Introduction
HELLENIC PETROLEUM SA (hereinafter the "Company") and its affiliated companies (hereinafter "the Group") are strongly committed to privacy issues, and this privacy statement details our approach on such issues. We publish this Notice in accordance with Article 13 of the General Data Protection Regulation to inform you about the use of your personal data.
If you have any questions regarding this Notice and the way your personal data are processed, please contact us to the following email: DPO@helpe.gr
Data Controller
HELLENIC PETROLEUM SA
Address: Chimarras 8A, 15125-Marousi
Phone number: 210 630 2000
Fax: +30 210 63 02 510, 210 63 02 511
Μ.Α.Ε. number: 2443/06/Β/86/23 and Γ.Ε.ΜΗ.: 000296601000
DPO Contact details
Εmail: DPO@helpe.gr
Phone number: 210 6302252
Address: Chimarras 8A, 15125-Marousi
Data Collection & Data Processing
The following table sets out the purposes of processing personal data collected through our website, categories of personal data processed, as well as the legal basis of the processing:
Purpose of Processing activity
|
Categories of personal data processed
|
Legal Basis of Processing
|
Management of communication requests with the Company or / and the Group
|
Personal Identifiers, Contact info, CV details, student’s application information, information of study visit applications, other request information
|
Data subject’s consent
|
Website Use Optimization
|
Connection/Log In Information, user’s activity online
|
Legitimate interests pursued by the Data Controller or by a third party
|
The personal data provided by visitors to our website are used exclusively for the purpose for which they were submitted as per the relevant collection point.
The purpose of the legitimate interests of the Company or / and the Group is to evaluate the stay on site,
to measure clicks on each site and to get suggestions / observations from users to improve our online services.
Disclosure to third parties
The Company or / and the Group may disclose the above personal data to IT support services providers and web support companies, web hosting companies, and companies providing advisory services on candidates' recruitment process.
Security
The Company or / and the Group collect, maintain and process your personal data in a manner
that ensures their protection.
Specifically, your personal data are processed solely by specifically authorized personnel
or by suppliers of the Company or/and the Group which are bound towards the Company
or/and the Group with the same obligations regarding your personal data protection,
while all appropriate organizational and technical measures are in place
for data security and protection against accidental or unlawful destruction,
accidental loss, alteration,unauthorized disclosure or access and any other
form of illicit processing.
Data retention
The personal data that you submit in our website are kept only for as long as it is required for the purposes for which were collected or as required by law.
Data subject rights
This section presents your rights with respect to your personal data. These rights are subject to certain exceptions, reservations or limitations.
Please submit your requests responsibly. The Company or / and the Group will respond as soon as possible and in any case within one month
of receipt of the request. If the examination of your request will require more time, you will be informed in this respect.
To exercise your rights, please contact at email: DPO@helpe.gr.
The Company or / and the Group shall ensure that you exercise the following rights uninterruptedly:
1. Right of information/update
You have the right to request and receive clear, transparent and easily understandable information about how we process your personal data.
2. Right of access
You have the right to access your personal data for free, except in the following cases, where there may be a reasonable charge to cover
the administrative expenses of the Company or / and the Group:
• Manifestly Unfounded or excessive in particular because of their repetitive character
• Additional copies of the same information
3. Right to Rectification
You have the right to request the correction of your personal data if their inaccurate or incomplete.
4. Right to Erasure
You have the right to request the deletion or removal of your personal data when it is no
longer necessary for the purposes collected or there is no legitimate reason to continue
processing them.
The right to erasure is incomplete, if there is a specific legal obligation or
other legal reason for keeping your personal data by the Company or / and the Group.
5. Right to Restriction of Processing
In some cases, you have the right to restrict or terminate further processing of
your personal data.
In cases where processing has been restricted, your personal data remain stored,
without being subject to further processing.
6. Right to Data Portability
You have the right to request your personal information, which you have provided us, structured and commonly used format readable
by machines and forward that data to another data controller.
7. Right to Object
You have the right to object at any time and for reasons related to your particular situation to the processing of your personal data, unless
the Company or / and the Group demonstrate imperative and legitimate reasons for such processing.
8. Rights on automated individual decision-making and profiling
The Company and the Group do not make automated individual decision-making, including profiling.
Withdrawal of consent
We inform you that the data subject shall have the right to withdraw his or her consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. The data subject can withdraw his/her consent by email: DPO@helpe.gr
Right to complain
For any further information in relation to your rights or in case to complain can contact to the Hellenic Data Protection Authority
(HDPA), phone number: +30-210 6475600, site: http://www.dpa.gr/.
Modifications to the present Privacy Statement
Our goal is to review and to update this Privacy Statement, so as to comply with the relevant legislative and regulatory requirements
and provide at the same time the optimum personal data protection. Any further update will be shared through this site.
Latest Update: May 29, 2018
Definitions
Personal Data: any information relating to an identified or identifiable natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as name, phone number, email, ID number, VAT registration number.
Special Categories of Personal Data (Sensitive Personal Data): personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation shall be prohibited.
Data Subject: the identified or identifiable natural person to whom the Personal Data or/and the Sensitive Personal Data are referring to.
Processing: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Data Controller: for the purposes of the present Privacy Statement, the data controllers are the group of companies which separately or jointly define the purposes and the means of personal data processing.
Processor: means a person or legal entity, public authority, agency or other body which processes personal data on behalf of the controller.
Consent: any freely given, specific, informed and unambiguous indication of the data subject's will, by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
Personal Data Breach: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.