fbpx

This website uses cookies to ensure you get the best experience. More Information...

PRIVACY

1        Introduction

1.1  Purpose

At Obrela Security Industries, we are committed to providing our clients with exceptional services.  As providing these services involves the collection and process of Personal Information about our clients, protecting their Personal Information is one of our highest priorities.

This Privacy Policy explains the conditions under which and the purposes for which we collect and use your Personal Data in connection with your use of our Website located at https://www.obrela.com (“Website”), the third parties to whom we disclose your Personal Data, and the choices and means, if any, we offer you for limiting the use and disclosure of your Personal Data. We will not use or share your Personal Data except as described in this Privacy Policy.

1.2  Definitions

Personal Data: Personal Data means any information relating to an identified or identifiable natural person (‘Data Subject’); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity.

Personal Data Processing: Processing Personal Data means any process, with or without the use of automated systems, to collect, store, organize, retain, modify, query, use, forward, transmit, disseminate or combine and compare data. This also includes disposing of and deleting data.

Controller: Controller is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data.

Processor: Processor is a natural or legal person, public authority, agency or other body which processes Personal Data on behalf of the Controller.

1.3  Allowed Website Users

The Website and our Services are not intended for minors under 18 years of age. We do not knowingly collect Personal Data from minors under the age of 18. If you are under 18, please do not provide us any Personal Information. We encourage parents and legal guardians to monitor their children’s Internet usage and to help enforce our Privacy Policy by instructing their children to never provide Personal Data through the internet without their permission. If you have reason to believe that a child under the age of 18 has provided Personal Data or any other information or content to us, please email us at dpo@obrela.com, and we will perform all appropriate action, without undue delay.

2        Personal Data Processing Principles

2.1  Fairness, Lawfulness, and Transparency

The Organization collects and processes Personal Data only in the context to perform a contract, or where the processing is in the Controller’s legitimate interests and not overridden by Data Subjects’ protection interests or fundamental rights and freedoms, or where the Data Subject’s consent has been obtained. In some cases, the Organization may also have a legal obligation to process Personal Data or may otherwise need the Personal Data to protect Data Subject’s vital interests or those of another person. Personal Data shall not be processed in a way that is unduly detrimental, unexpected or misleading to the individuals concerned. The Organization shall provide all required information to the Data Subject regarding the processing of Personal Data, such as: processing purposes, the identity of the Controller, third parties or categories of third parties to whom the data might be transmitted.

2.2  Purpose Limitation

Personal Data can be processed only for the purpose that was defined before the data were collected. Subsequent changes to the purpose are only possible to a limited extent (compatible with original purpose) and require the Data Subject to be informed and provide his / her consent or there is a clear basis in law.

2.3  Data Minimization

The Organization shall ensure that Personal Data processed are:

  • adequate – sufficient to properly fulfill your stated purpose;
  • relevant – has a rational link to that purpose; and
  • limited to what is necessary – you do not hold more than you need for that purpose.

 

Personal Data shall not be collected in advance and stored for potential future purposes unless required or permitted by national law.

2.4  Storage Limitation / Deletion

The Organization retains Personal Data for as long as necessary for the purposes for which the Personal Data were collected or where the Controller has an ongoing legitimate business need to do so, or to comply with applicable legal, tax, or regulatory requirements. For that purpose, appropriate retention periods shall be defined taking under consideration legal, regulatory and business/contractual requirements.

When there is no ongoing legitimate business need to process Personal Data, the Organization will either securely destroy, erase, delete or anonymize them, or if this is not possible (for example, because Personal Data have been stored in backup archives), Personal Data shall be securely stored and isolated from any further processing until deletion is possible.

2.5  Accuracy

The Organization shall take all reasonable steps to ensure the Personal Data processed are correct, complete and, if necessary, kept up-to-date. Appropriate steps shall be taken to ensure that inaccurate or incomplete data are deleted, corrected, supplemented or updated.

2.6  Safeguard Security of Personal Data

Personal Data shall be treated as Confidential Information and shall be handled accordingly. Appropriate technical and organizational measures shall be enforced in order to safeguard confidentiality, integrity, and availability of Personal Data (measures to prevent unauthorized access, illegal processing or distribution, as well as accidental loss, modification or destruction).

 

3         Information We Collect and How We Process Them

3.1  OSI Newsletter

By registering to OSI newsletter you provide us your consent for the purpose of allowing us to send free newsletters, surveys, offers, and other promotional materials related to OSI and/or the OSI Services. OSI also reserves the right, at its sole discretion, to forward the information you submit to its parents, subsidiaries and affiliates for legitimate business purposes related to marketing purposes. You can stop receiving promotional emails by following the unsubscribe instructions in e-mails that you receive. If you decide not to receive promotional emails, we may still send you service-related communications.

Collected Personal Data:

  • Identification Data: email address

3.2  Protected Material

We collect Personal Information from you if you voluntarily provide it to us. Protected material (i.e. White Papers) distributed by OSI Website may require the visitor to provide some personally identifiable information such as your name, company name, business title, business e-mail address and phone number in order to grant access to this material (i.e. download a white paper). We may contact you for an inquiry regarding our services.

Collected Personal Data:

  • Demographic Data: Name, Surname
  • Identification Data: email address
  • Education & Career Related Data: job title

3.3  Careers

We collect Personal Data in response to employment listings. If you choose to submit your CV (careers@obrela.com) you are authorizing OSI to utilize this information for all lawful and legitimate hiring and employment purposes (i.e. contact for arranging interview) and store them for three (3) years. OSI also reserves the right, at its sole discretion, to forward the information you submit to its parents, subsidiaries and affiliates for legitimate business purposes related to hiring and employment purposes.

Collected Personal Data:

  • Demographic Data: Name, Surname, Father’s Name, Age, Home Address
  • Identification Data: email address
  • Education & Career Related Data: Work experience, Job title, Educational background

3.4  Technical Information

Like most websites or apps, we use automatic data collection technology when you use the Website and our Services to record information that identifies your computer, to track your use of our Website and our Services, and to collect certain basic information about you and your usage habits. This information includes information about your operating system, your IP addresses, browser type and language, referring and exit pages and URLs, keywords, date and time, amount of time spent on particular pages, what sections of the Website you visit, and similar information concerning your use of the Website or our Services.

Collected Personal Data:

Technical Data/Metadata:

  • Log Files: We gather certain information automatically and store it in log files. This information may include internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and/or clickstream data, mobile device type. We may combine this automatically collected log information with other information we collect about you. We do this to improve services we offer you. Only authorized employees have access to log files.
  • Cookies: Cookies are small packets of data that a website or app stores on your device so that your device will “remember” information about your visit. We may use cookies to track the pages that you visit during each Website session to help us improve your experience, for marketing reasons and to help us understand how this Website or our Services are being used. Cookies categories:
  • Strictly necessary cookies: are essential in order to enable you to navigate around our Website and use its features. Without these cookies, we would be unable to provide you with the services you have asked for.
  • Functionality cookies: allow our Website to remember choices you make and help to provide an enhanced, more personal experience on our Website.
  • Performance cookies: help us improve our Website and our online services. These cookies gather information about how our Website is used, including which pages are visited most often. This helps us to provide a better user experience. These cookies are anonymous – which means that they won’t collect information to identify you.
  • Targeting & Advertising cookies: are used to help us better understand our advertising campaigns and how we can make these more relevant to you. These cookies are also anonymous, they won’t collect information to identify you.

3.4.1 Using Browser Settings to Block Cookies

If you do not wish to have cookies placed on your device, you should set your browser to refuse web cookies before accessing this Website, with the understanding that certain features of this Website may not function properly without the aid of cookies. If you refuse cookies, you assume all responsibility for any resulting loss of functionality.

 

Firefox (https://support.mozilla.org/en-US/kb/block-websites-storing-site-preferences)

Google Chrome (https://support.google.com/chrome/answer/95647)

Internet Explorer (https://support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-manage-cookies)

Safari (https://support.apple.com/en-gb/guide/safari/manage-cookies-and-website-data-sfri11471/mac)

 

4        Data Subjects Rights

The General Data Protection Regulation, grants Data Subjects a range of specific rights they can exercise under particular conditions. The Organization enforces appropriate mechanisms in order to handle these requests within the predefined by the Regulation time period. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests. We shall inform the Data Subject of any such extension within one month of receipt of the request, together with the reasons for the delay. Following is an overview of the fundamental Data Subject Rights. All requests must be sent to dpo@obrela.com .

 

If you wish to make a complaint regarding the processing of your personal data, we hereby notify you that the Competent Authority is the Data Protection Authority (DPA). Contact Details: +302106475600, contact@dpa.gr .

 

4.1  The Right to be Informed

Data Subjects shall have the right to be informed about the collection and use of their Personal Data. Privacy information such as: whether data concerning him or her are being processed, how Personal Data were collected, purposes for processing Personal Data, retention periods for that Personal Data, and information about the identity of the recipient or the categories of recipients, in case they are transferred to third parties.

4.2  The Right to Rectification

In case Personal Data are incorrect or incomplete, the Data Subject shall have the right to request that it be corrected or supplemented.

4.3  The Right to Restrict Processing

The Data Subject shall have the right to request the restriction of processing of their Personal Data. In this case, the Organization is allowed to store the data, but not use it for certain purposes.

4.4  The Right to Erasure or to be Forgotten

The Data Subject shall have the right to request his/her data to be deleted if the processing of such data has no legal basis, or if the legal basis has ceased to apply. The same applies if the purpose behind the data processing has lapsed or ceased to be applicable for other reasons. Existing retention periods and conflicting interests meriting protection must be taken under consideration.

4.5  The Right to Data Portability

The Data Subject shall have the right to receive the Personal Data concerning him or her, which he or she has provided to the Controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without undue delay from the Controller.

4.6  The Right to Object

The Data Subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of Personal Data concerning him or her, including profiling based on those provisions. The controller shall no longer process the Personal Data unless the Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the Data Subject or for the establishment, exercise or defense of legal claims.

4.7  The Right not to be Subject to Automated Decision Making

The Data Subject shall have the right to oppose to automated individual decision-making (deciding solely by automated means without any human involvement); and profiling (automated processing of personal data to evaluate certain things about an individual). Profiling can be part of an automated decision-making process.

5        Secure Processing

Personal data must be safeguarded from unauthorized access and unlawful processing or disclosure, as well as accidental loss, modification or destruction. This applies regardless of whether data are processed electronically or in paper form. Appropriate technical and organizational measures shall be enforced in order to ensure an appropriate level of security, taking into considering the state of the art and the costs of implementation in relation to the risks and the nature of the Personal Data to be protected. Especially before the introduction of new methods of data processing, particularly new IT systems, technical and organizational measures to protect Personal Data shall be defined and implemented.

The technical and organizational measures for protecting Personal Data are part of the Corporate Information Security Management System, which is certified from an independent authority against ISO 27001:2013 Security Standard.

 

6        Policy Update

We reserve the right to review this Policy at regular intervals and to make public its latest version. Any change to this Policy will apply once the revised Policy is publicly available. We suggest to our Website users to regularly visit the Policy, where it is available, so that they are aware of all the changes that have been made. If a review substantially reduces or alters their rights, they will be informed by OSI and may be asked to renew their consent regarding the collection and processing of their Personal Data.

7        Contact Us

If you have questions about this privacy policy, please contact us at:

 

Obrela Security Industries

Data Protection Officer

Address: 117 Argous str. & 33-35 Timeou str. 10441, Athens, Greece

Telephone: +30 211 8003773 / +30 210 9573750

Email: dpo@obrela.com