EN

Privacy Policy

The protection of natural persons with regard to personal data processing is a fundamental right. Article 8, para. 1 of the Charter of Fundamental Rights of the European Union (the Charter) and Article 16, para. 1 of the Treaty on the Functioning of the European Union (TFEU) stipulate that everyone has the right to the protection of personal data concerning him/her.

Furthermore, the General Data Protection Regulation (GDPR) No. 2016/679 of the European Parliament and the Council, is in force as of 25.05.2018 introducing a rigorous framework for the protection of individuals with regard to the processing of their personal data and for the free movement of such data (hereinafter the General Regulation).

The protection of natural persons with regard to the processing of personal data is of utmost importance for "MYTILINEOS CONSTRUCTION SINGLE MEMBER SOCIÉTÉ ANONYME" (distinctive title "METKA ATE" (hereinafter the Company). Consequently, the Company collects and processes personal data strictly in conformity with the General Regulation and the applicable legislation in general and to the extent necessary in connection with some aspect of labor relationships and the Company’s business activity. The Company allows the access of only authorized persons to those data and takes increased safety measures of those data to protect them from loss, erroneous handling, non-authorized access, modification or disclosure.

1. Processing of personal data on the Company’s websites

1.1 Categories of personal data

When you visit the Company websites, the Company may process:

(a) any data you have entered in the web page contact form,

(b) personal data automatically collected while you browse (IP address, device type, browser, redirection website, company web pages that you visited, visit date and time).

1.2 Purposes of data processing

Personal data are processed for the following purposes:

(a) To manage your query, if you have submitted any in the contact form and to contact you on your request.

(b) Τo document a legitimate legal claim or defense of the Company against an attempt of fraud, cyber-attack or other unlawful activity.

(c) Τo create anonymized statistics on the number of visits and accessibility of the homepage and the individual pages, for the purpose of proceeding with necessary actions aimed at improving your browsing experience.

1.3 Legal basis for data processing

The processing of your personal data is necessary in order to fulfill the above purposes. Unless otherwise stipulated at the time of collection of personal data, the legal basis for the processing of such data is one of the following:

(a) data processing is necessary for the purpose of performing and fulfilling the contractual relationship with you (Article 6 (1) (b) of the General Regulation);

(b) processing is necessary for the purposes of the legitimate interests pursued by the Company (Article 6(1) (f) of the General Regulation);

(c) you have given your explicit consent to the processing of your personal data (Article 6 (1) (a) of the General Regulation).

1.4 Data recipients and data transfers

Some of our websites may be managed by third-party IT companies (processors). In such cases we make sure, via contractual provisions and regular inspections, that should such third parties have access to personal data, this is done with due observance of the applicable legislation on data protection.

1.5 Policy on Cookies

A cookie is a small text file that a website saves on your computer or mobile device when you visit a website. The term "cookies" is used as an umbrella term to describe technologies such as cookies, Flash cookies and web beacons.

Cookies are used primarily to ensure that your visit to our website is as easy as possible, as well as for advertising purposes during your future visits to other websites. Our Cookies Policy  provides further details on the types of cookies we use, the use thereof, as well as on how to delete or prevent the storage of specific cookies on your computer or mobile device.

1.6 Personal Data of Minors.

The Company and its websites are addressed to persons having completed their eighteenth (18) year of age. The Company has no liability if minors visit its websites on their own initiative. If during the data collection process becomes evident that the user is of a younger age, the Company will not process the minor’s personal data.

2. Processing of personal data related to your business relationship with the Company

2.1 Personal data categories and sources

In the context of a potential or existing business relationship with the Company, the Company may process the following categories of personal data:

(a) Identification and contact details, such as name, provided to us by the trading partner or its representatives for identification and communication purposes; certificate of business initiation issued by the competent Tax Office (in case of a procurement contract for commercial purposes), specific features documenting eligibility for a specific tariff (e.g. preservation of the contractual relationship with a specific third party).

(b) Data processed in the context of a project or a sale/purchase transaction covering goods or services, or data provided by the business partner, such as personal data with regard to orders, payments effected, requests and reports in the context of implementation of a project or a business cooperation in general.

(c) Information on credit worthiness and integrity (information with respect to litigation or other legal proceedings against business partners) collected from publicly available sources, databases and credit rating agencies and bureaus.

2.2 Purposes of data processing

  • To manage the contractual relationship with business partners, such as product acceptance, deliveries, provision of services, performance of works, collections, accounting audits, operational and IT service, contract execution, contracts support and monitoring, fulfillment of contractual obligations, etc.;
  • To ensure Company compliance with legal obligations (tax, social security, customs, accounting and other obligations) in the context of compliance checks of business partners for the prevention of financial crimes and the safeguarding of its overriding legitimate interests, such as the transmission of data to law firms or competent authorities.

2.3 Legal basis for data processing

Unless otherwise stipulated upon collection of personal data, the legal basis for the processing of such data is one of the following:

(a) data processing is necessary for the purpose of performing and fulfilling the contractual relationship with you (Article 6 (1) (b) of the General Regulation);

(b) you have explicitly consented to the processing of your personal data (Article 6 (1) (a) of the General Regulation);

(c) data processing is necessary for the purpose of complying with legal obligations of the Company or for the purposes of the legitimate interests pursued by the Company (Article 6 (1) (c) or (f) of the General Regulation respectively).

Data processors:

The company may assign the processing or part thereof to service providers (processors). They act under the instructions of the company, as data controller, and have contractual commitments to ensure lawful processing. To provide central services such as staff development and management, staff payroll, payment of vendor invoices, selection of vendors, IT infrastructure and cybersecurity services, Regulatory Compliance and Data Protection Officer, the Company uses MYTILINEOS S.A. as processor and consequently uses MYTILINEOS S.A. sub-processors for such processing.

2.4 Data recipients and data transfers

The Company may forward personal data to the parent company, other subsidiaries or third parties, only if, and to the extent that, such forwarding is necessary solely for the above indicated purposes.

The Company may transfer personal data to judicial, administrative, taxation, customs, arbitration authorities or other public authorities, regulatory bodies and attorneys-at-law, if necessary for its compliance with the legislation and/or for establishing, exercising or defending its legal claims.

Furthermore, the Company may assign part or all of said processing to third parties (processors) including their directors and employees:

  • to parties who have entered into contract with the Company for promoting the company services, for the provision of postal services, data processing support services, record-keeping services, survey services, IT services, advertising services, banking and credit institutions, Certified Public Accountant firms;
  • to parties who have entered into contract with the Company for assessing the creditworthiness of the counter party and its ability to fulfill its obligations under the contract;
  • to companies informing debtors for debts in arrears, for the purpose of informing the customers pursuant to Law 3758/2009 as amended and applicable (their directors and employees), attorneys-at-law and law firms.

In the above cases we ensure by means of contractual terms and regular audits that, if they have access to personal data, the legislation on the protection thereof is duly complied with.

The recipients of personal data may be established outside the European Economic Area. In such cases, the Company takes measures so that adequate and appropriate safeguards are applied for the personal data protection by other means, mainly by using the EU standard data protection clauses.

3. Data Retention Period

The Company shall store your personal data for as long as is necessary to achieve the purposes described in the present policy unless the applicable legislation stipulates or allows a longer time period. The criteria governing the determination of the data retention period include the following: (a) as long as the contractual relationship is in effect; (b) as long as it is necessary for the Company to be in compliance with a legal obligation; (c) as long as it is necessary having regard to the Company's legal situation (e.g to defend its rights before the courts, audits by regulatory authorities, etc.).

4. Technical and organizational measures

The Company effectively implements, both at the time of determination of the means of processing and at the time of processing, appropriate technical and organizational measures such as pseudonymization, designed for the application of data protection principles, such as data minimisation, and the integration of the necessary safeguards into said processing so as to fulfill the requirements of the applicable legislation and protect the rights of natural persons.

5. Right to withdraw your consent

In case you gave us your consent to process specific personal data, you reserve the right to withdraw your consent at any time, with prospective effect. Such withdrawal of consent shall not affect the lawfulness of processing based on consent prior to withdrawal. In case of such withdrawal, the Company may further process your personal data only if there is some other legal ground for such processing.

6. Rights of the data subject

Under the applicable legislation on personal data protection and provided the relevant legal conditions are met, you have the following rights:

6.1      Right of access

You have the right to be informed as to whether or not the Company processes your data, to have access to such data and obtain supplementary information in connection with such processing.

6.2      Right to rectification

You have the right to request that your personal data be updated, rectified or completed.

6.3      Right to erasure

You have the right to submit a request for the erasure of your personal data; such request shall be satisfied provided no other legal grounds for processing are in place (such as indicatively, obligation of personal data processing, laid down by the law).

6.4 Right to restriction of processing

You have the right to request the restriction of the processing of your personal data in the following cases: (a) when you contest the accuracy of your personal data, and pending verification of the accuracy of your data; (b) when you oppose the erasure of your personal data and you request the restriction of their use instead; (c) when your personal data are no longer needed for the purposes of the processing, but they are required for to establish, exercise or defend legal claims, and (d) when you have objected to the processing and pending verification that our legitimate grounds for processing override those for objecting to the processing.

6.5 Right to object to the processing

You have the right to object at any time to your personal data processing, when such objection is legally sustained (Article 6 (1) (e) or (f) of the General Regulation). Your objection shall be satisfied unless the Company demonstrates compelling and legitimate grounds for the processing.

6.6 Right to data portability

You have the right to receive, at no cost, your personal data in a structured, commonly used and machine-readable format or to request, if technically feasible, that we transmit such data directly to another controller.

6.7 Right to oppose automated decision-making.

You have the right to request that you be excluded from decision-making, which is based on automated processing, including profiling.

In case you wish to exercise one or more of your rights and for your convenience please use this form

7. Data Controller

"MYTILINEOS CONSTRUCTION SINGLE MEMBER SOCIÉTÉ ANONYME" (distinctive title "METKA ATE", with registered seat in Maroussi, Attica, 5-7 Patroklou Street, is the Data Controller.

The Company provides support for all questions, comments, concerns or complaints relating to personal data protection or should you wish to exercise any right in connection with the protection of your data. You may contact our Data Protection Officer by email to the following addresses or the postal address:

METKA ATE

Attention: DPO

5- 7 Patroklou Street

GR 15125, Maroussi

8.Right of recourse to the Authority

The Competent Authority is the Hellenic Authority of Personal Data Protection. You are entitled to take recourse to the Personal Data Protection Authority for issues pertaining to your personal data processing. Prior to taking recourse to the competent Authority, you should first try to exercise your rights within the Company. With regard to the Authority’s competence and the way to submit a complaint, you may visit its website (www.dpa.gr > My rights> Submission of complaint), where detailed information is available.