**PAPAPOSTOLOU N. S.A.** (hereinafter, the “Company”), as a distinguished service provider in the field of healthcare technology, places great importance on the lawful processing, security, and protection of your personal data, in whatever capacity you cooperate or communicate with us (indicatively, as prospective or active Customers, Partners, Trainees, Suppliers, Employees, Private Individuals, website visitors, or generally third parties cooperating with our Organization).

Please read these terms and our Company’s Personal Data Protection Policy carefully. By using our websites and signing the relevant consent statement, you unreservedly accept the practices described herein, the terms of which henceforth govern our contractual relationship and are incorporated into the terms of use of each of our services.

1. What your personal data are

Your personal data include any information, in paper or electronic form, that may lead—either directly or in combination with other data—to your unique identification / authentication or to your localization as a natural person. This category includes, as applicable, details such as full name, Tax ID (AFM), Social Security Number (AMKA), ID card number, your physical & electronic addresses (emails), your landline and mobile phone numbers, recipients’ details for SMS/MMS messages, your bank/debit/prepaid card details, identifiers of your equipment or terminal devices—computer—smartphone—tablet, your browsing/search history (log files, cookies, etc.), and any other information that enables your unique identification under the provisions of the General Data Protection Regulation (GDPR 679/2016), applicable Greek legislation, and decisions of the Hellenic Data Protection Authority (HDPA).

2. Which personal data we collect

We process and protect your personal data within the framework of lawful processing and in accordance with the relevant legislative & regulatory framework, in the context of marketing activities, as well as in the context of communication / support / informing you, and in any other activity of our Company.

3. Processing with your explicit consent

Our Company will use your information for the following lawful processing purposes, within the framework of our agreement or provided you have given us your explicit and specific consent per service (which you may freely withdraw at any time), namely:

• For managing your data & details within the context of our services
• To support / inform you regarding our Company’s projects / respond to your requests and inquiries, as well as to acknowledge and respond to your proposals and comments regarding improvements to our services
• For “internal” quality assurance purposes for our services
• For website traffic analysis and improving your experience, and to provide you with information related to services, general / technical updates, etc.
• For internal operations and analysis such as internal management, fraud prevention, use by management information systems, invoicing, accounting, billing, and auditing systems

In any case, you may change your preferences at any time by using the unsubscribe link found at the end of each email you receive from us.

4. What are the principles of collection and processing

This Personal Data Protection Policy aims to inform you about the terms of collection, processing, and transfer of your personal data that we may collect as data controllers or processors.

Our Company and its Personnel apply the ten Processing Principles of GDPR 2016/679 (lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity, confidentiality, and accountability).

Our Company safeguards and ensures your eight rights regarding the use of your personal data (information, access, rectification, erasure, restriction of processing, portability, objection, and non-automated decision-making based on profiling, as specified in the GDPR and Greek legislation). The above apply without any discrimination and are implemented in all processing activities and across all services provided by our Company.

5. How we collect your personal data

Our Company collects your personal data with your consent and acceptance of the terms of use of each of our services, such as:

• when you call our numbers, send us an email, or complete a request for information / a service offer
• within the framework of delivering trainings / providing consulting to individuals
• when you send us the postal address for issuing or sending an invoice or receipt for services, as well as delivery details for a document
• when you voluntarily subscribe to printed or electronic lists to receive printed, electronic, or SMS informational material or other marketing material, or when you update these preferences
• when you visit our websites through which we collect, via cookies, the necessary information from your terminal device and your browser

6. Data minimization, storage, and deletion

Our Company will always request the minimum personal data required by law for the delivery of our Services and the best possible service to you.

Our Company retains your personal data only for as long as required by the contractual terms of each service, in conjunction with the applicable framework for training/consulting providers and the broader telecommunications, tax, and other legislation and regulatory framework, depending on the purpose of processing, and then anonymizes or destroys it. You may ask us and be informed about what data we collect about you, and you may rectify or delete it, unless retention is required by law for tax, evidentiary, or judicial purposes and for the prosecution of unlawful acts.

7. Transfer of your data to third parties

As a rule, our Company does not transfer your personal data to third parties except where clearly required by the legislative / regulatory framework, or where we act as “intermediaries” and to the extent necessary to complete one of our services and fulfill requests related to the services we provide.

Such third parties may include official public authorities (e.g., OAED, Ministry of Labour, etc.) when we are required to comply with laws/regulations and/or to prevent unlawful acts against us and our Customers (e.g., fraud, insult, violation of personality rights, etc.).

The Company selects reliable Partners and seeks to impose contractual restrictions on third parties that may receive your personal data, to ensure, as far as possible, that they use it in accordance with this Policy and applicable European and international data protection laws.

In order to process your data, we may need to transfer your information to other countries within the European Economic Area (EEA) on the basis of EU adequacy decisions, to oversight committees of the European Union.

8. Security of your personal data

In all cases, we take appropriate technical and organizational measures to ensure that your personal information is transferred, stored, and processed in accordance with suitable security standards and procedures and in line with the terms of this Policy and applicable data protection laws.

Within the Company, we have trained and responsible Personnel and a Data Protection Officer (DPO), and we recognize the importance of protecting privacy and all your personal information. For this purpose, we maintain appropriate security policies and use suitable technical and operational tools, such as anonymization, pseudonymization, data encryption, use of firewalls, establishment of access levels, authorized employees, staff training, periodic audits, and compliance with international security and business continuity standards.

Any partner who has access to the above information uses it exclusively to serve the purposes stated above. We share the information you provide only in the ways described in this Policy and according to your explicit and specific consent per type of processing, which you may freely withdraw at any time by contacting us.

 

9. Validity of the Personal Data Security and Protection Policy

This Policy was published by our Company on 17.01.2022 and is subject to periodic improvement and review.

Any changes to this Policy will apply to information collected from the date the revised version is published, as well as to existing information in our possession. Use of the website after changes are published implies your acceptance of those changes.