LASERTECH S.A. taking into account the need for the absolute security of the data it manages, as well as compliance with the requirements for absolute Confidentiality, Integrity and Availability of information:
The company has established operating structures in accordance with the requirements of ISO/IEC 27001:2013 to support the absolute implementation of all the processes of the Information Security Management System and has the necessary resources to meet the objectives resulting from the Risk Analysis.
Compliance with the above commitment is implemented through continuous monitoring and improvement of security levels, necessary upgrading of required relevant equipment, review of the Risk Management Plan and Security Policy and SoA.
RECOGNISES that principles regarding Information Security are a primary concern and philosophy of all our employees. Our LASERTECH S.A. recognizes and respects the importance of the personal data it handles in the context of its activity, and for this reason has fully adapted its policy to the requirements of the General Data Protection Regulation (hereinafter GDPR) 2016/679/EC and the national law 125(I)2018.
With this declaration, LASERTECH S.A. wishes us:
– to inform those dealing with it in what capacity, for what purpose and on what lawful basis it processes personal data, i.e. information that may serve to directly or indirectly identify individuals
– specify the categories of data, the sources of the data (where the data are not provided by the person himself/herself) and the criteria for determining the time period for which personal data are kept
– inform its data subjects about transfers of their personal data to third parties or third countries
– to inform about the possibility for data subjects to contact LASERTECH S.A. for any issue related to the processing of their personal data, the possibility to exercise their rights of access, rectification and, where applicable, erasure, restriction and opposition to processing in relation to their personal data, as well as the possibility for data subjects to complain about any violation of their rights related to their personal data to the Office of the Data Protection Commissioner,
– to establish the principles governing LASERTECH S.A.’s compliance with the relevant personal data protection policies and security guarantees.
For any question or query, or anyone wishing to obtain a copy of this statement, or to exercise any of the rights related to his/her personal data, the interested party may contact the Data Protection Officer (DPO) of LASERTECH S.A. at 2262 021797 and at the email email@example.com.
Who collects personal data?
Please note that during your visit to the LASERTECH S.A. Website, simple data related to your interaction with the website and the installation of cookies are collected. Third party websites generally apply their own privacy statements and their own terms and conditions. We invite you to read them before using these websites.
How is my personal data collected?
We may collect personal data from various sources, namely:
– Personal data given to LASERTECH S.A. directly by the subjects, for one of the following reasons :
– Data that you give us when you use our services and during the conclusion, development and termination of the contractual relationship between us.
– Information that you give us when you participate in LASERTECH S.A. events and activities.
– Information you give us when you communicate with us or submit a request.
– We also receive personal information indirectly, in the following cases:
– Information we collect during the operation of closed circuit video surveillance (CCTV) at LASERTECH S.A.’s premises.
– Data collected during the operation of GPS telematic management systems during the movement of LASERTECH S.A. vehicles.
What personal data is collected?
Personal Data means any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one whose identity can be verified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or one or more factors specific to the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.
Due to the nature of LASERTECH S.A.’s activities, the Personal Data collected by LASERTECH S.A. mainly concerns the following categories of subjects:
– Employees of the Organization: namely their personal data and data purely related to their employment relationship with LASERTECH S.A., which include indicative identity and contact details, financial data as well as health data of their own or additional members related to LASERTECH S.A.’s compliance with labour and insurance legislation. Spatial data (GPS) are also collected from the systems installed on the vehicles.
– Candidate employees to be hired: i.e. their personal data and data related to their evaluation as candidates and to the recruitment procedures of LASERTECH S.A., which include indicative identification and contact details, as well as details of the candidates’ professional curriculum vitae.
– Partners of LASERTECH S.A. (suppliers and other partners in general): i.e. their personal data and data related to the contractual relationship between us, which include indicative identity and contact details, transaction data as well as financial data related to the compliance of LASERTECH S.A. with its legal contractual obligations.
– Trainees of LASERTECH S.A.: i.e. personal data of the persons participating in the trainings organized by LASERTECH S.A., which include indicative identity and contact details, data of the contractual relationship of LASERTECH S.A. with the participants (e.g. employment contract when the participant is an employee of LASERTECH S.A.).
Further, Personal Data may be collected from natural persons entering LASERTECH S.A. and its premises during the operation of the closed circuit video surveillance (CCTV) system, for the security of persons and property.
Please note that we do not collect special categories of personal data, other than the health data mentioned herein, such as personal data related to race, national origin, religion, sexual orientation or genetic biometric data, etc., which are categorized as special categories of data and receive additional protection in accordance with European legislation on the protection of personal data.
Particularly with regard to children’s privacy
Children’s personal data may be collected exclusively in the context of our employees’ employment relationship, i.e. on the one hand for the description of the employees’ marital status for matters of remuneration, employment rights, etc.
For what purposes my data are used
The purpose of the processing is proportional to the function performed. In particular:
– The personal data of employees are provided to LASERTECH S.A. for the purpose of concluding, performing or terminating the respective employment/co-operation contract. Also, the personal data of the employees regarding attendance, absences, attendance hours, leaves, medical documentation of sick leaves, are kept for the purpose of granting leaves, including sick leaves, while the personal data regarding the performance of the employees are provided by the heads of the individual departments for the purpose of personnel evaluation by LASERTECH S.A.
– The personal data of the candidate employees, which they provide during the individual stages of selection and evaluation of candidates, are disclosed to the respective competent department of LASERTECH S.A. and to the Management, for the purpose of informing LASERTECH S.A., evaluation, interviews, etc. for the purpose of recruitment of employees and cooperation.
– The personal data of partners, citizens, trainees and in general of those who deal with LASERTECH S.A., which they provide to LASERTECH S.A., are collected and processed for the purpose of the conclusion and development of the contractual relationship between us, when it exists, our compliance with our legal contractual obligations and, where applicable, our communication with them at their request.
– The personal data of newsletter recipients are collected with their consent and used for our communication with them for informational and direct marketing purposes for products and services.
– Surveillance of the entrance as well as the rest of the premises is also carried out by CCTV image recording cameras. Anyone entering the premises (employee or visitor) is informed in an appropriate, visible and comprehensible manner (signs) of their entry into a CCTV monitored area for safety and security reasons and to protect persons, property and critical infrastructure and of other statutory requirements.
What is the lawful basis for the processing?
The collection and processing of personal data of the above subjects is based on:
– Article 6(1)(b) GDPR: processing necessary for the performance of a contract to which the subjects are a party or in order to take steps at the request of the subjects prior to the conclusion of the contract.
This is the lawful basis of processing with regard to the processing of the aforementioned personal data of employees, associates and in general of persons dealing with the organisation with whom there is a contractual relationship, in the context of achieving the purposes relating to the conclusion of the contract, its performance, the management of recruitment and departure of employees, the management of staff cards – leave – payroll, the management of staff training, the management of staff appraisal and the management of medical records.
– Article 6par. 1(c) GDPR: processing is necessary for compliance with a legal obligation arising from Union or national law
We rely on this basis in order to comply with our statutory obligations in our capacity as an employer or contractor, the payment of our employees and associates, the maintenance of employees’ medical records, the notification of the recruitment of employees to the competent bodies.
– Article 9 par. 2(b) GDPR: processing is necessary for the performance of the obligations and exercise of specific rights of the controller or data subject in the field of labour law and social security and social protection law.
– Article 6 par. 1(f) GDPR: processing is necessary for the purposes of the legitimate interests pursued by the Agency, provided that these are not overridden by the interests and fundamental rights and freedoms of you as data subjects.
In particular, we rely on this basis to maintain a closed-circuit television system only in the entrance and exit areas of our premises and in outdoor areas around the perimeter of our premises. The legitimate interest of LASERTECH S.A. is the protection of the premises of LASERTECH S.A., the safeguarding of its property (materials and aura), the safety of the persons of its employees, the control and exclusion of access to the premises of persons unrelated to its operations. It is stressed that the processing of such data is strictly necessary and cannot be implemented by any other milder means, is carried out only for the above security purposes and is not used as a criterion for evaluating the behaviour and efficiency of employees. In any case, the data will be used after their accuracy has been confirmed.
The collection and processing of personal data of the above subjects is based either on the preparation and execution of a contract, or on the obligation of LASERTECH S.A. to comply with its legal obligations (as an employer in employment contracts and in relation to its legal obligations in general), or to serve its own legitimate interests (safety of persons, goods and infrastructure, optimization of productivity). In cases where the legal basis is based on consent (such as for example in the case of sending newsletters by e-mail), the subject is expressly informed and reserves the right to withdraw it easily and at any time.
The Agency does not use personal data for profiling.
Transmission of Data to Third Parties: Who will my data be shared with?
The Agency does not generally share data with third parties. In cases where our partners process personal data on behalf of LASERTECH S.A., they have previously contractually committed themselves to their relevant obligations regarding the non-use of the data for purposes other than the performance of the processing, confidentiality and general compliance with the Regulation.
How long will my personal data be kept?
The length of time personal data is kept depends primarily on the purpose of the processing, and the mere keeping of personal data constitutes a processing operation, which is only allowed if it is governed by the processing principles. After the retention period has expired, the personal data are deleted.
– The personal data of candidate employees are kept electronically on a mailserver and fileserver, to which the H.R. department and the Management of LASERTECH S.A. have access, for a period of two years from the completion of the selection – recruitment process of an employee. The retention is due to possible re-evaluation of candidates by LASERTECH S.A.
– The personal data of employees, i.e. those who have already drawn up an employment contract with LASERTECH S.A. are kept in a physical file and on a fileserver by the H.R. department, in principle, for as long as the employment relationship lasts. After the termination of the employment relationship, for whatever reason, the relevant data are kept for a maximum of twenty years, during which period any legal case of processing of such data may arise, such as, for example, a civil case or an investigation of a criminal offence where an employee may be involved, a tax audit, etc. The immediately above also applies with regard to data on assets provided to employees, access to electronic and physical files and work areas and official mobile phones for the purpose of performing the employment contract. They also apply with regard to personal data relating to the granting of leave to employees (attendance, absences, hours of attendance, leave, medical documentation for sick leave) and the evaluation of staff.
– The personal data of the citizens and partners of LASERTECH S.A. are kept in a physical file and on a fileserver by the H.R. department, in principle, for as long as the contractual relationship between us lasts. After the termination of the contractual relationship, for whatever reason, the relevant data are kept for a maximum of twenty years (indicative limitation period for any resulting legal claims), during which period it is possible that any legal case of processing of these data may arise, such as, for example, in the case of a civil case or investigation of a criminal offence, a tax audit, etc.
– Personal data of employees and visitors derived from a closed circuit video surveillance system operating in our premises, including the entrance and selected work areas, are kept for seven (7) days on a CCTV recorder, subject to more specific provisions of the legislation applicable to specific categories of data controllers.
What are my rights?
– The processing of your personal data is also linked to your corresponding rights, which, subject to any provisions that may limit the exercise of these rights, are:
– The processing of your personal data is also linked to your corresponding rights, which, subject to any provisions that may limit the exercise of these rights, are:
– Right of access.
– The right to rectification: you may request that we correct or complete your data if it is incomplete or inaccurate.
– The right to the portability of your data: You may request that we provide or transfer to a third party provider in electronic format certain information you have provided to us.
– The right to erasure. In certain circumstances, you may request that all or part of your data be deleted (e.g. if the data is no longer necessary for the purposes for which it was collected, etc.).
– The right to restrict processing. You have the right to restrict the processing of your personal data.
– The right to withdraw consent. If you have consented to the processing of your personal data, you have the right to withdraw your consent at any time by contacting us at the details provided herein.
– The right to object: you can object to the processing of your data carried out in pursuit of our legitimate interests as set out above.
– The right to lodge a complaint with the Office of the Personal Data Commissioner. You have the right to complain directly to the local supervisory authority, Office of the Personal Data Commissioner regarding how we process your personal data.
– Rights related to automated decision making. You have the right not to be subject to a decision based solely on automated processing that has legal or other significant consequences for you. In particular, you have the right:
– human intervention,
– to express your opinion,
– to obtain an explanation of the decision resulting from an assessment,
– to challenge that decision.
If you exercise one of the above rights, we will take all possible measures to comply with your request within a reasonable time and at the latest within (1) month from the identification of your submitted request, informing you in writing of the compliance with your request, or the reasons that may prevent the exercise of the relevant right, or the compliance with one or more of your rights, in accordance with the General Data Protection Regulation. Please note that in certain cases it may not be possible to meet your relevant requests, such as where the fulfilment of the right is contrary to a legal obligation or impinges on a contractual legal basis for processing your data. `
However, if you believe that a right or legal obligation of LASERTECH S.A. regarding the protection of Personal Data is being violated and you have previously addressed the Data Protection Officer of LASERTECH S.A. (DPO) on the relevant issue, i.e. you have exercised your right or legal obligation to LASERTECH S.A. your rights and either you have not received a response within one month (extended to two months in the case of a complex request), or you consider that the response you received from LASERTECH S.A. is not satisfactory and your issue has not been resolved, you may submit a complaint to the competent supervisory authority, i.e. the Data Protection Authority (DPA), 1-3 Kifissias Street, TK 115 23 Athens, email: firstname.lastname@example.org, fax 2106475628.
How is my personal data protected?
We have taken appropriate organisational and technical measures to protect your personal data from misuse, interference, loss, unauthorised access, modification or disclosure. The measures we use include implementing appropriate measures in access control, technical security of information as well as ensuring that personal data is encrypted, pseudonymised and made anonymous where necessary and feasible.
Access to your personal data is permitted only to our competent employees and associates and only if necessary to support the activity of LASERTECH S.A., and is subject to strict contractual confidentiality obligations when it is commissioned and processed by third parties.
How can I contact LASERTECH S.A.?
You can contact us at our headquarters address, 43rd km of the Old National Road Athens – Thebes or at the email address email@example.com or submit a request via the Contact form on our website.
Update – Updating of this Data Protection Policy Statement
This statement will be revised as necessary to adapt to legislative changes, to respond to the comments and needs of the data subjects and to changes in products, services and internal procedures of LASERTECH S.A. Each change will be published with a simultaneous revision of the date of the last update at the top of this statement – Data Protection Policy.