logo
a

NESC

Privacy Policy & GDPR

 

1. Purpose & Objectives

The Network of Employment and Social Care – NESC makes every effort to comply with the legislation related to the Protection of Personal Data in the sectors in which it operates. This Policy sets out the basic principles by which NESC processes the personal data of customers, employees, suppliers, partners and other persons. This Policy applies to NESC and its directly or indirectly controlled subsidiary companies based in Greece. All employees, with an indefinite or fixed-term relationship, as well as all subcontractors working on behalf of NESC are bound by this Policy.

2. Basic Definitions

The following are the basic definitions of the terms used in this document, as set out in Article 4 of the General Data Protection Regulation, in order for the data subject to familiarize himself with the terminology of the Regulation:

Personal Data: any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one whose identity can be ascertained, directly or indirectly, in particular by reference to an identification element such as a name, an identification number, to location data, an online identifier or one or more factors that characterize the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.

Personal Data of special categories: Personal data which are by nature particularly sensitive in relation to fundamental rights and freedoms need special protection, as the context of their processing could create significant risks for fundamental rights and freedoms. This personal data includes personal data revealing the origin, political opinions, religious or philosophical beliefs or trade union membership, as well as the processing of genetic data, biometric data for the purpose of unmistakable personal identification, health-related data or data concerning a natural person’s sex life or sexual orientation.

Responsible for processing: the natural or legal person, public authority, agency or other entity that, alone or jointly with others, determines the purposes and manner of processing personal data.

Person performing the processing: the natural or legal person, public authority, agency or other entity that processes personal data on behalf of the controller.

Processing: any act or series of acts carried out with or without the use of automated means, on personal data or sets of personal data, such as collection, registration, organization, structuring, storage, adaptation or alteration, retrieval , information retrieval, use, disclosure by transmission, dissemination or any other form of disposal, association or combination, restriction, deletion or destruction.

Principle: The Authority for the Protection of Personal Data

 

3. Basic principles concerning the Processing of Personal Data

NESC as data controller strictly adheres to the data protection principles defined in article 5 of the General Data Protection Regulation.

3.1. Legitimacy, Objectivity and Transparency
NESC processes personal data legally, objectively and transparently towards the data subjects.

3.2. Purpose Limitation
Personal data is collected only for specific, explicit and legitimate purposes and is not processed for any other purpose.

3.3. Data minimization
NESC maintains the accurate personal data of the subjects and ensures that their compliance is limited to what is necessary in relation to the processing purposes. At the same time, it applies the appropriate technical measures in order to achieve the above objectives.

3.4. Accuracy
The personal data maintained by NESC is accurate and up-to-date. Actions are taken to ensure that personal data that are inaccurate, in relation to the purposes for which they are processed, are deleted or corrected in a reasonable time.

3.5. Limitation of Storage Period
Personal data is kept for a time no longer than is necessary for the purposes for which NESC processes it.

3.6. Integrity and confidentiality
Taking into account the technological level and other available security measures, the cost of implementation, as well as the probability and severity of the risks to personal data, NESC uses appropriate technical or organizational measures for the processing of Personal Data, in a way that guarantees the appropriate security of personal data and their protection against accidental destruction, loss, damage, unauthorized or illegal processing.

3.7. Accountability
NESC bears the responsibility and is able to demonstrate compliance with the General Data Protection Regulation to the competent Personal Data Protection Authority.

 

4. Privacy Notice, Consent and Rights of Data Subjects

4.1. Notice to Data Subjects
Before collecting personal data or during its collection for any processing activity undertaken by NESC, including but not limited to the sale of products, services or marketing activities, NESC is responsible for providing appropriate information to the data subjects and more specifically, information on the types of personal data collected, the purposes of the processing, the processing methods, the rights of the data subjects in relation to their personal data, the registration period, any international data transfers, if personal data is given in the context of cooperation to third parties, as well as the security measures of NESC for the protection of personal data. This information is provided through the Privacy Notice.

4.2. Consent – Free withdrawal thereof
When the collection of personal data has as a legal basis the consent of the data subject, NESC is responsible for ensuring that the data subjects provide their consent freely, with a positive action, expressly and in full knowledge of the content of the text in which they consent to. NESC provides the data subjects with the possibility to withdraw their consent at any time. Where personal data of children under 16 years of age is collected, NESC ensures that the Parent’s consent has been given before the collection. Personal data must be processed only for the purpose for which it was originally collected. In the event that NESC wishes to process collected personal data for another purpose, it must seek the consent of the data subjects in an explicit and specific document. Any such request must contain the original purpose for which the data was collected, as well as the new or additional purpose(s).

4.3. Collection
NESC makes every effort so that the amount of personal data it collects is the minimum possible. If personal data is collected by a third party, NESC ensures that this data is collected legally.

4.4. Relationship of NESC with Third Parties
In cases where NESC uses a third-party supplier or business partner whom it entrusts to process personal data on its behalf, it ensures that the processor will provide the appropriate security and protection measures for personal data in order to address possible associated risks. NESC makes every effort to ensure that its suppliers or commercial partners process personal data only to fulfill their contractual obligations towards NESC, always in accordance with its instructions and for no other purpose.

4.5. Access Rights of Data Subjects
NESC as the Processor is responsible for providing the data subjects with a mechanism to access their personal data, which will also allow them to review, correct, delete or transfer it.

4.6. Data Portability
Data Subjects have the right to receive, upon request, a copy of the data they have provided to NESC in a structured format and to transfer this data to another controller. NESC is responsible for ensuring that these requests are processed within one month, provided that these requests are not manifestly unfounded. When exercising the right to data portability, the data subject has the right to request the direct transmission of personal data from one controller to another, if this is technically possible.

4.7. Right to be Forgotten
Upon request, Data Subjects have the right to ask NESC to delete their personal data.  will immediately take the required actions (including technical actions) to satisfy the request and will ensure the same from any third parties that use or process personal data on its behalf.

4.8. Right to object
The Data Subject has the right to object at any time to the processing of personal data concerning him, including profiling.

4.9. Right to restriction of processing
Upon request, Data Subjects have the right to ask NESC to limit the processing of their data in accordance with Article 18 § 1 a-d of the General Data Protection Regulation (EU) 2016/679.

4.10. How to exercise all rights of Data Subjects and withdraw their consent
The Data Subject exercises his rights as well as the revocation of his consent by written application to the company NESC. The Data Subject may also freely withdraw his consent without affecting the legality of the processing based on it until its withdrawal.

5. Response to Personal Data Breach Incidents

When NESC is informed of a potential or actual personal data breach, it will immediately conduct an internal audit and take appropriate remedial measures in a reasonable time, in accordance with the Personal Data Breach Policy. When there is a risk to the rights and freedoms of the data subjects, NESC must notify the incident of violation to the Authority without delay and in any case, within 72 hours.

 

COOKIES POLICY

Our website, like most websites, uses small files called cookies which help us improve your browsing experience. Your browsing implies that you provide your consent to the use of cookies as described in this Cookie Policy.

If you disable the cookies we use, this may affect your experience when browsing our website.

This website includes the following detailed information on cookies:

What are cookies and why are they there?

Cookies are small files that are stored by your browser on your computer, tablet, mobile phone and generally on the device with which you browse our website.

Each cookie contains information such as usually the name of the Website it comes from, its “lifetime” (ie how long it will stay on your device), and a value, which is usually a number.

Essentially, cookies allow websites to store various anonymous information such as the visitor’s preferences or whether he has visited the website again.

On our website, cookies are used to make it easier for users to navigate the website, to better adapt it to your interests and needs and to improve its use and functionality. For example, when a user visits a web page with open comments, a cookie helps connect them to the feedback form.

In addition, cookies are used to compile anonymous traffic statistics and to know how you discovered our websites. These statistics help us to understand how you use our website so that we can improve its structure and content.

In any case, we cannot ascertain your personal identity from cookies. Cookies are stored exclusively on your own device (computer, tablet, mobile phone) and our website does not maintain any file or database with your personal data.

Disable cookies in your browser

Usually, web browsers are set to accept all cookies. If you wish, it is possible to set your browser not to accept cookies from a specific website, to be notified when it stores cookies or not to accept cookies at all.

However, if you choose to disable cookies for our website, we may not be able to properly provide you with all the features offered on our website. For example, the commenting service will not be able to know if you are logged in and therefore you may not be able to comment.

To learn more about cookie settings in different browsers, you may find the links below useful. Alternatively, click on the “Help” option of your browser or refer to the information of the specific program.

Useful links about Cookies