Privacy Policy – ICS
Privacy Policy – ICS
The company “KARAFYLLIS INFORMATION SYSTEMS S.A.” (hereinafter referred to as the “Company”) informs you that the processing of your personal data is carried out in accordance with the applicable law. Through this Privacy Policy (hereinafter referred to as the “Policy”), we provide information regarding the collection, storage, processing and use of your personal data. This Policy may be modified, supplemented or updated at any time by the Company in order to comply with applicable legislation. You are advised to review it regularly for any changes.
What is the GDPR Regulation?
It is Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, as amended from time to time, including all legislative acts and amendments through which it has been incorporated into Greek law (hereinafter referred to as the “Regulation”).
What is Personal Data?
Personal Data consists of information relating to you that identifies or can identify you as an individual, such as your full name, address, contact details and similar information (hereinafter referred to as the “Data”).
What is Sensitive Personal Data?
Sensitive Personal Data consists of information revealing racial or ethnic origin, religious or philosophical beliefs, trade union membership, genetic or biometric data and data concerning health (hereinafter referred to as the “Special Category Data”).
What is Data Processing?
Processing means any operation or set of operations performed on Data and/or Special Category Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment, combination, restriction, erasure or destruction (hereinafter referred to as the “Processing”).
What Data Do We Collect?
The Company collects and processes only the Data that is strictly necessary for each specific purpose. Such Data is limited to information that you have provided to the Company either within the framework of a contractual relationship (hereinafter referred to as the “Contract”), during your communication with the Company (written, telephone or electronic), or through the use of this website, including information contained in forms, applications, reports and similar documents, specifically:
- Identity Data (e.g. full name, father’s name, mother’s name, date of birth, identity card number).
- Contact Data (e.g. home or business address, postal address, email address, fax number, telephone number(s)).
- Identification Data (e.g. IP address).
- Other Data (e.g. online identifiers, location data and voluntarily disclosed information).
How We Use the Data
The Company will process the Data only for the period strictly necessary, in accordance with legal retention periods and the principles of data minimization, storage limitation and proper records management.
The Data will be processed using electronic and manual means according to procedures and practices related to the relevant purposes and will be accessible only to authorized Company personnel and relevant partners (e.g. processors, data protection officers, technical staff), who are bound by confidentiality and non-disclosure agreements in accordance with applicable law.
The Company will take all necessary measures, using advanced technologies, procedures and technical and organizational safeguards, to ensure the security of the Data, prevent unauthorized access, loss, unlawful or improper use and generally ensure compliance with the Regulation.
For What Purposes Do We Process the Data?
The Company processes the Data for the following purposes:
- Compliance with applicable legislation, court decisions and decisions of competent authorities, as well as European, Community and International Regulations and other legal provisions.
- The establishment, exercise and protection of legal claims and rights.
- Communication with you for the improvement of products and services, the customization of the website according to your interests and preferences and the provision of information (by telephone, in writing, electronically, through messages, etc.) regarding new products, special offers or other information that may be useful to you.
- The management of your requests or reports of adverse events.
- By accepting this Policy, you provide your explicit consent to the Company for the processing of your Data for the purposes mentioned above. Should the Company intend to process the Data for any purpose other than those referred to above or below, it shall obtain your prior consent and provide all necessary information regarding the purpose of such processing.
What Is the Legal Basis for Processing?
The legal basis for the processing of your Data may be one of the following, depending on the case:
- Your explicit consent for the intended purposes.
- The performance of a Contract.
- Compliance by the Company with a legal obligation.
- The pursuit of the Company’s legitimate interests, subject to the conditions set out in the Regulation.
Who Are the Recipients of the Data?
According to the Regulation, recipients are natural or legal persons, public authorities, agencies or other bodies to whom the Data is disclosed (hereinafter referred to as the “Recipients”).
Recipients may include:
Public authorities and services, as well as third parties (natural or legal persons) to whom the Data is disclosed in accordance with applicable legislation.
Subsidiaries, affiliated companies and other companies within the Company’s group.
Partner companies, third parties and providers of professional or technical services for the achievement of the purposes described above.
Recipients who receive Data shall process it, as applicable, either as data controllers, data processors or persons authorized to process the Data, in accordance with applicable legislation.
Apart from the Recipients referred to in this Policy, the Company will not transfer, disclose or make the Data available to third parties unless required by applicable law or requested by public authorities, courts or other competent bodies. By accepting this Policy, you provide your explicit consent to the Company for the transfer of your Data to the aforementioned Recipients.
How We Protect the Data
The Company declares that the Data:
- Will be processed lawfully, fairly and in a transparent manner.
- Will be collected for specified, explicit and legitimate purposes and will not be further processed in a manner incompatible with those purposes.
- Will be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
- Will be accurate and kept up to date following appropriate notification.
- Will be retained in a form that permits identification only for as long as necessary.
- Will be processed in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, through the use of suitable technical and organizational measures.
Transfer of Data to Third Countries
Your Data is transferred only to entities within the European Economic Area (EEA) and is therefore subject to the strict data protection legislation of the European Union, or to entities outside the EEA provided that they maintain the necessary certifications and commitments to comply with equivalent European security standards or otherwise meet the requirements of the Regulation.
Information
The data controller, within the meaning of the Regulation, is:
KARAFYLLIS INFORMATION SYSTEMS S.A.
Address: 10 Agias Paraskevis Street, Peristeri, Attica, Postal Code 12132, Greece
Email: sales@ics.gr
Tel.: +30 210 5778260
Fax: +30 210 5754285
Data Protection Officer Email: antale@ics.gr
What Are Your Rights?
Under applicable legislation, you have the following rights:
- Right of Access to the Data, including confirmation of whether your Data is being processed, the categories of Data concerned, the purposes of processing, the Recipients, the retention period, obtaining a copy of the Data and an updated list of Recipients.
- Right to Rectification of inaccurate Data by updating it following notification to the Company.
- Right to Completion of incomplete Data, including by means of a supplementary statement.
- Right to Erasure of the Data by withdrawing your consent, provided that the Data is no longer necessary for compliance with a legal obligation, the performance of a Contract and/or the establishment, exercise or defense of legal claims.
- Right to Restriction of Processing where you contest the accuracy of the Data for a period allowing the Company to verify its accuracy, where the processing is unlawful and you oppose erasure and request restriction instead, or where the Company no longer needs the Data for processing purposes but the Data is required for the establishment, exercise or defense of legal claims.
The Company shall communicate any rectification, completion, erasure or restriction of processing to each Recipient to whom the Data has been disclosed, unless this proves impossible or involves disproportionate effort.
Right to Data Portability, meaning the transfer of your Data to another data controller under the conditions set out in the Regulation.
Right to Object to processing (including objection to a specific form of communication), subject to the conditions of the Regulation, unless compelling legitimate grounds for processing exist or the processing is necessary for the establishment, exercise or defense of legal claims.
Right to Withdraw Consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
Right to Lodge a Complaint with the competent supervisory authority.
You may exercise the above rights by contacting the Company in writing at the contact details provided above or by contacting the competent Data Protection Authority.
Automated Decision-Making and Profiling
The Company does not make decisions or carry out profiling based on automated processing of your Data, except in relation to the use of cookies on the website.
Third-Party Data
Any disclosure by you of third-party Data (e.g. data relating to employees of a legal entity) simultaneously includes:
(i) authorization to the Company to process the disclosed Data, and
(ii) your assurance that you have obtained the legally required consent of the third parties, both for the disclosure of their Data and for granting the authorization for its processing, in accordance with the provisions of this Privacy Policy.
Contractual Relationship
If you have a contractual relationship with the Company (e.g. as a customer, supplier or partner), the following shall additionally apply:
The term Data also includes:
Data relating to sole proprietorships or single-member companies (e.g. company name, registered office, General Commercial Registry (GEMI) number, details of the legal representative).
Financial transaction data (e.g. bank account number(s)).
Tax data (e.g. Tax Identification Number (VAT Number), Tax Office).
Information required for the performance of the Contract or for the exercise of legal rights and obligations arising therefrom.
By accepting this Policy, you provide your explicit consent to the Company for the processing of the Data for the following additional purposes:
- Communication within the framework of the Contract.
- Compliance with the specific legislation governing the Contract. In such cases, the processing of the Data is carried out for the performance of the Contract, compliance with legal requirements and the exercise of specific rights and obligations.
- Recipients also include public authorities and services, as well as third parties (natural or legal persons) to whom the Data is disclosed for the performance of the Contract or the exercise of specific rights and obligations (e.g. accounting software providers, CRM providers, etc.).
- The Company shall process the Data for as long as the Contract remains in force and/or after its termination or expiration in any manner, where required for the execution or exercise of specific agreements or rights, or to comply with applicable legal obligations.
- Withdrawal of consent, erasure of Data, data portability or objection to processing may have consequences if the Company can no longer comply with its legal or contractual obligations.
Curriculum Vitae (CV)
If you submit your CV to the Company or its legal representative, the following shall additionally apply:
The term Data also includes information that you voluntarily include in your CV, such as employment history (including job titles and company names), education, professional qualifications, financial information, special category data, employment preferences and similar information.
An additional purpose of processing is communication with you to assess the possibility of future employment or engagement with the Company, its subsidiaries or affiliated companies following an appropriate evaluation process.
The Data will be processed by the Company until your consent is withdrawn.
Obligations
By using the website, you agree to:
(a) maintain confidentiality and secrecy regarding any information that comes to your knowledge as a result of or in connection with the Contract or your communication with the Company. Any information relating to Third-Party Data (i.e. personal data and special category data as described above concerning any third party, including Company employees, partners, board members, shareholders, legal representatives, etc.) and/or the Company’s financial, commercial, business or other practices shall be considered strictly confidential. Any processing, disclosure or communication of such information to any person and by any means is prohibited.
(b) refrain from retaining records, documents or any other materials containing Third-Party Data, including electronic or photographic records.
(c) notify the Company of any unauthorized or unlawful processing of Third-Party Data and/or any accidental loss, destruction or damage thereto.
(d) comply with the applicable data protection legislation and the GDPR.
Website
If you simply visit the website without submitting a message, request, report or similar communication, the processing of Data will be limited to browsing data, namely information automatically collected for technical purposes, such as the IP address assigned by your Internet Service Provider to your computer for Internet access, information related to the web browser you use, as well as other technical parameters required for connecting to the website.
Such technical information may, in certain cases, constitute personal data. As a general rule, the Company uses this information only to the extent necessary for technical purposes, including the operation and protection of the website against misuse, attacks or unlawful activities.
The website may contain links to third-party websites. As the Company is not responsible for the privacy practices or security measures of such external websites, it disclaims any related liability and recommends that you review the privacy policies of those websites before using them.
Cookies
By using cookies, we ensure the proper operation of our website while personalizing your browsing experience.
Cookies are small files that request permission to be stored on your device. They do not cause any harm to users’ computers or stored files, nor do they provide the Company with access to your computer or any information about you, except for the data that you choose to share or disclose.
Overall, cookies help the Company provide better services through the website. The information stored in cookies is used for identification purposes, traffic analysis and the optimization of the website’s effectiveness and functionality.
Cookies are generally divided into the following categories:
Necessary Cookies: Enable the basic functions of the website.
Functional Cookies: Remember user preferences during browsing, allowing the website to adapt to personalized settings.
Statistical Cookies: Provide information for evaluating the effectiveness of specific website functions and improving performance.
Marketing Cookies: Used for targeted and personalized advertising.
As a general rule, the placement of cookies requires the user’s consent, regardless of whether personal data is ultimately processed through them.
Cookies exempt from the consent requirement are those considered technically necessary for establishing a connection to the website or for providing an online service explicitly requested by the user.
Examples of cookies that fall under this exemption include those necessary for:
Recognizing and/or retaining content entered by the user during a website session.
Authenticating users when accessing services that require login.
Ensuring user security.
Retaining user preferences regarding website presentation, such as language selection.
Storing search history and similar preferences.
You may choose to accept or reject cookies, either in whole or in part. Your consent may be modified or withdrawn at any time.