Introduction
This privacy notice describes how we collect, use and store personal information about you during and after your business relationship with us. It is important that you read this notice, together with any other privacy notice we may provide on specific occasions when we are collecting or processing personal information about you, so that you are aware of how and why we are using your personal information. You can ask us to provide you with this information in written form by contacting us
info@data-ethos.gr.
Who we are
We are Data Ethos Ltd, a limited liability company registered in England and Wales, with company number 16006721 and registered office 128 City Road, London, EC1V 2NX,
United Kingdom. We provide consultancy services to companies relevant to the compliance with data protection laws and regulations.
Data Ethos is a “data controller”. This means that we are responsible for deciding how we hold and use and store personal information about you. We are legally required to notify you of the information contained in this privacy notice.
How to contact us
For further information on this privacy notice or the use of your personal data, you can contact our Data Protection Officer at info@data-ethos.gr.
What is personal data?
Personal data means any information about an individual from which that person can be identified, whether directly or indirectly. It does not include data where the identity has been removed (anonymous data). There are also “special categories” of personal data which require a higher level of protection. These are personal data about your race or ethnicity, political views or trade union membership, religious or philosophical beliefs, genetic or biometric data, and information about your health, sex life or sexual orientation.
Whose personal data do we collect and use?
We collect personal data from every person who applies for a product or service with us, even if they are not successful.
If you provide personal data for someone else, make sure you have their permission and share a copy of this document with them before you share their personal data with us. This covers the person or people who operate the business, deal with us or who’re related to the business. This may, for example, include directors, shareholders and employees.
What personal data do we collect?
FOR OUR CLIENTS we will collect, store, and use the following categories of personal ninformation:
| What we collect | Examples |
| Identity information | Full name, age, date of birth, copy of ID/passport |
| Contact information | Address, email address, phone number |
| Personal information | Education, family, and professional status |
| Technical information | IP address when you visit the website, location, information about the use of our website/application |
| Marketing and communications | Marketing preferences |
| Financial information | Payment details, bank account details, tax information |
| Public information | Information available online or in public databases |
FOR OUR SUPPLIERS we will collect, store, and use the following categories of personal information:
| What we collect | Examples |
| Contact information | Full name, address, email address, phone number |
| Technical information | IP address |
| Marketing and communications | Marketing preferences |
| Financial information: | Payment details, information included in tax documents, bank account details |
Information we collect about children under 16:
We do not routinely collect information about individuals under the age of 16. If and individual visits our website or uses the “contact us” page and we discover they are under 16 we will delete any data stored, as a matter of urgency.
Anonymised data: We may share and sell anonymised data with other organisations for any business reason – for example, this may be used for market research.
How is your personal information collected?
Collection:
We collect personal information about you when you offer it to us, for example when you ask for a product or a service.
Optional and non-optional information: When you ask for products or services, we may sometimes ask for information which is optional – we’ll let you know if that’s the case. Otherwise, you will need to provide all the information we ask for. If you don’t, we may not be able to provide the product or service to you.
Collection from third parties:
We may also collect personal information from third parties, such as public records, banks or our partners.
How will we use your personal data?
We will only use your personal information if we have a lawful reason to do so. This is called ‘legal basis’. The table below sets out the legal basis we have, what they mean and some examples of when we rely on them.
| Legal basis | Examples |
| Contract | |
| We need to use your data to do the things we’ve agreed to do based on your agreement with us. | – To look at your application for a product or service and decide whether to provide it.
-To service your account. -To keep our records up to date. -To contact you about your application or your account. |
| Legal obligation | |
| We need to use your data to meet our legal or regulatory requirements. | – To respond to requests you send us for your personal information.
-To detect and prevent illegal activity. -To share information with third parties (such as law enforcement) to comply with law or regulation. |
| Legitimate interest | |
| We, or an organisation we share your data with, use your data in the course of our business when we have a justifiable reason, and your rights are not seriously affected. | -To confirm and defend our legal rights such as when we bring or defend a legal claim.
-To do audits for business management and governance. -To conduct market research and analysis and develop statistics. -To send you certain marketing materials |
| Public interest | |
| We use your personal data when it | -To support you if you are or become vulnerable.
To co-operate with law-enforcement agencies and regulators. |
| Consent | |
| You’ve agreed we can use your data for a specific purpose.
You can change your mind and withdraw this at any time. If you do, it may mean we can’t do certain things for you. |
-You asked us to send your information to another person-such as a company handling a claim for you.
-We send certain marketing material where we ask for your permission. -You ask us to process special category data about you. |
Some of the above grounds for processing will overlap and there may be several grounds which justify our use of your personal information. In the event that your life or vital interests, or those of another person, are at risk, we may transfer personal data to ensure the protection of that individual.
Consent as a legal basis: When the legal basis for processing your personal data is your consent, you have the right to withdraw your consent at any time without needing to justify your decision. To withdraw your consent, you can contact us via info@data-ethos.gr. Once we receive your request, we will cease processing your data for the purposes you initially consented to, unless we have another lawful basis for processing it. The withdrawal of your consent does not affect the legality of the processing carried out prior to its withdrawal.
Who do we share your data with?
We may share your personal information with other people or organisations where we have a lawful reason to do so. This may include:
-Other companies within our group of companies.
-Suppliers and service providers who provide services to us or help us provide products or services to you (which may include lawyers, accountants, IT service providers, data storage facilities, market research companies).
-Government bodies and agencies who helps us prevent crime and stay compliant with law (courts, law enforcement authorities and tax authorities).
-Banks and financial services companies.
-Our partners who provide services directly to you.
-Other people connected to your account.
-Any person or company who buys all or part of our business οr any person or company we merge with or buy. This may include any people or companies we discuss potential sales or mergers with.
-Anyone else we may need to in an emergency or to protect your vital interests (for example for health issues), or to protect the security or integrity of our business operation (for example if someone tried to hack our systems) or to comply with law.
-Anyone we’ve been asked to share information with by you.
For certain information you give to us or we collect about you, we will be a joint controller with other organisations. This means that we decide together why and how your personal data will be used. We may act as joint controllers with a number of organisations such as banks, our service providers or partners who provide services directly to you. For more information on how they use your data, you can check their privacy notices or contact them. We will remain responsible for all our legal obligations.
How do we make decisions about you?
We make decisions about you in different ways. Some decisions will be made by our staff but we may also use automated systems to help us.
Profiling: We may also use your personal data to develop a profile or make predictions about you (such as preferences, interest or behaviour). For example, we may build a profile by looking at things like your age, sex or height.
Automated decision making: We may make decisions about you with the use of technology and without human involvement. If we make an automated decision, you can ask for information about how we make that decision, what it may mean for you and you can ask for an individual to make the decision instead.
Communications and marketing preferences
We’ll use your data to send you messages by post, phone, text, email, social media or other digital methods such as banners or push up notifications. We’ll send these messages to inform you about your account and products as we are obliged by law or to help you manage them.
We’ll also use your data to provide you with information about our products and services (including those of other companies). We’ll only contact you according to your marketing preferences. You can opt-out of, or unsubscribe from, any marketing material. Full details of how to do this will be included within each marketing communication. You may also opt-out by contacting info@data-ethos.gr.
Transferring data to another country
We may transfer your information outside of the country in which it was collected. If such transfers of data are to a country outside the European Economic Area which may not provide the same level of privacy protection as EEA, we will take extra steps to protect it. These steps are in accordance with the European law requirements so that your personal data is adequately protected. Further details of these safeguards are available on request.
How long do we keep your data for?
We will store your personal data for as long as we need to fulfil the purposes outlined in this notice. Depending on the type of data, they will have a different retention period.
| Why do we keep them? | For how long? |
| In case of queries | As long as we need to deal with your queries. |
| In case of claims | As long as you or us can bring a claim by law. |
| To follow a law or regulation | As long as we are required to keep it after your relationship with us ended (even if you have not taken any products or services). |
Your Data Protection Rights
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your working relationship with us.
There are rights available to you, but not all of them will apply to every situation. It will depend on which lawful basis for processing we use to process your information.
| Right | What you should know |
| Right to be informed | Most of the information you need on how we use your data is included in this notice. |
| Right of access | You can ask us for a free copy of the personal data we hold about you by submitting a Subject Access Request. We require a suitable form of identification and under normal circumstances, we will supply this to you within one calendar month of your request and of identification being received. |
| Right of rectification | You can ask us to correct any incomplete or inaccurate information we hold about you. |
| Right to erasure | You can ask us to delete your data. We might not be able to do so in certain cases for example for legal reasons. |
| Right to object to processing | You can ask us to stop using your data in certain circumstances. We may not be able to do so if we are obliged to use it, for example by law. |
| Right to restrict processing | You can ask us to limit how the way use your data. This means that whilst we are not obliged to delete the data, we will refrain from using it. |
| Right of data portability | You can ask us to transfer your personal data to a third party. |
| Right in relation to automated decision making and profiling | You have the right not to be subject to a decision based solely on automated means including profiling.
If we make an automated decision, you can ask for information about how we make the decision and ask for an individual to make it instead. |
To action any of these rights, please email us at info@data-ethos.gr.
If you’re not happy with how we use your data
If you think that we have not adequately addressed your request or that the protection of your personal data is affected by how we use this data, you have the right to complain to the Hellenic Data Protection Authority (Athens, Leoforos Kifisias 1-3, TK 11523, +302106475600. You can find information on how to file a complaint on their website www.dpa.gr/en.
Changes to this notice
We may change this notice from time to time. If changes have an important impact on how we use your personal data, we will give you enough notice so that you can exercise your rights (for example if you want to object or move your data).