1. About IT SYNERGY IT SYNERGY is dedicated to protecting the confidentiality and privacy of information entrusted to it and complies with Personal Data Privacy legislation as currently in force. As part of this fundamental obligation, IT SYNERGY is committed to the appropriate protection and use of personal information/data (sometimes referred to as "personally identifiable information" or "PII") that it collects either online, or by the professional services it offers, or by its communications/cooperation by any third party. Our commitment to privacy is a natural extension of IT SYNERGY’S commitment to client confidentiality and is based on the conviction that respecting individual privacy is not only the right thing to do, but it enhances our business.
IT SYNERGY has adopted this policy about the privacy of Personal Data (the Policy) in order to assist in establishing and maintaining an adequate level of Personal Data privacy in the collecting, processing, disclosing and transfer of Personal Data including that relating to current, past and prospective IT SYNERGY Personnel, clients, suppliers, contractors and business associates of IT SYNERGY.
We invite you to carefully read this Privacy Notice, which sets out in which context we are processing your personal data and explains your rights and our obligations when doing so.
2. What information and personal data we have about you This information and personal data may either be directly provided by you or the legal entity for which you work for or provided by a third party (supplier, service provider, business associate etc.). We may collect various types of personal data about you, including:
• your identification information (e.g. name, first name, last name, email and/or postal address, fixed and/or mobile phone number, etc.);
• your function (e.g. job title, position and name of company)
3. Receiving confidential or personal information Where IT SYNERGY and/or its personnel receive personal or confidential information from a business partner or from a third party, it shall:
• keep personal information and data confidential and secure, and only disclose such information to that personnel who have a legitimate business reason to access such information.
• Establish additional security measures and/or disclosure restrictions at the transferring party’s written request.
Where IT SYNERGY acts as a Data Processor, it shall comply with GDPR and among others:
• Only process the personal data in accordance with the instructions from and the consent of the transferring party.
• Only retain that personal data until the termination of the data processing services, subject to any requirements of applicable legislation.
• Promptly notify the transferring party of any legally binding request for disclosure of the data, of any accidental or unauthorized access or of any requests received directly from data subject.
• Not respond to any requests to disclose the data unless it has been authorized to do so by the transferring party or the individual concerned or as required by law.
Where IT SYNERGY acts as a Data Controller, it shall comply with GDPR and among others:
• apply all appropriate measures for compliance and data protection by design and default
• implement appropriate technical and organisational security measures to protect personal data.
• reporting data breaches to DPAs and the data subject.
• work with supervisory authorities.
• facilitate the exercise of data subject rights.
4. For which purpose do we use your personal data We process your personal data for a specific purpose and only process the personal data which is necessary and relevant to achieving that purpose.
In particular, we process personal data for the following purposes always in accordance with the nature of our collaboration as well as applicable legislation and regulations:
• perform our contractual obligations towards you or to take pre-contractual steps at your request and/or consent;
• manage our suppliers and subcontractors;
• ensure compliance and reporting (such as complying with our policies and local legal and tax requirements);
• archiving and record-keeping;
• billing and invoicing; and
• any other purposes imposed by law and authorities.
5. How we use your personal data According to Greek and EU law, we will not process your personal data if we do not have a proper justification foreseen in the law for that purpose. Therefore, we will only process your personal data if we have a basis or “ground” under the law to do so, such as:
• Performance of a contract: this is when the processing of your personal data is necessary to perform our obligations under a contract;
• Legal obligation: this is when we are required to process your personal data to comply with a legal obligation, such as keeping records for tax purposes or providing information to a public body or law enforcement agency;
• Legitimate interests: we will process your personal data where it is in our legitimate interest, so long as it doesn’t outweigh your interests and freedoms;
• Vital interests: the processing is necessary to protect the vital interests of the relevant individual or of another natural person;
• Public Interest: the processing is necessary for the performance of a task carried out in the public interest; or
• Your consent: in some cases, and in addition to your contract, we will ask you for specific permission to process some of your personal information, and we will only process your personal data in this way if you agree for us to do so. You may withdraw your consent at any time by contacting us at email@example.com
6. Who has access to your personal data and to whom are they transferred? IT SYNERGY does not share personal data with unaffiliated third parties, except as necessary for their legitimate professional and business needs, to carry out your requests, and/or as required or permitted by law or professional standards.
7. Protection of your personal data We have implemented appropriate organizational and technical measures to provide a high level of privacy and security to your personal data against accidental or unlawful destruction or alteration, accidental loss, unauthorized disclosure or access and other illegal forms of processing.
IT SYNERGY incorporates the protection of personal data as an integral part of its business operations by design and by default, so as to protect the rights of data subjects, such as user management policy, distinct roles and responsibilities, backups, policy of destruction of personal data etc.
8. Retention of and access to personal data To the extent not prohibited by applicable laws or regulations, IT SYNERGY:
• retains personal data for 7 years at least, and in any case as long as and until the purpose of collection the data is achieved, subject to any requirements to retain information otherwise, in order to comply with any applicable law, regulation, professional requirements or standards,
• enables you to have access to your personal data that is maintained by IT SYNERGY, and allows you to review and correct any errors with respect to your personal information as required by applicable laws and regulations.
9. Your privacy rights Your rights include the right of access to data, the rectification the erasure / right to be forgotten, the restriction of processing of personal data, the objection to processing of personal data, the data portability, the right to withdraw consent at any time (where processing is based on consent) and the right to lodge a complaint with a supervisory authority.