Data Protection Policy

Data Protection Policy of INTERBUS ANONIMI DIAFIMISTIKI ETERIA

“INTERBUS S.A”, 280 Kifisias Avenue, zip code 15232 Chalandri of Attica, having VAT number 998775139 (Gen. Com. Reg. No. 007070801000)

Last Amended on 03.12.2019

 

  1. Field of Scope
  2. Categories & Types of Collected Data

Declaration Regarding The Processing of Personal Data By INTERBUS (by its capacity as Data Controller and Processor – in accordance with the General Data Protection Regulation EU 679/2016)

INTERBUS Data Processing Purposes -Legal Basis For The Processing of Data

  1. Data Collection Points
  2. Transfer of Data to Third Parties
  3. Personal Data Retention Period
  4. Rights of the Data Subjects
  5. Data Processing by INTERBUS
  6. Cookies
  7. What are cookies?
  8. Submission of Complaint – Appeal
  9. Amendments

1. Field of Scope

This privacy notice lays out the way INTERBUS S.A. (hereinafter referred to as “INTERBUS”) collects, uses, processes, stores, manages, and protects the personal data (hereinafter referred to as “Personal Data”), of clients, outsourcers, sub contractors, candidate employees suppliers and website visitors, so as to meet the data protection standards of the company and comply with the applicable law.

 

This privacy policy shall apply to all information (i) related to clients (hereinafter referred to as the Client”) within the framework of its business activity or business development,(ii) that relates to personal data obtained through its business relationship or provision of services with suppliers or to the market evaluation process (iii) pertaining to candidate employee data collected during the recruitment process iv) pertaining to visitors and clients of INTERBUS’ website https://www.interbus.gr/en/ (hereinafter referred to as the “Website”) v) related to customer data obtained during the customer care process (registry of complaints) vi) related to visitor data collected at the premises

 

INTERBUS is bound to protect the privacy of visitors’/clients’/suppliers’/candidate employees’ and of other data subjects and to adhere to the local and European Data Protection legislation currently in effect.

2. Categories & Types of Collected Data

Data Collected:

 

  1. Candidate data evaluation process: Full name, telephone number, address, e-mail, date of birth, evaluation data (indicatively character data, behavioral data, logic processing data), images (i,e candidates photograph), nationality, working experience,

 

  1. Client’s data obtained through the Company’s business activity

Full name, telephone number, address, e-mail, VAT number, bank account number and IBAN

 

  1. Suppliers’/Third party data obtained through the Company’s business activity

Full name, telephone number, address, e-mail, VAT number, bank account number, ID

 

  1. Website visitor’s contact process

1) Cookies: data subject’s consent settings, usage data, behavior and preferences data, browser data 2) Contact form: full name, e-mail, country, 3. Newsletter: e-mail 4. Interest form: full name, e-mail, telephone

 

  1. Visitor data (on premises) obtained through the use of CCTV

Image (still/moving)

Declaration Regarding The Processing of Personal Data By INTERBUS (by its capacity as Data Controller and Processor – in accordance with the General Data Protection Regulation EU 679/2016)

 

INTERBUS Data Processing Purposes -Legal Basis For The Processing of Data

INTERBUS statutory purpose is the provision of marketing services, rendered to indoor facilities or to outdoor areas with the use of technology.

The legal basis for the processing of personal data in this context, is the performance of the contract (provision of marketing services), the legitimate interest of the Company (indicatively during the business opportunity research process or during the use of cameras) and in some cases the consent of data subjects (obtaining visitor data through the website, newsletter service).

In some cases, the Company processes personal data of customers/suppliers etc. in compliance with legal obligations (such as in the case of notifying authorities on payments to suppliers, customers, partners etc.).

In addition, INTERBUS may collect personal data of candidate employees who are interested in working with INTERBUS for the sole purpose of examining the possibility of a future collaboration – employment. The legal basis for the aforementioned data collection is the consent of the data subject who provides the necessary information.

 

Information automatically collected when visiting and interacting in the Website:

 

The Company Website uses essential cookies required to store user consent while browsing the Website as well as preferences cookies, marketing cookies and statistical analysis cookies that verify the user’s consent and collect information about the user’s preferences and choices when browsing the Website.

For a full description of the cookies used and the type of data collected through them, please refer to section Cookies & other technologies.

INTERBUS does not manage, collect or process geolocation data, which are collected and processed exclusively by the companies providing operating systems for each device you use (in case of use of iOS-Apple Inc or in case of android – Google Inc). INTERBUS does not have access to the positioning refresh rate of GPS.

3. Data Collection Points

 

1) Business Registry -B,C

2) Sole proprietorship companies -clients (directly from the data subjects) -B,C

3) Sole proprietorship companies -suppliers, outsourcers (directly from the data subjects) -B, C

4) Candidate employees -Α

5) CCTV system (entry – exit system)-Ε

6) Website -D

4. Transfer of Data to Third Parties

INTERBUS reserves the right to disclose the data subject’s personal data to any member of its affiliate/subsidiary companies (parent company and its subsidiaries) or other third parties which in any case apply all appropriate technical, environmental, legal and administrative measures to safeguard the data from loss, unfair use, amendment, unauthorised access and transmission pursuant to Article 32 of GDPR, to the extent it is reasonably necessary for the purposes determined in this notice and in particular:

 

  • Data subject’s data will be transferred to the departments of INTERBUS that are competent for the smooth and trouble-free provision of services, the operation of the Website as well as for the provision of customer services (evaluation and management of customer requests/complaints)
  • Data subject’s data may be transmitted and become accessible by legal entities (suppliers, subcontractors, etc) with which we have entered from time to time into contractual agreements for the purpose of fulfilling our company’s statutory purpose of providing marketing services within our contractual terms framework on the basis of our legitimate interest
  • Personal data related to the invoicing processes, may be transmitted and become accessed by bank institutions with which we cooperate in order to process our employees and suppliers payments, as well as to the competent state authorities in compliance with legal obligations
  • Data subject’s personal data may be disclosed to cloud hosting providers for the purpose of storing and safeguarding the data with the appropriate technical and security measures
  • During all data transfers, we always take all appropriate measures so as to ensure that the transmitted data are the minimum required for the intended processing purpose and that the conditions for legitimate and lawful processing will always be met. INTERBUS ’s partners to whom the personal data may be transferred, have signed the necessary data processing agreements or have made specific guarantees around transfers of personal data by implementing in their agreements Standard Contractual Clauses (Model Clauses)

5. Personal Data Retention Period

The data retention period depends on the lawful basis of processing, as set out in detail below:

  • In case the lawful basis for processing is the exercise of legitimate interest, the processing of personal data is carried out for as long as it is considered necessary for the achievement of the intended statutory purpose of INTERBUS and until such time the limitation period of any related claims has expired
  • In case the personal data of the Client Information are provided under their own consent such as in the case of candidate employee process or during the use of the contact form of interest form found in the Website, we shall retain their data until the granted consent by the data subject has been withdrawn. In case the consent is withdrawn for any valid reason, we shall retain them for as long as it is required until the limitation period of any related claims expires
  • In case the lawful basis for processing is the performance of the contract, we shall retain your data for as long as you retain the contractual relationship with INTERBUS in hard copy and in electronic form or we shall retain them for as long as it is required until the limitation period of any related claims expires
  • In case where the processing of the personal data is based on a legal obligation (Article 6 of GDPR), the data retention period is set in accordance with the pertinent legislation and the limitation period for any inspections that may be performed by competent authorities
  • In any case, the exact data retention periods for each individual data processing process, are recorded in the Company’s personal data retention registry in compliance with the provisions of GDPR. Additional information in relation to the exact data retention periods, may be provided by requesting access in accordance with the procedure set out in this policy

6. Rights of the Data Subjects

You may exercise, as the case may be, the rights deriving from the applicable Greek Legislation and the General Data Protection Regulation (Regulation (EU) 2016/679) which are as follows: (a. the right of information (article 13), b. the right of access (article 15), c. the right to rectification (article 16), d. the right to erasure “right to be forgotten” (article 17), e. the right to restriction of processing (article 18), f. the right to data portability (to receive your personal data in a structured and commonly used format – article 20 where applicable) and g. the right to object (article 21) which applies to certain data processing activities.

  • These rights may be exercised only in cases where the Company acts as a data controller, and in particular: (a) the processing of personal data of prospective employees for the purpose of assessing the likelihood of possible professional cooperation; (b) the processing of personal data relating to pursuit of its intended statutory purposes (provision of services); (c) processing of data of existing customers in the course of processing complaints / requests (d) processing the data of suppliers/subcontractors for invoicing purposes e) processing the personal data of Website visitors f) processing the CCTV data
  • These rights shall be exercised free of charge for you by sending a relevant letter to the Data Protection Officer (DPO) of INTERBUS : 3 Akti Miaouli street, Piraeus 185 35, tel: +30 210 2205 950 or via e-mail to [email protected]. Alternatively you may submit your request in writing by sending it :

– To complaints/customer service department at INTERBUS S.A, 280 Kifisias Avenue, zip code 15232 Chalandri of Attica or via e-mail at [email protected]

In case however the aforementioned rights are exercised excessively and without good cause thus causing us administrative burden, we may charge you with the cost related to the exercise of the respective right

  • In case you exercise any of your rights, we will take all appropriate measures available for the satisfaction of your request within thirty (30) days following the receipt of the relevant request. We may either inform you on the acceptance of your request or on any objective grounds that hinder the processing of your request.
  • Notwithstanding the above, you may at any time object to the processing of your Personal Data, by withdrawing your consent (article 7, par. 3 of the GDPR 679/2016) by sending a letter to the Data Protection Officer (DPO) of INTERBUS : Latsoudis & Associates Law Firm, 3 Akti Miaouli Street, PC 18535, Piraeus, Greece, [email protected]. This right applies only in cases where the lawful basis for the data processing is the consent of the Data Subject.

7. Data Processing by INTERBUS

INTERBUS applies throughout the data processing procedure, the appropriate technical, physical, and administrative security measures for the protection and security of the personal data from loss, misuse, damage or modification, unauthorised access and disclosure, in compliance with article 32 of the GDPR 679/2016, in order to ensure the appropriate security level against those risks. Those include, among others, as the case may be: a) application of encryption protocols b) the ability to ensure confidentiality (article 90 GDPR 679/2016), integrity, availability, and resilience of processing systems and services on an ongoing basis, c) the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident, d) a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.

 

Moreover, INTERBUS shall take measures so as to ensure that any natural person acting under the authority of the data controller, who has access to personal data, shall not process those data except on instructions from the data controller and limits access to your personal information to authorised employees.

 

Indicative security measures applied by INTERBUS are as follows:

 

  1. Organizational Measures

 

 

  1. Company DPO appointment
  2. Employee management process – assignment of roles to all individuals involved in data processing activities
  3. Information system management
  4. Employee training on the protection of personal data, information provided to all employees regarding the company’s policies/processes
  5. Monitoring of data processors
  6. Setting up of a deletion/destruction of data process
  7. Monitoring of data breach incidents
  8. Monitoring of controls/security measures

 

 

  1. Technical Measures

 

  1. Access controls
  2. Backup data process
  3. Modification of workstations
  4. User log files, security incident logs
  5. Communications security
  6. Management and protection of portable data storage assets
  7. Software and applications safeguards
  8. Amendment controls

 

 

Γ. Environmental Security Measures

 

  1. Physical access controls
  2. Environmental security – protection from natural disasters
  3. Document exposure to threats
  4. Protection of portable data storage assets

 

8. Cookies

1. What are cookies?

  1. What is a cookie and why does the Company uses them. A cookie is a small data file, often including a unique identifier comprised of data and numbers, which is stored in the browser (Chrome, Mozilla Firefox etc) used by the user/client, allowing among other things the more efficient operation of the website. Cookies do not in any way harm users’ computers or files stored on them. The information stored in cookies is used for identification purposes. This is how we manage to operate the Website efficiently.
  2. Under no circumstances do the cookies store personal information or information which will allow any third party to contact the Website’s visitor through telephone, via e-mail etc. In addition the use of cookies does not allow access to your computer files or documents.
  3. What cookies do we use? The cookies described below may be stored in your browser. You can view and manage cookies in your browser (however mobile browsers may not offer this visibility). Of the different types of cookies available, the Company uses the following:

 

Strictly Necessary (essential) cookies Cookieconsent,

__cfduidP)

 

These cookies are essential for browsing the Website and for its operation as it stores the visitors consent during browsing session. In addition they authenticate the visitors ID, his/her requests in relation to the browsing session as well as maintain secure connection with google accounts etc

Data retention:

Cookieconsent – 1 year

__cfduidP – 29 days

Statistical analysis Cookies

(_ga,_gat, _gid,yt-player-headers-readable)

These cookies contain statistical data related to the use of our Website (i.e which pages they visit most)

These cookies collect aggregate anonymized data which are exclusively used for the improvement of the performance of a website. These cookies remain stored in your browser for more than one session, allowing us to memorize the preferences or actions of the user throughout the Website

and to the user preferences (usage data, request rate data etc). Data retention:

_ga – 2 years

_gat -1 day

_gid -1 day

Yt-player-headers-readable – persistent

Preferences cookies (__iyt-player-bandwidth)

 

These cookies store the user’s choices (browsing type, usage data, user position etc)

Data retention:

_iyt-player-bandwidth – persistent

Cookies διαφήμισης (marketing)

(ads/ga-audiences, GPS, IDE, PREF, test_cookie, VISITOR_INFO1_LIVE,YSC,yt-remote-cast-installed,yt-remote-connected-devices,yt-remote-device-id,yt-remote-fast-check-period, yt-remote-session-app, yt-remote-session-name)

The use of these cookies allows the advertisements to become more attractive and personalized for the users,in addition to becoming more effective for the publishers and advertisers. Common applications of these cookies, are the targeted ads based on the content directed at the user, the improvement of exported reports in relation to the performance of a campaign, as well as the avoidance of display of the same adds to the user.

Data retention:

ads/ga-audiences – session cookie

GPS – 1 day

IDE – 1 year

PREF – 8 months

test_cookie – 1 day

VISITOR_INFO1_LIVE – 179 days

YSC – session cookie

yt-remote-cast-installed – session cookie

yt-remote-connected-devices – persistent

yt-remote-device-id – persistent

yt-remote-fast-check-period – session cookie

yt-remote-session-app – session cookie

yt-remote-session-name -session cookie

 

 

  1. The essential cookies are of primary importance for the proper operation of the Website, as they allow you to browse it and make use of its functions. These cookies do not reveal your identity. Without these cookies, we cannot property operate the Website
  2. As long as the user/client accepts the use of cookies, the above described statistical analysis, marketing and preferences cookies will be activated
  3. In case you do not wish to use cookies: You may deactivate or delete cookies used by the company through the settings menu of your browser. For instance if you are using chrome, you may choose “Menu/Settings/Privacy/Content Settings” and opt to configure your cookie settings in accordance with your preferences.
  4. You may also refer to the webpage www.allaboutcookies.org/ manage-cookies / index.html for all information related to the most frequently used browsers. Please be advised that in case you opt to deactivate cookies, certain Website applications may not function as intended
  5. The Website software is designed to ensure the highest level of security and trust. All information contained in requests submitted through the Website is equally secure and confidential. Only authorized personnel who are trained in the handling of Client / Visitor personal data will have access to this information and only when necessary for the purposes of servicing them or performing contractual obligations.

9. Submission of Complaint – Appeal

  • For any issue regarding the processing of your personal data, you may contact us via e-mail at [email protected]
  • Moreover, you shall always be entitled to contact the Hellenic Data Protection Authority, which may accept the submission of relevant complaints in writing at its protocol in its offices at 1-3, Kifisias Street, Postal Code 115 23, Athens or by e-mail ([email protected]) in accordance with the instructions indicated on its website.

10. Amendments

This policy may be renewed from time to time, due to amendments to the related legislation or change to the corporate structure of INTERBUS . Thereby, we encourage the Clients to periodically visit this site so as to be informed regarding recent information of privacy practices. In any case, the Clients may be informed via e-mail or a notice in our Website regarding any amendments to this policy.

English