At ESG the protection of your personal data is our first and most important priority and commitment.
The Data Controller for the processing of your Personal Data shall be EL SISTEMA GREECE NON-PROFIT CIVIL LAW COMPANY (Kypselis 62, 113 62, Athens, tel.:+302108225429, email: firstname.lastname@example.org), referred to as “ESG” in this Policy
Which types of Personal Data processing are covered by this Policy?
This Policy applies to all personal data processing performed by ESG in relation to persons whose Personal Data is presented to it during its activities.
If this is necessary, you should also provide your consent through special information and / or consent forms (“Privacy Statement”), which will be communicated to you in connection with special cases where ESG may process your Personal Data. These Privacy Statements will describe in greater detail how your Personal Data will be processed in relation to that processing.
Validity and amendments to the Policy
This Policy may be amended by ESG from time to time, specifically in order to adapt its terms to the developments and changes in the applicable legislation and / or ESG’s practices. The amendments will be available on this page and you will be prompted to read this Policy at regular intervals.
Purposes of Processing
ESG will always collect and process your Personal Data for purposes that are lawful and explicitly stated.
ESG collects your Personal Data in order to:
- Conduct its business activities, promotions and sales, respond to your requests, keep track of our contacts and meetings, as in the case that you contact us for information and support.
- Comply with its obligations under the law and / or other regulatory provisions, and comply with administrative obligations, alerts, statements or audits.
- Provide you access to online services, applications and platforms, and manage your online accounts.
- Allow us to identify and validate your identity, offer or certify your credentials including through codes, hints of codes, information and security questions, the legally issued identity card and your passport data.
- Improve and develop our products and services, identify usage trends and develop new products and services, understand how you and your device interact with our services, monitor and respond to security issues, determine the efficiency of our promotional activities, and conduct surveys.
- Personalize your experience when you use our services, ensure that our services are presented in the best possible way, understand your professional and personal interests in relation to the content, products and services or other content and customize our content according to your needs and preferences, present products and offers that are specific to you.
- Allow us to contact you, respond to your requests or queries, provide support for products and services, provide you important information, administrative information, send required disclosures, promotional material, send you news and information regarding our products, our services, our distinctive features, our processes, organize and manage professional events and conferences, including your participation in such events.
- Process payments required in special cases, confirm your financial details, facilitate further payments.
- Administer donations and sponsorships.
- Respond to legal requests from administrative or judicial authorities, in accordance with the applicable law, comply with summons, required testimonies and registrations or legal proceedings in general.
- Promote our rights and legitimate interests, protect the health and safety of ESG staff and facilities, conduct internal audits, asset management, and audits of systems and other areas of our business, handle our business management (financial and accounting, fraud monitoring and prevention), preserve the security of our services and processes, protect our rights, privacy, security or property, be able to pursue every possible remedy and restoration or limitation of the damage we might suffer, if necessary, and protect ourselves against possible fraudulent actions.
Which legal bases
ESG will always process your Personal Data in a lawful manner.
Depending on the type of processing, ESG will generally process your Personal Data based on one of the following legitimate processing bases:
- Your prior consent: where you have given your explicit consent to ESG for the processing of your Personal Data. In practice, this will generally mean that ESG will ask you to sign a document or fill in an online opt-in form or follow any relevant procedure that will fully inform you about the processing and then you can either accept or deny this processing.
- A contractual relationship between you and ESG: in this case, processing of your Personal Data is generally necessary for the execution or performance of the contract. This means that if you do not wish ESG to process your Personal Data in this context, then ESG will or may be required to refuse to conclude a contract with you or will not be able to provide the products or services covered by that contract.
- Legal obligations, concerning ESG’s activities: for example obligation deriving from the tax legislation in connection with details regarding donations and sponsorships etc..
- ESG’s “legitimate interests”, within the meaning of the applicable law on Personal Data protection. In this case, ESG will take into account your fundamental rights and interests to determine whether processing is fair and legitimate.
ESG may also rely on other legal bases, where appropriate, such as the protection of your vital interests, in compliance with the applicable Personal Data protection laws, as will be set forth from time to time in the relevant Privacy Statement.
What are the sources from which your Personal Data comes from?
ESG will always collect Personal Data from trusted sources.
Your Personal Data may come from a variety of sources:
Data that you communicate to us in a variety of ways and means through listings, applications, surveys, or your direct or indirect interactions with ESG. For example, the data you provide in order to submit an online request, or send us a request for the provision of information, etc.
Data we collect automatically, such as when we follow your interaction with our websites, platforms, applications and services, through specific technologies such as cookies.
Data we collect under applicable law from publicly accessible sources, including your data, which are published by you in any way.
Data that we receive legally from third parties. In this case, we generally receive this Personal Data from third parties authorized and entitled to do so in the framework of their privacy and Personal Data protection policies or as provided for by law. As is the case with the law, we will notify you in the relevant Privacy Statement regarding the identity of these third parties and we will prompt you to refer to the Privacy and Personal Data protection policies thereof in order to search for the origin of such Personal Data and the circumstances under which it is collected.
Children's Personal Data
Although in some cases we may collect Personal Data relating to minors with the consent of their parents or legal guardians to provide our services, such as clinical actions for patient support programs, we do not knowingly seek to receive any Personal Data of Minors or sell products to minors. If a parent or legal guardian becomes aware that his / her child has provided us personal information, he / she should contact us as described below under “Contact Us”. We will take action to delete such information from our database in compliance with the requirements of applicable law.
Who has access to Personal Data
ESG will only disclose your Personal Data to authorized persons.
For the purposes described above, ESG may need to share your Personal Data with the following authorized third parties:
- Our associates (e.g. teachers, support service providers, etc.)
- Selected suppliers, service providers, or vendors acting under our guidance for web hosting, data analysis, payment processing, IT and related infrastructure services, customer service, e-mail delivery, audit services, etc.
- Judicial or administrative authorities as required by the applicable law, including possibly the law applicable outside your country of residence
- Possible acquirers and other parties involved in a merger, legal restructuring processes such as acquisition, joint venture, assignment, spin-off or division
- Sponsors of prizes, competitions or similar promotions
ESG may need to share your Personal Data with other third parties, in which case you will be duly informed in the relevant Privacy Statement.
In any event, ESG will require from such third parties to:
- Undertake to comply with the privacy laws and the principles of this Policy.
- Process the Personal Data only for the purposes described in this Policy.
- Implement appropriate technical and organizational security measures designed to protect the integrity and confidentiality of your Personal Data.
Where will your Personal Data be transferred to
ESG assures that transfers of your Personal Data outside the EU are secured.
ESG is member of an international network of organizations with similar purposes, values and aims.
For this reason, ESG may need to transfer (through access, visualization, storage, etc.) your Personal Data to other jurisdictions, including states inside and outside the European Economic Area, i.e. countries considered to not provide the same level of protection as your country.
Security measures for international Personal Data transfers
In cases where ESG needs to transfer Personal Data outside the European Union, it will ensure that adequate security measures, as required by the applicable Personal Data Protection legislation, will be implemented (including, specifically, the Contractual Clauses proposed by the European Commission where they may apply).
How safe it is
ESG will apply security measures to protect your Personal Data.
We have enacted and implemented a variety of technological and organizational procedures and measures to ensure the integrity and confidentiality of your Personal Data from unauthorized access, use and disclosure. These measures shall take into account the level of the technique, the costs of implementation and the nature, purpose, framework and objective of the processing, as well as the risk of variable probability and the seriousness of the rights and freedoms of natural persons.
For example, we store your Personal Data on servers that have different kinds of technical and physical access control points, which may include, for example, encryption, if appropriate. We may also process statistically, pseudonymize or anonymize Personal Data to ensure that personally identifiable information is not communicated to third parties.
Duration of Private Data keeping
We will not keep a record of your Personal Data for longer than necessary.
ESG will only maintain your Personal Data for as long as it is necessary to fulfill the purposes set forth in this Policy.
By way of exception, ESG may be required to maintain your Personal Data for longer periods as required or permitted by law or if it is necessary to protect its rights and interests. In this case, you will be informed of the intended duration of keeping through the relevant Privacy Statement.
To this end, ESG informs you that you are entitled to:
- Have access, through a simple request, to your Personal Data – in which case you may receive a copy of these data (if requested), unless such data is readily available to you, for example within your personal account.
- Request the correction of Your Personal Data, if this is inaccurate, incomplete or outdated.
- Request the deletion of your Personal Data in the cases provided for by the applicable law on personal data protection (right to be forgotten).
- Withdraw your consent to the processing of your Personal Data; however this does not affect the legitimacy of the processing where your Personal Data has been collected and processed following your consent.
- Oppose the processing of your Personal Data, where it has been collected and processed on the basis of ESG’s legitimate interests, in which case you should justify your request by explaining to us your case in particular.
- Request the restriction of the processing of your Personal Data in the cases provided for by the applicable Personal Data protection law.
- Receive your Personal Data from ESG in order to be transferred to a third party or request from ESG to transfer your Personal Data directly to a third party of your choice where technically feasible (the right to portability, which is only allowed when the processing is based on your consent).
If you wish to exercise any of these rights, please contact us through one of the ways described below under “Contact Us” and we will take the necessary steps to respond to your request as soon as possible.
If you believe that your privacy is affected in any way, you can appeal to:
The Hellenic Data Protection Authority, using the following contact information:
Postal address: 1-3 Kifisias Avenue, PC 115 23, Athens
Call Center: +30 210 6475600
Fax: +30 210 6475628
ESG welcomes any question or comment you may have regarding this Policy and its implementation. Any such question or comment should be submitted to the Company’s Privacy Officer using the following contact details:
Address: Kipselis 62, 113 62, Athens