TÜV HELLAS SECURITY AND PERSONAL DATA PROTECTION POLICY

TÜV HELLAS (TÜV NORD) SA, hereinafter referred to as "Company," as a distinguished and international Certification & Training Organization, attaches great importance to the lawful processing, security and protection of your personal data, in whatever capacity you cooperate with or communicate with us (as Candidates or active Clients, Partners, Trainees, Suppliers, Employees, Individuals, Website Visitors, or Generally Associated Third Parties with our Organization).

Please read carefully these terms and our Company's SECURITY AND PERSONNAL DATA PROTECTION POLICY. By using our web sites and signing the relevant consent statement, you unreservedly accept the practices described herein and whose terms govern the contractual relationship between us and are incorporated into the terms of use of each of our services.

Your personal data includes any information, on paper or electronic media, which may lead, either directly or in combination with other data, to your unique recognition / identification or to your detection as a natural person. This category includes, as the case may be, data such as Name, VAT, ID number, your physical and e-mail addresses, your fixed and mobile phone numbers, SMS / MMS messages, bank / / prepaid cards, your equipment or terminal identifiers - computer - smartphone - tablet, your history of online searches (log files, cookies, etc.) and any other information that allows your unique identification in accordance with the provisions of the General Rules for the Protection of Personal Data (GDPR 2016/679), the applicable Greek legislation (4624/2019) and the decisions of the Hellenic Data Protection Authority (HDPA).

For example, we process and protect your personal data in accordance with the law, and in accordance with the relevant Legislative & Regulatory Framework for Certification / Training Bodies, Collection of Data from Certification / Inspections / Audits / Training, within Marketing and within the framework of your communication / support / information and any other activity of our Company.

Our Company will use your information for the following legitimate purposes of processing within the framework of the Contract between us or if you have given us your explicit and specific consent per service (which you can freely revoke at any time), namely:

• For managing your data & information within our Certification / Inspection / Audit / Training Services

• To support / inform you about our Company's services / projects / answer your requests and queries as well as update and respond to your suggestions and comments on improving our services.

• For "internal" assurance of the quality of our services

• For analyzing website traffic and improving your experience and providing you with information on services, training programs, general / technical information, etc.

• For internal operations and analysis such as internal management, fraud prevention, use of management, pricing, accounting, billing and control information systems. In any case, you can change your preferences at any time using the write-off link at the end of each email you receive from us.

This Privacy Policy is intended to inform you of the terms of collection, processing and transmission of your personal data that we may collect as Responsible for processing (Controller) or performing the processing (Processor). Our Company and its trained staff apply the ten Principles for the Processing of GDPR 2016/679 (lawfulness, fairness, transparency, purpose limitation, data, data minimization, accuracy, storage limitation, integrity, confidentiality and accountability).

Our Company protects and safeguards your Rights (information, access, correction, deletion, processing limitation, portability, opposition, and non-automated decision-based profiling, as specified in the GDPR and Greek legislation). The above applies without any discrimination and to all the processes and to all the services provided by our Company.

Our Company collects your personal data with your consent and acceptance of the terms of use of each of our services, such as:

• when you dial our numbers, when you send us an email or fill out a request for information / service offer / enrollment in an Educational program.

• in the framework of the implementation of Inspections / Audits / Certification / Training

• when you send us the postal address for issuing or sending an invoice or proof of service and delivery details of a document (eg a Certificate).

• when you voluntarily subscribe to printed or electronic directories to receive printed, electronic or SMS informational material or other marketing material or renew these preferences

• when you visit our web pages through which we collect, through cookies, the necessary information from your terminal device and your browser.

Our Company will always ask you for the minimum required personal data for the implementation of our Services and your best possible service. 

Our Company retains your personal data only for as long as is required by the contractual terms of each service, in combination with the applicable for Certification / Training Bodies, as well as the general telecommunications, tax and other legislation and Regulatory Framework, based on the purpose processing and then anonymizes or destroys them. You may ask us to know what data we collect about you and correct or delete it unless it is required by law for fiscal, evidentiary or judicial purposes and for prosecuting illegal acts

In compliance with the relevant European Legislation / Regulatory Framework, our website (www.tuv-nord.com/gr) uses "cookies". Cookies are web-based "tools" to collect and analyze information from third party partner sites or social networking platforms to measure traffic, improve the functionality, content and overall appearance of our website and adapt to the needs of our customers.

By using our site, you agree (opt-in) to processing your personal data collected from search engines or social networks, such as Google Analytics, Facebook social plug-ins, Google+, etc. (which are not subject to any involvement, influence or control by our Company) and which are transmitted either inside or outside the European Economic Area, for which those third parties are solely responsible.

If you do not want third parties such as Google, Facebook, Twitter, etc. to receive information from your browser, when you visit the Company's websites, you can opt-out by choosing the appropriate option provided by the Usage Policy on the site of any such third-party part.

Although most browsers automatically accept the use of cookies, you can always change the settings on your computer by choosing not to accept cookies or asking you to accept each one of them separately. However, you should know that this will limit the range of browsing features available to you on any website.

Our Company does not pass on, your personal data to third parties unless it is clearly required by the Legislation / Regulatory Framework or when we act as 'intermediaries' and to the extent that this is required to complete our service and to fulfill requests regarding on behalf of our services

Such third parties may be official Surveillance / State Agencies (e.g. Hellenic Accreditation System, Hellenic Data Protection Authority etc.) and / or the TÜV NORD Group when we are required to comply with legislation / regulations for Certification Bodies / Training and / or to prevent and to the detriment of our Customers, acts of unlawful interference (e.g. fraud, abuse, insulting personality, etc.).

In the Company we select trusted Affiliates, and we endeavor to place contractual limitations on third parties who may receive your personal data to ensure that they use them in accordance with this Policy and the applicable data protection laws in Europe and internationally.

In order to process your data, we may need to transfer your information to other countries, including countries inside and exceptionally outside the European Economic Area (EEA), on the basis of EU competence decisions, company binding rules, standard contracts and approved codes of conduct.

In any case, we take the appropriate technical and organizational measures to ensure that your personal information is transferred, stored and processed in accordance with the appropriate security standards and procedures and in accordance with the terms of this Policy and the applicable data protection laws.

We recognize the importance of protecting privacy and all your personal information so our personnel is responsible and trained to that direction.

To this end, we have appointed a Data Protection Officer (DPO) and we follow best practices as appropriate security policies using appropriate technical and operational tools such as anonymization, pseudonymization, data encryption, firewalls, access levels, authorized employees, staff training, periodic inspections and compliance with international security standards and business continuity.

We may use your personal information along with other information we have collected (basic contact information such as Name / Company / Telephone / Address / email), following human intervention by our Commercial Department or other Executives, to perform, for your own better information / information, relevant Marketing promotions (emails, newsletters etc.).

However, we do not use automated tools to track and evaluate your consumer profile and general preferences with other personal information (such as your email address) to run ads or send you personalized offers. In addition, we do not share your personal information with third parties so that they may be able to send you relevant ads, unless you have explicitly consented to them

If you wish to stop sending updates or promotions, you can use the unsubscribe link at the end of the email you received from us.

Our Company sites may contain links to other third-party websites, independent agencies, such as, for example, consultancy or related service companies that are operated and maintained exclusively by them and which we do not control as we mentioned above. Therefore, we do not bear any responsibility for the content, actions or policies of these websites.

Please read carefully the corresponding data protection policies on the different websites you visit, as they may differ significantly from ours.

Our company does not allow the use of our website or our services for the transmission of mass or unwanted commercial email messages (spam).

We also do not allow messages to and from our Clients that use or contain invalid or altered headings, invalid or non-existing domain names, techniques to conceal the origin of any message, false or misleading information or violate terms of use of web pages.

We do not permit in any way the collection of email addresses or general information of our customers and subscribers through our website or our services. We do not permit or authorize any attempt to use our services in a manner that could harm, deactivate, burden any part of our services, or prevent anyone wishing to use our services.

If we believe that any unauthorized or inappropriate use is made of any of our services, we may, without notice, in our sole discretion, take appropriate steps to block messages from a particular domain, a server emails, or an IP address. We reserve the right to immediately delete any account that makes use of our services, which at our absolute discretion broadcasts or is associated with the transmission of any messages that violate this policy.

If you have any questions or comments about this Privacy Policy or if you believe we have not followed the principles set out in this Privacy Policy, please email at tuvhellasdpo@tuv-nord.com .

TÜV HELLAS (TÜV NORD) Data Protection Officer

Mr Michalis Alexiou (MSc Computer Systems Engineer)

[Address] 282, Mesogeion Av.,155 62 Cholargos,Athens, Greece

[Telephone] + 30 215 215 7449

[Email] malexiou@tuv-nord.com

This Policy was initially published by our Company on 25/05/2018 and is subject to periodic improvement and review.

Any changes to this Policy will apply to the information collected from the date of publication of the revised version and to the existing information we hold.

The use of the site after publishing changes implies acceptance by you of these changes.