Protection of personal data

DECLARATION OF CONFIDENTIALITY

Information on the Processing of Personal Data

Introduction

We would like to assure you that for INTRAKAT, the protection of the personal data of the natural persons in general and in particular of our employees and externals is of paramount importance. That is why we are taking appropriate steps to protect the personal data we process and to ensure that the processing of personal data is always carried out in accordance with the obligations laid down by the legal framework, both by the company itself and by those third parties that process personal data on behalf of the company.

Controller

The company «INTRAKAT», having its seat in 19th km Paiania – Markopoulo Ave, Paiania Attica Greece, Postal Code 19002, email: info@intrakat.gr , tel: 210-6674700, website: http://www.intrakat.com, informs that, for the purposes of its business activities and for the management of employment relationships or any cooperation for the provision of services, processes the personal data of its employees and externals in accordance with applicable national law and European Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation, hereinafter referred to as the “Regulation”), as in force.

For any matter relating to the processing of personal data, please contact directly with the following contact persons:

1. Mr. Theodoros Pistiolis, email: pistiolis@ptlegal.eu , tel: 0030-210-3626971 or

Which are the legitimate grounds for processing your personal data and how we use your personal data

In order for the necessary actions to be taken a) during the assessment process of candidates at the stage before the recruitment, b) during the management process of the employment or the relationships with any externals from the date of recruitment/ commencement of cooperation until its termination by any means, c) during the stage following the termination of the employment or the external cooperation, INTRAKAT processes personal data of its employees and externals.

The provision of all the personal data requested by the employees or the externals is necessary as it constitutes legal or contractual obligation or requirement for the execution of an agreement. As a result, in case no personal data are provided, the compliance with law or the performance of the agreement between the employer and the employee or the external as well as the implementation of actions in order for the agreement to be executed, is rendered impossible.

The source of the personal data is mainly the employee or the external themselves. In case INTRAKAT seeks or receives personal data from third parties, it will inform the employee thereof.

The personal data you provide us (indicatively your personal and contact details, marital status, education/training, professional experience, tax information, bank account information, social security information, information relating to health issues of employees, such as reasons for absence due to illness or accidental injury (medical opinions from individual doctors, opinions and certificates from private and public hospitals) are being processed only when we have a legitimate ground to do so.

Legitimate grounds for processing your personal data constitute:

(a) the performance of an employment or services contract and the fulfilment of the contractual obligations included therein; The actions taken in the above context include the calculation and the payment of the agreed salary, the payment of the agreed salary of the externals, the calculation, deduction and payment of the due payroll taxes and insurance contributions, the fulfilment of contractual obligations deriving from the employees insurance or/and their dependents according to the Group Life, Accident and Health Insurance Policy as well as the Group Pension Policy in which every employee participates (e.g. deduction of employee individual contribution, compensation payment etc.). Additionally, INTRAKAT processes personal data for purposes of performance appraisal of its employees and services provided by externals. In relation to the procedure of the appraisal, and always in compliance with the announced corporate policies and procedures, the competent departments of the company and the authorized executives receive and process information which constitute personal data from individuals who are responsible for the appraisal of the employees and the externals (heads of departments, managers, supply department etc.)

(b) the safeguarding and protection both of your, as well as our, legal interests. Thus, we use CCTV and security cameras, in order to be able to protect the safety and security of individuals, materials, and other facilities of the company. We also use access control systems through magnetic cards to the main facilities and offices of the company, the parking areas, the ancillary facilities etc. In addition, personal data may be processed for purposes of prevention, investigation or/and suppression of unlawful acts or omissions, or/and actions or omissions violating internal regulations, approved policies, or/and codes of conduct and ethics and taking adoption of necessary measures. Furthermore, personal data may be processed in the context of the accomplishment of our company’s business purposes, such as the submission of offers, the undertaking and implementation of private projects or οur participation of the company in private tenders (e.g. transmission of personal data to private organizations).

(c) the compliance with the obligations imposed by law, such as the publication of the annual remuneration certificate on the relevant application of the Independent Authority of Public Revenues, the submission of aggregated suppliers reports, the publication of the establishment plan in a prominent position at the workplace, the of the health and safety conditions at the workplace as well as any other relevant action. Furthermore, personal data are processed for the submission of offers, the undertaking and implementation of public organizations projects, as well as for our participation in public tenders (e.g. transmission of personal data to public organizations) in compliance with the applicable regulatory framwork of public contracts.

(d) the consent you provide us with, under the specific conditions set out in the legal framework, in order to receive updates for products, services, offers etc. from INTRAKAT as well as any other companies of the group to which INTRAKAT belongs or any third party cooperating companies, which process personal data in accordance with the applicable, from time to time, legal framework. You may revoke your provided consent any time you wish, by contacting the contact persons for any matter relating to the processing of personal data using the contact details as per above

Third party recipients of personal data

INTRAKAT shares personal data with third parties, to whom the company assigns the processing of personal data on its behalf. So, personal data are sent to Banks, social security and public organizations, public authorities and services, insurance companies, mobile service providers, car leasing companies, personnel appraisal, training and development companies, technical advisors, legal counsels, doctors and health service providers. In all the above cases, INTRAKAT remains the data controller and defines the particulars of the processing and sign special agreement with third parties to whom it assigns the performance of the processing activities, in order to ensure that the processing is performed in accordance with the applicable legal framework and that any natural person may freely and without any restrictions exercise their rights provided by the legal framework.

In addition, Intrakat shares the personal data with other companies of the group to which it belongs, as well as with insurance companies in the context of the group personnel insurance policy in force from time to time.

Furthermore, the personal data are shared with public and private organizations, in the context of submission of offers, undertaking of projects and participation in public or private tenders.

In order to revoke your consent, please address the personal data contact persons.

Storage Time

The data storage time is decided on the basis of the following specific criteria, as the case may be:

• When processing is imposed as a requirement under provisions of the applicable legal framework, your personal data shall be stored for as long as required by the relevant provisions.

• When processing is done on a contractual basis, your personal data will be stored for as long as necessary for the performance of the contract and for the foundation, exercise, and / or support of legal claims under the contract.

For purposes of marketing activities of the company and the remaining group companies, your personal data are kept until the revocation of your consent. You may revoke your consent anytime. The revocation of your consent does not affect the legality of consent-based processing in the period prior to said revocation.

In order to revoke your consent, you may address the contact persons for any matter relating to the processing of personal data.

What are your rights in respect to your personal data

Every natural person whose data are being processed by INTRAKAT enjoys the following rights:

Right of Access:

You have the right to be aware and verify the legitimacy of the processing. So, you have the right to access the data and get additional information about their processing.

Right to Correct:

You have the right to study, correct, update or modify your personal data, by contacting the contact persons at the above contact details.

Right to Delete:

You have the right to request the deletion of your personal data when we process it based on your consent or in order to protect our legitimate interests. In all other cases (such as, by way of indication, where there is a contract, obligation to process personal data required by law, public interest), such right shall be subject to specific restrictions or shall not exist, as the case may be.

Right to limit processing:

You have the right to request the limitation of the processing of your personal data in the following cases: (a) when the accuracy of the personal data is questioned and until such data is verified, (b) when you object to the deletion of personal data and request the limitation of their use rather than their deletion, (c) when such personal data are not needed for processing purposes, they are, however, indispensable for the foundation, exercise, support of legal claims, and (d) when you oppose to the processing and until it is verified that there are legitimate grounds that concern us and supersede the reasons for which you are opposed to the processing.

Right to oppose the processing:

You are entitled to oppose the processing of your personal data, at all times, in case where, as described above, this is necessary for the purposes of legitimate interests pursued by us as controllers, as well as to the processing for marketing and consumer profile creation purposes.

Right to portability:

You have the right to receive your personal data free of charge in a format that allows you to access, use, and edit them with commonly used editing methods. Moreover, you have the right to ask us, if technically feasible, to pass the data directly to another controller. Such right to do so exists for the data you have provided to us and their process is carried out by automated means based on your consent or performance of a relevant contract.

In order to exercise any of your right set out above, you may address to the contact persons for any matter relating to the processing of personal data. Right to lodge a complaint to the Personal Data Protection Authority

You have the right to file a complaint with the Personal Data Protection Authority (www.dpa.gr): Switchboard: +30 210 6475600, Fax: +30 210 6475628, E-mail: contact@dpa.gr

Security of Personal Data

INTRAKAT shall implement appropriate technical and organizational measures aimed at the safe processing of personal data and the prevention of accidental loss or destruction and the unauthorized and/or unlawful access to, use, modification or disclosure thereof. In any case, the way in which internet operates and the fact that it is free to anyone cannot guarantee that unauthorized third parties will never be able to violate the applicable technical and organizational measures gaining access and, possibly, using personal data for unauthorized and/or unfair purposes.