1 Update on the processing of personal data
For IACS S.A., the protection of personal data of its customers, suppliers, partners, and employees is of paramount importance. For this reason, we take appropriate technical and organizational measures to safeguard the personal data we process and ensure that their processing always complies with the obligations set by the legal framework, both by the company itself and by third parties processing personal data on its behalf
This Privacy and Personal Data Protection Policy applies to the services we provide to our customers, to the communication to each interested party and to the website www.iacs.gr and its online services.
2 What is GDPR?
The General Data Protection Regulation (GDPR) 2016/679 (EU) is the new regulatory framework of the European Union (EU) in the field under consideration. The object of the law is the establishment of the conditions for the processing of personal data, the protection of the rights and freedoms of natural persons and in particular the right to the protection of personal data.
Personal data, according to the definition given in article 4 of the GDPR, is the information that can be used to identify you and to communicate and transact with you, and in particular your name, your postal address, your email address, your phone number, and other information when combined with your personal information.
3 IACS S.A. as Data controller
IACS S.A., operating under the trade name “INTELLIGENT AUTOMATION CONTROL SYSTEM,” based at Perikleous 153 street, Ganas & Ganas building complex, Postal Code 57001, Thermi Thessaloniki, VAT number 800544411, collects and processes personal data of its partners, suppliers, employees and customers for the purpose of conducting its business activities, in accordance with the current national legislation, Law 4624/2019, and the European Regulation 2016/679 for the protection of individuals concerning the processing of personal data and on the free circulation of them. Therefore, IACS S.A. acts as the data controller, as defined in Article 4(7) of the GDPR.
For any matter related to the processing of personal data, you can contact the company at the following contact details:
email: info@iacs.gr
Telephone: +30 2310 527228
4 Personal Data we process
We process your personal data only for a legitimate purpose, as long as one of the conditions of article 6 par.1 of the GDPR is met. The website https://www.iacs.gr was designed so that users can visit it without having to reveal their identity and without having to provide personal data, unless they wish to do so themselves. In carrying out our activities and our cooperation with you, we will need to collect and process some of your personal data in order to offer you specific services and to be able to adequately respond to your needs. More specifically:
4.1 Personal data of our customers
• IACS S.A. collects personal data of its customers such as names, surnames, father’s names, contact phone numbers, email, addresses, IBAN, and VAT numbers, which are processed in operational procedures such as orders, invoicing, payments, etc., in order to complete the services provided to our customers.
The legal bases for the above processing are the execution of our contractual obligations (GDPR article 6(1)(b)) and the legal interest of IACS S.A. (GDPR article 6(1)(f)).
4.2 Personal data from the use of electronic services on our website
Upon entering our website, you have the option to adjust which data we collect about you through cookies by selecting the relevant icon at the bottom of your browser.
The necessary elements are required for the proper functioning of the website, and disabling them may degrade the user experience while navigating the website.
The legal basis for the above processing is the legitimate interest of IACS S.A. (GDPR Article 6(1)(f))
On our website, under the ‘Contact us’ tab, you have the option to fill out a contact form, providing your full name, email, phone number, accompanied by a message.
The legal basis for the above processing is the consent of the data subject (GDPR Article 6(1)(a)), which is achieved through the acceptance of this Privacy Policy.
Regarding the options for selecting analysis and personalized ad presentation by our partners, please read the Cookies Policy.
4.3 Personal data collected and processed by IACS S.A. for personnel
The personnel of IACS S.A. are thoroughly trained and informed about their obligations regarding the protection of customers’ personal data as well as professional confidentiality. There is always a contractual relationship between IACS S.A. and its employees, with necessary commitments to confidentiality and the implementation of appropriate organizational and technical measures to protect customers’ personal data.
• When a new job position is created, IACS S.A. collects resumes of potential employees. At this stage, IACS S.A. collects and processes personal data of candidates, such as full name, passport/identification details, age, marital status, address, phone number, email, resume, diplomas, certifications, work experience, applied position, interview notes, etc. IACS S.A. ensures that the personal data of each candidate are kept intact and secure, only for as long as necessary, to be considered for future employment opportunities.
• When IACS S.A. decides to hire a candidate, it collects and processes personal data of employees, such as full name, passport/identification details, age, marital status, address, phone number, email, resume, diplomas, certifications, work experience, job position, health certificates, tax identification number, social security number, social security registration number, IBAN found in employment contracts, payroll documents, and employee training. These data are necessary for fulfilling contractual and legal obligations of IACS S.A.
• Legal bases for the above processing are the execution of our legal obligations (e.g., compliance with tax, insurance, and labor obligations as mandated by law) (GDPR Article 6(1)(c)), and the legitimate interest of IACS
S.A. (GDPR Article 6(1)(f)).
4.4 Personal data of third-party collaborators/suppliers
We collect and process personal data of our partners/suppliers (e.g., website administrators, accountants, lawyers, security technicians, etc.), such as full name, email, phone number, address, tax identification number, social security number, IBAN, Business Cards for invoicing and contract drafting, etc. Additionally, we maintain a file for categorization, evaluation, and evolution of our partners/suppliers. This information is necessary for us to communicate, guide, and supervise our partners, always aiming for our collaboration to be efficient and satisfying for our customers.
The legal bases for the above processing are the execution of our legal obligations (e.g., compliance with tax, insurance, and labor obligations as mandated by law) (GDPR Article 6(1)(c)), and the legitimate interest of IACS
S.A. (GDPR Article 6(1)(f)).
5 Basic Principles of Personal Data Processing
• Personal data processing takes place in a lawful, fair, and transparent manner.
• The collection of personal data is carried out only for specified, explicit, and legitimate purposes.
• The collection of personal data is adequate and relevant.
• Personal data are accurate and up-to-date.
• Inaccurate personal data are corrected or deleted.
• Personal data remains confidential and securely stored.
• Personal data are not disclosed to third parties unless it is necessary for the provision of services upon an agreement that ensures their protection in compliance with GDPR.
6 Where do we disclose your personal data?
IACS S.A. may transfer the personal data provided by individuals to third parties in the following cases and for specific purposes.
6.1 To employees or external collaborators of the company
These are experienced professionals who are adequately informed about privacy obligations regarding customer personal data. Employees/external collaborators of IACS S.A. (e.g., transportation company, courier services) only have access to customer personal data deemed absolutely necessary for performing their duties. There is always a contractual relationship between IACS S.A. and its employees/external collaborators, with the necessary commitments to confidentiality and the implementation of appropriate organizational and technical measures to protect customer personal data.
6.2 Other third parties, due to legislation
We may disclose your necessary personal data to comply with the law or to respond to a mandatory legal process (e.g., for tax purposes) or to protect the rights or safety of IACS S.A.
6.3 We may share your personal data with other third parties to implement our services
There may be cases where we need to disclose the necessary personal data of customers for the smooth operation of certain electronic services (data centers, hosting, etc.). In each case, specific reference will be made to the relevant service contract.
6.4 Other third parties with your consent
In addition to the disclosures described in this Privacy and Personal Data Protection Policy, we may transmit information about you to third parties if you give us your free and explicit consent.
6.5 Recipients outside the European Economic Area
The personal data you provide to us will be transferred and stored on our servers, which are located within the European Economic Area (EEA). We will not transfer your information outside the European Economic Area (EEA) unless you are a user outside the EEA, in which case your data may need to be transferred to deliver your products, process payments/refunds, or send you promotional information if you have subscribed. We will take
all necessary measures to ensure the processing of your personal information securely and in accordance with this Policy and data protection legislation when it takes place from a location outside the EEA. For the avoidance of doubt, in the event that the United Kingdom is no longer part of the EEA, references in this paragraph to the EEA mean the EEA and the United Kingdom.
7 Storage period
The storage period of data is determined based on the following specific criteria depending on the case: When processing concerns the resume of a job candidate, the retention period is set at one year.
When processing is required by provisions of the applicable legal framework, the personal data of customers will be stored for as long as the relevant provisions dictate.
When processing is based on a contract, the personal data of customers are stored for as long as necessary for the execution of the contract and for establishing, exercising, or defending legal claims based on the contract.
Your account data subject to tax regulations will be retained for up to 10 years from the cancellation of your account in our system as mandated by law. After this timeframe, they will be deleted without notification.
Regarding the personal data of IACS S.A. customers and employees, we retain them for 20 years from the termination of our contractual cooperation, for the potential defense against legal claims by the relevant subjects, in accordance with the 20-year statute of limitations.
8 Personal Data security
IACS S.A. implements appropriate technical and organizational measures to ensure the secure processing of personal data and prevent accidental loss or destruction, as well as unauthorized or unlawful access, use, modification, or disclosure thereof. These technical and organizational measures are taken both in the design of processing tools (e.g., encryption of server data and company computers, etc.) and by default, ensuring that only personal data necessary for the specific purpose of processing are processed (principle of data minimization). IACS S.A. does not solely rely on the security measures it has implemented so far but continually seeks new and modern methods to fortify the personal data it collects and processes. In any case, the nature of the internet as an open and freely accessible platform does not allow for guarantees that unauthorized third parties will never be able to breach the implemented technical and organizational measures, gaining access and potentially using personal data for unauthorized or unfair purposes.
9 Actions in case of personal data breach
In case of a breach of the personal data of the subjects and if such breach is likely to result in a risk to their rights and freedoms, IACS S.A. is committed to notify, without undue delay and in any case within 72 hours from the moment it becomes aware of the breach, the Hellenic Data Protection Authority (HDPA) and, if deemed necessary, the data subjects themselves.
10 Your rights
Every person whose data are processed by IACS S.A. has the following rights:
10.1 Right to information
You have the right to be informed about our identity and contact details, or those of our representatives, the purposes of the processing for which personal data are intended, as well as the legal basis for the processing, the recipients or categories of recipients of the personal data. In the context of the transparency principle
governing our company’s operation, you can contact us to request further information about the processing of your personal data and how to exercise your rights by submitting the relevant requests. We will respond to your requests without delay and in any case within one month of receiving the request. This deadline may be extended by two additional months if necessary, taking into account the complexity of the request and the number of requests.
10.2 Right of access
You have the right to be informed and to verify the legality of the processing, as well as to request copies of the personal data undergoing processing. Therefore, you have the right to access the data and to receive supplementary information regarding their processing. Additionally, you have the right to access more specific information about the content and the manner of exercising your individual rights.
10.3 Right to rectification
You have the right to study, correct, update, or modify your personal data.
10.4 Right to erasure
You have the right to request erasure of your personal data when we process them based on your consent or in order to protect our legitimate interests. In all other cases (such as if there is a contract, an obligation to process personal data imposed by law, public interest), the said right is subject to specific restrictions or does not exist depending on the case (e.g. we are entitled to refuse the deletion of your personal data in order to establish, exercise or support our legal claims).
10.5 Right to restrict processing
You have the right to request restriction of processing of your personal data in the following cases: (a) when you contest the accuracy of your personal data, and until verification is obtained; (b) when you oppose the erasure of personal data and request the restriction of their use instead; (c) when the personal data are no longer needed for the purposes of processing, but they are necessary for the establishment, exercise, or defense of legal claims; and (d) when you object to processing pending the verification whether the legitimate grounds of the controller override your objections to the processing.
10.6 Right to object to processing
You have the right to object at any time to the processing of your personal data in cases where, as described above, such processing is necessary for purposes of legitimate interests pursued by us as data controllers, as well as for processing for direct marketing purposes. Specifically, you have the right to object to any decision taken solely based on automated processing, including profiling, which produces legal effects concerning you or significantly affects you. However, you cannot object to automated decision-making that concerns you when this decision is necessary for entering into or performing the contract we have with you, or is based on your explicit and freely given consent.
10.7 Right to data portability
You have the right to receive your personal data, free of charge, in a format that allows you to access, use, and process them with commonly used processing methods. Additionally, you have the right to request, where technically feasible, that we transmit the data directly to another data controller. This right applies to the data you have provided to us and that are processed by automated means based on your consent or in fulfillment of a relevant contract.
10.8 Right to withdraw consent
When processing is based on your explicit and freely given consent, you have the right to withdraw it freely, without affecting the lawfulness of the processing based on your consent before its withdrawal.
To withdraw your consent, you can contact the company using the following contact details: email: info@iacs.gr
phone number: +30 2310 527228
10.9 Right to lodge a complaint with the Hellenic Data Protection Authority
In case of a breach of your personal data, you have the right to lodge a complaint with the Hellenic Data Protection Authority (www.dpa.gr):
Phone number: +30 210 6475600,
Fax: +30 210 6475628,
Email: contact@dpa.gr.
11 Third parties websites
Our website may provide links to other websites that are not owned or controlled by us but which we believe could be useful or interesting to visitors of our website. In this case, we are not responsible for the privacy practices used on the websites of others, nor for the accuracy of their content or the collection of information by the parties that own and control those websites, or their use of cookies. Therefore, we are not liable for any damage or issue that may arise from your use of such third-party websites. Ultimately, it is up to you whether to use or trust any link to another website provided by our website, in case you do not fully trust it.
12 Childrens
By providing your consent, you confirm responsibly that you are over 15 years old. If you are under 15 years old, you may only use our website and its services with the involvement and approval of a parent or guardian.
13 Renewals and updates
The website www.iacs.gr is constantly updated and expanded both in functionality and in terms of products and services, resulting in the continuous renewal of this privacy policy. We recommend that you regularly visit this page to stay informed about any changes to the content of this privacy policy.