At Obrela Security Industries, we are committed to providing our clients with exceptional services. As providing these services involves the collection and process of Personal Information about our clients, protecting their Personal Information is one of our highest priorities.
Personal Data: Personal Data means any information relating to an identified or identifiable natural person (‘Data Subject’); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity.
Personal Data Processing: Processing Personal Data means any process, with or without the use of automated systems, to collect, store, organize, retain, modify, query, use, forward, transmit, disseminate or combine and compare data. This also includes disposing of and deleting data.
Controller: Controller is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data.
Processor: Processor is a natural or legal person, public authority, agency or other body which processes Personal Data on behalf of the Controller.
Allowed Website Users
Personal Data Processing Principles
Fairness, Lawfulness, and Transparency
The Organization collects and processes Personal Data only in the context to perform a contract, or where the processing is in the Controller’s legitimate interests and not overridden by Data Subjects’ protection interests or fundamental rights and freedoms, or where the Data Subject’s consent has been obtained. In some cases, the Organization may also have a legal obligation to process Personal Data or may otherwise need the Personal Data to protect Data Subject’s vital interests or those of another person. Personal Data shall not be processed in a way that is unduly detrimental, unexpected or misleading to the individuals concerned. The Organization shall provide all required information to the Data Subject regarding the processing of Personal Data, such as: processing purposes, the identity of the Controller, third parties or categories of third parties to whom the data might be transmitted.
Personal Data can be processed only for the purpose that was defined before the data were collected. Subsequent changes to the purpose are only possible to a limited extent (compatible with original purpose) and require the Data Subject to be informed and provide his / her consent or there is a clear basis in law.
The Organization shall ensure that Personal Data processed are:
Personal Data shall not be collected in advance and stored for potential future purposes unless required or permitted by national law.
Storage Limitation / Deletion
The Organization retains Personal Data for as long as necessary for the purposes for which the Personal Data were collected or where the Controller has an ongoing legitimate business need to do so, or to comply with applicable legal, tax, or regulatory requirements. For that purpose, appropriate retention periods shall be defined taking under consideration legal, regulatory and business/contractual requirements.
When there is no ongoing legitimate business need to process Personal Data, the Organization will either securely destroy, erase, delete or anonymize them, or if this is not possible (for example, because Personal Data have been stored in backup archives), Personal Data shall be securely stored and isolated from any further processing until deletion is possible.
The Organization shall take all reasonable steps to ensure the Personal Data processed are correct, complete and, if necessary, kept up-to-date. Appropriate steps shall be taken to ensure that inaccurate or incomplete data are deleted, corrected, supplemented or updated.
Safeguard Security of Personal Data
Personal Data shall be treated as Confidential Information and shall be handled accordingly. Appropriate technical and organizational measures shall be enforced in order to safeguard confidentiality, integrity, and availability of Personal Data (measures to prevent unauthorized access, illegal processing or distribution, as well as accidental loss, modification or destruction).
Information We Collect and How We Process Them
By registering to OSI newsletter you provide us your consent for the purpose of allowing us to send free newsletters, surveys, offers, and other promotional materials related to OSI and/or the OSI Services. OSI also reserves the right, at its sole discretion, to forward the information you submit to its parents, subsidiaries and affiliates for legitimate business purposes related to marketing purposes. You can stop receiving promotional emails by following the unsubscribe instructions in e-mails that you receive. If you decide not to receive promotional emails, we may still send you service-related communications.
Collected Personal Data:
We collect Personal Information from you if you voluntarily provide it to us. Protected material (i.e. White Papers) distributed by OSI Website may require the visitor to provide some personally identifiable information such as your name, company name, business title, business e-mail address and phone number in order to grant access to this material (i.e. download a white paper). We may contact you for an inquiry regarding our services.
Collected Personal Data:
We collect Personal Data in response to employment listings. If you choose to submit your CV (email@example.com) you are authorizing OSI to utilize this information for all lawful and legitimate hiring and employment purposes (i.e. contact for arranging interview) and store them for three (3) years. OSI also reserves the right, at its sole discretion, to forward the information you submit to its parents, subsidiaries and affiliates for legitimate business purposes related to hiring and employment purposes.
Collected Personal Data:
Like most websites or apps, we use automatic data collection technology when you use the Website and our Services to record information that identifies your computer, to track your use of our Website and our Services, and to collect certain basic information about you and your usage habits. This information includes information about your operating system, your IP addresses, browser type and language, referring and exit pages and URLs, keywords, date and time, amount of time spent on particular pages, what sections of the Website you visit, and similar information concerning your use of the Website or our Services.
Collected Personal Data:
Using Browser Settings to Block Cookies
Google Chrome (https://support.google.com/chrome/answer/95647)
Data Subjects Rights
The General Data Protection Regulation, grants Data Subjects a range of specific rights they can exercise under particular conditions. The Organization enforces appropriate mechanisms in order to handle these requests within the predefined by the Regulation time period. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests. We shall inform the Data Subject of any such extension within one month of receipt of the request, together with the reasons for the delay. Following is an overview of the fundamental Data Subject Rights. All requests must be sent to firstname.lastname@example.org .
If you wish to make a complaint regarding the processing of your personal data, we hereby notify you that the Competent Authority is the Data Protection Authority (DPA). Contact Details: +302106475600, email@example.com .
The Right to be Informed
Data Subjects shall have the right to be informed about the collection and use of their Personal Data. Privacy information such as: whether data concerning him or her are being processed, how Personal Data were collected, purposes for processing Personal Data, retention periods for that Personal Data, and information about the identity of the recipient or the categories of recipients, in case they are transferred to third parties.
The Right to Rectification
In case Personal Data are incorrect or incomplete, the Data Subject shall have the right to request that it be corrected or supplemented.
The Right to Restrict Processing
The Data Subject shall have the right to request the restriction of processing of their Personal Data. In this case, the Organization is allowed to store the data, but not use it for certain purposes.
The Right to Erasure or to be Forgotten
The Data Subject shall have the right to request his/her data to be deleted if the processing of such data has no legal basis, or if the legal basis has ceased to apply. The same applies if the purpose behind the data processing has lapsed or ceased to be applicable for other reasons. Existing retention periods and conflicting interests meriting protection must be taken under consideration.
The Right to Data Portability
The Data Subject shall have the right to receive the Personal Data concerning him or her, which he or she has provided to the Controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without undue delay from the Controller.
The Right to Object
The Data Subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of Personal Data concerning him or her, including profiling based on those provisions. The controller shall no longer process the Personal Data unless the Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the Data Subject or for the establishment, exercise or defense of legal claims.
The Right not to be Subject to Automated Decision Making
The Data Subject shall have the right to oppose to automated individual decision-making (deciding solely by automated means without any human involvement); and profiling (automated processing of personal data to evaluate certain things about an individual). Profiling can be part of an automated decision-making process.
Personal data must be safeguarded from unauthorized access and unlawful processing or disclosure, as well as accidental loss, modification or destruction. This applies regardless of whether data are processed electronically or in paper form. Appropriate technical and organizational measures shall be enforced in order to ensure an appropriate level of security, taking into considering the state of the art and the costs of implementation in relation to the risks and the nature of the Personal Data to be protected. Especially before the introduction of new methods of data processing, particularly new IT systems, technical and organizational measures to protect Personal Data shall be defined and implemented.
The technical and organizational measures for protecting Personal Data are part of the Corporate Information Security Management System, which is certified from an independent authority against ISO 27001:2013 Security Standard.
We reserve the right to review this Policy at regular intervals and to make public its latest version. Any change to this Policy will apply once the revised Policy is publicly available. We suggest to our Website users to regularly visit the Policy, where it is available, so that they are aware of all the changes that have been made. If a review substantially reduces or alters their rights, they will be informed by OSI and may be asked to renew their consent regarding the collection and processing of their Personal Data.
Obrela Security Industries
Data Protection Officer
Address: 117 Argous str. & 33-35 Timeou str. 10441, Athens, Greece
Telephone: +30 211 8003773 / +30 210 9573750