LEGAL

Personal Data Protection Policy

PERSONAL DATA PROTECTION POLICY - PRIVACY POLICY

1. INTRODUCTION

On 25 May 2018, the implementation of the new European General Data Protection Regulation (GDPR) 679/2016 began, introducing substantive changes to the rules governing the security of personal data and its management.

TOSOH HELLAS SA (hereinafter referred to as "Company") - in full compliance with applicable Greek and European legislation - is constantly aiming at improving its Policy and Procedures, respecting your privacy and your personal data.

Here is a summary of the key points of the Company's "Privacy Policy".

2. GENERAL-DEFINITIONS

SUBJECT

The identified or identifiable natural person to which the data refers (NOT DECEASED).

PERSONAL DATA (ART. 2 & 4 GDPR)

any information relating to an identified or identifiable natural person ("data subject"); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person.

PROCESSING (ART. 4 GDPR)

Any operation or set of operations performed upon personal data or sets of personal data, whether or not by automated means: collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

BASIC DATA PROTECTION TARGETS:

• Confidentiality: Data should not be disclosed to unauthorized persons.
• Integrity: Data must be accurate, complete and genuine - not incorrect, altered or not up to date.
• Availability: Data must be available to the subjects whenever they are needed.

3. PURPOSE OF PROCESSING

  • Appropriate conduct of business
  • Occupational health and safety
  • Corporate benefits of any kind
  • Security and protection of facilities, staff and visitors
  • Recruitment of new staff
  • Execution of all kinds of contracts
  • Legalization of a company

4. LEGAL BASIS FOR PROCESSING

Consent: which you provide freely and clearly. You have the right to withdraw your consent at any time, without prejudice to the legality of the consent-based processing before it is revoked. (GDPR Article 6 (1) (a))

Execution of the Contract: if you are a company contracting party, before, during and after the execution of the contract. (GDPR Article 6 (1) (b))

Legal obligation: necessary to comply with the company's legal obligations. (GDPR Article 6 (1) (c))

Legitimate interests: necessary for the possible defense of the company's interests. (GDPR Article 6 (1) (f))

5. WHAT DATA WE PROCESS

We process your data depending on your relationship with the company (such as name, contact details, e-mail address, training and work information if you send your Curriculum Vitae) in the following cases:

a. When you register as a member on the website of TOSOH HELLAS SA
b. When you contact us through the website or via e-mail
c. Indicatively you belong to one of the following categories of natural persons:
     - Employees, apprentices and candidates
     - Suppliers
     - Collaborators/Business partners/Contractors

These specific data are submitted voluntarily by you on your own initiative or are collected by us exclusively for one of the aforementioned purposes, being appropriate, relevant and limited to what is strictly necessary (by being physically present at the Company's premises, by filling in any form or form of communication in physical or electronic form, by mail of any kind, by fax, by telephone).

Your data is processed exclusively by the company's appropriate Department and is not given or sold to third parties.

6. THIRD PARTIES

We will disclose your personal data to third parties only:

• If we are legally obliged to do so or
• When we have to comply with our conventional tasks to you
• During our cooperation, provided you are informed

7. DURATION

The duration of process varies depending on each particular case, based on the applicable law or our relationship or your wish or until the time for a possible filing of a claim expires.

Storage periods are set according to the storage limitation period principle and, in any case, the Company ensures that they are adhered to.

8. YOUR RIGHTS

Based on the General Data Protection Regulation you have a number of rights in relation to processing your data on behalf of the company. Specifically:

Right to Information: You have the right to receive clear, transparent and easily understandable information about how we process your personal data, as well as about your rights. That is why we provide you with this Policy.

Right of Access: You have the right to access your personal data (if we process it), as well as other specific information (corresponding to those provided in this Policy).

Right to Rectification: You have the right to request the correction of your Personal Data, if it is inaccurate or incomplete.

Right to Erasure (depending on each case): You have the right, also known as the "right to be forgotten", to request the erasure or removal of your personal data when there is no legitimate reason to continue processing. The right of deletion is not an absolute right. The Company may have the right or the obligation to keep the information in cases where it has a particular legal obligation to do so or has another legal reason to keep it.

Right to Restrict Processing: You may, in some cases, "block" or restrict the re-use of your information.

Right to Data Portability: You have the right to obtain a copy of any personal data we hold for you and to reuse or share it for your own purposes (in a structured, commonly used and machine-readable format, if this is technically feasible under the GDPR provisions).

Right to Object Processing (depending on each case): You have the right to object to certain types of processing, which we only do with your consent. If a particular processing of your data is based on consent, you may (in some cases) withdraw your consent at any time, which will not affect the legitimacy of the processing, before your consent is withdrawn.

Right to submit a complaint or grievance to the Competent Authority: submit a complaint or grievance to the competent supervisory authority (Data Protection Authority, Offices: 1-3, Kifissias Str. 115 23, Athens, Call Center: + 30-210 6475600, Fax: + 30-210 6475628, Email: contact@dpa.gr )

9. APPROPRIATE TECHNICAL AND ORGANIZATIONAL MEASURES

The Company, in compliance with the current legislative framework, has taken all the necessary actions by implementing the appropriate technical and organizational measures for the lawful maintenance, processing and safe storage of the personal data file, committed to ensuring and protecting in any way the processing of your personal data from loss or leakage, alteration, transmission or otherwise fraudulent processing thereof.

10. CHANGES TO POLICY

Effective protection of your personal data requires systematic monitoring of our policies and procedures, always respecting your personal data.

Therefore, this Privacy Policy may be modified at any time and without prior notice.

Driven by the principle of transparency, we are committed to informing you about any significant change in our procedures and policy if this is feasible.

However, please periodically review our Company Policy, since - to the extent permitted by applicable law – the use of our site for our communication, following this Policy, implies acceptance of its content and your consent.

11. COMMUNICATION-INFORMATION

In case you wish to contact us for further information or to help us exercise one of your Rights, please contact by phone at: 2310-717811 or send an e-mail to gdpr@tosoh-hellas.gr