PERSONAL DATA PROTECTION POLICY AND COOKIES POLICY

I. INTRODUCTION

The General Data Protection Regulation (hereinafter “GDPR”, Regulation (EU) 2016/679) entered into force in the European Union on 25 May 2018. To read the text of the Regulation, please visit the following URL: https://eur-lex.europa.eu/legal-content/En/TXT/?uri=CELEX:32016R0679.

This Personal Data Protection Policy (hereinafter the “Data Policy” or “PDRP”) concerns the organisation with the registered name ‘SEV Hellenic Federation of Enterprises’ and the trade name ‘SEV’ (hereinafter “SEV”), seated in Athens, Greece at 5, Xenofontos Street. SEV is the owner, creator and beneficiary of all rights to the pages under the domain name: www.sev.org.gr and www.sevstegi.org.gr (hereinafter the “websites”) and the services provided thereon, as well as the Controller of any data declared by visitors/users of these websites.

SEV places great importance on the protection of the personal data of users, executives and any third parties visiting the Federation’s websites. This is why it has prepared this Privacy Policy in order to notify the foregoing individuals with respect to the manner of collection, use and disclosure of their personal data.

This website may contain links to other websites under the responsibility of third parties (whether natural or legal persons). Additional websites may be added in the future, and SEV shall in no way be held liable for the terms of protection and management of personal data thereof.

 

II. PERSONAL DATA PROTECTION POLICY

1. DEFINITION OF PERSONAL DATA

Under Article 4 of the GDPR:

“Personal Data”: any information through which a natural person (“Data Subject”) is identifiable or can be identified.

“Controller”: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

“Processor”: a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

“Personal Data Subject”: the natural persons whose personal data the controller collects and processes (in this Data Policy, the Data Subjects are the users of the websites of SEV: the representatives and executives of SEV members, SEV executives, social partners, persons participating in the various events organised by SEV and, generally speaking, all interested parties and third parties – visitors to the websites).

“Recipient”: a natural or legal person, public authority, agency or other body, to which the personal data are disclosed, whether a third party or not.

 

2. COLLECTION OF PERSONAL DATA

When visitors/users visit and interact with the websites of SEV, fill out model contact webpages (forms), submit applications for participation in an event or subscribe to the newsletter, certain information may be collected automatically, such as:

–     name, surname, telephone number (work and mobile), position at the company;

–     IP address;

–     type of browser and operating system;

–     websites and links clicked on within the webpage;

–     basic server connection information; and

–     information collected through software such as HTML cookies, Flash cookies, web beacons and other similar technologies.

The IP address is determined by the connection provider through which visitors/users access the Internet and, subsequently, the Website. The IP address is retained for legal and technical reasons, as well as for the resolution of issues related to the security of webpage systems (server, database, network, etc.).

SEV does not knowingly collect personal information from minors under the age of 18. If SEV ascertains that any personal information has been collected from a minor under the age of 18 without verifiable parental consent, it shall erase the information from its database as soon as possible.

SEV does not collect personal data belonging to a special category (Article 9(1) and Article 10 of the GDPR).

 

3. PURPOSE OF PROCESSING OF PERSONAL DATA

The personal data collected are used solely and exclusively for purposes concerning the fulfilment of the purpose of the activities of SEV, communication with the Data Subjects, as well as for statistical reasons and for the improvement of the services – information provided, and may not be used by any third party.

More specifically, the Personal Data collected by the websites of the Controller and stored in the relevant database are intended to be used for the purposes set out herein, i.e.:

–      to personalise the websites for users, in order to provide an optimal user experience and faster access to the services provided

–      to enable the provision of anonymised statistical data to third parties in a manner whereby they cannot identify the personal data subjects

–      to enable the management of the websites and all types of communication

–      to enable the dispatch of notifications or newsletters following a relevant choice by users. SEV ensures that this dispatch complies with the terms of consent laid down in the context of implementation of the GDPR and legislation on spam e-mail, and that users can freely withdraw their consent at any time.

–      to enable the submission of applications for participation in the Federation’s events by individuals who wish to attend them

–      to enable the dispatch of information concerning an event held to the individuals who attended it.

The data of users who have contacted SEV are stored on the Federation’s servers for a period of two years.

 

4. DATA RECIPIENTS AND PURPOSE OF TRANSFER

The personal data of users of the websites of SEV are transferred to associates and/or sub-contractors of the Federation, but always under conditions that fully ensure that the personal data of Data Subjects do not undergo any unlawful processing, i.e. processing other than the purpose of the transfer. The main recipients of the personal data of users are:

a) the company EVENTORA S.A., London, +442032877180, 64 SouthwarkBridge, London SE1 0AS, Athens +302106564460, to the extent that it provides event organisation services to SEV;

b) the company Moosend, Tallishouse, 2 Tallisstreet EC4Y 0AB, United Kingdom, to the extent that it provides e-mail newsletter dispatch services to SEV, received by users who have expressed an interest in receiving them (opt-in);

c) the company Entersoft, 362, Syggrou Avenue, GR-17674 Kallithea, which provides SEV with software for the system of management of data of members and associates (CRM), as well as maintenance and support services for this software, to the extent that it manages the data of website users who have expressed interest in receiving the newsletters of SEV;

d) the company GOOGLE, GoogleLLC, 1600 AmphitheatreParkway, Mountain View, CA 94043, USA, to the extent that it provides SEV with the ‘Google forms’ service, through which visitors/users of the websites can register to participate in the events organised by SEV;

e) the company Zonepage, 105, Michalakopoulou Street, GR-115 27 Athens, to the extent that it provides website maintenance and hosting services to SEV.

These recipients are third-party associates who provide services for the organisation of the Federation’s events. The above categories of recipients constitute Processors who are contractually bound under Article 28(3) of the GDPR and, therefore, as such, do not carry out any processing beyond the foregoing purposes of transfer.

Competent SEV executives have been appointed to access the personal data of website users and are bound to observe secrecy and confidentiality, with unauthorised access being prohibited. The Processors on account of SEV have agreed and are contractually bound to observe secrecy, to refrain from sending personal data to third parties without the permission of SEV, to take appropriate security measures and to comply with the legislative framework for the protection of personal data.

SEV shall not sell or otherwise transfer or make public the personal data of visitors/users of its websites to third parties, excluding the foregoing recipients, without the consent of visitors/users, with the exception of the application of legal requirements and solely to the competent Authorities.

The personal data kept may be disclosed to the competent judicial, police and other administrative Authorities, following a lawful request on their part and in compliance with currently applicable legal provisions. Furthermore, in the event of a legal provision, service order or official preliminary investigation, SEV has the right to make the relevant data immediately available to the corresponding service.

SEV shall not transfer the personal data of users to any third country or international organisation.

The websites may offer the possibility to share items on Social Networks and other related tools that allow users to share their actions on the Website/Application to other applications, websites or mass media, and vice versa. The use of such features allows the exchange of information with the friends of users or the public in general, depending on the settings they have set on their personal profiles. Users/visitors are requested to consult the privacy policies of these social networking services for further information on how they handle their data.

 

5. USER CONSENT

Users shall accept this Personal Data Protection Policy, acknowledging that:

–      With respect to communication between SEV and visitors/users of its websites in order to inform the latter on the actions it carries out and through the provision of any information related to its areas of activity, SEV is entitled to send newsletters to the e-mail addresses of users, provided they have made a relevant choice and granted their express electronic consent (opt-in) for this purpose by entering their e-mail address in the relevant field on the websites and selecting the field “I wish to receive information on the news and actions of SEV”. Furthermore, the ability of any user to object (opt-out / unsubscribe) at any time is provided in a clear, visible and easy manner at no charge through a relevant message, should a User no longer wish to receive newsletters.

–      Processing concerning fraudulent acts: The Data Subject has been informed of and consents to, in the event of sufficient indications and if required by the specific circumstances, SEV having the right to collect, process and use personal data necessary for the disclosure of fraudulent acts, as well as information related to any other unlawful or irregular use of its websites.

–      Legally required transfer: The Data Subject has been informed of and consents to the potential transfer of his or her personal data to law enforcement and supervisory Authorities for the necessary protection against risks to state and public security, as well as for the prosecution of crimes.

 

6. TRANSFER AND STORAGE OF PERSONAL DATA

The personal data of Data Subjects are transferred via e-mail; data are transferred in an encrypted state.

Data are stored on the servers of SEV, situated at the Federation’s premises.

 

7. RIGHTS OF DATA SUBJECTS

As the Controller and in full compliance with the provisions of the GDPR, SEV satisfies and facilitates the satisfaction of the following rights of the Data Subjects:

a) Right to access

The Data Subjects shall have the right to be notified at any time, by the Controller, of whether it processes their personal data and, if so, to request information on the purpose of the processing, the type of Data processed, to whom they are transferred, how long they are stored and whether there is automated decision-making. Furthermore, Subjects shall be granted access to these personal data without undue delay.

b) Right to rectification

The Data Subject shall have the right to obtain, from the Controller, the rectification of inaccurate or outdated personal data concerning him or her. Furthermore, they shall have the right to demand that incomplete personal data be supplemented with a supplementary statement, among other things. Additionally, SEV shall communicate any rectification of personal data to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. SEV shall notify the Data Subject of the recipients in question, upon request.

c) Right to erasure

The Data Subject shall have the right to request, from the Controller, the erasure of personal data concerning him or her if they are no longer necessary in relation to the foregoing processing purposes and under the conditions of Article 17 of the GDPR.

d) Right to restriction of processing

The Data Subject shall have the right to request, from the Controller, restriction of processing of the personal data concerning him or her. If the processing of personal data has been restricted, such personal data shall, with the exception of storage, be processed solely and exclusively if specific exceptions apply.

e) Right to data portability

The Data Subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a Controller, in a structured, commonly used and machine-readable format.

f) Right to object

The Data Subject shall have the right to object, on grounds relating to his or her particular situation, at any time, to processing of personal data concerning him or her when it is required for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller, or when the processing is necessary for the purposes of the legitimate interests pursued by the Controller. Once the right to object has been exercised, the personal data shall no longer be processed unless it can be demonstrated that there are compelling, legitimate grounds for the processing which override the interests, rights and freedoms of the Data Subject or for the establishment, exercise or defence of legal claims. SEV guarantees that if the Data Subject objects to the processing of data concerning him or her, it shall no longer process these data unless it demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the Data Subject.

g) Automated individual decision-making, including profiling

The Data Subject shall have the right to object to a decision based solely on automated processing, including profiling, as the case produces legal effects concerning him or her, or similarly significantly affects him or her. At this time, SEV does not carry out automated individual decision-making. In any event, should it decide to proceed with automated individual decision-making in the future, SEV shall satisfy this right.

Overall, SEV ensures that:

  1. There are procedures allowing the Data Subjects to easily exercise their rights in order for all the actions required to be taken immediately.
  2. The Controller shall respond to a request submitted by the Data Subject without undue delay and within a maximum of thirty (30) calendar days. Should it be unable to satisfy a right exercised by the Data Subject, SEV shall ensure that specific, sufficient and comprehensive reasoning is provided.
  3. Save in exceptional circumstances, all actions concerning issues relating to the satisfaction of the rights of Data Subjects shall be taken at no cost to the Subjects.

If the Data Subjects consider that the processing of their personal data infringes the regulatory framework in force, they shall have the right to lodge a complaint with the Hellenic Data Protection Authority (postal address: 1-3, Kifissias Street, GR-11523, Athens, tel.: +30 2106475600, e-mail address: contact@dpa.gr).

SEV reserves the right, when deemed expedient, to amend this Policy, whether in part or in whole, at its absolute discretion, and to post this amendment on its websites. Any amendment hereto shall enter into force as soon as the amended Policy is posted on the websites. In any event, continued use of the websites of SEV by the user following amendments shall mean acceptance of these amendments. Otherwise, the user must cease using the websites of SEV, or notify the latter of any objections. Users must regularly consult the Policy in order to ensure that they are aware of the most recent version.

 

III. COOKIES POLICY

1. General Information

The Federation’s websites use ‘Cookies’-type software, in compliance with the legislation in force. ‘Cookies’ are small information strings (files) in simple text format that are stored on users’ computers (or other devices with Internet access, such as smartphones or tablets) when they visit any website. ‘Cookies’ do not harm users’ computers or the files stored thereon. Without cookies, it would be impossible to store a user’s personal preferences.

‘Cookies’ help collect information necessary to measure the effectiveness of websites, to improve and upgrade their content, to adapt it to the demands and needs of users, and to measure the effectiveness of the presentation and promotion of the website on third-party websites. The ‘Cookie’-type files used on the websites of SEV do not collect information that personally identify users and are not made aware of any document or file stored on users’ computers.

The information collected by the ‘Cookies’ may include the type of browser used by a user, the type of computer, the operating system, the internet service providers and other such information. Moreover, the information system of the website automatically collects information concerning the sites visited by a user and links to third-party websites that may be found on the websites of SEV.

 

2. Which ‘Cookies’ SEV uses

The websites of SEV use ‘cookies’, much like all websites, to operate smoothly and serve users as much as possible. The four categories of cookies used are outlined below:

A) Session and persistent

‘Session Cookies’ Session cookies are stored on a user’s computer or electronic device during their visit to the websites of SEV and are deleted upon leaving the website.

‘Persistent Cookies’ remain on a user’s computer or electronic device for a longer period of time, until the users themselves delete them.

B) Strictly necessary, functionality and performance cookies

Strictly necessary ‘Cookies’ are critical for the proper functioning of the websites. These ‘Cookies’ allow users to access and use the functions of the website, such as access to secure areas or filling out of website forms. These ‘cookies’ do not identify users, and the smooth operation of the website would be impossible without them.

‘Functionality Cookies’ allow the website to remember a user’s choices, such as the username, password, etc. in order to provide improved and personalised functions. They can also be used to provide services that have been requested by the user, such as viewing videos or using social media. If a user does not accept these cookies, the performance and functionality of the SEV website may be affected and the user’s access to website content restricted.

‘Performance – Analytics Cookies’: SEV uses ‘Cookies’ to collect information on how visitors use its websites in order to satisfy most needs of visitors-users, to improve the content of its websites and facilitate its use by visitors. These cookies utilise the way visitors use the website, and are used for statistical purposes and for monitoring and improving the performance of a website.

C) ‘Third-Party Cookies’ and embedded content

SEV allows Google and other third companies with which it cooperates to install the ‘Cookies’ it uses. Should users enter third-party websites or connect to social networking media (Twitter, Facebook, YouTube) through the websites of SEV, they must be aware that these third websites or media may install ‘Cookies’ upon their visit to the link in question. These ‘Cookies’ are beyond the control of SEV and are governed by the Cookies Policy of each third-party installing them. In order to know how to manage them, users must consult the corresponding policies of the websites in question.

The table below lists the Cookies used on the Federation’s websites, as well as the duration, purpose and origin of each cookie:

Browser type: Mozilla Firefox
Cookie domain: SEV Duration Provider
_gat 1 min google analytics 3rd party (statistics)
_ga 2 years
_gid 24 hours

 

Browser type: Google Chrome
Cookie domain: SEV Duration Provider
_ga 2 years google analytics 3rd party (statistics)
_gid 24 hours

 

Browser type: Internet Explorer
Cookie domain: SEV Duration Provider
_ga 2 years google analytics 3rd party (statistics)
_gid 24 hours

 

Browser type: Microsoft Edge
Cookie domain: SEV Duration Provider
_ga 2 years google analytics 3rd party (statistics)
_gid 24 hours

 

Browser type: Apple Safari
Cookie domain: SEV Duration Provider
_ga 2 years google analytics 3rd party (statistics)
_gid 24 hours

 

3. Managing and Deleting Cookies

Most browser menus contain options on managing ‘Cookies’. Depending on the choices provided to users by the browser, users may allow the installation of ‘Cookies’, disable/delete existing ‘Cookies’ or be alerted each time ‘Cookies’ are received. Instructions on managing and deleting Cookies can usually be found in the ‘Help’, ‘Tools’ or ‘Edit’ menu of each browser. Users can also find more detailed guidance at www.youronlinechoices.com/gr, explaining in detail how to control and delete ‘Cookies’ in most browsers.

Users must be aware that if they reject or disable Cookies on the websites of SEV, the functionality of the websites may be partially impaired. Furthermore, disabling a ‘Cookie’ or category of ‘Cookies’ does not delete the corresponding file from the browser.. This action must be taken by users themselves by changing the internal settings of their browser.

 

4. Changes to the use of Cookies by SEV

SEV reserves the right, when deemed expedient, to amend this Policy, whether in part or in whole, at its absolute discretion, and to post this amendment on its websites. Any amendment hereto shall enter into force as soon as the amended Policy is posted on the websites. In any event, if users continue to use the websites of SEV following amendments, SEV shall bear no liability whatsoever. Users must regularly consult the Policy in order to ensure that they are aware of the most recent version.

 

Data Protection Officer of SEV

The Data Protection Officer of SEV is Georgios Nathanail, domiciled at 5, Xenofontos Street, Athens, e-mail address: aggelopoulou@sev.org.gr, and visitors/users of the websites of SEV can contact him with queries regarding this Privacy Policy and any matter related to the processing of their data and the exercise of their rights.

 

Contact

For any question concerning this Policy, users can contact SEV at info@sev.org.gr.

This policy will be renewed and updated from time to time, on the basis of the national and European legislation in force.