PRIVACY POLICY
This Privacy Policy defines how **OPERON IKE** (hereinafter “OPERON” or “the Company”) collects, uses, processes, stores, manages, and protects the personal data (hereinafter “Personal Data” or “PD”) of its customers, suppliers, partners, subcontractors, job applicants, and website visitors, in order to meet the Company’s data protection standards and comply with applicable law.
This policy applies to any information:
The Company is committed to protecting the privacy of visitors, customers, suppliers, job applicants, and all data subjects to whom PD relates, and to complying with applicable data protection legislation.
A. CV evaluation process: Full name, Date of birth, Marital status, Phone numbers, e-mail, Home address, Nationality, Education level, Specialisation and training history.
B. Management of PD of active and prospective customers in the context of a commercial relationship: Full name, Phone numbers, e-mail, Address, VAT number, Profession, Bank accounts (for active customers only).
C. Management of PD of suppliers/partners in the context of a commercial relationship: Full name, Phone numbers, e-mail, Address, VAT number, Profession, Bank accounts.
D. Communication with website visitors:
1. Via cookies: consent settings, visitor browsing choices and behaviour, IP address
2. Via contact form: full name, country, e-mail, mobile phone
3. Via newsletter field: e-mail
4. Via social media plug-ins: full name, e-mail, phone
E. Visitor monitoring at the Company’s premises via CCTV: Image files (video and still).
F. Marketing services (e-mail/SMS/social media) and digital advertising: Full name, e-mail, phone.
—
Statement on the Processing of Personal Data
*(in accordance with the General Data Protection Regulation EU 679/2016)*
**Purposes of Processing & Legal Basis**
The Company operates primarily in the field of Managed IT Services — infrastructure services, technical support, information security, and network management.
The legal basis for the processing of PD in this context is the Company’s legitimate interest and the performance of the relevant contract (particularly in cases involving PD processed in the context of commercial relationships with suppliers and customers), and in certain cases the explicit consent of the data subjects.
In addition, the Company may collect PD of job applicants for the sole purpose of assessing the possibility of future employment. The legal basis for this collection is the consent of the data subject.
**Information collected automatically when browsing the Corporate Websites:**
The Corporate Websites use: (a) strictly necessary cookies, (b) statistical analysis cookies, (c) advertising and consent storage cookies, (d) unclassified cookies.
For a full description, see section **8. Cookies & Other Technologies**.
The Company does not manage location data, which is collected and processed exclusively by operating system providers (Apple Inc / Google Inc).
The Company reserves the right to disclose PD to third parties to the extent necessary for the purposes set out in this policy, and in particular:
The exact retention periods for each individual processing activity are recorded in the Company’s data retention register, as required by the GDPR. You may obtain detailed information by submitting a request in accordance with the procedure set out in this policy.
You may exercise, as applicable, the rights arising from Greek law and the General Data Protection Regulation (Regulation (EU) 2016/679):
– a. Right to information (Article 13)
– b. Right of access (Article 15)
– c. Right to rectification (Article 16)
– d. Right to erasure — “right to be forgotten” (Article 17)
– e. Right to restriction of processing (Article 18)
– f. Right to data portability (Article 20, where applicable)
– g. Right to object (Article 21)
These rights may be exercised free of charge by submitting a request to the Company:
**OPERON IKE**
Irois 4, Athens 10442
Tel.: 210 3008610
E-mail: **info@operon.gr**
In the event of abusive exercise of a right without reasonable cause, the Company may charge the cost associated with handling the relevant request.
The Company will respond to your request within thirty (30) days of receipt.
You may also withdraw your consent at any time (Article 7(3) GDPR 679/2016) by sending a written request to the Company at the contact details above. This right applies only where the legal basis for processing is the consent of the data subject.
The Company applies appropriate technical, physical, and administrative security measures to protect PD against loss, misuse, damage, alteration, unauthorised access, and disclosure, in accordance with Article 32 of the GDPR (EU) 679/2016.
**A. Organisational security measures**
1. Personnel organisation/management — definition of roles and responsibilities
2. Information asset management
3. Staff training on personal data security
4. Management of data processors
5. Data and storage media destruction procedures
6. Personal data breach management
7. Security measure auditing
**B. Technical security measures**
1. Access control
2. Data backups
3. System configuration
4. User activity and security event logging
5. Communications security
6. Management and protection of external/removable storage media
7. Software and application security
8. Change management
**C. Physical security measures**
1. Physical access control
2. Environmental security — protection against natural disasters
3. Document exposure controls
4. Protection of portable storage media
Cookies are small text files stored in the user’s browser (Chrome, Firefox, etc.) that help the Website operate more effectively. Cookies do not harm users’ computers or their files. They do not contain personal information that would allow direct contact with the visitor, nor do they provide access to files on your computer.
For a full description of the cookies we use, please visit our [Cookie Policy]
For any matter relating to the processing of Personal Data, please contact us at **info@operon.gr**.
You also have the right at any time to contact the **Hellenic Data Protection Authority (HDPA)**:
– By post: Kifissias 1–3, PC 115 23, Athens
– E-mail: complaints@dpa.gr
– Website: [www.dpa.gr]
This policy may be updated periodically due to changes in legislation or in the Company’s structure. We encourage visitors to review it regularly. Where applicable, customers may be notified via e-mail or website notification of any amendments.