If you wish to be informed in detail on all your rights and our obligations deriving from the applicable (European and National) Legislation, we have created the “Disclosure of the Protection of Personal Data” form for all natural persons who are in business with Electrica, which you can access at any moment electronically, via all the means we provide for your convenience, as well as in print format, provided that you request it as a supplement to the applications, suggestions, order forms, and other documents used in the context of our collaboration.
In this document you can read in detail why we collect and keep your personal data, and exceptionally, your sensitive personal data, in which cases we process this data, and how we secure their confidentiality.
For any further information or clarification on any subject concerning the implementation of the New Regulation and the protection of your personal data, you may contact the Data Protection Officer for the company, at (+30)210-4190810 and/or at the e-mail address: firstname.lastname@example.org
Here at Electrica, privacy is precious, and ensuring its protection is our utmost priority, in every way this is understood.
Our company makes every effort to conduct its business in a way that proves our unwavering commitment to ethical and responsible practices. Clearly, innovation and new technologies lead to constant changes regarding risks, expectations, and legislation, which is why we make every effort towards the timely adaptation to the manner we implement them as a response to these changes.
This Policy determines our standards on the management and protection by or on behalf of our company of Personal Data which come, directly or indirectly, from any country in the European Economic Area (EEA) and may be transferred to another country within the scope of the New General Regulation and Domestic Law. These standards apply for our operations in every country, for every operation which includes information on individuals/natural persons which we conduct in each field (including any of our entrepreneur successors and with the conventional limitation of liability which may be provided for during succession), including but not limited to the research, production, commercial activities, corporate support, and data transfer necessary for conducting the aforementioned operations, including but not limited to:
This Policy also applies to all the individuals/natural persons whose data we process, including but not limited to customers, candidates, employees, partners, investors and shareholders, state employees, and other counter-parties.
All Company Employees and Senior Managers are aware of the substantive responsibilities regarding privacy which they must observe or seek help and information in order to observe.
We acknowledge that unintentional errors and misjudgment on data protection may threaten people’s privacy as well as the reputation, operations, compliance, and finances of our Company. Each Company employee, as well as other individuals processing data for our company, is responsible for understanding and fulfilling their obligations under this Policy and the existing legislation.
A. Our Values include four lines of action regarding privacy:
Respect: We make every effort to respect the views and interests of individuals and societies and be fair and transparent in how we use and share information on them.
Trust: We make every effort to win and maintain the trust of our customers, employees, and other interested parties regarding the respect and protection of any information that concerns them.
Prevention of Harm: We understand that the misuse of data concerning individuals can cause tangible and intangible harm to these individuals, therefore we make every effort to prevent any physical harm, financial harm, harm to the reputation, or any other harm regarding privacy.
Compliance: Laws and regulations are not always consistent with the rapid developments of technology, data flow, and other related changes to the risks and expectations regarding privacy. We always try to comply with the spirit and regulations of privacy and the data protection laws in a way that is consistent with and operationally efficient for our business activities on a global scale.
B. Overseeing the implementation of Privacy responsibilities. We constantly and regularly inspect our procedures and technologies so that they are consistent with our privacy standards and values, as well as the applicable law. The eight aspects of the Principle of Privacy described below succinctly present the privacy standards and main requirements we try to meet:
1. Necessity – Before collecting, using, or sharing Personal Data, we determine and document the specific, lawful operational purpose for which such an action is necessary.
2. Fairness – We do not process the Personal Data in ways that are unfair to the individuals concerned.
3. Transparency – We do not process Personal Data in ways or for purposes that are not transparent.
4. Purpose Limitation – We exclusively use Personal Data in accordance with the principles of Necessity and Transparency.
5. Quality of Data – We keep your Personal Data accurate, compete, and updated, and in accordance with their intended use.
6. Security – We incorporate safeguards to protect Personal Data from loss, misuse, unauthorized access, disclosure, or destruction.
7. Data Transfer – As far as we are concerned and technically allowed, we maintain the privacy of Personal Data when they are transferred to and from other organizations or beyond state borders. We only transfer Personal Data or allow them to be processed by third parties if the following conditions are met:
8. Legality – We process Personal Data only if the requirements of local laws and the provided for Legal Bases are met, including the provisions of the GDPR within the region it is stipulated to apply.
C. Data subjects’ rights
We shall promptly respond to requests regarding individual rights on the access to, correction, modification, or deletion of Personal Data or objection to the processing of Personal Data in accordance with the following principles:
– Access, Correction, and Deletion –
Based on Community and Greek Legislation, data subjects have the right to access Personal Data concerning them and to correct, modify, or delete Personal Data that are inaccurate, incomplete, or outdated. We receive every request for access to, correction, and deletion of Personal Data. If a request for access to, correction, or deletion is set forth in existing Legislation which provides greater security to individuals, we shall make sure that the additional requirements based on said Legislation are met.
– Option –
In accordance with the privacy principles of “Respect” and “Trust”, we shall receive the requests of individuals who object to the processing of their Personal Data, including but not limited to the option to not participate in programs or activities in which they had previously agreed to participate, the processing of Personal Data concerning them for direct marketing purposes, communications directed at them based on their Personal Data, and for any evaluation or decision-making regarding said data which may have significant impact and which is conducted using algorithms or automation.
Where prohibited by Law, we may deny the option of a particular request that may hinder the company’s ability to: (1) comply with the Law or an ethical obligation, including cases where we may be forced to disclose personal data at the lawful request of public authorities due to safety principles or national security, (2) investigate, defend, or make legal claims, and (3) conclude contracts, manage relations, or perform other permitted professional activities consistent with the principles of Transparency and Purpose Limitation and which have been entered to the database of the individuals associated with them. In accordance with this Policy, within fifteen (15) working days from any decision to deny a request for option we shall document the decision and communicate it to the petitioner.
– Any person whose Personal Data we process in the context of this Policy may ask questions, make complaints, or express their concerns to our company at any moment. Any question, complaint, or concern expressed by a Person or any notice from an employee or other person working on behalf of our company must be directed to the Data Protection Officer, as previously mentioned:
– by e-mail at: email@example.com
– by phone at: (+30)210 4190810
– by mail at: 30, Messologgiou Str. – Post Code 18545
– Our employees, contract workers, or associates must promptly notify the company’s Data Protection Officer on any question, complaint, or concern on the company’s privacy practices.
– The Data Protection Officer shall review and investigate all questions, complaints, and concerns regarding our company’s privacy practices, whether they were received directly by our employees or by other persons or third parties, including but not limited to regulatory bodies, liability officers, or other state authorities.
We shall respond to the person who posed the question, complaint, or concern to our company within thirty (30) calendar days unless a Law or petitioner/third party requires a reply after a longer period of time or unless the circumstances, such as a concurrent state/public authority investigation, require a longer period of time. In such a case, the petitioner/third party shall be informed as soon as the general circumstances contributing to the delay allow.
– The Data Protection Officer shall cooperate with the Privacy/Data Protection regulatory authority in any investigation, inspection, or probe.
– In the case of complaints which cannot be resolved between our company and the petitioner, our company has agreed to participate in the established conflict resolution procedures, and to investigate and address complaints in order to resolve conflicts regarding this Policy.
– If the data of individuals who live in the EEA or whose Personal Data fall under the EU Data Protection Legislation or equivalent legislation for countries connected to the EEA are transferred outside the EEA and are processed in relation to this Policy, then these individuals have the right to request that the requirements of this Policy are enforced as beneficiary third parties, including the right to take legal action to pursue claims.
Important Terms – Compendium
D. Changes to this Policy
This Policy may be revised from time to time, in accordance with the requirements of current legislation. Whenever there are changes to this Policy, a notice will be posted on our company website (www.electricanet.com/privacy-policy), where it will remain for thirty (30) days.