Information on personal data processing
NOVACERT – CONSULTING – DEVELOPMENT – COMMERCIAL LTD (NOVACERT LTD) takes into serious consideration the lawful processing, security and protection of your personal data, regardless of the capacity under which you may be working with or contacting our company (whether a potential or a current customer, a business associate, an employee, a provider, a website visitor, a private individual or a third party in general that works with or contacts the company). Being a Data Controller NOVACERT LTD is committed to implementing all regulations concerning the protection of personal rights and freedoms with regard to the processing of personal data, in compliance with the General Data Protection Regulation 679/2016 (GDPR), the Greek legislative framework in force and the decisions of the Hellenic Data Protection Authority (HDPA).
With this Privacy Notice the company wishes to inform you as to how we use and process your personal data, as well as on your rights as data subjects.
1. Who is responsible for Data Processing?
The company named:
«NOVACERT – CONSULTING – DEVELOPMENT – COMMERCIAL LTD» (hereinafter «NOVACERT LTD»)
Registered offices: 1st km Old National Road of Alexandreia-Veroia, P.O. 59300, Alexandreia, Imathia, Greece
Data Protection Officer’s email address: firstname.lastname@example.org
2.What is personal data and types of personal data that NOVACERT LTD collects
Personal data means any information found in either printed or electronic media that may lead, itself or in combination with other information, to the identification/ verification of the identity of a natural person.
In connection with its business activities and transactions NOVACERT LTD collects the following personal data:
- Identity data, such as name, father’s name, address (residence or email address), Tax Identification Number, Identity Card Number, Social Security Number, phone number (fixed and mobile) etc.
- Commercial and financial data, such as payment/billing information, business information, bank account number, business address, information about previous transactions or commercial contracts/agreements, remunerations, leaves etc.
- Data concerning financial statements, taxation documents and tax information such as source of income, source of assets etc., which we need to submit along with technical files of approval to projects run by Greek Public Entities and the European Union
- Supporting documents that contain personal data. These documents have to be submitted in the context of the implementation of European programmes for the promotion of agricultural products.
The aforementioned personal data is either collected directly from you, or from your authorized representatives as part of our business relation. We may also collect and process personal data from publicly available sources, such as commercial registries, the press, the media or the internet, which we acquire legally and are allowed to process.
Processing of special categories of personal data: NOVACERT LTD does not collect or use personal data relating to your racial or ethnic origin, political opinions, religious or philosophical beliefs or trade-union memberships, genetic or biometric data for the purpose of uniquely identifying you as a data subject, as well as data concerning your health, your sex life or your sexual orientation.
The company may exceptionally collect and process the above data if:
- you have given explicit consent to the processing of those personal data for one or more specified purposes,
- processing is necessary for the purposes of carrying out the obligations and exercising specific rights of the company or you as a data subject (e.g. in the fields of employment, social security and social protection law),
- the personal data are manifestly made public by you,
- processing is necessary to protect your vital interests where you are physically or legally incapable of giving consent,
- processing is necessary for the assessment of the working capacity of an employee (e.g. ability to operate machinery) or for raising awareness and developing the appropriate working conditions for people with disabilities or special needs. If you do not provide us with information concerning any disabilities or special needs NOVACERT LTD will not be able to take the appropriate precautions,
- processing is necessary for the establishment, exercise or defence of legal claims, both yours and the company’s,
- processing is necessary for reasons of substantial public interest having taken into account the principle of proportionality.
- How do we process your personal data?
NOVACERT LTD is entitled to collect and process your personal data in the following circumstances:
- within the framework of our contractual relation where data processing is necessary for the performance of a contract or in order to take steps prior to entering into a contract,
- for compliance with a legal obligation to which the controller is subject,
- with your explicit consent. This consent should be given by a clear affirmative act establishing a freely given, specific, informed and unambiguous indication of your agreement to the processing of personal data relating to you. The consent may be either in the form of a written statement, including electronic means, or oral statements. We shall not consider silence or inactivity to be a consent.
3. Purposes for which we will process your personal data
In compliance with applicable law, our contractual relation, or your explicit consent we process your personal data for the following purposes:
- For developing, performing and fulfilling a contractual agreement
As for instance, corresponding with you in order to notify you about products or services relevant to our contractual agreement, or processing your personal data for payment/billing management, as well as any form of processing that is necessary for implementing and performing a contract. NOVACERT LTD, may use your email address to send you payment notices, information regarding changes in our services, or other notifications that may be relevant to the company’s field of activities. Users in general, cannot choose to opt out of these forms of communication as they are not related to marketing, but are essential to our transactional relations.
- For your support/service with regard to our company’s services/projects/products. NOVACERT LTD may collect or process personal data in order to respond to any of your inquiries and requests, to remedy problems, to inform you or answer to any of your suggestions and comments for improving our services, or so that in your future transactions with our company we are able to serve you in a faster and more effective way. NOVACERT LTD may also invite you to participate in questionnaires and surveys. These questionnaires and surveys will be designed in a manner that the given answers will not require Personal Data. If, however, you insert any Personal Data, NOVACERT LTD, may use them for the purpose of improving its products and services.
- For safeguarding the quality of our services, or the company’s internal function, as for example for the prevention of fraud and other criminal offences, for the physical safety and protection of persons and property (e.g. video surveillance), for compliance with a company’s legal obligation deriving from the current legislative and regulatory framework, for the company’s information systems management and for optimizing safety procedures.
- For marketing purposes. We may process your personal data so as to inform you about services that may be of interest to you or your business. The personal data that we process for this purpose consist of information that you provide and data that we collect or/and conclude each time you use our services. We study this information in order to form a view on what we think you may require or what may interest you. We use your personal data for promoting you our services only with your consent, or if in certain occasions, we have a legitimate interest to do so. You have the right to oppose to the processing of your personal data for marketing purposes at any time.
4. How long we retain your Personal Data
We will retain your personal data for as long as we have a business relation with you [as an individual or under your capacity of an authorized representative/agent of a legal entity or if you are its beneficial owner]. Once our business relation has ended, we will hold your personal data for up to five (5) years. As for personal data concerning potential clients [or authorized representatives/ beneficial owners of a legal entity potential customer], we will retain these data for up to six (6) months from the date a rejection of your request to cooperate with our company has been notified to you.
5. Why should I provide you with my personal data
As a general principle, providing us with your consent and any Personal Data under the present notice is completely voluntary. Therefore, there will not be any harmful effects if you choose not to provide us with such consent or Personal Data. There may be certain occasions, however, where NOVACERT LTD will not be able to take action unless provided with specific Personal Data, as these data are essential, for instance, for the rendering of our services or for a fast and effective customer service, or for giving you access to our company’s newsletter. Unfortunately, in such circumstances, NOVACERT LTD will not be able to provide you with what you require without your Personal Data.
6. How does NOVACERT LTD process my Personal Data
Our company as well as our employees, who are trained in personal data related matters, comply with the processing principles set out in the General Data Protection Regulation 679/2016 (lawfulness, fairness, transparency, purpose limitation, data minimisation, accuracy, storage limitation, integrity and confidentiality). In any case we take the necessary organisational and technical measures to ensure that your personal information is transferred, stored and processed in accordance with the appropriate standards and safety procedures and in compliance with the terms of the present Policy Notice and the current legislation on data protection. Our company has trained authorized personnel and has appointed a Data Protection Officer as it recognizes the importance of protecting your privacy and your personal information. For this purpose, we apply all the appropriate safety policies and use all the proper technical and operational tools, such as anonymisation, pseudonymisation, data encryption, firewalls, authorised employees, personnel training, periodic inspections.
7. What are your rights when you provide us with your data
NOVACERT LTD is committed to respecting the confidentiality of your personal data and to ensuring that you are able to exercise your rights easily. You may contact us, without charge, via email at email@example.com stating the reasons to your request and the right you wish to exercise.
In particular and regardless of the purpose, or the legal framework under which we process your data, you have the following rights:
- The right to request access and to be informed of the personal data that we hold about you (right of access).
- To request correction of your data in order for such data to be correct and accurate (right of rectification).
- To ask for the deletion of your personal data, without prejudice to the company’s obligation and legal rights, as set out above (right to erasure, right to be forgotten).
- To request for restriction of the processing of your data. This right can be exercised where (i) you contest the accuracy of the data possessed by the company (but only for the period of time that is needed for NOVACERT LTD to check such accuracy), (ii) the processing is unlawful and you request that we restrict further processing of your Personal Data, (iii) NOVACERT LTD does no longer need to process such data but you request that we retain them in order to establish, exercise or defend legal claims, (iv) you have objected to our processing of your personal data but we need to verify whether NOVACERT LTD has an overriding interest or legitimate grounds to use it (right of restriction).
- To request the receipt of the personal data you have provided the company with in a structured, commonly used, machine-readable format, in order to transfer it to a third party you have chosen without us objecting to such a transfer (right to portability).
- To object to the processing of your personal data on the basis of your legitimate interests. You may exercise this right at any time by sending an email to our Data Protection Officer at firstname.lastname@example.org. Should you do so, NOVACERT LTD will no longer process such data on the aforementioned grounds (that is your legitimate interests) and it will erase your data from its systems, unless the company is allowed to use such Personal Data for reasons stated at this Privacy Notice or is able to demonstrate compelling legitimate grounds to process your information (right of objection).
Right to make a complaint. If you feel that your personal data has not been processed by NOVACERT LTD in accordance with the present notice or in a manner that does not meet the applicable EU data protection regulation, you have a specific right to lodge a complaint at any time with the relevant supervisory authority of the EU country you reside in, or the Hellenic Data Protection Authority. In addition, refusal of the company or undue delay in delivering your demands in exercising your rights, gives you the right to file a complaint with the Data Protection Authority, as competent supervisory authority.
8. Data transfers to third parties
In order to fulfil our contractual and legal/regulatory obligations, we may transfer your personal data to other departments within the company. We may also transfer your data to certain providers, who have entered into contracts with our company that bind them to preserve the confidentiality and safety of your data in accordance with the GDPR. It is noted that we may have to disclose your personal data for any of the aforementioned reasons, when it is required by law, when we are authorised to do so pursuant to our contractual and regulatory obligations, or when you have given us your consent. All the data processors that we have appointed to process personal data on our behalf are under the obligation to comply with the provisions of the GDPR, on a contractual basis.
9. Changes to this privacy notice
We may modify the information in this Privacy Notice, when deemed necessary. In such a case, you will be notified accordingly, so that you have the ability to review, evaluate or even object to these changes and ask to be deleted from a service or operation. We recommend that you regularly check for changes in the privacy notice that is always posted on our website. This website may contain links to other websites. NOVACERT LTD is not responsible for the privacy practices or content of other websites that we do not control. Therefore, we strongly advise you to read the privacy terms of the aforementioned websites.