PERSONAL DATA PROTECTION POLICY
MyDealerSoft by E-ON INTEGRATION
Version 1.0. 1/5/2018
E-ON INTEGRATION takes the protection of Personal Data very seriously and takes all the necessary organizational and technical measures required to ensure its compliance with the General Data Protection Regulation (GDPR).
E-ON INTEGRATION's main focus is the development of innovative applications for businesses with internet and cloud technologies, which it also provides as Software as a Service.
For its business, lawful purposes, it collects and processes personal data concerning its employees, job applicants, suppliers and partners, customers and users of its websites. For these data, it determines the purpose and manner of their processing and acts as "Data Controller".
E-ON INTEGRATION also processes personal data on behalf of its customers who make use of its web applications and services provided as Software as a Service. This processing is carried out in accordance with the contracts it signs with these customers who determine the purpose and manner of data processing. For these data, E-On acts as "Processor".
E-ON INTEGRATION is committed to fulfilling its obligations for the protection, security and validity of the data either as "Data Controller" or as "Processor".
What Personal Data are collected
As part of E-On INTEGRATION's operations, personal data is collected and processed. This data may be provided in any physical or electronic manner and make an individual identifiable, such as names, addresses, usernames and passwords, digital fingerprints, photographs, social security numbers, financial data, etc.
The Company collects this information in a transparent manner and only with the full cooperation and knowledge of the Data Subjects.
The personal data collected and processed may include:
-
Data identifying the Data Subject such as name, surname, photograph, date of birth, gender.
-
Information on education and professional experience.
-
Information on the organisational position in a company
-
Data necessary for the fulfilment of obligations before tax authorities and social security funds (VAT number, social security number)
-
Online identification data including email accounts, usernames and passwords to our accounts and online services, time/duration information on accounts, security logs, antivirus logs, access rights, IP address, application activity, browsing history.
-
Data on the use of the company's websites and any problems encountered by users.
-
Data on commercial transactions with the company's customers including contact details.
With regard to the provision of services where E-On INTEGRATION processes personal data on behalf of its customers and acts as a processor, it is possible that it may gain access to personal data of the customers' databases, following relevant recorded requests from customers and their company executives and in the context of application support or in order to solve problems. In such cases, all appropriate organisational and technically feasible measures are taken to protect such personal data.
Legal bases according to which personal data is collected and processed by E-On INTEGRATION.
-
Consent: the data subject has given his or her consent, by a statement or clear affirmative action that is documented. The data subject may at any time withdraw his or her consent.
-
Contract: The company needs to process personal data to fulfil contractual obligations.
-
Legal Obligations: The company needs to process personal data to ensure that it complies with its legal obligations.
-
Legitimate interest: the company has a legitimate interest to process personal data. For example, the processing is necessary to ensure the uninterrupted operation of its computer systems or to manage relations with its customers.
-
Protection of Vital Interests: processing may be necessary to protect someone's life or other vital interests.
-
Labour and Social Security and Protection Obligations: The processing of special categories of data of employees/associates is necessary for the performance of their obligations or the exercise of their specific rights or the company's rights in the field of labour law and social security and social protection law, under the provisions of the law
-
Satisfaction of Legal Claims: processing is based on the company's right to seek satisfaction of legal claims.
For what purposes we process personal data
-
To carry out the recruitment and departure procedures of officials/associates.
-
To fulfil legal and contractual obligations of the company in relation to its employees, partners, suppliers and customers.
-
For specific defined and legal purposes related to the organization and execution of the company's activities and operations.
-
For the ability to provide responses to formal requests from authorities.
-
For the company to respond and defend its legal claims.
-
To manage relationships with clients, existing or prospective.
-
For the safety of employees and the security of critical company facilities.
-
To conduct training and orientation programs.
-
For the management and security of the company's electronic infrastructure and its uninterrupted operation.
-
For any other lawful purpose requiring data processing.
Who has access to personal data.
Access to the data is granted to the authorised executives of the company, depending on their organisational position. Access is granted according to the position and duties of the authorised executives and is limited to the data necessary for the purposes of the specific processing they undertake and for the performance of their roles.
In addition to E-ON INTEGRATION, we transmit as much data as is necessary for the purposes of the respective processing to the following categories of recipients:
-
Third parties that provide services to the company, such as IT companies, telecommunication companies, seminar and training companies, credit institutions, tax and legal advisors, facility security companies and other service providers.
-
To national or international regulatory, tax or other authorities or public bodies or courts, when required by law or regulation or at their request.
-
To customers and/or partners when required to communicate, manage relationships and carry out requested transactions.
-
To third parties who carry out audits on the company within the framework of its regulatory obligations, customer relations or obligations arising from applicable legislation.
Data and personal information is not transferred outside the European Union.
How personal data is protected.
E-On INTEGRATION takes data security seriously. The company has internal policies and controls in place to ensure that data is not lost, destroyed, used or disclosed.
Also that these will not be accessed within the company by anyone other than authorized personnel in the performance of their duties or third parties except as stated in the previous paragraph on "Who has access to personal data".
For how long the personal data are kept.
Personal data are not kept for longer than necessary for the purposes for which they were collected or for the purposes for which they were subsequently processed.
When personal data is no longer needed, these are securely deleted or destroyed.
The rights of the data subjects for whom personal data are held.
-
Right to be informed: the right to be informed about the collection and use of personal data.
-
Right of Access: the right to receive confirmation from the company as to whether or not their personal data is being processed and, if so, the right to access the personal data in a concise, comprehensible, transparent and easily accessible form.
-
Right to rectification: the right to request the correction of inaccurate or incomplete information within a reasonable time.
-
Right to Deletion: To request the deletion of data concerning them under the conditions specified by law.
-
Right to restriction of processing : To ask the company to restrict processing activities only to specific purposes, under the conditions set by law.
-
Right to object: to object, at any time and on grounds relating to their particular situation, to the processing of personal data concerning them. E-ON INTEGRATION will no longer process personal data unless it demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of individuals or for the establishment, exercise or maintenance of legal claims.
-
Right to portability: The right to receive personal data concerning them, which they have provided to E-ON INTEGRATION, in a structured, commonly used and machine-readable format, as well as the right to request the transfer of such data to another controller without objection from E-ON INTEGRATION.
-
Right to obtain human intervention: the right not to be subject to a decision taken solely on the basis of automated processing, including profiling, which produces legal effects concerning them or significantly affects them.
Who you can contact about Personal Data.
If you have any questions about our Privacy Policy or how we manage and process Personal Data, you can send us an email to: prelations@e-on.gr or send a letter to the "Data Protection Officer", e-On Integration S.A., 3 Gounari, 153 43 Agia Paraskevi or contact us at +30 210 601 8700.
The request will be answered within thirty (30) days from receipt. In the event that an extension of the above deadline is required for the investigation and/or processing of the request, a notification will be provided, explaining the reasons why an extension of the deadline is necessary.
In any case, if you feel that the protection of your personal data has been violated in any way, you have the right to lodge a complaint with the Hellenic Data Protection Authority (www.dpa.gr)
This update and all documents related to it are periodically reviewed and revised, where necessary, by the Data Protection Officer in accordance with the Data Protection Policy.