DΑΤΑ PROTECTION POLICY

The protection of personal data is of paramount importance to Quality and Reliability. The Company takes all necessary technical and organizational measures that are appropriate for the protection of the personal data it processes, ensuring that their processing always complies with the regulatory, legal, and institutional obligations imposed by the applicable legal framework and supervisory framework.

This Policy applies to both the company itself and third parties who process personal data on its behalf, as well as to all the services it provides to its customers, communications, promotional activities, employees, and any interested party in general who interacts with the Company in any way, including visiting its website and any other electronic services it offers.

DATA CONTROLLER DETAILS

Company Name: Quality and Reliability

Depending on the specific characteristics of each project it undertakes on behalf of its clients, the Company may act either as a data controller or as a data processor. In cases where the Company determines the means and purposes of processing personal data it manages (such as when communicating with clients or managing employee data or job candidates), it acts as a data controller in accordance with the General Data Protection Regulation (Article 4). In cases where the Company provides implementation and support services for information systems and thus processes personal data on behalf of the Data Controller, it is considered a data processor according to the General Data Protection Regulation (Article 4).

CATEGORIES OF PERSONAL DATA

The Company processes the following categories of personal data for legitimate purposes:

Personal data related to contract execution (even at a pre-contractual level), such as contact details (name, email, mobile or landline phone) for the provision of services or communication with the client for organizing and conducting presentations.

Customer database information for the implementation and support of information systems.

Personal data from visits or use of electronic services on the website, such as cookies (small text files placed on the user's device) and similar technologies and services that use IP addresses to provide website locations. The Cookie Policy is available here.

Personal data related to commercial transactions in accordance with the Company's legal obligations, such as commercial transactions and investor communication, etc.

Personal data related to employment, such as personal data of employees or job candidates. 

ACCEPTANCE OF PERSONAL DATA

The Company may disclose the personal data provided by individuals to third parties in the following cases and for specific purposes.

Third parties, due to legislation, such as law enforcement, judicial or prosecutorial authorities, tax authorities, and insurance bodies, as part of the Company's compliance with its legal or supervisory obligations, as well as for asserting its legal claims or protecting its rights and security.

RETENTION PERIOD OF PERSONAL DATA

The Company determines the retention period of data according to specific criteria on a case-by-case basis:

Processing based on Legal Obligation: For as long as required by relevant provisions.

Processing based on Contract: For as long as necessary for the performance of the contract and the establishment, exercise, or defense of legal claims based on the contract.

Processing based on Consent: According to the time period specified before obtaining consent and until its withdrawal.

In cases where processing is based on the explicit and freely given consent of the individual, the data subject has the right to withdraw it freely, without affecting the lawfulness of the processing based on the consent before its withdrawal.

DATA SUBJECT RIGHTS

Any individual whose data is being processed by the Company can exercise the following rights by completing the relevant Rights Exercise form:

Right to Information:
The individual has the right to be informed about the identity and contact details of the Company or its representatives, the contact details of the Data Protection Officer (DPO), the purposes of processing for which their personal data are intended, the legal basis for their processing, and the recipients or categories of recipients of the personal data concerning them.

The individual can contact the company using the provided contact information to request further information about the processing of their personal data and the exercise of their rights, by submitting the relevant request form for the corresponding requests.

Responses to requests will be provided without undue delay and in any case within one month from the receipt of the request. This deadline may be extended by two additional months if necessary, taking into account the complexity of the request and the number of requests.

Right of Access:
An individual has the right to know and verify the legality of the processing and to request copies of the personal data being processed by the Company.

Right of Rectification:
An individual has the right to study, correct, update, or modify their personal data.

Right of Erasure:
ΤAn individual has the right to request the erasure of their personal data when the processing is based on their consent. In all other cases (such as contractual obligations, legal obligations to process personal data, public interest), this right is subject to specific limitations or may not exist depending on the case (e.g., the Company may refuse the erasure of personal data of an individual when it is necessary for the establishment, exercise, or defense of its legal claims).

Right to Restrict Processing: An individual has the right to request the restriction of the processing of their personal data in cases where the accuracy of the data is contested until its accuracy is verified, or when they object to the erasure of their personal data and request the restriction of their use, or when the personal data is no longer necessary for the purposes of processing but is still necessary for the establishment, exercise, or defense of legal claims, or when they object to the processing until it is verified whether the legitimate grounds of the Company override those of the individual.

Right to Object to Processing:
Every individual has the right to object at any time to the processing of their personal data in cases described above, or when it is necessary for the Company's legitimate interests as the data controller, as well as for processing for direct marketing purposes. Specifically, the individual has the right to object to any decision based solely on automated processing, including profiling, which produces legal effects concerning them or significantly affects them.

Right to Data Portability:
An individual has the right to receive their personal data in a structured, commonly used, and machine-readable format, and to have the data transmitted to another data controller, where technically feasible, especially for the data they have provided to the Company based on their consent or in the performance of a relevant contract.

In case of a violation of personal data, the individual has the right to lodge a complaint with the Hellenic Data Protection Authority (www.dpa.gr): Telephone Center: +30 210 6475600 Fax: +30 210 6475628, Email: contact@dpa.gr. This policy is available and communicated to all employees of the Company and any other interested parties (customers, suppliers, partners, state, wider society) through any appropriate means of communication deemed suitable by the Company, making them allies in its work. Last update was made in January 2023.