origin.
III. The scope and timeframe of the collection, processing and/ or use of personal data.
IV. The processing method and the transmission to third parties, the recipient, the scope and extent of transmission, especially in case of a transmission to a third country or an international organization.
V. The provisions of the present policy.
The above information of the subjects should be effected in an intelligible manner, in writing upon data collection.
Article 5: Additional rights of data subjects
Any data subject enjoys the rights of access, correction, deletion, restriction, portability, objection, for human intervention and complaint to the Greek Data Protection Authority through the website www.dpa.gr or by mail to the premises of the Authority at 1-3 Kifissias Ave. 115 23 Athens or in person to the said offices of the Authority.
Moreover the data subject is entitled to:
I. File queries regarding the implementation of the present policy.
II. To raise objections in writing to the DPO with regard to the processing of such data, requesting also their correction, temporary non use, locking, non transfer, deletion, or restriction.
Article 6: Consent for data processing
Personal data processing is allowed only if the data subject has given his/ her consent prior to the collection, processing or use of the data.
Exceptionally, the processing shall be also permitted without the consent of the data subject if between others:
Ι. Data processing is needed for the execution of an agreement, whereby the data subject is a contracting party.
ΙΙ. The processing is necessary for the compliance with any legal obligation of the data controller.
ΙΙΙ. The processing is necessary for fulfilling the legitimate interests pursued by the data controller and provided that such interests obviously supersede the rights of the data subjects without however offending their fundamental freedoms.
Article 7: Personal Data processing
Personal Data processing is confidential and is effected only by individuals who are supervised by the Management of Audit Services SA.
Data processing is effected by individuals with respective professional qualifications, offering adequate guaranties in terms of technical expertise and personal integrity, in order to preserve confidentiality.
The Management of Audit Services SA takes all appropriate organizational and technical measures to ensure the data security and protection against any accidental or unlawful destruction, accidental loss, alteration, unauthorized disclosure or access and any other unlawful form of processing.
Article 8: Use of personal data for marketing/ advertising purposes
The use of personal data for marketing/ advertising purposes is effected according to the applicable legislation.
Data subjects are entitled to object to the use of their data for the above purpose, by following the instructions given through the relevant newsletter of Audit Services SA and any inherent private agreement relating to the processing of personal data.
Audit Services SA is obliged to inform the data subjects regarding their right to raise objections against any relevant processing actions.
Article 9: Updating of policy
The present shall be updated from time to time by Audit Services SA to the extent needed, in order to be in line with the applicable law and the guidelines of the competent supervising authority. Any amendment will be published directly to the website www.asnetwork.gr and will be duly notified to the interested data subjects.