- Introduction & General Terms
Hellenic American Union (22 Massalias Street, 10680 Athens) (“HAU”) collects, stores and processes Personal Data (as defined below) in accordance with the General Data Protection Regulation (ΕΕ) 2016/679 (the “GDPR”) and local data protection legislation (jointly “Data Protection Legislation”).
This Notification of HAU to its counterparties according to Articles 13 and 14 of the GDPR (the “Notification”) describes the way in which HAU collects, uses and processes Personal Data relating to its counterparties (if they are natural persons) or their legal representatives, the directors, the beneficial owners and/or the contact persons of their counterparties if the counterparties are legal entities (“You”).
- Types of Personal Data collected - Sources
For the purposes of this Notification, Personal Data means any information which relates to an identified or an identifiable person, or which may be used to identify a person (“Personal Data”).
The types of Personal Data that HAU may process include, as the case may be:
- First name, last name, father’s name, mother’s name, email address, signature, products, or services provided;
- When the counterparty is a natural person: VAT number and Tax Authority, number of ID document, date of issue and issuing authority;
- When the counterparty is a legal entity: working position within the counterparty/ capacity.
Your Personal Data are in principle collected from you or from HAU’s counterparty which transferred to HAU your data in the context of their agreement or for the purpose of concluding an agreement. Moreover, we may obtain your Personal Data from other sources such as publicly available sources, creditworthiness assessment companies, etc.
- Personal Data of Third Parties
If you provide HAU with Personal Data of third parties (e.g. legal representatives, employees), you must notify these persons that the HAU will process their Personal Data and inform them of their respective rights (for example by disclosing this Notification).
Moreover, if required by law, you must obtain the consent of these persons to transfer their data to HAU and allow the HAU to process their data . If you provide Personal Data of third parties, HAU assumes that you have notified them accordingly and obtained their consent.
- Why does HAU collect, use, disclose and store Personal Data?
HAU collects, uses, discloses and stores Personal Data for the following purposes: (1) to selecta counterparty, (2) to conclude an agreement with the counterparty (3) to implement the agreement with the counterparty, including managing the relevant payment fees under this agreement, (4) to assess the cooperation with the counterparty, (5) to safeguard its rights under the applicable law, (6) to fulfil its obligations required by law, (7) to ensure compliance with the HAU’s internal policies and procedures (8) to conduct research (market research, satisfaction survey, etc.) and (9) to pursue direct marketing.
- Legal Basis of the processing of your Personal Data
The legal basis for the collection, use, and processing of your Personal Data is defined in Article 6, para. 1 b), c) and f) of the GDPR. This means that HAU A is processing your data: (i) to execute the agreement you have entered into with the HAU or to take action to reach this agreement, (ii) to comply with its legal obligations, (iii) for the legitimate interests of HAU or any third party, unless your rights and freedoms prevail over these interests (e.g. to safeguard HAU’s legitimate interests, prevention of fraud, internal investigation). If the legal basis for processing your personal data is your consent, HAU will obtain this separately.
- Recipients of your Personal Data
HAU may from time to time disclose your Personal Data to third parties for any of the aforementioned purposes. Examples of third parties to whom HAU may transfer your Personal Data include:
- Third parties which provide us services (e.g. IT companies)
- Entities which are within the same group of companies with HAU.
- Consultants or auditors.
- Any court or judicial authority , mediator, arbitrator, taxation authority or regulatory or public authority.
- Public or national authorities, where required by law.
- Otherwise, if you have given your consent for that disclosure.
- Overseas transfers of Personal Data
Due to the nature of our work, we may disclose your Personal Data to third parties established outside the European Economic Area (EEA). In these cases, except where the relevant country has been determined by the European Commission to provide an adequate level of protection (currently Andorra, Argentina, Canada, Switzerland, Faroe Islands, Guernsey, Israel, Isle of Man, Jersey, New Zealand and Uruguay), we require such recipients to comply with appropriate measures designed to protect the Personal Data.
- Retention period of your Personal Data
We will retain your Personal Data for as long as we consider to be necessary in order to fulfil the purpose for which they were collected or to comply with legal, regulatory, accounting, auditory requirements or requirements provided in our internal policies/ proceedings. In order to define the adequate retention period of your Personal Data we take into consideration the applicable legislation, as well as the quantity, the nature and the sensitivity of the Personal Data, the prospective risk of damage caused due to an unauthorized use or disclosure of your Personal Data, the purposes for which we collected your Personal Data and whether we can fulfil the purposes through other means.
- Your rights and obligations
(a) Your obligation to notify us for any change
It is important your Personal Data that we store are up-to-date and accurate. Please notify us in case there is a change in the Personal Data that you have provided us with.
(b) Your rights in relation to your Personal Data
In certain circumstances, you have the right by law to:
- Request access to your Personal Data.
- Request the correction of your Personal Data that we store about you.
- Request that your Personal Data be deleted.
- Object to the processing of your Personal Data (e.g. you have the right to object in writing if we process your Personal Data for direct marketing purposes by contacting us at the email address mentioned below).
- Request the restriction of the processing of your Personal Data.
- Receive your Personal Data in a structured format or request the transfer of your Personal Data to a third party (“data portability”).
- Withdraw, in cases where we process your Personal Data based on your consent, your consent at any time. Note that withdrawing your consent will not affect the legality of the processing which was based on your consent prior to its withdrawal.
- Request, where applicable, not to be subject to decisions based on automated decision-making, including profiling.
If you want to exercise your rights in accordance with the above, or you have any question relating to this Notification, please contact us at firstname.lastname@example.org.
Finally, you have the right to lodge a complaint with the competent Data Protection Authority (for Greece: www.dpa.gr).
- Changes to this Notification
We reserve the right to update this Notification at any time, and we will notify you by updating this Notification on our website at: www.hau.gr. Any changes to this Notification are applicable by the time of its update on our website, unless otherwise provided.Download the above legal statement in .pdf format