PRIVACY PROTECTION POLICY
ARTICLE 1 - Object of personal data protection policy
ARTICLE 2 - Definitions
"Personal data":
"Special categories of personal data":
"Processing":
"Pseudonymization":
"Data Controller":
"Processor":
"Consent":
"Personal data breach":
“Data concerning health":
"Applicable legal framework":
The provisions of the current Greek and European legislation for the protection of personal data, which govern the operation of our Company. Indicatively, Law 4624/2019, Regulation (EU) 2016/679, Law 3471/2006, Directive 2002/58/EC, Law 4194/2013, and Presidential Decree 81/2005.
ARTICLE 3 - General Principles of Processing Personal Data
Our Company, during the processing of personal data, adheres to the following principles:
1. The principles of lawfulness, fairness, and transparency. According to these principles, personal data is subject to lawful and fair processing in a transparent manner in relation to the data subject.
2. The principle of purpose limitation. According to this principle, personal data is collected for specified, explicit, and legitimate purposes and is not further processed in a manner incompatible with those purposes.
3. The principle of data minimization. According to this principle, personal data is adequate, relevant, and limited to what is necessary for the purposes for which it is processed.
4. The principle of accuracy. According to this principle, personal data is accurate and, when necessary, kept up to date. Furthermore, all reasonable measures are taken to promptly erase or rectify inaccurate personal data in relation to the purposes of the processing.
5. The principle of storage limitation. According to this principle, personal data is kept in a form that permits identification of the data subjects for no longer than is necessary for the purposes of the processing.
6. The principles of integrity and confidentiality. Personal data is processed in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and accidental loss, destruction, or damage, using suitable technical or organizational measures.
Article 4 - Collected Data
Article 5 - Special Categories of Personal Data
Article 6 - Data of Minors
Article 7 - Legal Bases for Processing
The processing of personal data made available to our Company takes place under the following legal bases:
1. With the lawful consent of the data subject.
2. When processing is necessary for the performance of a contract.
3. For the purposes of the legitimate interests pursued by the Company or our principal.
4. To comply with a legal obligation of the Company.
1. With the lawful consent of the data subject.
2. When it is necessary for the establishment, exercise, or defense of legal claims.
Article 8 - Cookies - Disclaimer for Third-Party Websites
In addition to the necessary cookies for the operation of our website www.hexie.eu, our company also uses the cookies referred to in our corresponding Cookies Policy for continuous improvement of the visitor’s experience on the website.
In the case of redirection to a third-party website, the cookies policy of the respective third party applies. Furthermore, the company is not responsible for the content posted on third-party websites or for the privacy policy of those third parties.
Article 9 - Processing Purposes
Our company may collect and process personal data for the following purposes:
1. To fulfill the contractual obligations of the company.
For the representation and defense of its principals before courts, authorities, and in general, the provision of legal services. Furthermore, within the framework of fulfilling its employer obligations, the company collects and processes personal data of its employees, while at the same time collecting and processing personal data of its general partners within the scope of the business relationships it develops.
In cases of submitting proposals for cooperation, the company processes the personal data sent to it for the purpose of evaluating the qualifications of potential collaborators. The legal basis for processing is the consent of the applicant. The data is retained for a reasonable period of one year for informing the applicant in case of a new job offer. In any case, the data subject has the right to request the immediate deletion of their personal data.
Article 10 - Transfer to Third Parties
It is possible for the company to transfer the above-mentioned data to third parties in cases provided for by the applicable legislative framework as its obligation. In such cases, it must adequately inform the data subjects before proceeding with the transfer.
The Company does not transfer personal data to countries outside the European Union.
Article 11 - Subscription to newsletters
If a data subject subscribes to our company’s newsletter, their email address will be used exclusively for this purpose and will not be disclosed to third parties. The data subject can choose to unsubscribe and have their data deleted at any time. Participation in our newsletter is valid for the calendar year of subscription and the following year. The data subject will have the option to renew their subscription to our newsletter. If they do not choose to renew their participation, their email address will be deleted from our newsletter.
This information is never disclosed to third parties. The recipient of the newsletters can be removed from the mailing list by using the Unsubscribe/Delete option.
Article 12 - Data Retention Period
Article 13 - Rights of Data Subjects with Personal Data
Data subjects can exercise their rights provided by the applicable legislation regarding the collection and processing of personal data at any time. These rights are as follows:
1. The right of access to the data.
2. The right to rectification of the data.
3. The right to erasure of the data (“right to be forgotten”).
4. The right to restriction of data processing.
5. The right to data portability.
6. The right to object to data processing.
If permitted by the applicable legislation, our company may reasonably refuse to fully or partially satisfy the data subject’s request regarding their personal data, providing justified reasons.
These rights can be exercised through physical presence, by mail to the address of the Company’s headquarters (Leof. Dimarchou Aggelou Metaxa 40ΑGlifada 166 74), as well as through email communication to info@hexie.eu. The identification of the data subject is established by a public document (copy or attachment to the email message) from which the person’s identity is evident (e.g., ID card, passport, driver’s license).
Our company is committed to responding within a reasonable period of one month from the receipt of the request and the identification of the data subject. If the nature of the request requires more time for satisfaction or if there is a large number of requests, our company will notify the data subject of the reasons for the delay within one month from the receipt of the request.
If the request is submitted electronically, the information is provided, if possible, by electronic means unless the data subject requests a different method of communication.
If the data subject’s request is clearly unfounded or excessive/abusive, particularly due to its repetitive nature, our company reserves the right to subject the satisfaction of the request to the payment of a reasonable fee or to refuse to comply with the request, always in accordance with the General Data Protection Regulation and the applicable legislation.
Furthermore, if the data subject considers that there has been a violation of their personal data, they have the right to address the Hellenic Data Protection Authority (HDPA) (www.dpa.gr).
The processing of personal data is carried out in a manner that ensures its confidentiality. Our company uses appropriate technical and organizational security measures and rules to protect the personal data of the data subjects from any unauthorized access, disclosure, loss, or accidental/unlawful destruction, and any other form of unlawful processing.