Last updated: 25/05/2018
CUBIT SA (hereafter referred to as the “Company”) may collect and process your personal data (hereinafter referred to as the “Data”) that is provided by you (hereinafter referred to as”Data Subjects”). The Company provides this Privacy Notice (hereinafter referred to as “Notice”) to inform you about the processing of your Data in accordance with the EU General Regulation 679/2016 on the Protection of Personal Data and the applicable national law and underline its commitment to protecting your Data.
This Notice may change from time to time. Please consider the date mentioned at the beginning of the text.
1. Data Controller
The data controller in accordance with the General Regulation EU 2016/679 and the applicable legislation is the company “CUBIT TECH ORIGINAL COMPUTER SOLUTIONS A.E.” with the distinctive title “CUBIT A.E. “, based in Maroussi, Attica, Pentelis Street, 124, T.K.15126.
You can contact the Company at info@cubit.gr.
2. Purpose of processing
The Company may process the Data for the following purposes:
(a) to inquire potential cooperation with the Company,
(b) for the performance of a contract between you and the Company,
(c) for commercial communications, and to send promotional material relating to the provision of IT services by the Company, or conducting market research, subject to the express consent of the Subject (hereinafter referred to as “Marketing”).
(d) for filing purposes
(e) where the Company has a legal obligation or a legitimate interest in accordance with the law and with the restrictions therein.
The Company collects exclusively the personal data that is necessary for the above mentioned purposes.
3. How we process your Data
The Company may process the Data in paper form, by automated or electronic means including mail or email, telephone (eg automated phone calls, SMS, MMS), fax and any other means (e.g. web sites, mobile applications).
In this context, the Company shall take appropriate administrative, technical, organizational and physical measures as well as measures concerning its personnel, aimed at protecting the Data, in accordance with applicable legislation, in particular the protection of Data from misuse or accidental use, unlawful or unauthorized destruction, loss, modification, disclosure, acquisition or access. This includes requiring service providers to use appropriate measures to protect confidentiality and data security.
4. Data Recipients
Access to Data within the Company is limited to those who “need to know” for the above mentioned processing purposes. Data may be processed for the above mentioned purposes by business partners, (a) professional advisors, such as accountants, auditors, lawyers, insurers, bankers and others, (b) service providers, such as companies that provide products and services, e.g. companies providing services and support to IT systems and accounting, (c) public, judicial and governmental authorities, such as regulating authorities, law enforcement agencies, public and judicial bodies.
5. Transfers of Data Outside the EU and EEA
The Company does not transfer Data to countries outside the European Union and the European Economic Area (EEA).
6. Data retention period
Data processed for the purposes of 3 (a) – inquiry of potential cooperation – and 3 (b) – performance of a contract – will be retained by the Company for the period that is strictly necessary for the fulfillment of those purposes and the expiry of any time limit for the exercise of any claim arising out of the relevant purposes. The Company may continue to retains this Data for a longer period if it is strictly necessary for the purposes of 3 (e). Data processed for the purpose of 3 (c) – marketing – will be retained by the Company from the time the Data Subject provides its consent until the moment of revocation. In case the Subject revokes his / her consent, the Data will no longer be processed for the this purpose, but may continue to be retained by the Company for purposes of 3 (e). Records kept for purposes of 3 (d) are kept for ten years after the expiration of any of the processing purposes of 3 (a) and 3 (b).
7. Data Subject Rights
The Data Subject has the following rights:
1. The right of access, which means that the Subject has the right to submit a request to the Company to be informed whether the Company processes data and, if so, to access this Data.
2. The right to rectification and erasure, which means that the Subject has the right to request the rectification of incomplete or/and inaccurate Data, as well as the erasure of Data, where there are legal grounds for that.
3. The right to restriction of processing or the right to object, which means that the Data Subject has the right to ask for the suspension of the processing, where there are legal grounds for that.
4. The right to data portability, which means that the Subject has the right to ask and receive his/her Data in a structured, commonly used and machine-readable format, as well as the right to transfer this Data to other Data Controllers.
5. The right to object or retraction, which means that the Subject has the right to object to the processing of his/her Data, where there are legal grounds for that.
6. The right to lodge a complaint with the Hellenic Data Protection Authority (www.dpa.gr) in case of illegal data processing.