The Arab-Hellenic Chamber, in order to ensure your personal data, has implemented all necessary technical and organizational measures as defined by the General Personal Data Protection (EU) Regulation 2016/679. Protecting your privacy and preserving the confidentiality of your information and data is our major priority.
This policy analyzes the legal framework that conditions your data collection and processing, the types of data we use, the process and purpose of collection, the time of maintenance, and the reasons for informing third parties, if it’s required. Additionally, all your rights are disclosed and analyzed as well as the actions can be taken in order to exercise those rights.
This informative text provides with concise, accurate and transparent information each person who receives or is interested in receiving the services of the Chamber, regarding the practices for the management and protection of personal data.
The Chamber reserves the right to modify and update this Policy whenever necessary, and the respective changes come into effect on public display them on the Website www.arabhellenicchamber.gr and at the reception points of our premises.
In the Chamber, Data Protection Officer (DPO) has been appointed whom you can get in touch with directly for any relevant topic on the phone number: 210- 6726882
- Personal Data
Personal data is any information related to a particular individual or any person whose identity can be directly or indirectly identified (eg name, identity number, address, etc.) (“Data Subject “). Data related to racial-ethnic origin, political opinions, religious-philosophical beliefs, trade union membership, genetic data, health data, sexual life, sexual orientation etc. are included in the notion – general term “personal data” but they constitute a special category of data, which hereafter will be referred to as “sensitive personal data”.
Processing is any act or set of acts carried out with or without the use of automated means in personal data or in sets of personal data such as collection, registration, organization, structure, storage, adaptation or alteration, retrieval, retrieval of information, use, disclosure by transmission, dissemination or any other form of disposal, association or combination, restriction, erasure or destruction.
The controller is a natural person or a legal entity, public authority, service provider or other bearer that, alone or jointly , defines the purposes and mode of processing personal data. Where the purposes and mode of such processing are defined by European Union law or the law of a Member State, the process manager or the specific criteria for his appointment may be stated by the European Union legislation or the legislation of the Member State.
- The processor
The Processor is the natural person or legal entity, public authority, service provider or other entity processing personal data on behalf of the Process manager.
- Data Protection Officer (DPO)
The Data Protection Officer (DPO) independently solicits the strategy and compliance of the controller and the processor according to the GCPR 2016/679 EU (GDPR) and mediates amongst the interested parties (eg supervising authorities, data subjects). The role is consultative (not decision making) and does not bear responsibility for non-compliance with the Regulation.
Legal framework for personal data protection
In the Chamber, we collect and process your personal data in accordance with the current notification referring to the Personal Data Protection
- in compliance with EU Regulation 2016/679,
- the applicable Greek legislation for data protection,
- the current legal framework for the services rendered by the Chamber,
- as well as provided consents .
This update provides the necessary information concerning your rights and obligations and explains how, why and when your personal data is being collected and processed.
Collected Personal Data
During your visit and for the provision of services by the Chamber, a wealth of personal data is being collected, such as: contact details, demographics, family data, etc. This data is being collected:
- In digital form.
- In printed form.
- Verbally through the Chamber’s activities
- In conjunction with the above.
so as to provide you with our services. This information will from now on form part of our Chamber’s archive and will be kept for as long as these serve the purposes for which they have been assigned.
The staff of our Chamber will become aware of your personal data for the needs of performing its duties, non the less these will be constrained to the size and nature of their relevant duties. All the Chamber’s staff is bounded with employment contracts, containing non disclosure agreement , confidentiality, privacy clauses concerning the IT information becomes aware of. Due to the severity of privacy and the protection of private life, we execute rigorous regular checks in order to protect your data, as well as regular training sessions of our staff for the proper compliance with the defined procedures of relevant legislation.
The Chamber processes only your personal data required to fulfill legal, regulatory and contractual obligations in order to provide you with the relevant services. We will not under any circumstances collect non relevant data or process it in any way other than stated in this update. We take every necessary and appropriate measure so as the collection and process of your personal data concerns only the absolutely necessary information. We obtain, maintain, process only data that is necessary for rendering the required services to you as well as our legal obligations and maintain them only for as long as it’s necessary.
Our systems, employees, procedures and activities aim to minimize the collection of personal information to the level that is and the achievement of a specific purpose. The minimization of the processing of personal data allows us to control and reduce the risks and violations of data protection as well as to support the compliance procedures according to the applicable laws and regulations of personal data protection.
Categories of personal data
- Contact details: name / surname, marital status, home address, personal e-mail, home phone number, mobile phone number,
- Demographics and identity data: date of birth, identity card number, passport number, VAT number, etc.
- specific category of Personal data : racial-ethnic origin, religion, income – financial data etc.
Way of Receiving Personal Data
The personal data processed and stored by the Chamber may be obtained:
o Verbally, upon arrival at the reception and service points of the Chamber or through various activities / events attended by the Chamber
o By Filling documents and application forms which are necessary for processing your requests.
o through the special form available at the Chamber’s website (www.arabhellenicchamber.gr) received in the form of e-mail message.
Legal basis of processing
The Chamber, according to its operating framework and in order to the fulfill its scope, receives and processes plenty of personal and sensitive personal data based on the following legal objectives.
- Article 6 (1) (b) of the CPC: processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
- Article 6 (1) (c) of the CPC: processing is necessary for compliance with a legal obligation to which the controller is subject
- Article 6 (1) (e) of the CPC: processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
- The need to fulfill the obligations and performance of specific rights of controllers or data subjects of the controller or data subject in the field of employment law and social protection law
- Article 9 (2) (f) of the CPC: processing is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity
- Article 9 (2) (c) of the CPC: processing is necessary to protect the vital interests of the data subject or of another natural person where the data subject is physically or legally incapable of giving consent
- Explicit consent, where specifically required for the processing of sensitive personal data which is not covered by the abovementioned legal bases. It is noted that consent is only obtained in writing.
The scopes and reasons for processing your personal data are analysed below:
We collect and store your personal data as well as data that fall under the specific categories section, so as to provide you with services based on the legal frame listed in the previous section and more specifically for:
- the contractual agreement
- the storage of data for historical purposes and for reasons concerning future needs necessary to document cooperation
- our legitimate right in the provision of services
- the retention of data that enables the Chamber to respond successfully in audits by relevant authorities certifying legitimacy of procedures and payments
- the execution of rights and obligations arising from social security law
- maintenance of employee records and processing according to labor law
- your personal interest is taken into consideration when receiving the relevant services
- fulfillment of duties towards the compliance of public interest
- justification, exercise or support of legal claims, or when courts are acting under their judicial capacity
- Compliance with all legal obligations
o We maintain special categories of personal data for as long as it is required by the law.
We may share your data with third parties (non-chamber) only if required by the law (as below):
➢ When a formal court order has been issued.
➢ When sharing data with the police may prevent a serious crime.
➢ When you provide us with an explicit mandate and authorization to do so
➢ When we have to protect the legitimate interests of the Chamber, such as the collection of our claims through third party agents (eg the tax authorities, authorized lawyers, banks).
➢ When it is our legal obligation (eg Tax authorities, Embassy etc.) and after you have become aware of it.
➢ Finally, we can execute cross-border data transmission, when instructed to do so.
Sharing and Communicating Your Personal Data
We do not share or disclose your personal data without your consent, for any other purpose than the purposes set forth in this notice or when it is required by law. The Chamber uses selected professionals (acting as “processor” according to the GDPR) to provide the following services and business operations. None the less all processors who are acting on our behalf, process your personal data according to the instructions they receive from us and fully comply with this Privacy Notice, the Principles of General Data Protection Regulation (EU) 2016/679 and any other appropriate confidentiality and security measure . Specifically, all selected associates have fully accepted the confidentiality clauses and that the Chamber has set regarding the processing of data. Indicative categories of data processors that we may share your data with are:
- information technology collaborators
- External partners providing IT support.
- External partners: Auditors – Accountants
- External Legal Advisors.
The Chamber takes all reasonable technical and organizational measures and precautions for the protection and maintenance of your personal data. We protect you and your data against unauthorized access, modification, disaster, unauthorized communication or any other processing, and have created the necessary levels of security measures such as: specific policies and procedures, role-based access management, strong password checks, , equipment and peripheral firewall software, business continuity measures, event / incident management etc., encryption, continuous staff training in technical and organizational security measures.
How long do we keep your data?
The Chamber keeps personal data only for as long as it is necessary. We have implemented strict policies and procedures for reviewing and maintaining your data in order to meet our commitments. In particular, the data is retained for as long as it is required to fulfill the purposes for which you have assigned it and in accordance with the applicable legal retention periods. These data are deleted when the relationship with the Chamber ends, unless you give us further instructions for future use.
Especially for curriculum vitae collected by the Chamber from interested parties (as job applicants), these are kept for one year and then destroyed in accordance with the policy of safe destruction of data held by the Chamber.
Tax information is retained in accordance with tax legislation.
Our web site (www.arabhellenicchamber.gr), as it is the norm in almost all websites, operates by using the technology of electronic cookies. Regarding the nature and use of data collected through Cookies, please refer to the Cookies Policy posted on our site.
Under the key functions of the Chamber, personal data may be transferred to third countries outside the EU only if you wish. For this reason, you should consent by giving your written consent to a relevant form given to you by the Chamber.
Exercising your rights
In regard to your personal data, you have the option of exercising the following rights by submitting a written request in person or through your legally authorized representative in the Chamber, or by sending the request by post, with the authentication of the signature.
(a) Right of information and right of access to all personal data maintained and processed by the Chamber, concerning you, the type of processing, processing purposes, the recipients or categories of recipients of your personal data and the time of their observance .
(b) Right of rectification. If you believe that we have any incomplete or inaccurate data, you have the right to ask us to correct and / or supplement this information.
- c) The right to delete your personal data only in the following cases:
➢ when your personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed
➢ when you withdraw your consent on which your personal data was processed and there is no other legal basis for processing
➢ where the law requires the deletion of your personal data or the processing without the necessary legal basis.
(d) Right to limit processing in the following cases:
➢ when you dispute the accuracy of your personal data and until the Chamber has verified its accuracy
➢ Instead of deleting, you seek to restrict the processing of your personal data
➢ when the Chamber no longer requires your personal data for processing purposes, but your personal data is required by you for the foundation, exercise or support of legal claims.
- e) Right of portability, if you have the right to transfer your data to another organization either in Greece or abroad or deliver it to you in portable storage (eg CD, DVD) in standard electronic format.
(f) Right to object – to your processing of your personal data, unless there are compelling and legitimate reasons for processing that override your interests, rights and freedoms, or for the foundation, exercise or support of legal claims of the Chamber.
- g) Right to object to direct or indirect promotional actions (marketing) by us and / or any automated decision-making process that we may use.
The right of deletion does not apply if the processing or maintenance of data by the Chamber is mandatory and / or necessary under the law and for the establishment, exercise or support of legitimate claims and rights or the fulfillment of its obligations.
To process any of the above privileges, authentication (by means of a legally binding document or legally signed authorization) is required to confirm that your personal data is protected and kept secure.
The Chamber will respond promptly to your request without delay and in any case within one month period from receipt of the request, except under special circumstances, where this period may be extended by a further two months if necessary, taking into account the complexity of the request, of the volume of the material to be processed and / or the number of requests. The Chamber will inform you for any extension within one month of receipt of the request and for the reasons for the delay.
If your request can not be met, the Chamber will inform you without delay and at the latest within one month of receipt of the request, the reasons for and the possibility of filing a complaint to the Personal Data Protection Authority (PDPA), as well as and your right to appeal before the competent judicial authorities.
The Chamber only processes your personal data in accordance with this privacy statement and in accordance with relevant data protection laws. However, if you wish to make a complaint about processing your personal data or if you are not satisfied with the way we handled your personal data, you have the right to submit a complaint either to the email address of the Chamber’s Data Protection Officer: firstname.lastname@example.org either in writing or through the secretariat of the Chamber.