- REInvest in other countries:
- Bulgaria
RE INVEST Greece S.A. (hereinafter referred to as “RE INVEST” or the “Company” or “we”) is deeply committed to privacy matters and ensures that personal data are handled with the highest level of responsibility.
This Privacy Notice provides the general framework established by RE INVEST, as a Data Controller, for the processing and protection of personal data of its business partners, collaborators, suppliers, subcontractors and any party which has a business relationship with the Company (hereinafter referred to as “Partner”), in accordance with the requirements of the General Data Protection Regulation (EU) 2016/2019 (“GDPR”) and the national legislative framework (Law 4624/2019), as in force.
In the context of our business collaboration, the Company collects and processes the following Partners’ personal data:
As a rule, personal data are obtained directly from Partners (e.g. during the contract’s execution process).
Personal data may be collected during the Partner’s access to Company's computer network, technological infrastructure and databases. Data collection takes place only to the extent permitted under the current legislative framework. Partners are required to exercise due diligence and review and abide by the Company’s security policies and other related policies as to the use of Company’s resources and infrastructure, both physical and digital, during the performance of their contractual tasks.
The Company collects and processes Partners' personal data for purposes related to the business collaboration and to the extent that processing of such data is necessary to perform our contractual or legal obligations. We will not use Partners' personal data for any other purpose that is incompatible with the purposes listed below, unless we are permitted by the Partner or required or permitted by Law. In particular, Partners' personal data is being processed for the following purposes:
The legal basis for the processing of personal data collected in accordance with the above is:
In the context of the business collaboration between the Company and the Partner, consent does not apply as a legal basis for the processing purposes pursued by the Company. Consent will apply as legal basis only when the collection, transfer, or disclosure of personal data to a third party (e.g. public or private entity) is not based on another lawful basis for processing (such as performance of a contract, legal obligation, legitimate interest of the Company). In exceptional cases where consent is required, it will be obtained after providing the Partner with a proper explanation of the processing purposes in a manner consistent with the GDPR.
The recipients of the Partners’ data may be:
The Company requires of its service providers, as well as its third-party partners to take all necessary technical and organisational measures (including appropriate policies and procedures) to prevent unauthorised disclosure of Partners’ personal data to which they gain access and implement procedures for the management and processing of personal data in a manner that is lawful and protect such data according to GDPR imposed obligations.
Partners’ personal data may also be transferred to associated entities or third parties in the context of potential or ongoing restructuring, corporate services agreements, merger, sale, joint venture, transfer or other process of disposal of some or all of the business, assets or stock (including insolvency or other similar proceedings).
The personal data we collect is processed on servers located in the EU or EEA. In exceptional cases, the Company may transfer Partner’s personal data outside the EEA provided such transfer is required by the applicable regulatory or legislative framework or RE INVEST deems it necessary for the performance of its contractual obligations. In this case we will ensure that there is an appropriate level of protection corresponding to the level of protection of personal data in the EEA and that the transfer in question is lawful on condition that there is an adequacy decision of the European Commission or the required guarantees and safeguards of Articles 44-50 of the GDPR are provided, such as the adoption of European Commission's Binding Corporate Rules or Standard Contractual Clauses.
The Company takes all necessary lawful, organizational and technical measures for the protection of personal data as provided by the relevant legislation on privacy and personal data protection, measures to ensure the best protection of personal data against any unlawful processing, as well as to guarantee the possibility of restoring the availability and access to them. These measures aim to ensure a level of security that corresponds to the risk, considering the nature, scope, context, and purposes of processing as well as the risks of varying likelihood and severity for the rights and freedoms of natural persons, while applying procedures for the regular testing, monitoring and evaluation of the effectiveness of said technical and organisational measures.
We ensure that all our Partners and third-party providers are subject to a duty of confidentiality and have in place appropriate security measures to prevent Partners’ personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
Partners shall inform the Company of any changes regarding their personal data (e.g. telephone number, address, etc.), so that the data available to the Company is accurate and up to date.
The Company will retain personal data for the period of time necessary to fulfil the purposes described in this Privacy Notice, unless the law permits or requires its retention for a longer period of time or unless such retention is necessary in the context of a legal dispute or investigation or other proceeding. Upon termination of the contract in any way, the Company will retain the personal data only for as long as required by applicable law such as tax law, AML/KYC regulations, and until the conclusion of any pending legal actions between the parties.
To determine the appropriate retention period for personal data, the Company considers the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of partner’s personal data, the purposes for which the Company process partner’s personal data and whether the Company can achieve those purposes through other means, and the applicable legal requirements.
A) In relation to the collection and processing of data, Partners have the following rights, although their ability to exercise these rights may be subject to certain conditions, under the data protection legislation:
- Right of access
The Partner has the right to ask us to confirm whether we are processing his/her personal data. The Partner can ask us to send him/her an electronic copy of his/her data, as more specifically is described to Article 15 para 3 of GDPR.
- Right to rectification Partner has the right to obtain from the Company without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, Partner has the right to have incomplete personal data completed, including by means of providing a supplementary statement. Right to erasure
Under the conditions laid down in the Article 17 of GDPR, Partner has the right to request from us to eraseall or part of his/her data without undue delay. Please note that the Company may still retain certain Partner personal data to the extent and for the time that is required under specific legal obligations (e.g. tax law).
- Right to restriction
Under the conditions laid down in the Article 18 of GDPR, Partner is entitled to request that we no longer process his/her personal data for particular purposes.
- Right to data portability
In certain circumstances, Partner has the right ask to transfer his/her data to another organisation or to receive the personal data provided to us in a in a structured, commonly used and machine-readable format, in accordance to the provisions of Article 20.
- Right to object
Partner has the right to object on grounds relating to his or her particular situation, to our use of his/her personal data or the way in which we process it.
The Company has in any case the right to partially or completely refuse to satisfy a request for restriction on the processing or deletion of partner’s personal data, if the processing or retention of such data is necessary for the performance of the contract, as well as for the establishment, exercise or support of its legal rights or the fulfillment of its legal obligations.
B) To exercise all of the above rights, Partner may address his/her request to the Company via email at: dpo@res-cep.com. The Company will take every possible measure to respond to the Partner’s request within 30 days of its receipt. That period may be extended by an additional of two months taking into account the complexity of the request and/or the number of requests. The Company will inform the Partner of any such extension within one month of receipt of his/her request, together with the reasons for the delay.
If Partner believes that we have not handled his/her personal data in accordance with the applicable data protection legislation, or that his/her rights are infringed, is entitled to lodge a complaint with the Hellenic Data Protection Authority through its web portal (https://www.dpa.gr/el/polites/katagelia_stin_arxi) by filling the respective online form, depending on the type of complaint (Offices: 1-3 Kifissias Str., PC 115 23, Athens, Call Center: + 30-210 6475600).
Partners agree and undertake not to seek to access or use personal data of Company’s employees or other persons, to which they have access during their engagement with the Company, for any purpose, except in connection with their work or their professional association with the Company and in any event to the extent necessary. The above obligations shall continue to apply after the termination of their relationship with the Company.
To the extent that the Partner is given access to the Company’s premises and /or its technological resources and infrastructure, agrees and declares that he/she will follow the instructions provided by the Company and abide by the Company’s Security Policies and Procedures and Acceptable Use Policy. The Company informs the Partner that it retains the right to monitor the use of its corporate infrastructure to prevent the leakage of know-how, confidential information or commercial/trade secrets, or personal data, as well as the right to protect its property from serious threats, such as preventing the transmission of confidential information to competitors or ensuring the evidence or proof of criminal activities.
For further information on the present Privacy Notice, the abovementioned rights and how to exercise them, Partners can contact us:
The terms of this Privacy Notice may be amended from time to time to accommodate the Company requirements. We will notify the Partners of significant amendments of this Privacy Notice through appropriate means (e.g. by e-mail or other available means of communication).
Last updated: 09.09.2024