DESFA’s Information Note regarding the processing of Personal Data in accordance with Regulation (EU) 2016/679 (hereinafter: GDPR) and existing Greek Legislation.
The Hellenic Gas Transmission System Operator SA. (hereinafter referred to as: DESFA) notifies you that, within the framework of its activities and obligations as these are defined by the European and Greek Legislation and its Articles of Association, processes Personal Data (hereinafter: Data) of its employees and natural persons, who represent its Counterparties such as suppliers, users of the NGTS, etc. (hereinafter referred to as: Data Subjects), as follows:
1. What kind of Data is processed by DESFA and where does DESFA collect them?
1.1. Data identifying the Data Subjects such as: name, father’s name, identification card number, VAT number, social security number, date of birth, sex, family status, etc. These data are collected by the Data Subjects (directly or through the companies or other organizations they represent).
1.2. Data Subjects communication data such as: postal and e-mail address, telephone, landline and mobile, etc. The Data are collected by the Data Subjects (directly or through the companies or other organizations they represent).
1.3. Data of the Data Subjects relating to: compliance with Tax Authorities, transactions with Credit Institutions, professional behavior and experience, knowledge and skills, payments, etc. (directly or through the companies or other organizations they represent).
1.4. Image Data from the CCTV cameras in DESFA’s facilities and their perimeter, where warning signs exist.
1.5. Image data and audiovisual material from corporate events or Corporate Social Responsibility initiatives.
1.6. Any other Data other than the above Data, the processing of which is required by provisions of European and Greek Legislation.
It is expressly stated that if you provide Third-Party Data, you should have obtained their written consent and referred to the present Information Note of DESFA.
2. Why DESFA is processing Data?
DESFA processes Data:
2.1. For the conclusion and performance of a contract in which DESFA is a contracting party.
2.2. To comply with the applicable Legal and Regulatory framework and decisions of public, supervisory, regulatory or judicial Authorities.
2.3. For the protection of its employees and counterparties or of third parties, as well as its property.
2.4. For the support of the mission and the Corporate Social Responsibility of DESFA, the promotion of its digital profile and the improvement of its reputation, including through the company website, as well as social media.
3. Who is processing the Data?
3.1. Authorized as appropriate: DESFA’s employees and/or DESFA’s agents.
3.2 Companies affiliated to DESFA.
3.3. Natural or legal persons, who provide services to DESFA, such as consultancy firms, lawyers, notaries, etc.
3.4. All public authorities and organizations within their responsibilities.
4. When does DESFA transfer Data to third countries (outside EU)?
DESFA shall not transfer Data to third countries. If a need arises for the transfer of Data to third countries, this will be conducted in accordance with Chapter V of the GDPR.
5. For how long is DESFA processing Data?
The period of time during which DESFA is processing Data varies according to the purposes for which the processing takes place and to its obligations under Law, Regulatory actions and contractual obligations.
6. What are the Data Subject’s Rights?
Your rights as Data Subject are set out in Chapter III of the GDPR. In particular, you are entitled to:
(a) To be informed in detail about your Data, its purpose of processing, their origin, recipients and processing time, and your related rights.
(b) To require the correction of any incorrect and/or incomplete Data.
(c) To request the deletion and/or restriction of processing of your Data, if you consider that the Data is not processed for a specific and legitimate purpose.
d) To oppose further processing of your Data.
(e) To request that your Data is forwarded to another controller, provided that the conditions laid down in the above Chapter of the GDPR are met.
You are also entitled to file a complaint to the Data Protection Authority, if you consider that any of your rights has being infringed.
7. How can you exercise your Rights (as per Article 6 hereof)?
In order to exercise your Rights, you may write to: “DESFA / Mesogion Aven.357-359 / PO 152 31 / Halandri Athens / cc DPO” or to the e-mail address: firstname.lastname@example.org.
DESFA shall make every effort to reply to your request within thirty (30) days of its submission. This period may be extended by a further two (2) months, if necessary, taking into account the complexity of the request and the number of requests. DESFA shall inform the Data Subject of such an extension within one month of receipt of the request and of the reasons for the delay. If the Data Subject submits the request through electronic means, the information shall, if possible, be provided through electronic means, unless the Data Subject requests otherwise.
8. Data Protection Officer
You can contact DESFA’s Data Protection Officer (DPO) for issues related the processing of your Data at “DESFA / Mesogion Aven. 357-359 / PO 152 31 / Halandri Athens / cc DPO” or to the e-mail address: email@example.com.
9. How does DESFA protect the Data?
DESFA implements appropriate organizational and technical measures to ensure security of the Data, confidentiality, lawful processing and protection against accidental or unlawful destruction, accidental loss, alteration, prohibited dissemination or access and any other form of unfair processing.