HELLENIC PETROLEUM HOLDINGS SA (hereinafter the "Company") and its affiliated companies (hereinafter "the Group") are strongly committed to privacy issues, and this privacy statement details our approach on such issues. We publish this Notice in accordance with Article 13 of the General Data Protection Regulation to inform you about the use of your personal data.
If you have any questions regarding this Notice and the way your personal data are processed, please contact us to the following email: DPO@helpe.gr
HELLENIC PETROLEUM HOLDINGS SA
Address: Chimarras 8A, 15125-Marousi
Phone number: +30 210 630 2000
Fax: +30 210 63 02 510, 210 63 02 511
Μ.Α.Ε. number: 2443/06/Β/86/23 and Γ.Ε.ΜΗ.: 000296601000
DPO Contact details
Phone number: +30 210 6302252
Address: Chimarras 8A, 15125-Marousi
Data Collection & Data Processing
The following table sets out the purposes of processing personal data collected through our website, categories of personal data processed, as well as the legal basis of the processing:
Purpose of Processing activity
Categories of personal data processed
Legal Basis of Processing
Management of communication requests with the Company or / and the Group
Personal Identifiers, Contact info, CV details, student’s application information, information of study visit applications, other request information
Data subject’s consent
Website Use Optimization
Connection/Log In Information, user’s activity online
Legitimate interests pursued by the Data Controller or by a third party
The personal data provided by visitors to our website are used exclusively for the purpose for which they were submitted as per the relevant collection point.
The purpose of the legitimate interests of the Company or / and the Group is to evaluate the stay on site, to measure clicks on each site and to get suggestions / observations from users to improve our online services.
Disclosure to third parties
The Company or / and the Group may disclose the above personal data to IT support services providers and web support companies, web hosting companies, and companies providing advisory services on candidates' recruitment process.
The Company or / and the Group collect, maintain and process your personal data in a manner that ensures their protection. Specifically, your personal data are processed solely by specifically authorized personnel or by suppliers of the Company or / and the Group which are bound towards the Company or / and the Group with the same obligations regarding your personal data protection, while all appropriate organizational and technical measures are in place for data security and protection against accidental or unlawful destruction, accidental loss, alteration, unauthorized disclosure or access and any other form of illicit processing.
The personal data that you submit in our website are kept only for as long as it is required for the purposes for which were collected or as required by law.
Data subject rights
This section presents your rights with respect to your personal data. These rights are subject to certain exceptions, reservations or limitations.
Please submit your requests responsibly. The Company or / and the Group will respond as soon as possible and in any case within one month of receipt of the request. If the examination of your request will require more time, you will be informed in this respect. To exercise your rights, please contact at email: DPO@helpe.gr
The Company or / and the Group shall ensure that you exercise the following rights uninterruptedly:
1. Right of information/update
You have the right to request and receive clear, transparent and easily understandable information about how we process your personal data.
2. Right of access
You have the right to access your personal data for free, except in the following cases, where there may be a reasonable charge to cover the administrative expenses of the Company or / and the Group:
• Manifestly Unfounded or excessive in particular because of their repetitive character
• Additional copies of the same information
3. Right to Rectification
You have the right to request the correction of your personal data if their inaccurate or incomplete.
4. Right to Erasure
You have the right to request the deletion or removal of your personal data when it is no longer necessary for the purposes collected or there is no legitimate reason to continue processing them. The right to erasure is incomplete, if there is a specific legal obligation or other legal reason for keeping your personal data by the Company or / and the Group.
5. Right to Restriction of Processing
In some cases, you have the right to restrict or terminate further processing of your personal data. In cases where processing has been restricted, your personal data remain stored, without being subject to further processing.
6. Right to Data Portability
You have the right to request your personal information, which you have provided us, structured and commonly used format readable by machines and forward that data to another data controller.
7. Right to Object
You have the right to object at any time and for reasons related to your particular situation to the processing of your personal data, unless the Company or / and the Group demonstrate imperative and legitimate reasons for such processing.
8. Rights on automated individual decision-making and profiling
The Company and the Group do not make automated individual decision-making, including profiling.
Withdrawal of consent
We inform you that the data subject shall have the right to withdraw his or her consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. The data subject can withdraw his/her consent by email: DPO@helpe.gr
Right to complain
For any further information in relation to your rights or in case to complain can contact to the Hellenic Data Protection Authority (HDPA), phone number: +30-210 6475600, site: http://www.dpa.gr/
Modifications to the present Privacy Statement
Our goal is to review and to update this Privacy Statement, so as to comply with the relevant legislative and regulatory requirements and provide at the same time the optimum personal data protection. Any further update will be shared through this site.
Latest Update: February 17, 2022
Personal Data: any information relating to an identified or identifiable natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as name, phone number, email, ID number, VAT registration number.
Special Categories of Personal Data (Sensitive Personal Data): personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation shall be prohibited.
Data Subject: the identified or identifiable natural person to whom the Personal Data or/and the Sensitive Personal Data are referring to.
Processing: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Data Controller: for the purposes of the present Privacy Statement, the data controllers are the group of companies which separately or jointly define the purposes and the means of personal data processing.
Processor: means a person or legal entity, public authority, agency or other body which processes personal data on behalf of the controller.
Consent: any freely given, specific, informed and unambiguous indication of the data subject's will, by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
Personal Data Breach: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.