Privacy Policy
1. Clarifications on the Processing of Personal Data
1.1 Introduction
We would like to assure you that for VIPATHE S.A., a member of the GEK TERNA Group, the protection of the personal data of individuals who transact in any way with the company is of primary importance.
For this reason, we take appropriate measures to protect the personal data we process and to ensure that their collection and processing are always carried out in accordance with the obligations set by the applicable legal framework, both by the company itself and by third parties who process personal data on behalf of the company.
1.2 Data Controller
VIPATHE S.A. (website: https://www.eppathe.gr/the-park/) informs you that, for the purposes of conducting its business activities, it processes personal data relating to identifiable natural persons (such as, indicatively, the company’s clients, suppliers, shareholders and investors, as well as simple website users), in accordance with applicable national legislation and General Data Protection Regulation (EU Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, hereinafter the “Regulation”), as in force.
For any matter relating to the processing of personal data, you may contact us at: [email protected]
1.3 What Personal Data Do We Process?
We process personal data that you provide to us, such as contact details (e.g., full name, home address, email address, telephone number, other additional personal information, etc.), only when we have a lawful basis to do so.
2. What Are the Lawful Bases for Processing Your Personal Data?
The lawful bases for processing your personal data include:
The performance of a contract that you assign to us or intend to assign to us, such as the execution of a project or the provision of services, in order to fulfill our contractual obligations within that framework.
The safeguarding and protection of legitimate interests, both yours and ours.
Compliance with a legal obligation imposed by law, such as the publication of acts and details of the public limited company (including identification details of natural persons, e.g., shareholders), in accordance with Article 12 of Law 4548/2018, the processing of data for the support and satisfaction of legal claims, etc.
3. How and Why We Use Your Personal Data
For the Proper Fulfillment of Our Contractual Obligations and Maintaining Communication
From our contractual relationship (whether it concerns a works contract with a contractor/subcontractor, a supply agreement, a service agreement, etc., or the processing of personal data at a pre-contractual stage), we obtain and use the information required for the smooth progress of our cooperation.
We may need to contact you via email for administrative reasons, such as responding to your inquiries, comments, or complaints, in order to improve both our relationship with you and the quality of the services we provide.
For Compliance with Legal Obligations
For example, when we publish on our website, on the online platform of the General Commercial Registry (GEMI), or on the Athens Stock Exchange personal data of natural persons associated with the company (e.g., details of individual shareholders), or when we are required to notify significant holdings to the Hellenic Capital Market Commission in accordance with Law 4374/2016, etc.
For the Safeguarding of Our Legitimate Interests and the Protection of Persons and Property
When we use closed-circuit television systems (CCTV) and security cameras in order to protect the safety of individuals, assets, and the company’s facilities.
4. Who May Be the Recipients of Your Data?
The company may transmit personal data to the following categories of recipients:
Public Authorities
When and to the extent necessary during inspections (e.g., application of financial, stock exchange, tax, insurance, labor, or other general and/or specific legislation), and in all cases in accordance with the legally prescribed procedures.
Our Company’s Partners (associates, subcontractors, banks, insurance companies, auditing firms, etc.)
The company maintains partnerships with third parties to whom it assigns the processing of personal data on its behalf (e.g., subcontracting agreements, execution of banking transactions, auditing of share transfer transactions by a certified auditor).
In these cases, the company remains responsible for the processing of your personal data and, where it determines the specific elements of processing, signs a special agreement with the partners to whom it assigns processing activities, as required, to ensure that processing is carried out in accordance with the applicable legal framework and that every individual may freely and unhindered exercise the rights granted to them by law.
Within the scope of its activities, the Company does not transfer personal data to third countries outside the EU.
5. Data Retention Period
The retention period of data is determined based on the following criteria, depending on the case:
Where processing is required by provisions of the applicable legal framework, your personal data will be stored for as long as required by those provisions.
Where processing is based on a contract, your personal data will be stored for as long as necessary for the performance of the contract and for the establishment, exercise, and/or support of legal claims arising from the contract.
6. What Are Your Rights Regarding Your Personal Data?
Every natural person whose data is processed by the company enjoys the following rights:
Right of Access
You have the right to be informed about and verify the lawfulness of processing. You may access your data and obtain additional information regarding its processing.
Right to Rectification
You have the right to review, correct, update, or modify your personal data.
Right to Erasure
You have the right to request the deletion of your personal data, subject to the limitations provided in Article 17 of the Regulation.
Right to Restriction of Processing
You have the right to request restriction of processing in the following cases:
(a) when you contest the accuracy of the personal data and until verification is completed;
(b) when you oppose the deletion of personal data and request restriction of its use instead;
(c) when the personal data are no longer necessary for processing purposes but are required by you for the establishment, exercise, or support of legal claims;
(d) when you object to processing and until it is verified whether legitimate grounds exist that override your objections.
Right to Object
You have the right to object at any time to the processing of your personal data where such processing is necessary for the purposes of legitimate interests pursued by us as Data Controller.
Right to Data Portability
You have the right to receive your personal data free of charge in a format that allows you to access, use, and process them using commonly used processing methods. You also have the right to request, where technically feasible, that we transmit the data directly to another controller. This right applies to data you have provided to us and where processing is carried out by automated means based on your consent or in performance of a relevant contract.
Right to Withdraw Consent
Where processing is based on your consent, you have the right to withdraw it freely, without affecting the lawfulness of processing carried out prior to its withdrawal.
To exercise any of the above rights, you may contact: [email protected]
Please note that exercising the right to object or to erasure does not automatically result in the immediate deletion of data or modification of processing. In any case, we will respond in detail as soon as possible, within the deadlines set by the GDPR.
Right to Lodge a Complaint with the Hellenic Data Protection Authority
If you believe that the processing of your data violates Regulation (EU) 2016/679, you have the right to lodge a complaint with the Hellenic Data Protection Authority (www.dpa.gr) via its online portal (https://eservices.dpa.gr/).
For more information, you may consult the website of the Hellenic Data Protection Authority.
7. Personal Data Security
VIPATHE S.A. implements appropriate technical and organizational measures to ensure the secure processing of personal data and to prevent accidental loss or destruction, as well as unauthorized and/or unlawful access, use, modification, or disclosure.
To ensure an appropriate level of security against risks and to select suitable technical and organizational measures, the company takes into account the latest technological and other developments, implementation costs, the nature, scope, context, and purposes of processing, as well as both the likelihood and severity of risks to the rights and freedoms of natural persons.
8. Changes to the Privacy Policy
The information regarding the Group’s privacy policy reflects the current status of data processing on our website. In the event of changes to data processing, this information will be updated accordingly.
The most recent version of this data protection information will always be available on our website so that you can stay informed about the scope of processing carried out through our website.