1. Personal Data

The company attaches the utmost importance to the processing, security and protection of all stakeholders’ personal data. The company is certified to the ISO 9001: 2015 & ISO 27001: 2013 standards and has appointed a data protection officer - DPO, whom the interested parties may contact to exercise their rights and for any clarification regarding the security policy herein.

DPO contact details:

Personal Data Processing Officer:

Company name: GLOBALCERT

Address: 108 Solonos St., Athens, Post Code: 10681

Email address: info@globalcert.gr

The present company policy, establishes the measures taken in terms of personal data, fully complying with the Regulation (EU) 2016/679of the European Parliament and the applicable legislation in general.

The term "personal data" refers to information of natural persons, such as name and surname, postal address, e-mail address, contact telephone, etc., which identify or can identify them. The company collects personal information in various ways, but always with the consent of the stakeholders.

As mentioned in the "Confidentiality" procedure D.320, the keeping of records by the company is made in a confidential manner and only authorized persons have access to them, ie the person in charge for keeping them and the Managing Director.

2. Processing - Data Collection

Personal data is collected and processed for lawful purposes. The data is kept for a specific period of time, which is considered as necessary by Law or by the Corporate Policy.

The data is processed in accordance with applicable law and the company is committed to protect it from unauthorized or illegal processing and any accidental loss, destruction or damage.

The time and manner of keeping the records is described in procedure D.550, “Checking and keeping records and registers”.

3. Data Sharing

Mandatory data is marked with an asterisk (*) next to the personal data that must be shared in order to fulfil the main purpose of the specific data collection.

Additional data sharing with the Company, beyond those marked as mandatory, is optional and does not affect the main purposes of data collection. Their provision nevertheless serves to optimize the quality of services provided.

More information on managing the e-communication forms and e-mails can be found in the procedure D. 250 and its support documents.

4. When Data is collected?

During a communication with the Company, or when one makes use of its services, data is collected directly by the company staff or associates, either through the contact form, the expression of interest form or by phone.

5. How Data is used

In order to better serve the stakeholders and in the context of personal data protection legislation, the data collected may be used for:

  • New customer registration
  • Order processing
  • Payment management and debt collection
  • Conclusion of contract
  • Fulfillment of a legal obligation
  • Participation in tender
  • Display related site content and ads
  • Website, product / services, experience enhancement by using data analysis tools
  • Personalized proposals for goods or services
  • Updates on security policy changes

6. Categories of data collected

Identity data: first name, last name, username or similar ID, marital status, date of birth and gender.

Contact details: email address, city of residence and phone numbers.

Financial data: bank account and payment card info.

Transaction data: payment details regarding you, as well as other information on products and services you purchased from us.

Technical data: Internet Protocol (IP) address, login information, browser type and version, time zone and location, additional browser types and versions, operating system and platform, and other technology on the devices you use to access this website.

Profile data: username and password, purchases or orders made by you, interests, preferences, comments and responses to surveys.

Usage data: information about how one uses our website, products and services.

Marketing and communication data: preferences regarding promotions made us and third parties and one’s communication preferences with us.

7. Change of purpose

Data is only used for the purposes for which it is collected. If it needs to be used for another purpose, the stakeholder’s consent is required and he/she must be contacted so as to be presented with the legal basis allowing the change of purpose, unless the new purpose is compatible with the original, in compliance with the laws in force.

8. Cookies or other similar technologies

The website uses cookies in order to identify the visitors, record the IP address and the way in which each visitor uses the website. This information is used to provide better services, help improve the website, its products, services and promotions. A cookie is a small text file that is placed on an internet user’s hard drive. A session cookie expires as soon as the browser is closed. A permanent cookie stores information on the hard disk so that when the session is over and the visitor returns to the same site at a later time, the cookie information is still available. When using its website, the company reserves the right to use both a session cookies and a permanent one. Flash cookies or other similar technologies may also be used. Flash cookies are not used for promotions or behavioral ads. Flash cookies are different from browser cookies and the cookie management tools provided by the browser do not remove Flash cookies. Visitors may disable cookies at any time through the browser options, but if they do so, the company will not be able to record purchases or allow purchases from the site. Moreover, it will not be able to identify you as a registered user so that you can access your account information.

9. Child privacy

The company does not knowingly collect any information from any person under 15 years of age. Individuals under the age of 15 are discouraged to use or provide information on this site, to make purchases or to provide any information about themselves, except with the consent of their custodians. In the event that a child’s, under the age of 15, personal data is found, the information will be deleted immediately.

10.Data Security

The company has the necessary physical and technological protection measures (including encryption, anonymization and / or pseudonymization procedures where necessary) in order to prevent the unintentional loss, alteration, disclosure and use or access of personal data in an unauthorized manner. Access to personal data is granted only to those authorized officials, who process the data following clear instructions and in compliance with the terms of strict confidentiality.

"Confidentiality" Procedure D.320 describes how the company manages the information obtained during its activities, in order to ensure confidentiality. In case of personal data leakage, the Management, the IT Department and any other department, directly affected by the specific leak, must be immediately informed.

The necessary steps are then performed to identify the source of the leak as well as to assess the magnitude of the risk. The necessary steps are taken to stop the leak and to prevent a similar incident in the future. Corrective actions are then decided and carried out, which may lead to a review of the existing procedures and / or instructions herein, removal of suppliers, and even legal action.

Finally, the operator informs all stakeholders.

11. Retention of information

Personal data is retained for a specific period of time and only for as long as necessary in order to fulfill the purpose of their collection, including the fulfillment of any legal or tax obligation. The time and manner of keeping the files is described in procedure D.550, “Checking and keeping records and registers”.

Under certain conditions, stakeholders reserve the right to request the erasure of their data, as described below.

12. Rights

The stakeholders maintain:

  • The right to withdraw consent
  • The right to disclose their data
  • The right to rectification
  • The right to erasure
  • The right to lodge a complain with a supervisory authority

The rights of the stakeholders are presented in the procedure D.240 “Managing Requests for Personal Data” and in the corresponding form E.240-1 “Request for revocation, disclosure, rectification, erasure of personal data”.

Copyright © 2020 GlobalCert. All rights reserved.