• REInvest σε άλλες χώρες:
  • Bulgaria

Partners’ Privacy Notice

RE INVEST Greece S.A. (hereinafter referred to as “RE INVEST” or the “Company” or “we”) is deeply committed to privacy matters and ensures that personal data are handled with the highest level of responsibility.

This Privacy Notice provides the general framework established by RE INVEST, as a Data Controller, for the processing and protection of personal data of its business partners, collaborators, suppliers, subcontractors and any party which has a business relationship with the Company (hereinafter referred to as “Partner”), in accordance with the requirements of the General Data Protection Regulation (EU) 2016/2019 (“GDPR”) and the national legislative framework (Law 4624/2019), as in force.

1. Which personal data we collect

In the context of our business collaboration, the Company collects and processes the following Partners’ personal data:

  • Personal information and identification data: full name, ID details, VAT number, address.
  • Contact details, such as mailing addresses, phone numbers and e-mails for the proper communication with the Partner.
  • Financial data, bank account details (e.g. IBAN).
  • Information on business experience, certifications, membership in professional associations.
  • Access data produced that the Partner’s use of the Company's network and technological infrastructure.
  • Photos and videos related to Company’s events and conferences.

2. How we collect Partners’ personal data

- Directly from the data subject

As a rule, personal data are obtained directly from Partners (e.g. during the contract’s execution process).

- While using the Corporate Resources and Infrastructure

Personal data may be collected during the Partner’s access to Company's computer network, technological infrastructure and databases. Data collection takes place only to the extent permitted under the current legislative framework. Partners are required to exercise due diligence and review and abide by the Company’s security policies and other related policies as to the use of Company’s resources and infrastructure, both physical and digital, during the performance of their contractual tasks.

3. Purposes of processing

The Company collects and processes Partners' personal data for purposes related to the business collaboration and to the extent that processing of such data is necessary to perform our contractual or legal obligations. We will not use Partners' personal data for any other purpose that is incompatible with the purposes listed below, unless we are permitted by the Partner or required or permitted by Law. In particular, Partners' personal data is being processed for the following purposes:

  • For the performance of the contract, including payments.
  • For the Partner evaluation.
  • o maintain business records.
  • To comply with the Company’s statutory obligations (such as obligations under tax and AML/KYC related legislation) and manage any legal or other claim arising out of or relating to the contract.
  • To facilitate communication with the Partner.
  • In exceptional cases, if the use of data is required for the protection of the legitimate interest of the Partner or the Company or a third party, to protect the Company, its property as well as its proper operation, to ensure the security and efficient function of the Company's infrastructure, to prevent unlawful acts and protect the rights of the Company and third parties, in particular confidential and proprietary information, business data and personal data accessed and processed by Partners.

4. Lawfulness of processing

The legal basis for the processing of personal data collected in accordance with the above is:

  • Processing is necessary for the performance of the contract between the Company and Partner or in order to take steps at the request of a (prospective) Partner prior to entering into a contract (Article 6.Paragraph 1 b’ of GDPR);
  • processing is necessary for compliance with a legal obligation to which the Company is subject, such as tax and record keeping or compliance with requests from public authorities or auditors (Article 6. Paragraph 1.c’ of GDPR);
  • Processing is necessary for the purposes of the legitimate interests pursued by the Company, such as to manage any legal or other claim arising out of or relating to the partner’s relationship with the Company (Article 6. Paragraph 1.f’ of GDPR).

In the context of the business collaboration between the Company and the Partner, consent does not apply as a legal basis for the processing purposes pursued by the Company. Consent will apply as legal basis only when the collection, transfer, or disclosure of personal data to a third party (e.g. public or private entity) is not based on another lawful basis for processing (such as performance of a contract, legal obligation, legitimate interest of the Company). In exceptional cases where consent is required, it will be obtained after providing the Partner with a proper explanation of the processing purposes in a manner consistent with the GDPR.

5. Data Recipients

The recipients of the Partners’ data may be:

  • The authorized RE INVEST’s personnel, on a strictly need to know basis and only as far as legally justifiable. Within RE INVEST partner’s information is processed and accessed only by specific individuals who provide IT and system administration services and also undertake leadership reporting, as well as the partners and other senior members of REINVEST.
  • To the extent that this is necessary for the fulfilment of our contractual and legal obligations, provision of services and satisfaction of Partner requests, personal data may be transmitted to external providers, such as internet companies and software companies, IT providers and service providers in order to provide IT, system administration services and call centre services.
  • Our business Partners, owners of the real estate assets, our clients or third-party real estate agents assigned to handle matters related to specific real estate assets.
  • Our appointed professional advisers including auditors, accountants, lawyers, bankers, insurers who provide consultancy, banking, legal, insurance and accounting services, to the extent that they may require access to the information to provide advice.
  • Tax and other regulatory authorities based in Greece who require reporting of processing activities in certain circumstances.
  • If required to do so to meet applicable law, the order of a Court or market rules and codes of practice applicable to the circumstances at the time.
  • Relevant authorities to investigate or prevent fraud or activities believed to be illegal or otherwise in breach of applicable law.

The Company requires of its service providers, as well as its third-party partners to take all necessary technical and organisational measures (including appropriate policies and procedures) to prevent unauthorised disclosure of Partners’ personal data to which they gain access and implement procedures for the management and processing of personal data in a manner that is lawful and protect such data according to GDPR imposed obligations.

Partners’ personal data may also be transferred to associated entities or third parties in the context of potential or ongoing restructuring, corporate services agreements, merger, sale, joint venture, transfer or other process of disposal of some or all of the business, assets or stock (including insolvency or other similar proceedings).

6. Cross-Border Data Transfers

The personal data we collect is processed on servers located in the EU or EEA. In exceptional cases, the Company may transfer Partner’s personal data outside the EEA provided such transfer is required by the applicable regulatory or legislative framework or RE INVEST deems it necessary for the performance of its contractual obligations. In this case we will ensure that there is an appropriate level of protection corresponding to the level of protection of personal data in the EEA and that the transfer in question is lawful on condition that there is an adequacy decision of the European Commission or the required guarantees and safeguards of Articles 44-50 of the GDPR are provided, such as the adoption of European Commission's Binding Corporate Rules or Standard Contractual Clauses.

7. Data security

The Company takes all necessary lawful, organizational and technical measures for the protection of personal data as provided by the relevant legislation on privacy and personal data protection, measures to ensure the best protection of personal data against any unlawful processing, as well as to guarantee the possibility of restoring the availability and access to them. These measures aim to ensure a level of security that corresponds to the risk, considering the nature, scope, context, and purposes of processing as well as the risks of varying likelihood and severity for the rights and freedoms of natural persons, while applying procedures for the regular testing, monitoring and evaluation of the effectiveness of said technical and organisational measures.

We ensure that all our Partners and third-party providers are subject to a duty of confidentiality and have in place appropriate security measures to prevent Partners’ personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.

8. Data accuracy

Partners shall inform the Company of any changes regarding their personal data (e.g. telephone number, address, etc.), so that the data available to the Company is accurate and up to date.

9. Data retention

The Company will retain personal data for the period of time necessary to fulfil the purposes described in this Privacy Notice, unless the law permits or requires its retention for a longer period of time or unless such retention is necessary in the context of a legal dispute or investigation or other proceeding. Upon termination of the contract in any way, the Company will retain the personal data only for as long as required by applicable law such as tax law, AML/KYC regulations, and until the conclusion of any pending legal actions between the parties.

To determine the appropriate retention period for personal data, the Company considers the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of partner’s personal data, the purposes for which the Company process partner’s personal data and whether the Company can achieve those purposes through other means, and the applicable legal requirements.

10. Data Subjects Rights

A) In relation to the collection and processing of data, Partners have the following rights, although their ability to exercise these rights may be subject to certain conditions, under the data protection legislation:

- Right of access

The Partner has the right to ask us to confirm whether we are processing his/her personal data. The Partner can ask us to send him/her an electronic copy of his/her data, as more specifically is described to Article 15 para 3 of GDPR.

- Right to rectification Partner has the right to obtain from the Company without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, Partner has the right to have incomplete personal data completed, including by means of providing a supplementary statement. Right to erasure

Under the conditions laid down in the Article 17 of GDPR, Partner has the right to request from us to eraseall or part of his/her data without undue delay. Please note that the Company may still retain certain Partner personal data to the extent and for the time that is required under specific legal obligations (e.g. tax law).

- Right to restriction

Under the conditions laid down in the Article 18 of GDPR, Partner is entitled to request that we no longer process his/her personal data for particular purposes.

- Right to data portability

In certain circumstances, Partner has the right ask to transfer his/her data to another organisation or to receive the personal data provided to us in a in a structured, commonly used and machine-readable format, in accordance to the provisions of Article 20.

- Right to object

Partner has the right to object on grounds relating to his or her particular situation, to our use of his/her personal data or the way in which we process it.

The Company has in any case the right to partially or completely refuse to satisfy a request for restriction on the processing or deletion of partner’s personal data, if the processing or retention of such data is necessary for the performance of the contract, as well as for the establishment, exercise or support of its legal rights or the fulfillment of its legal obligations.

B) To exercise all of the above rights, Partner may address his/her request to the Company via email at: dpo@res-cep.com. The Company will take every possible measure to respond to the Partner’s request within 30 days of its receipt. That period may be extended by an additional of two months taking into account the complexity of the request and/or the number of requests. The Company will inform the Partner of any such extension within one month of receipt of his/her request, together with the reasons for the delay.

If Partner believes that we have not handled his/her personal data in accordance with the applicable data protection legislation, or that his/her rights are infringed, is entitled to lodge a complaint with the Hellenic Data Protection Authority through its web portal (https://www.dpa.gr/el/polites/katagelia_stin_arxi) by filling the respective online form, depending on the type of complaint (Offices: 1-3 Kifissias Str., PC 115 23, Athens, Call Center: + 30-210 6475600).

11. Obligations of Data Subjects

Partners agree and undertake not to seek to access or use personal data of Company’s employees or other persons, to which they have access during their engagement with the Company, for any purpose, except in connection with their work or their professional association with the Company and in any event to the extent necessary. The above obligations shall continue to apply after the termination of their relationship with the Company.

To the extent that the Partner is given access to the Company’s premises and /or its technological resources and infrastructure, agrees and declares that he/she will follow the instructions provided by the Company and abide by the Company’s Security Policies and Procedures and Acceptable Use Policy. The Company informs the Partner that it retains the right to monitor the use of its corporate infrastructure to prevent the leakage of know-how, confidential information or commercial/trade secrets, or personal data, as well as the right to protect its property from serious threats, such as preventing the transmission of confidential information to competitors or ensuring the evidence or proof of criminal activities.

12. Contact details

For further information on the present Privacy Notice, the abovementioned rights and how to exercise them, Partners can contact us:

13. Amendments to this Privacy Notice

The terms of this Privacy Notice may be amended from time to time to accommodate the Company requirements. We will notify the Partners of significant amendments of this Privacy Notice through appropriate means (e.g. by e-mail or other available means of communication).

Last updated: 09.09.2024

Επικοινωνία
Αυτός ο ιστότοπος χρησιμοποιεί cookies - μικρά αρχεία που τοποθετούνται στον υπολογιστή σας για να βοηθήσουν τον ιστότοπο να παράσχει μια καλύτερη εμπειρία.
Διαβάστε περισσότεραRejectΟΚ