Notice on Personal Data Processing
We would like to assure you that for WEMETRIX the protection of our customers’ personal data is of primary importance. That is why we are taking all appropriate steps to protect the personal data we process as well as to ensure that their processing is always carried out in accordance with the obligations laid down by the applicable legal framework, both by the company itself and by third parties that process personal data on its behalf.
Data Controller – Contact for privacy affairs
The company WEMETRIX based in Greece (19km Markopoulou-Peania Ave. 190 02 Peania, Athens, Greece) email: [email@example.com], website: [https://wemetrix.com] would like to inform the public that it processes the personal data of data subjects in accordance with the national laws applicable to its establishments as well as with the European Regulation 2016/679 on the protection of individuals with regard to the processing of their personal data and on the free movement of such data (General Data Protection Regulation, hereafter referred to as the “Regulation”) as in force.
For any matter relating to the processing of personal data, you may directly contact WEMETRIX competent department by e-mail to firstname.lastname@example.org.
Which personal data do we process?
WEMETRIX processes personal data related to (i) its customers, (ii) its business partners, (iii) and vacancy applicants. Moreover, WEMETRIX processes personal data related to data subjects in cases where such data are transmitted to WEMETRIX by third Companies and/or Organizations, including EU Institutions, public organizations, bodies or agencies, banking institutions, and private enterprises, in the context of execution of various data processing contracts and/or subcontracts.
Personal data processed by WEMETRIX include the name, email address, telephone number, contact details, Date of Birth, Nationality, Bank account information, National Identification Number, etc of data subjects falling within the aforementioned categories.
What is the purpose of processing and how we use your personal data
WEMETRIX is a leading European IT Solutions and Services integrator, offering innovative and added-value solutions to public and private organizations. Under this context WEMETRIX does not systematically process personal data of natural entities or persons as a data controller. There are however cases in the same context where WEMETRIX is engaged in processing activities on behalf of a data controller for reasons of performing a project contract assigned to it by the latter. Under such conditions, any information referring to the purposes and means of processing, the personal data subjected to processing and the data retention periods, is solely determined by the specific controller according to the scope of the associated project contract and therefore varies depending on the particular characteristics of each project. WEMETRIX processing activities are governed by the scope, terms and conditions of the specific agreement and are made in accordance with the written instructions provided by the controller to the extent they are compatible with respective obligations imposed by the applicable legislative framework at a national and/or EU level. In such cases WEMETRIX acts under the capacity of a data processor and performs its tasks in accordance with applicable legislation thereon.
Where WEMETRIX process’ personal data as a data controller, the data subjects affected are notified by targeted clear and concise notices at the specific data collection points [WEMETRIX career Site, NOMOS (Legal Information Data Base (http://lawdb.intrasoftnet.com), web site cookies].
Which are the legitimate reasons for processing your personal data?
Legitimate reasons for lawful processing your personal information are:
(a) the performance of a contract or the intention to award a contract, such as the execution of a work or the provision of services, in order to meet contractual obligations in that context.
(b) safeguarding and protecting both your and our legitimate interests.
(c) compliance with obligations and duties imposed by the law or administrative acts, including cases where it is required to file with public records or publish corporate acts and information related to a societe anonyme.
(d) the consent you provide under the specific conditions set forth in the applicable legal framework or on the basis of contractual relations or when contacting departments of our Company.
(e) the explicit disclosure by the data subject itself and the processing necessary to protect the vital interests of the data subject or other natural person (where the data subject is physically or legally incapable of granting consent) are the legitimate reasons for which we process any information provided regarding health data.
Personal data recipients outside the company
WEMETRIX transmits personal data to third parties to whom the company assigns processing of personal data on its behalf, remaining liable for such processing, while determining in writing under a specific contract the subject-matter of the processing, its duration, its nature and purpose, the type of personal data, the categories of data subjects, the rights and obligations of the controller, in order to ensure that processing is carried out in accordance with applicable laws and that every individual is fully afforded with the rights provided for thereunder.
Transfers of personal data to third countries or international organizations
Personal Data processed by WEMETRIX may be transferred to third countries outside the EU or International Organizations, including countries which ensure a level of protection of personal data lower than that defined by the European Union and the GDPR framework. Transfer of personal data hereunder may take place on specific grounds such as compliance with regulatory obligations, execution or performance of a contract, protection of a legitimate interest of WEMETRIX. In any case WEMETRIX ensures that such data transfer is compatible with the legal obligations of secrecy and in line with protection standards and requirements set by the GDPR legal framework.
Data retention conditions are determined on the basis of the following specific criteria:
When processing is required as an obligation under applicable laws, your personal data will be stored for the period prescribed in the relevant provisions applicable to each case.
When processing takes place on a contractual basis, your personal data will be stored for the period necessary to ensure due performance of the contract and thereafter for the establishment, exercise, and / or defense of legal claims arising from the contract or as otherwise required by compulsory law.
For marketing purposes, your personal data is retained until your consent is withdrawn. Such withdrawal may be effected at any time without affecting the lawfulness of consent-based processing in the period prior to its withdrawal.
To withdraw your consent, you may directly contact WEMETRIX’s competent department by email to email@example.com.
Your rights with respect to your personal data
Any data subject whose data is being processed by WEMETRIX has the following rights:
Right of access:
You have the right to be aware and verify the legitimate nature of the processing. So, you have the right to access your personal data and receive additional information about how we process it.
Right to rectification:
You have the right to study, correct, update or modify your personal data by contacting WEMETRIX at the above contact details.
Right to erasure (Right to be forgotten):
You have the right to request deletion of your personal data when we process it on your consent or in order to protect our legitimate interests. In all other cases (such as, where there is a contract, obligation to process personal data legally required, or public interest), this right is subject to specific restrictions or shall not exist, as the case may be.
Right to restriction of processing:
You have the right to request a restriction of the processing of your personal data in the following cases: (a) when the accuracy of the personal data is contested and until the accuracy is verified (b) when you oppose the deletion of your personal data and request the restriction of their use instead, c) when personal data are not needed for processing purposes, they are however required for the establishment, exercise, or defense of legal claims, and (d) when you object to the processing and the decision on your objection to processing is pending.
Right to object to processing:
You have the right to object at any time to the processing of your personal data where, as described above, the processing is based on the legitimate interests we pursue as data controllers, as well as, for the purposes of direct marketing and consumer profiling, if applicable.
Right to data portability:
You have the right to receive your personal data free of charge in a format that allows you to access, use, and edit them with commonly used editing methods. You also have the right to ask us, in case it is technically feasible, to transmit the data directly to another controller. Your right to do so exists for the data you have provided to us and is processed by automated means based on your consent or for the execution of a relevant contract.
Right to withdraw your consent:
In cases where processing is based on your consent, you have the right to withdraw it without affecting the lawfulness of processing based on consent prior to its withdrawal
In order to exercise any of the above rights you may directly contact WEMETRIX’s competent department by e-mail to firstname.lastname@example.org.
Right to lodge a complaint with the Data Protection Authority
Security of Personal Data
WEMETRIX applies all appropriate technical and organizational measures to ensure safe processing of personal data and to prevent the accidental loss or destruction and unauthorized and / or illegal access to, use, modification or disclosure thereof. In assessing the appropriate level of security and in the process of selecting and implementing suitable technical and organizational measures, WEMETRIX takes into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing, as well as the risks that are presented by processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data transmitted, stored or otherwise processed, and additionally, the risk of varying likelihood and severity for the rights and freedoms of natural persons.