Repository

ADACOM PRIVACY POLICY

The company ADACOM ADVANCED INTERNET APPLICATIONS S.A. with the distinctive title “ADACOM S.A.” located at 25 Kreontos Street, Athens, P.C. 10442 (hereinafter “ADACOM”, “Company”
or “We”) has as its main priority the protection of the personal data it processes. The Company collects, maintains and processes personal data in accordance with the principles set out in General Regulation 2016/679 (hereinafter "GDPR") and in accordance with the applicable national and European legislation on personal data protection. The current Privacy Policy describes how personal data is processed, the purpose of the processing and its use, as well as your relevant rights under applicable law.

The controller of your personal data, within the meaning of the GDPR, is ADACOM S.A.    

1. Definitions

The following definitions are provided for the convenience of the user and are derived from the text of Regulation (EU) 2016/679 on the processing of personal data: 

“personal data”: any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person

“processing”: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction 

“controller”: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data· 

“processor”: the natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller 

2. Which personal data we process

At ADACOM we collect only the absolutely necessary data, which are appropriate and clear for the purpose for which they are intended. The data include the following:

 

• Subscriber identification data for the provision of electronic signature and/or seal services

As a Qualified Trust Service Provider (QTSP), ADACOM, collects, processes and stores Subscriber's personal data for identification purposes and the issuance of a certificate for electronic signature or seal. This personal information includes first name, last name, identification document details, email address, postal address, telephone number, credit/debit card details and/or other personal information as required.

 

If you choose ADACOM's remote identification as a method of verifying your identity before your Certificate is issued, you will be further required to provide your express and specific consent for the collection and retention of all data and documents required, e.g., the snapshot of the identification document, your facial image and/or video of your session and/or your dynamic selfie, as applicable. Your facial biometric data is also analyzed to automatically compare your real-time photo with your ID photo.

 

• Customer data

If you are either a customer for any of our products or services or simply a visitor to our website, we assure you that we do not collect your personal information unless you provide it to us on your own initiative by filling the relevant form. This information may include: contact information, such as first name, last name, postal address, email address, telephone number, etc.; shipping and billing information, such as credit/debit card and payment information and information you provide to us to obtain technical assistance 

 

• Data of our customers' executives, suppliers and partners and data processing in the context of implementing projects and providing services:

In the context of our cooperation with our customers and suppliers, we may be provided by them with information of their executives, such as their full names, contact details and position or role of their executives, for the purpose of executing the contract between us, managing projects or the provision of services that we jointly implement. In addition, in the context of project execution, the Company may process personal data to the extent required for the provision of services, as agreed and described in the Personal Data Processing Agreements with the client.

 

• Data when creating a user account on the ADACOM website

 

If you choose to create a user account on ADACOM’s website or subscribe to our newsletter, we collect your full name, email and telephone number.

 

• Data of subjects who submit an application/resume for employment

 

If you choose to apply for a job at ADACOM, we will process the information you provide us through your CV in order to evaluate and possibly hire you by our Company.

3. Purpose of processing of personal data

The collection and processing of personal data is carried out exclusively to the extent and degree necessary for the performance of the following processing purposes, as the case may be:

• To manage the sale of our products and services, such as for example to process your requests for ADACOM products and services, to contact and inform you about the availability of products and the progress of your order, to issue and send your tax documents, to execute your order, to ship the products, to process your order, etc.
• To provide technical support and customer service and complaint management
• To issue, revoke and process Certificates in accordance with our Certification Practices Statement (CPS).
• To confirm your identity (identification) for the issuance of an electronic signature and/or seal.
• To create and manage your account when you purchase from ADACOM's e-shop.
• To evaluate your CV and contact you when you send us your CV by email or apply for a job via the online application form.
• To subscribe to our newsletter and product/service promotion (marketing) via email. Please note that this processing is carried out in compliance with the applicable consent requirements and you have the option to opt out at any time by unsubscribing from marketing activities.
• Enforcement of our legal rights or compliance with applicable laws.

4. Recipients of the data

Access to the personal data processed by ADACOM is granted to the Company's personnel, that are bound to confidentiality obligations, as well as, where applicable, to the personnel belonging to the same group of companies, depending on the type and purpose of the processing. In addition, ADACOM may use external partners to carry out the processing on its behalf ("processors"), always in the manner required by the applicable personal data protection legislation. The external partners we use are bound by a contract for the protection of personal data and they further undertake confidentiality obligations, as defined by the relevant legislation.

 

In particular, with regard to the provision of trust services, we inform you that in case you choose remote identification as a method of verifying your identity prior to the issuance of your Certificate by ADACOM, "Electronic Identification S.L." (with its registered office in Spain) with which ADACOM has a contractual relationship in compliance with GDPR to safeguard your personal data, will collect and process your personal data. Your data will then be further transmitted in a secure manner to ADACOM, which is responsible for their retention in accordance with the provisions set out herein.  

 

If, for any reason, we need to transfer your personal data outside the EEA, we will do so only in accordance with appropriate requirements and safeguards and only to recipients that ensure an adequate level of protection of personal data and in any event in accordance with the provisions of Articles 44-49 of Regulation (EU) 2016/679 (General Data Protection Regulation - GDPR).

5. Lawfulness of processing

The Company processes your personal data as described above by virtue of:

• your consent to the processing of your data for one or more specific purposes (Art. 1 (a) GDPR).
• a contract and/or agreement you have entered into with the Company to serve the purposes of that contract/agreement (Art. 6 para. 1 (b) GDPR).
• safeguarding ADACOM's legitimate interests (Article 6(1)(b) of the GDPR).
• the purposes of complying with its legal obligations (e.g. in case of compliance with warrants issued by courts or public authorities, etc.) (Art. 1 (c) GDPR).

6. Cookies

ADACOM may also automatically collect information about you when you visit our websites using cookies. Cookies are small text files that are stored by the browser on your computer or mobile device when you visit a website. Cookies allow web applications to tailor their functions to your needs by collecting and remembering information about your preferences. For more information about cookies and how you can set them to work, please refer to the Company's Cookies Policy which is posted on our website.

7. Retention period of personal data

Your personal data are retained for the period of time provided for by the applicable legislation and for as long as there is a need to carry out actions necessary to achieve the purpose(s) of the processing. At the end of this period, your personal data will be securely deleted.

• Subscriber identification data for the provision of electronic signature and/or seal services

 

Your personal data, which are processed by ADACOM for the issuance of an electronic signature and/or stamp, are stored in an electronic file, which is protected by all necessary technical and organizational measures and is accessible only by persons specifically authorized for this purpose. ADACOM will retain your personal data for a period of at least seven (7) years from the date of expiry or revocation of your Certificate, in accordance with the eIDAS Regulation (EU Regulation No. 910/2014) and national regulatory requirements. If an approved certificate is not ultimately issued, the retention period of the entry in the above file is set at two (2) years. In the case of remote identification, if for any reason the video call is not completed, your personal data is not recorded by ADACOM.

 

• Data of subjects submitting an application/resume for employment:

 When you apply for a job in our company, your data will be retained for a period of twelve (12) months.

 

• Data of ADACOM's customers and partners regarding the implementation of projects and the provision of services/products:

Personal data may be processed during the provision of our services, which will be deleted within a reasonable time after the completion of the delivery of services, unless otherwise contractually agreed or unless a longer retention period is required or permitted by law.

8. What are your rights

ADACOM facilitates the management of your personal data and the exercise of your rights in accordance with the applicable national and European legislation. In particular, your rights are the following: 

• Right of Access: You have the right to be informed by our Company whether we process and maintain your personal data. If the answer you receive is affirmative, you may submit a request to obtain information about the processing, its purpose, the type of data, the recipients of your data, the period of retention, the existence of automated decision-making, as well as the possibility of exercising your other rights, such as rectification, erasure, restriction of processing, opposition to the processing carried out, lodging a complaint to the relevant Data Protection Authority and so on.
• Right to Rectification: You have the right to request the rectification of inaccurate or incomplete personal data.
• Right to erasure: Furthermore, in the event that the data we hold is no longer necessary for the purposes for which it was collected or in the event that your consent is withdrawn or, in general, if there are no longer legitimate reasons for maintaining them, you may request their erasure.  
• Right to restriction of processing: Where the cases of Article 18 of Regulation (EU) 679/2016 on the protection of personal data apply, you can request the restriction of processing.  
• Right to data portability: You may request to receive your data in a readable format or transfer your data to another controller in case this is feasible.
• Right to object: You can object to the processing of your data and request its termination. Your request may be refused by the controller in the event that there are demonstrable legitimate grounds for processing that override your right to object.
• Right to revoke your consent: In the event that your data is processed on the legal basis of your consent, you can revoke it at any time in order to stop the processing of data carried out on the basis of it.

 

You may submit your request by sending an email to dpo@adacom.com or by post to the address given below. ADACOM will respond to your request, depending on its merits, within 30 days. If for any reason we refuse to comply with your request, we will provide you with a detailed and reasoned response. 

Finally, if you believe that your rights have been violated, you have the right to lodge a complaint to the relevant Data Protection Authority at the following details: Address: 1-3 Kifissias Avenue, Athens, P.C. 11523, Contact Phone: 210 6475600, Email: contact@dpa.gr 

9. Protection of Data

ADACOM implements all appropriate technical and organizational measures to ensure the protection of your personal information. We use sophisticated technologies and security procedures to protect your personal information from unauthorized access, use or disclosure. The personal information you provide is stored in a controlled, secure environment, protected from unauthorized access, use or disclosure, e.g. we encrypt all data you submit when ordering our products or services using the Secure Sockets Layer (SSL) protocol. Moreover, our information security procedures are audited annually by an internationally recognized auditing company.

10. Links to other websites

Our website may contain links to other websites of interest. However, when you use these links and leave our site, you should note that we have no control over the other site you visit. Therefore, we cannot be responsible for the protection and privacy of the information you provide when you visit them as these sites are not governed by this Privacy Policy and are outside the sphere of ADACOM's responsibility. You should be careful and read the Privacy Policy for the protection of personal data applicable to that site.

11. Protection of minors

ADACOM is committed to protecting the privacy of children. Our website does not address or knowingly collect information from children under the age of 18. In the event that we determine that we have collected personal information from a child without verified parental consent, we will delete that information as soon as possible.

12. Changes to this Privacy Policy

ADACOM may modify this Privacy Policy and its related practices at any time. We encourage you to periodically check this page for the most current information about our privacy practices. This Privacy Policy was updated on March 13, 2023.

13. Contact Information

There are the following options if you wish to contact us, make a complaint or manage your account details:

• You can send us your request in writing to the following postal address: Kreontos Street 25, P.C. 10442 Athens, Greece.
• You can call us at: + 30 2105193740
• You can send an e-mail to: dpo@adacom.com