Notice on Article 13 of Regulation (EU) 2016/679 for the processing of personal data of subscribers of the website
Inventio Consulting (hereinafter referred to as the “Company”) bears primary responsibility for issues related to personal data and privacy. In this context, the Company addresses the present Notice to the subscribers of its website www.inventioconsulting.com (hereinafter referred to as the “Website”) in accordance with Article 13 of Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as “GDPR”) to inform them about how the Company collects and processes their personal data.
The Controller is the Company. This means that the Company determines the purposes and means of processing of personal data in accordance with the GDPR and the applicable data protection legislation in general.
2. Sources of personal data collection
The Company collects the subscribers’ personal data directly from them and not from third parties.
3. Processing of personal data and legal bases
The following table sets out the purposes of processing of personal data collected by the Company, the categories of the personal data collected, as well as the legal basis for such processing.
PURPOSE OF PROCESSING
LEGAL BASIS OF PROCESSING (GDPR PROVISIONS)
4. Disclosure to third parties and recipients
The Company may use messaging applications / platforms, ensuring that they provide adequate data protection. Access to this data may be also available to IT professionals in the context of providing relevant services to the Company if this is necessary in the context of their services.
The Company shall process personal data by taking all appropriate organizational and technical measures for data security and protection against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access and any other form of illicit processing.
6. Subjects’ rights
This section sets out the data subjects’ right with respect to their personal data. These rights are subject to certain exceptions, reservations or limitations. Data subjects should submit any requests responsibly. The Company will respond as soon as possible and in any case within one (1) month of receipt of the request. If the review of the request is going to take longer, the data subject shall be informed accordingly. For any further information with respect to the exercise of the rights, please address to the email: firstname.lastname@example.org The Company ensures the exercise of the following rights:
6.1. The right to information
Data subjects have the right to request and receive clear, transparent and easily understandable information about how the Company processes their personal data in accordance with the Company’s policies and procedures.
6.2. The right to access
Data subjects have the right to access their personal data free of charge, in accordance with the relevant policies and procedures of the Company, with the exception of the following cases where there may be a reasonable charge to cover the administrative expenses of the Company:
6.3. The right to rectification
Data subjects have the right to ask for their personal data to be corrected if they are inaccurate or incomplete, in accordance with the relevant policies and procedures of the Company.
6.4. The right to erasure («to be forgotten»)
Data subjects have the right to request the deletion or removal of their personal data when they are no longer necessary for the purposes collected or there is no legitimate reason to continue processing them in accordance with the Company’s policies and procedures. The right of deletion is not absolute, to the extent that there is a particular legal obligation or other legitimate reason for the retention of such personal data by the Company.
6.5. The right to restriction of processing
In some cases, data subjects have the right, in accordance with the relevant policies and procedures of the Company, to restrict or remove further processing of their personal data. In cases where processing has been restricted, personal data remain stored, without further processing.
6.6. The right to data portability
Data subjects have the right to request their personal data, which they have provided the Company with in a structured, commonly used and machine readable format, and to transfer that data to another controller in accordance with the relevant policies and procedures of the Company.
6.7. The right to object
Data subjects have the right to oppose, at any time and for reasons related to their particular situation, to the processing of their personal data based on Article 6 (1) (f) of the GDPR (processing for reasons of lawful interest of the Company), on the basis of that provision. In such case, the Company as controller will no longer submit the personal data unless it demonstrates imperative and legitimate reasons for processing that override the interests, rights and freedoms of the subject, or the filing, exercise or support of legal claims.
6.8. Rights on automated decision-making mechanisms
The Company does not make automated individual decision-making, including profiling.
6.9. Right to withdraw consent
In case personal data are being processed on the basis of the data subjects’ prior consent, data subjects have the right to withdraw their consent at any time and the Company will cease the specific activity for which data subjects have previously consented, unless there is an alternative legal basis which justifies the continued processing of the data for this purpose, a case for which the Company will inform the data subjects respectively.
6.10. How to exercise the rights
The exercise of the aforementioned rights takes place with the submission of a written application to the Company in accordance with its policies and procedures. The Company reserves the right to reply no later than one month upon receipt of the request, in accordance with the terms of the GDPR.
7. Retention period for personal data
For each category of personal data, the Company determines the retention period in accordance with the provisions of the law and its policies and procedures.
8. Contact person for personal data issues
For any matter relating to the processing of personal data, data subjects may contact:
Chief Operating Officer
32, Kifisias Avenue, 15125, Athens
+30 210 6829493
9. Contact of the Data Protection Authority
For further information and advice on the exercise of the rights or to submit a complaint, data subjects may address to the Greek Data Protection Authority.
Address: 1-3, Kifisias Avenue, P.C. 115 23, Athens
Telephone: +30-210 6475600
Fax: +30-210 6475628
10. Amendments of the present Notice
The Company aims to review and keep up-to-date the present Notice in order to comply with privacy laws and new developments. Any updates to this Notice will be communicated to data subjects immediately.
Publication date: 01/09/2018.