Data Controller
- Official Company Name: B2Square Ε.Ε.
- VAT Number: 802077210
- Telephone: +30 2102208946
- Email: ifno@b2square.gr
B2Square E.E. regards personal data as any information relating to an identified or identifiable living individual. This includes details such as name, home address, ID number, IP address, health and insurance data, employment status, and more. Special categories of data, including health information, racial or ethnic origin, and trade union membership, receive additional protection. These rules apply to the collection, use, and storage of personal data, whether in digital format or hard copy, through a structured filing system. This policy is in line with the E.U. General Data Protection Regulation (GDPR) and the opinions/decisions of the Hellenic Data Protection Authority.
Terms and Definitions
- Personal Data: Information related to an identified or identifiable natural person (‘data subject’); an identifiable person is one who can be identified, directly or indirectly, by reference to identifiers such as name, identification number, location data, or online identifier.
- Processing: Any operation performed on personal data, such as collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure, alignment, combination, restriction, erasure, or destruction.
- Restriction of Processing: Marking stored personal data to limit its processing in the future.
- Filing System: Any structured set of personal data accessible according to specific criteria, whether centralized, decentralized, or dispersed on a functional or geographical basis.
- Controller: The natural or legal person, public authority, agency, or other body that determines the purposes and means of processing personal data.
- Processor: A natural or legal person, public authority, agency, or other body that processes personal data on behalf of the controller.
- Recipient: A natural or legal person, public authority, agency, or other body to which personal data is disclosed, whether a third party or not. Public authorities receiving personal data in the context of a particular inquiry are not regarded as recipients.
- Third Party: A natural or legal person, public authority, agency, or body other than the data subject, controller, processor, and persons authorized to process personal data under the controller’s or processor’s direct authority.
- Consent: A freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which they signify agreement to the processing of personal data relating to them.
- Personal Data Breach: A breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data.
- Special Categories of Data: Personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic and biometric data, health data, or data concerning a person’s sex life or sexual orientation.
Categories of Personal Data Collected
In its operations, B2Square E.E. may collect personal data from customers, employees, associates, and other individuals. Depending on the service and purpose of processing, B2Square E.E. may collect data such as:
Categories of Data Subjects | Categories of Data |
---|---|
Clients | Identity and demographic data (e.g., name, patronymic), contact information (e.g., address, telephone, email), business information, contracts, account balances, bank accounts, CCTV data during presence in facilities, and other relevant information. |
Suppliers / Contractors | Identity and demographic data, contact information, business information, contracts, account balances, bank accounts, CCTV data during presence in facilities, and other relevant information. |
Employees (Active or Not) / Candidate Employees | Identity and demographic data, insurance details (e.g., AMKA, Social Security Authority details), contact information, CVs, health data (e.g., medical certificates), financial data (e.g., bank accounts, tax returns), marital status details, CCTV data during presence in facilities. |
Other Natural Persons | Data of visitors or individuals associated with collaborating bodies. |
Purposes and Legal Basis of Processing
B2Square E.E. collects and processes personal data for the following purposes:
Purpose of Processing | Legal Basis |
---|---|
Collection and processing of necessary data for employment or cooperation relationships | Performance of a contract [Art. 6 §1(b) GDPR], compliance with a legal obligation [Art. 6 §1(c) GDPR], legitimate interests [Art. 6 §1(f) GDPR], obligations and rights in employment and social security law [Art. 9 §2(b) GDPR]. |
Provision of products and services | Performance of a contract [Art. 6 §1(b) GDPR], compliance with a legal obligation [Art. 6 §1(c) GDPR], legitimate interests [Art. 6 §1(f) GDPR]. |
Conclusion of trade agreements | Performance of a contract [Art. 6 §1(b) GDPR]. |
Commercial development and protection of the company’s legitimate interests | Legitimate interests [Art. 6 §1(f) GDPR]. |
Compliance with legal and regulatory obligations | Compliance with a legal obligation [Art. 6 §1(c) GDPR]. |
Operation of a video surveillance system | Protection of persons and goods (Directive 1/2011 of the Hellenic Data Protection Authority), legitimate interests [Art. 6 §1(f) GDPR]. |
For any other processing, B2Square E.E. will obtain the subject’s written consent before starting the processing, if required. Failure to provide personal data for legal or contractual obligations may result in legal consequences or inability to fulfill the contract.
Data Transfer to Third Parties
Personal data may be shared with third parties as required by law or necessary to provide services. B2Square E.E. may outsource some services to individuals or legal entities. Only the necessary personal data will be transmitted to these entities, which are committed to confidentiality and secure processing. For transfers outside the European Economic Area, European Union Standard Contractual Clauses will be followed.
Data Retention
B2Square E.E. retains personal data for the duration of the processing purpose and as required by legal obligations or contractual commitments.
Rights of Data Subjects
B2Square E.E. acknowledges the following rights of data subjects:
- Right to be informed about the processing of personal data.
- Right to access their data, subject to restrictions.
- Right to request correction of inaccurate data.
- Right to request erasure of data when no longer necessary or if processing is unlawful, subject to limitations.
- Right to object to processing for reasons related to their situation.
- Right to request restriction of processing.
- Right to data portability.
- Right to withdraw consent at any time, without affecting the lawfulness of processing before withdrawal.
- Right to file a complaint with the Personal Data Protection Authority or other supervisory authorities.
Communication
Rights related to personal data can be exercised by submitting a written request to any public contact point or via email to info@b2square.gr. Requests will be reviewed by the Data Protection Officer.
Processing Principles
B2Square S.A. adheres to the following GDPR principles for personal data processing:
- Lawfulness, fairness, and transparency: Processed lawfully, fairly, and transparently.
- Purpose limitation: Collected for specified, legitimate purposes and not processed further in incompatible ways.
- Data minimization: Adequate, relevant, and limited to what is necessary.
- Accuracy: Accurate and kept up to date.
- Storage limitation: Kept only as long as necessary for the purposes of processing.
- Integrity and confidentiality: Ensured through appropriate security measures.
Records of Processing Activities
B2Square E.E. maintains records of processing activities, including details of the controller, purposes of processing, categories of data subjects, recipients, transfers, time limits for erasure, and security measures.
Protection of Personal Data
B2Square E.E. implements appropriate technical and organizational measures to ensure and demonstrate compliance with GDPR. This includes policies against information system attacks and managing personal data breaches.
Staff Training
B2Square E.E. emphasizes the importance of personal data protection awareness among its staff, adopting and implementing education and guidance based on Fair Information Practices (FIP).
Social Media
B2Square E.E. operates on various social media platforms and recommends consulting their privacy policies before providing any personal data. The company does not control the nature and extent of data collected by these platforms and is not responsible for their data processing activities.
Changes to this Privacy Policy
This policy may be updated as necessary to reflect changes in data processing practices. Significant changes will be communicated publicly.