PRIVACY POLICY

(Issue Date: April 15, 2019)


Prothesi’s Privacy Policy presents the commitment of Prothesi’s Management for the protection of natural persons with regard to the processing of their personal data, in compliance with the European General Data Protection Regulation (GDPR).

This document provides you in detail, the corporate personal data privacy management framework including all privacy practices implemented during the entire lifecycle of data. Moreover, you have all information for your rights and choices, applicable per case of process. Prothesi reserves the right to revise its Privacy Policy from time to time as to present the current managing practices in data processing. The most recent version is always available on our Website.

Prothesi’s Privacy Policy applies also upon all third parties processing personal data, on behalf of Prothesi.
 

DATA PROTECTION MANAGEMENT SYSTEM

Data Controller:

Mouzakitis konstantinos
Tzoumagias 1
P.C. 11362, Athens Attica
Greece

Holds all rights and obligations reserved for such capacity under the General Data Protection Regulation (GDPR 2016/679) for processing personal data through the Website.

Data Protection Officer:

PRINCIPLES

Rrothesi has created a robust information governance system as to process personal data in the course of office operational and corporate activities, remaining at the forefront of information security and data privacy developments, diligently adhering to prevailing laws and regulations, policies and procedures. Appropriate technical and organizational measures have been implemented to mitigate, to the extent possible, the risk left unattained, taking into consideration privacy risk and data protection impact assessments. All personal data are:

  1. Processed lawfully, fairly and in a transparent manner;

  2. Collected for specified purposes;

  3. Classified, stored as per the corporate retention limits and securely purged;

  4. Accurate and, where necessary, kept up-to-date;

  5. Recorded and available for data subjects and any competent, supervisory Authority;

  6. Processed with integrity and confidentiality while ensuring their availability, on demand, by applying the appropriate technical and information technology measures and controls.

Privacy culture is promoted through learning and awareness sessions within Prothesi
 

MAJOR AREAS OF PERSONAL DATA PROCESSING
 

CORPORATE PROCESSES​

  • Tender and contract management

  • Accounting and claim management

  • Document control and database management

  • Data subjects rights handling
     

PURPOSE AND SCOPE OF PROCESSING
 

Prothesi processes the required and relevant personal data, per case of processing, as to:

  1. Implement statutory obligations related to civil aviation safety and security

  2. Provide services to  customers

  3. Provide on line information, communication and electronic services
     

Within each context of processing, Prothesi informs the involved physical persons for the entire personal data lifecycle.

Personal data is collected from various sources:​

  1. Provided by the individual, as a prerequisite for the provision of a service or voluntarily on a communication basis

  2. When using our mobile applications, visiting our corporate website

  3. From state authorities and/ or other organizations that share data, within the scope of official authority or business legitimate interest.
     

SECURITY OF PROCESSING
 

Prothesi acknowledges and respects the importance of data subject’s privacy and commits to safeguard the availability, integrity and confidentiality of the personal data, under processing. The objective is to protect data against unauthorized access, unlawful processing, misuse, alteration, accidental loss, destruction or damage. To this extent, a series of corporate policies and procedures provide specific guidance and promote the security awareness across all operational and corporate processes.

Organizational and technical measures have been implemented to safeguard all databases physically and electronically. All data are classified and retained for predefined time periods, as set by the corporate documents and records retention policy. Our staff is properly trained on their data processing accountabilities while there is restricted access to physical storage. Technical measures may include firewalls, intrusion detection and prevention systems, unique and complex passwords, and encryption.
 

DATA SHARING
 

We share personal data with selected business partners who process data jointly or on our behalf providing sufficient guarantees – within the scope of data processing agreements – to implement appropriate technical and organizational measures in such a manner that processing meets the GDPR requirements and ensure the protection of rights of the data subjects. In certain cases, mainly for cloud storage purposes, data may be transferred to countries outside the EU, based on contractual clauses that ensure that this takes place in accordance with the relevant GDPR requirements.
 

DATA SUBJECT CHOICES and RIGHTS
 

Prothesi provides to data subjects the choice to revoke their initially provided consent, for Prothesi’s marketing activities by changing their preferences for receiving  advertising and promotional correspondence. Moreover, in cases where data subjects create personal accounts for managing the information provided to Prothesi (e.g. CV submission), Prothesi offers the ability to access their information and make updates or delete their data and their account, accordingly.

Data subjects willing to exercise their rights, as provided by the GDPR, are requested to contact Prothesi’s Data Protection Officer – as presented above in this Policy – who diligently will handle each request.
 

Right to access data:
 

Refers to access to data subject’s personal data and the following information:

  • Purpose(s) of processing

  • Categories of personal data processed

  • Recipients to whom the data is disclosed, within and outside EU

  • Data retention period

  • Sources of collection, if data is not obtained by the data subject.
     

Right to rectify data:
 

Refers to correction/amendment of inaccurate/ incomplete data.
 

Right to be forgotten:
 

Applies in one of the following cases:

  • Data has been unlawfully processed

  • Data is no longer necessary in relation to the purposes initially collected or otherwise processed

  • The data subject withdraws consent on which the processing is based and where there is no other legal ground for the processing.
     

Right to restrict processing:
 

Applies in one of the following cases:

  • The data subject contests the accuracy of the personal data

  • Data has been unlawfully processed and data subject opposes the data erasure and requests the restriction of their use instead.
     

Right to data portability:
 

Applies under certain circumstances and solely where technically feasible and refers to the personal data transmission to another Data Controller in a structured, commonly used and machine-readable format.
 

Right to object processing:
 

Applies on grounds of each request, in particular.

The exercise of any of the above rights is subject to applicable regulatory or operational restrictions that Prothesi may confront.

Data subjects have the right to lodge a complaint with the Hellenic Data Protection Authority (DPA) at www.dpa.gr, if they consider that Prothesi’s processing of their personal data infringes the GDPR. Furthermore, data subjects have the right to an effective judicial remedy, in case they believe that their rights under the GDPR have been infringed as a result of Prothesi’s data processing.