DESFA’s Information Note regarding the processing of Personal Data in accordance with Regulation (EU) 2016/679 and existing Greek Legislation.
DESFA notifies you that, within the framework of its activities and obligations as these are defined by the European and Greek Legislation and its Articles of Association, processes Personal Data (hereinafter: Data) of its employees and natural persons, who represent its Counterparties such as suppliers, users of the NGTS, etc. (hereinafter referred to as: Data Subjects), as follows:
1. What kind of Data is processed by DESFA and where does DESFA collect them?
1.1. Data identifying the Data Subjects such as: name, father’s name, identification card number, VAT number, social security number, date of birth, sex, family status, etc. This data is collected by the Data Subjects (directly or through the companies or other organizations they represent).
1.2. Data Subjects communication data such as: postal and e-mail address, telephone, landline and mobile, etc. The Data is collected by the Data Subjects (directly or through the companies or other organizations they represent).
1.3. Data of the Data Subjects relating to: compliance with Tax Authorities, transactions with Credit Institutions, professional behavior and experience, knowledge and skills, etc. (directly or through the companies or other organizations they represent).
1.4. Image Data from the CCTV cameras in DESFA’s facilities and their perimeter, where warning signs exist.
1.5. Image data and audiovisual material from corporate events or Corporate Social Responsibility initiatives.
1.6. Data collected during navigation on our website, such as: Internet Protocol (IP) address, browsing data within the website, service preference information, transactional data executed. User-generated content.
1.7. Data within the scope of service provision, such as: order and transaction data, payment data, payment execution information, transaction tax details.
1.8. Any other Data other than the above Data, the processing of which is required by provisions of European and Greek Legislation.
2. Why DESFA is processing Data?
DESFA processes Data:
2.1. For the conclusion and performance of a contract in which DESFA is a contracting party.
2.2. To comply with the applicable Legal and Regulatory framework and decisions of public, supervisory, regulatory or judicial Authorities.
2.3. For the protection of the public interest, which consists of the secure and continuous provision of DESFA’s public utility services as the natural gas system operator of the country.
2.4. For the protection of its employees and counterparties, third parties, and property.
2.5. For the support of the mission and the Corporate Social Responsibility of DESFA, the promotion of its digital profile and the improvement of its reputation, including through the company website, as well as social media, the external communication management and the corporate event organization.
2.6. For the purposes of other legitimate interests pursued by DESFA or third parties, such as ensuring the resilience of the natural gas system, the physical security of facilities, the security of DESFA’s systems and information, the protection of individuals and property, the assessment of credit risk in transactions with third parties, and the exercise and support of legal claims.
2.7. For the purpose of promoting and marketing services and business and social activities, with the consent of the Data Subjects.
3. Who is processing the Data?
3.1. Authorized as appropriate: DESFA’s employees and/or DESFA’s agents.
3.2 Companies affiliated to DESFA.
3.3. Natural or legal persons, who provide services to DESFA, such as consultancy firms, lawyers, notaries, etc.
3.4. All public authorities and organizations within their responsibilities.
3.5. Third parties, collaborating entities, processing your personal data are under our control and only process it on our behalf and are subject to the same data protection policy or at least to a policy of the same level of protection as ours.
In cases where DESFA engages a third party to act as a processor on its behalf, DESFA ensures that the processing performed by the processor will be governed by a contract that will meet the terms of Article 28 of the GDPR, determining, inter alia, its subject and duration, the processing, the nature and purpose of the processing, the type of personal data and categories of data subjects, as well as the obligations and the rights of DESFA.
DESFA ensures that it cooperates with processors that provide adequate data protection guarantees and have taken appropriate technical and organizational measures to ensure compliance with GDPR requirements.
4. When does DESFA transfer Data to third countries (outside EU)?
DESFA shall not transfer Data to third countries. If a need arises for the transfer of Data to third countries, this will be conducted in accordance with Chapter V of the GDPR.
5. For how long is DESFA processing Data?
The period of time during which DESFA is processing Data varies according to the purposes for which the processing takes place and to its obligations under Law, Regulatory actions and contractual obligations.
Upon the expiration of the retention period, personal data is destroyed, in compliance with DESFA’s relevant policy and provided that their retention is no longer necessary to fulfill the purposes of processing.
6. What are the Data Subject’s Rights?
Your rights as Data Subject are set out in Chapter III of the GDPR. In particular, you are entitled to:
(a) To be informed in detail about your Data, its purpose of processing, their origin, recipients and processing time, and your related rights.
(b) To require the correction of any incorrect and/or incomplete Data.
(c) To request the deletion and/or restriction of processing of your Data, if you consider that the Data is not processed for a specific and legitimate purpose.
d) To oppose further processing of your Data.
(e) To request that your Data is forwarded to another controller, provided that the conditions laid down in the above Chapter of the GDPR are met.
You are also entitled to file a complaint to the Data Protection Authority, if you consider that any of your rights has being infringed.
DESFA establishes and implements appropriate procedures for the proper management of requests related to the exercise of the aforementioned rights submitted by Data Subjects. Specifically, through these procedures, DESFA ensures that:
- There are suitable means for Data Subjects to exercise their rights.
- The identity of Data Subjects submitting a request is adequately verified.
- Each request is effectively recorded and monitored.
- Proper management of each request takes place within the timeframes specified by the GDPR.
- Data Subjects are adequately informed about the progress of their requests, as well as the reasons if their request is not fulfilled.
7. How can you exercise your Rights (as per Article 6 hereof)?
In order to exercise your Rights, you may write to: “DESFA / Mesogion Aven.357-359 / PO 152 31 / Halandri Athens / cc DPO” or to the e-mail address: dpo@desfa.gr
Alternatively, you can submit a request to exercise your rights by clicking here.
DESFA will make every effort to respond to your request within the timeframes set by GDPR.
8. Data Protection Officer
You can contact DESFA’s Data Protection Officer (DPO) for issues related the processing of your Data at “DESFA / Mesogion Aven. 357-359 / PO 152 31 / Halandri Athens / cc DPO” or to the e-mail address: dpo@desfa.gr
9. How does DESFA protect the Data?
DESFA implements appropriate organizational and technical measures to ensure security of the Data, confidentiality, lawful processing and protection against accidental or unlawful destruction, accidental loss, alteration, prohibited dissemination or access and any other form of unfair processing.