PRIVACY POLICY

1. Scope

This Privacy Policy defines how **OPERON IKE** (hereinafter “OPERON” or “the Company”) collects, uses, processes, stores, manages, and protects the personal data (hereinafter “Personal Data” or “PD”) of its customers, suppliers, partners, subcontractors, job applicants, and website visitors, in order to meet the Company’s data protection standards and comply with applicable law.

 

This policy applies to any information:

  • relating to the customer in the context of the Company’s IT service provision or the development of public relations with them
  • relating to PD of suppliers/external partners in the context of a commercial relationship or service provision with the Company, or the evaluation of offers in the context of market research
  • concerning the data of job applicants collected during the personnel evaluation process
  • concerning visitors and customers of the websites https://www.operon.gr and https://clients.operon.gr (hereinafter “Corporate Websites”)
  • data of visitors to the Company’s premises

 

The Company is committed to protecting the privacy of visitors, customers, suppliers, job applicants, and all data subjects to whom PD relates, and to complying with applicable data protection legislation.

2. Categories and Types of Personal Data Collected

A. CV evaluation process: Full name, Date of birth, Marital status, Phone numbers, e-mail, Home address, Nationality, Education level, Specialisation and training history.

B. Management of PD of active and prospective customers in the context of a commercial relationship: Full name, Phone numbers, e-mail, Address, VAT number, Profession, Bank accounts (for active customers only).

C. Management of PD of suppliers/partners in the context of a commercial relationship: Full name, Phone numbers, e-mail, Address, VAT number, Profession, Bank accounts.

D. Communication with website visitors:

1. Via cookies: consent settings, visitor browsing choices and behaviour, IP address
2. Via contact form: full name, country, e-mail, mobile phone
3. Via newsletter field: e-mail
4. Via social media plug-ins: full name, e-mail, phone

E. Visitor monitoring at the Company’s premises via CCTV: Image files (video and still).

F. Marketing services (e-mail/SMS/social media) and digital advertising: Full name, e-mail, phone.

Statement on the Processing of Personal Data

*(in accordance with the General Data Protection Regulation EU 679/2016)*

**Purposes of Processing & Legal Basis**

The Company operates primarily in the field of Managed IT Services — infrastructure services, technical support, information security, and network management.

The legal basis for the processing of PD in this context is the Company’s legitimate interest and the performance of the relevant contract (particularly in cases involving PD processed in the context of commercial relationships with suppliers and customers), and in certain cases the explicit consent of the data subjects.

In addition, the Company may collect PD of job applicants for the sole purpose of assessing the possibility of future employment. The legal basis for this collection is the consent of the data subject.

**Information collected automatically when browsing the Corporate Websites:**

The Corporate Websites use: (a) strictly necessary cookies, (b) statistical analysis cookies, (c) advertising and consent storage cookies, (d) unclassified cookies.

For a full description, see section **8. Cookies & Other Technologies**.

The Company does not manage location data, which is collected and processed exclusively by operating system providers (Apple Inc / Google Inc).

3. Data Collection Points

  1. General Commercial Registry (G.E.MI.) – C
  2. Sole traders, customers – B
  3. Sole traders, suppliers – C, F
  4. Job applicants – A
  5. Job listing portals – A
  6. CCTV systems – E
  7. Corporate Websites – D

4. Recipients and Transfer of Data to Third Parties

The Company reserves the right to disclose PD to third parties to the extent necessary for the purposes set out in this policy, and in particular:

 

  • PD will be transferred to internal departments of the Company responsible for service delivery and the operation of the Corporate Websites.
  • PD may be transferred to and accessed by legal entities (partners, subcontractors, etc.) with whom the Company enters into contractual agreements in pursuance of its legitimate interest.
  • Billing data may be transferred to banking institutions for the processing of payments, as well as to relevant public authorities in the context of compliance with legal obligations.
  • PD may be disclosed to cloud hosting providers for storage purposes, with appropriate technical security measures in place.
  • During all data transfers, appropriate measures are taken to ensure that the data transferred is the minimum necessary. Partners to whom PD is transferred have signed the necessary data processing agreements.
  • Where the legal basis is a pre-contractual stage (e.g. receipt of CVs from job applicants), data will be retained until the parties conclude an employment contract. In the event that no appointment is made, the data is removed from our database.

5. Personal Data Retention Period

  • Legitimate interest: for as long as necessary to achieve the intended purpose, and until the expiry of the statute of limitations for any related claims.
  • Consent: until withdrawn by the data subject, or for as long as necessary until the expiry of the statute of limitations for any related claims.
  • Performance of contract: for the duration of the contractual relationship (in paper or electronic form), or until the expiry of the statute of limitations for any related claims.
  • Legal obligation (Article 6(1)(c) GDPR): the retention period is determined by the requirements of applicable legislation.

 

The exact retention periods for each individual processing activity are recorded in the Company’s data retention register, as required by the GDPR. You may obtain detailed information by submitting a request in accordance with the procedure set out in this policy.

6. Rights of Data Subjects

You may exercise, as applicable, the rights arising from Greek law and the General Data Protection Regulation (Regulation (EU) 2016/679):

– a. Right to information (Article 13)
– b. Right of access (Article 15)
– c. Right to rectification (Article 16)
– d. Right to erasure — “right to be forgotten” (Article 17)
– e. Right to restriction of processing (Article 18)
– f. Right to data portability (Article 20, where applicable)
– g. Right to object (Article 21)

 

These rights may be exercised free of charge by submitting a request to the Company:

 

**OPERON IKE**
Irois 4, Athens 10442
Tel.: 210 3008610
E-mail: **info@operon.gr**

 

In the event of abusive exercise of a right without reasonable cause, the Company may charge the cost associated with handling the relevant request.

The Company will respond to your request within thirty (30) days of receipt.

You may also withdraw your consent at any time (Article 7(3) GDPR 679/2016) by sending a written request to the Company at the contact details above. This right applies only where the legal basis for processing is the consent of the data subject.

7. Data Processing by the Company

The Company applies appropriate technical, physical, and administrative security measures to protect PD against loss, misuse, damage, alteration, unauthorised access, and disclosure, in accordance with Article 32 of the GDPR (EU) 679/2016.

 

**A. Organisational security measures**
1. Personnel organisation/management — definition of roles and responsibilities
2. Information asset management
3. Staff training on personal data security
4. Management of data processors
5. Data and storage media destruction procedures
6. Personal data breach management
7. Security measure auditing

 

**B. Technical security measures**
1. Access control
2. Data backups
3. System configuration
4. User activity and security event logging
5. Communications security
6. Management and protection of external/removable storage media
7. Software and application security
8. Change management

 

**C. Physical security measures**
1. Physical access control
2. Environmental security — protection against natural disasters
3. Document exposure controls
4. Protection of portable storage media

8. Cookies & Other Technologies

Cookies are small text files stored in the user’s browser (Chrome, Firefox, etc.) that help the Website operate more effectively. Cookies do not harm users’ computers or their files. They do not contain personal information that would allow direct contact with the visitor, nor do they provide access to files on your computer.

For a full description of the cookies we use, please visit our [Cookie Policy]

9. Complaints and Appeals

For any matter relating to the processing of Personal Data, please contact us at **info@operon.gr**.

You also have the right at any time to contact the **Hellenic Data Protection Authority (HDPA)**:
– By post: Kifissias 1–3, PC 115 23, Athens
– E-mail: complaints@dpa.gr
– Website: [www.dpa.gr]

10. Amendments

This policy may be updated periodically due to changes in legislation or in the Company’s structure. We encourage visitors to review it regularly. Where applicable, customers may be notified via e-mail or website notification of any amendments.

close espa banner