The company attaches the utmost importance to the processing, security and protection of all stakeholders’ personal data. The company is certified to the ISO 9001: 2015 & ISO 27001: 2013 standards and has appointed a data protection officer - DPO, whom the interested parties may contact to exercise their rights and for any clarification regarding the security policy herein.
DPO contact details:
Personal Data Processing Officer:
Company name: GLOBALCERT
Address: 108 Solonos St., Athens, Post Code: 10681
Email address: firstname.lastname@example.org
The present company policy, establishes the measures taken in terms of personal data, fully complying with the Regulation (EU) 2016/679of the European Parliament and the applicable legislation in general.
The term "personal data" refers to information of natural persons, such as name and surname, postal address, e-mail address, contact telephone, etc., which identify or can identify them. The company collects personal information in various ways, but always with the consent of the stakeholders.
As mentioned in the "Confidentiality" procedure D.320, the keeping of records by the company is made in a confidential manner and only authorized persons have access to them, ie the person in charge for keeping them and the Managing Director.
Personal data is collected and processed for lawful purposes. The data is kept for a specific period of time, which is considered as necessary by Law or by the Corporate Policy.
The data is processed in accordance with applicable law and the company is committed to protect it from unauthorized or illegal processing and any accidental loss, destruction or damage.
The time and manner of keeping the records is described in procedure D.550, “Checking and keeping records and registers”.
Mandatory data is marked with an asterisk (*) next to the personal data that must be shared in order to fulfil the main purpose of the specific data collection.
Additional data sharing with the Company, beyond those marked as mandatory, is optional and does not affect the main purposes of data collection. Their provision nevertheless serves to optimize the quality of services provided.
More information on managing the e-communication forms and e-mails can be found in the procedure D. 250 and its support documents.
During a communication with the Company, or when one makes use of its services, data is collected directly by the company staff or associates, either through the contact form, the expression of interest form or by phone.
In order to better serve the stakeholders and in the context of personal data protection legislation, the data collected may be used for:
Identity data: first name, last name, username or similar ID, marital status, date of birth and gender.
Contact details: email address, city of residence and phone numbers.
Financial data: bank account and payment card info.
Transaction data: payment details regarding you, as well as other information on products and services you purchased from us.
Technical data: Internet Protocol (IP) address, login information, browser type and version, time zone and location, additional browser types and versions, operating system and platform, and other technology on the devices you use to access this website.
Profile data: username and password, purchases or orders made by you, interests, preferences, comments and responses to surveys.
Usage data: information about how one uses our website, products and services.
Marketing and communication data: preferences regarding promotions made us and third parties and one’s communication preferences with us.
Data is only used for the purposes for which it is collected. If it needs to be used for another purpose, the stakeholder’s consent is required and he/she must be contacted so as to be presented with the legal basis allowing the change of purpose, unless the new purpose is compatible with the original, in compliance with the laws in force.
The company does not knowingly collect any information from any person under 15 years of age. Individuals under the age of 15 are discouraged to use or provide information on this site, to make purchases or to provide any information about themselves, except with the consent of their custodians. In the event that a child’s, under the age of 15, personal data is found, the information will be deleted immediately.
The company has the necessary physical and technological protection measures (including encryption, anonymization and / or pseudonymization procedures where necessary) in order to prevent the unintentional loss, alteration, disclosure and use or access of personal data in an unauthorized manner. Access to personal data is granted only to those authorized officials, who process the data following clear instructions and in compliance with the terms of strict confidentiality.
"Confidentiality" Procedure D.320 describes how the company manages the information obtained during its activities, in order to ensure confidentiality. In case of personal data leakage, the Management, the IT Department and any other department, directly affected by the specific leak, must be immediately informed.
The necessary steps are then performed to identify the source of the leak as well as to assess the magnitude of the risk. The necessary steps are taken to stop the leak and to prevent a similar incident in the future. Corrective actions are then decided and carried out, which may lead to a review of the existing procedures and / or instructions herein, removal of suppliers, and even legal action.
Finally, the operator informs all stakeholders.
Personal data is retained for a specific period of time and only for as long as necessary in order to fulfill the purpose of their collection, including the fulfillment of any legal or tax obligation. The time and manner of keeping the files is described in procedure D.550, “Checking and keeping records and registers”.
Under certain conditions, stakeholders reserve the right to request the erasure of their data, as described below.
The stakeholders maintain:
The rights of the stakeholders are presented in the procedure D.240 “Managing Requests for Personal Data” and in the corresponding form E.240-1 “Request for revocation, disclosure, rectification, erasure of personal data”.