We would like to assure you that it is of prime importance for GEK TERNA Group to protect the personal data of natural persons who deal in any way with the company. This is why we are taking appropriate steps to protect the personal data we process and to ensure that the collection and processing is always carried out in accordance with the obligations laid down by the applicable legal framework, both by the company itself and by third parties processing personal data on behalf of the company.
Data Controller – Data Protection Officer (DPO)
TERNA S.A. (website: www.terna.gr ), informs that, for the purposes of its business activities, it processes personal data which results to identification relating to natural persons (such as, for example, the clients of the company, their suppliers, shareholders and investors, as well as ordinary users of the website), in accordance with applicable national law and European Regulation 2016/679 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) asapplicable. For any matter concerning the processing of personal data, please contact the Data Protection Officer directly (DPO), email:firstname.lastname@example.org
What data do we process?
The personal data you provide to us, such as contact details (eg name, address, email, telephone number, other additional personal information, etc.), data required under an employment relationship (eg education / training / special knowledge and skills, past professional experience, social security, income tax, etc.) we only process when we have a legitimate reason to do so.
What are the legitimate reasons for processing your personal data?
Legitimate reasons for processing your personal data consist of:
(a) the performance of a contract that you assign to us or which you intend to assign to us, such as the execution of a work or the provision of services in order to fulfil our contractual obligations in the above framework.
(b) conservation and protection of your as well as ours legitimate interests.
(c) compliance with statutory obligations, such as the publication of transactions and assets of the societe anonyme (including personal identification data, eg shareholders) in accordance with article 7b of Act No. 2190 / 1920, data processing to support and satisfy legal claims,
(d) your consent - under the specific conditions set out in the legal framework.
How and why we use your personal data?
- For proper compliance with our contractual commitments and the maintenance of communication between us.
Deriving from the contractual relationship between us (whether it is a contract for works from a contractor / subcontractor, or a supply contract, or a service contract, etc., or dealing with the processing of personal data at pre-contractual stage), we draw and use the information required for a smooth development of our co-operation, for example for the signing of amendments to the main project contract, the management of financial pending issues resulting from some cooperation, etc.
- For communicating with you and managing our relationship with you.
We may need to contact you via email for administrative reasons, such as through the contact form on our website to answer your questions or comments to improve both our relationship with you and the quality of our services
- For complying with our legal obligations.
For example, when publishing on our website, on the G.C.R. website or the ATHEX, the personal data of natural persons of the company (for example, data of the shareholders-natural persons), when it is necessary to disclose significant participations to the Securities and Exchange Commission pursuant to the provisions of Act No. 3556/2007 and others.
- To safeguard our legitimate interests and protect individuals and goods.
When using CCTV and security cameras in order to be able to protect the security of individuals, materials and facilities of the company.
Who may receive your data?
The Company may forward personal data to the following categories of recipients:
When, and to the extent necessary, in the course of an audit (eg application of financial, stock, tax, insurance, labor, or other general and / or more specific legislation) and in all cases according to the applicable legal procedures.
- Partners of our company (partner subcontractor banks, insurance companies, auditing company, etc.)
The Company maintains partners to whom it assigns the processing of personal data on its behalf (eg subcontracts, bank transactions, audit of the transfer of shares by a certified auditor). In these cases, the Company remains responsible for the processing of your personal data and sets out the details of the processing, executing a specific contract with the subcontractors to whom it entrusts the execution of processing activities in order to ensure that processing is carried out in accordance with the applicable legal framework and that any natural person may freely and without hindrance exercise the rights conferred by the legal framework.
- In third countries where the company is doing business
In the case where the Company needs to transmit personal data outside the EU within the exercise of its legitimate activities, it fully complies with the applicable provisions of Chapter V of the Regulation.
The length of the data storage period is decided on the basis of the following specific criteria, as appropriate:
When processing is required as a requirement under provisions of the applicable legal framework, your personal data will be stored for as long as required by the relevant provisions.
When processing is done according to a contract, your personal data will be stored for as long as is necessary to perform the contract and for the foundation, exercise, and / or support of legal claims under the contract.
What are your rights with respect to your personal data
Any natural person whose data is being processed by the Company enjoys the following rights:
Right of Access:
You have the right to be aware and verify the legitimacy of the processing. So, you can access your data and get additional information about how we process it.
Right of Rectification:
You have the right to study, correct, update or modify your personal data by contacting the Data Protection Officer (DPO) at the above contact details.
Right of Erasure:
You have the right to request the deletion of your personal data under the restrictions of Article 17 of the Regulation.
Right to Restriction of Processing:
You have the right to request a limitation on the processing of your personal data in the following cases: (a) when you contest the accuracy of your personal data and until it has been verified, (b) when you object to the erasure of personal data, c) when personal data is not needed for processing purposes, it is, however, indispensable for the foundation, exercise, support of legal claims, and (d) when you object to the processing and until it is verified.
Right to Object Processing:
You have the right to object at any time to the processing of your personal data where, as described above, it is necessary for the purposes of legitimate interests we seek as processors.
Right to Portability:
You have the right to receive your personal data free of charge in a format that allows you to access, use, and edit it with commonly used editing methods. You also have the right to ask us, if technically feasible, to pass the data directly to another processor. This right exists for the data you have provided to us and is processed by automated means based on your consent or performance of a relevant contract.
Right to Revoke Consent
Where processing is based on your consent, you have the right to recall it freely, without prejudice to the lawfulness of the processing which was based on your consent prior to you recalling it.
In order to exercise any of these rights you can contact the Data Protection Officer (DPO) postal address: 85, Mesogeion Ave., Athens 11526, email: email@example.com
Right to File a Complaint with the DPA
If you exercise any of your rights above and are not satisfied, you havethe right to file a complaint with the Data Protection Authority (www.dpa.gr): Call Centre: +302106475600, Fax: +30210 6475628, Email: firstname.lastname@example.org
Security of Personal Data
TERNA S.A. shall implement appropriate technical and organizational measures to ensure the safe processing of personal data and to prevent accidental loss or destruction and unauthorized and / or unauthorized access to, use, modification or disclosure of such data. In order to ensure the appropriate level of security against such risks and in order to select appropriate technical and organizational measures, the company takes into account the latest technological and other developments, the cost of implementation, the nature, the scope and the purposes of the processing, as well as on the one hand, the likelihood and risk of occurrences of accidental loss or destruction and unauthorized and / or unauthorized access to personal data, use, modification or disclosure, and, on the other, how serious the consequences on the rights and freedoms of natural persons will be.