Privacy Policy
This privacy policy sets out how OKUPA ATHENS SINGLE MEMBER PRIVATE COMPANY, hereinafter the “Company” processes the personal data of the individuals with whom it interacts. This policy describes how the Company collects and uses your personal information and how you can exercise your rights. The Company always processes your personal data with respect to the fundamental rights of natural persons in accordance with the European and Greek legislation (including General Data Protection Regulation (EU) 2016/679, Greek law 4624/2019 and any other relevant applicable legal provision).
Data Controller
Responsible for processing is the company with the name
OKUPA ATHENS SINGLE MEMBER PRIVATE COMPANY
Psaromiligkou 9, Athens 105 53 – Kerameikos
Tel (+30) 211 01 09 999
Definitions
Personal data: any information relating to an identified or identifiable natural person (“data subject”). Identifiable is the natural person whose identity can be directly or indirectly identified, in particular by reference to an identifier such as name, identification number, location data, an online identifier or one of several special characteristics, which expresses the physical, physiological, genetic, mental, commercial, cultural or social identity of this natural person.
Processing of Personal Data: any act or series of acts performed with or without the use of automated means on personal data or on personal data sets, such as the collection, registration, organization, structure, storage, adjustment or alteration, retrieval, search for information, use, disclosure by transmission, dissemination or any other form of distribution, link or combination, restriction, deletion or destruction.
Controller: means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law
Processor: means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller:
Consent of the data subject: means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her
Personal data breach: means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed
Special categories of personal data: are personal data that reveal racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data, data concerning health or data concerning a natural person’s sex life or sexual orientation shall be prohibited.
Types of personal data that we process
The personal data processed by us are necessary for the purposes for which they are collected. We collect the following data depending on each individual case:
Personal data of employees/external partners: full name, year of birth, place of birth, gender, nationality, address, email address, contact phone numbers, identification card number (ID), tax registration number (VAT), AMKA, bank account number (IBAN), marital status, education and training status of the employee/ partner, work experience, curriculum vitae, salary, working hours, medical record / health certificate
Contact information: e.g. phone number, e-mail address
Prospective employees: name, surname, contact information, education, work experience, email, nationality, marital status
Hotel Residents / Visitors: full name, passport number, date of birth, credit card number, length of stay, price, email, address, telephone
Data collected using cookies: e.g. IP address
Purposes of processing
We process your personal data only for the specified purpose we intend to pursue. Depending on the case, we may process the personal data to:
- Managing the working relationship between the OKUPA ATHENS SINGLE MEMBER PRIVATE COMPANY and the employee/external partner. The processing of this data is considered necessary for the performance of the employment contract. Fulfilling the employer’s obligations of the OKUPA ATHENS SINGLE MEMBER PRIVATE COMPANY. The processing of data is necessary for the compliance of the OKUPA ATHENS SINGLE MEMBER PRIVATE COMPANY with its legal obligations.
- The OKUPA ATHENS SINGLE MEMBER PRIVATE COMPANY collects and processes candidates’ personal data for vacancies. This data is collected by the candidate upon submission of the relevant application.
- Contract Conclusion: OKUPA ATHENS SINGLE-MEMBER PRIVATE CORPORATION, within the scope of its activities, collects the necessary personal data in order to conclude contracts that fall within the entire range of its operations.
- Purpose of Communication: OKUPA ATHENS SINGLE-MEMBER PRIVATE CORPORATION collects personal data of individuals in order to communicate with them, respond to their inquiries, and fulfill their respective requests.
Legal basis of processing of personal data
We ensure that any processing of personal data that we perform is lawful because it is based on at least one of the following legal grounds:
- the data subject has given consent to the processing of his or her personal data for one or more specific purposes
- processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract
- processing is necessary for compliance with a legal obligation to which the controller is subject
- processing is necessary in order to protect the vital interests of the data subject or of another natural person
- processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
- processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
Recipient of personal data
Your personal data will be processed within the Company by the necessary personnel for this purpose, in compliance with a confidentiality obligation.
If we use a third party provider (subcontractor) or business partner who processes personal data on our behalf, we will ensure that the third party processing on our behalf has adequate security and privacy measures in place, such as the law defines and processes the personal data only to fulfil its contractual obligations to us and always in accordance with the instructions we have given and for no other reason.
In some cases, your personal data may be transferred to the competent police or judicial authorities to defend our legal rights, and only in cases where this is required by applicable law.
Data retention time
We take reasonable steps to ensure that your personal information is retained only for as long as it is necessary and for the purpose for which it was collected or for as long as it is required under contract or applicable law.
Tax information is maintained in accordance with tax law.
Data security
We take all necessary measures and procedures to avoid illegal access and the misuse of information and personal data. The measures we take include preventive security procedures, technical and physical mechanisms of access restrictions and control of the granting of access rights to authorized personnel.
Transfer of personal data outside EU/EEA
Your personal data is not sent to our knowledge in non-EU / EEA countries. If your personal data is transferred to such countries, we will take all necessary measures to ensure an adequate level of protection for personal data in accordance with applicable law. In the event that we are informed and/or suspected by our partner or a third party of sending or processing data to countries outside the EU/EEA, and in connection with ensuring the lawful processing of your personal data, we will make every effort to investigate the matter as quickly as possible and act accordingly. At the same time, we will endeavor to inform you, where it seems appropriate by the manner that the Company finds suitable.
Cookies
Cookies are small text files that are stored on your computer or mobile device when you visit a website.
The cookie policy provides further details on the use of cookies and inform you about how you can delete or prevent the storage of specific cookies on your computer or mobile device.
Data subject’s rights
As data subject you have the following rights:
RIGHT OF ACCESS: As the data subject you have the right of access so that you can verify the lawfulness of the processing. You have the right to be informed whether and how we process the personal data we have stored about you and receive additional information about the processing we have carried out.
RIGHT OF RECTIFICATION: The data subject has the right to request the rectification of inaccurate data or the completion of incomplete data.
RIGHT TO DELETION: You can ask us to delete or remove your personal information in certain circumstances such as if we no longer need it.
RIGHT TO DATA PORTABILITY: The individuals have the right to receive personal data they have provided to a controller in a structured, commonly used and machine-readable format. They have also the right to request that a controller transmits this data directly to another controller.
RIGHT TO RESTRICTION OF PROCESSING: The data subject has the right to request restriction of the processing of personal data and the Company needs to react immediately if the data subject objects to its accuracy and until it is verified.
OBJECTION TO PROCESSING OF PERSONAL DATA: The data subject has the right to object at any time at the processing of personal data or to withdraw the consent. Contact the Personal Data Protection Authority.
Any request by the individual/ subject is submitted to the OKUPA ATHENS SINGLE-MEMBER PRIVATE CORPORATION at: dpookupa@gmail.com
The OKUPA ATHENS SINGLE-MEMBER PRIVATE CORPORATION will respond to your request free of charge, without delay and in any event within one month upon receipt of the request, except in exceptional cases, so that the above deadline may be extended by a further two months if necessary, taking into account the complexity of the request and/or the number of requests. The OKUPA ATHENS SINGLE-MEMBER PRIVATE CORPORATION will inform you of any extension within one month upon receipt of the request, as well as of the reasons for the delay.
In case you feel that your privacy is in any way affected, you may contact the Hellenic Data Protection Authority (www.dpa.gr, 1-3 Kifissias Avenue, 115 23, Athens, +30 210 6475600, +30 210 6475628, contact@dpa.gr).
Contact
Individuals may contact for any information or clarification regarding the processing of personal data either by post to the address: OKUPA ATHENS SINGLE MEMBER PRIVATE COMPANY Psaromiligkou 9, Athens 105 53 – Kerameikos or sending an e mail at: dpookupa@gmail.com
Policy updating
The OKUPA ATHENS SINGLE MEMBER PRIVATE COMPANY may unilaterally revise this Policy at any time for reasons of compliance with regulatory changes or for operational purposes.
We encourage you to review this Policy regularly to find out how OKUPA ATHENS SINGLE MEMBER PRIVATE COMPANY manages and processes your personal data.