Declaration on the Personal Data Processing in the context of managing complaints of improper behavior
We would like to assure you that for ATTICA HOLDINGS S.A. (Attica Group), the protection of the personal data of the employees or third parties who wish to report or are engaged in improper behavior incidents is of paramount importance. That is why we are taking appropriate steps to protect the personal data we process and to ensure that the processing of personal data is always carried out in accordance with the obligations laid down by the applicable legal / regulatory framework.
Controller - Data Protection Officer (DPO)
Personal Data Processing
The Controller ensures that any personal data voluntarily provided by the reporting person will be processed only as such are strictly necessary as to ensure the proper and effective management and investigation of the complaint, to verify the validity of the contention made and to take appropriate measures, depending the case and where appropriate/required. Data that may be processed, if voluntarily disclosed, are the name of the person submitting the complaint, his contact details, the e-mail address, the telephone number, or any other personal data, which may voluntarily be reported to support a complaint. In cases of anonymous complaints and based on what they refer to, the company will process as much personal data of third parties as necessary for the complaint investigation, in accordance with the applicable legal framework.
Purpose of processing personal data
The processing of the personal data of the persons to which the complaint relates and/or any other third parties, shall be carried out for one or more of the following purposes:
• For the implementation of the Submission & Investigation Complaints Procedure.
Specifically to investigate the validity of the complaint and to respond appropriately.
• For communication purposes
Under the investigation of a submitted complaint, we may need to contact you by email or phone for administrative purposes (to provide clarifications, additional information, etc.), or in order to respond to your complaint.
• To comply with legal obligations
We may process personal data for fulfilling legal obligations imposed by the applicable legal/regulatory framework, decisions of authorities, judicial authorities, etc.
• To safeguard our legitimate interests and protect individuals and goods
We may process personal data in order to safeguard our legitimate interests, such as, but not limited to, ensuring compliance with applicable laws and regulations.
Who has access to the personal data and where it may be transmitted/shared
Actions related to the investigation of complaints, that may include the processing of personal data, are entrusted to persons specifically responsible for this purpose who have the necessary guarantees for an independent and effective exercise of the assigned duties.
The personal data contained in the reports may be disclosed to the corporate bodies and departments that are responsible, on a case-by-case basis, based on the relevant policies and procedures of the company. Furthermore, they may be forwarded to State authorities, judicial or other authorities responsible for the implementation and enforcement of the laws, in case the data collected/provided, under the investigation, establish the validity of the reported incidents. Finally, personal data may be disclosed to third parties, individuals or legal entities, specialized in the subject matter of each submitted complaint, if it is deemed appropriate to involve them in the complaint investigation.
Data Storage Period
Your personal data shall be stored for as long as necessary for the investigation of the complaint and/or the establishment, exercise, and/or support of legal claims based on this complaint.
In the event that the complaint results to a breach or obligation to comply with provisions of the applicable legal/regulatory framework, personal data will be stored for as long as the relevant provisions so require.
What are your rights in relation to your personal data
Any natural person whose data is processed by ATTICA GROUP enjoys all the rights provided in the Regulation and in particular:
Right of access:
You have the right to be aware and verify the legitimacy of the processing. Thus, you have the right to access the data and obtain additional information concerning its processing.
Right of rectification:
Right to erasure:
You have the right to request the erasure of your personal data when we process it in order to protect our legitimate interests. In all other cases (such as when there is an obligation to process personal data required by law, public interest), this right is subject to specific restrictions or does not exist as the case may be.
Right to restriction of processing:
You have the right to request a restriction of the processing of your personal data in the following cases: (a) when you challenge the accuracy of the personal data and until their verification takes place; (b) where you oppose the erasure of personal data and request the limitation of their use instead of erasure, (c) where the personal data is not needed for the processing purposes, but are necessary for the establishment, exercise and support of legal claims, and (d) when you object to their processing and until it is verified that there are legitimate reasons which are relevant to us, and which supersede the reasons for which you oppose the processing.
Right to object:
You have the right to object at any time to the processing of your personal data where, as described above, it is necessary for the purposes of the legitimate interests we pursue as controllers.
Right to portability:
You have the right to receive your personal data free of charge in a format that allows you to access, use and edit them through commonly used editing methods. You also have the right to request us, if technically feasible, to transfer the data directly to a different Controller.
It should be noted that, taking into account the specific nature of the processing of personal data in the context of the complaints investigation process and according to each case, it may not be possible to fully satisfy any or some of the rights provided for in the Regulation. In any case, the company undertakes to make every effort to fully satisfy each right, in full compliance with the applicable legal/regulatory framework.
Right to complain to the HDPA
Personal Data Security
ATTICA HOLDINGS S.A. implements appropriate technical and organizational measures to secure the processing of personal data and to prevent the accidental loss or destruction and unauthorized and/or unlawful access to, use, modification or disclosure of personal data. In any event, the way the Internet functions and the fact that it is freely accessible to anyone cannot guarantee that unauthorized third parties will never be able to violate the technical and organizational measures applied, gaining access to and potentially using personal data for unauthorized and/or illicit purposes.