GDPR Policy

Personal data protection policy

‘TIF HELEXPO’ places great importance on security and respects your privacy and the confidentiality of your personal data. This is why we invest time and resources in protecting your privacy. In this effort, we are in a continuous process of updating and training in order to fully comply with the national EU and international framework in place and, in particular, the General Personal Data Protection Regulation (Regulation 679/2016) of the European Union.

Purpose of this policy

The purpose of this policy is to inform you about how the personal data of our customers are collected, stored, used and transmitted, the security measures we take in order to protect your personal data, the reasons and period for which they are stored, as well as the type of personal data collected. This concerns any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

This Policy is updated from time to time and may be amended at any time this is deemed necessary, without prior notice, always in compliance with the legislative framework in force and in accordance with any changes to the applicable personal data protection legislation. Therefore, we recommend that you review this Policy at regular intervals in order to learn about any changes made.

What are personal data?

Personal data are any information regarding any particular natural person or a person who can be identified (e.g. name, identity card number, address, etc.). Data concerning health (physical or mental health, provision of medical services, etc.) are included in the general term ‘personal data’ but constitute a special category of data. TIF HELEXPO shall not process your personal data without your consent. However, TIF HELEXPO reserves the right to process your

personal data in exceptional cases to the extent permitted or required by law and/or Court judgments or prosecutorial orders.

How are personal data collected?

Your personal data are collected in the following ways:

  1. You provide them when TIF HELEXPO provides services to you, when you contact us in order for you or a third person to receive services, when you submit a job application to TIF
  2. HELEXPO, when you fill out electronic forms or send electronic mail (‘e-mail’) messages in order to learn about or use the services of TIF HELEXPO available via the web pages at the TIF HELEXPO domain name;
  3. Automatically through the browser software or the mobile device you use to access our websites;
  4. They are provided by a third-party associate of ours after you have granted your consent.

When registering with a service provided through the web pages managed by TIF HELEXPO, you will be required to fill out certain fields, as well as pick a username and password. Where your consent to the collection of your personal data is required, e.g. in order to receive a newsletter on a regular basis, this will be expressly requested and you have the right to withdraw it at any time.

What types of personal data are collected?

In brief, the personal data that are collected and undergo further processing include:

  • your name, address and general contact details (including your e-mail address and telephone number);
  • information you provide concerning payment, such as bank-issued card details,

Beyond the above data you provide, technical information that constitute personal data may be collected, such as, for example, the Internet Protocol address of your device [e.g.

personal computer, laptop computer, tablet, smartphone]. This technical information is used for the unhindered operation and appearance of the web pages and electronic services, and is not permanently stored within our infrastructure.

Further details on the technologies used in our web pages (cookies, internet tags, etc.) can be found below.

Which principles govern the processing of personal data by TIF HELEXPO?

TIF HELEXPO processes your personal data in a fair and lawful manner for clearly defined purposes. Your personal data that are processed by TIF HELEXPO are limited to those that are absolutely necessary for the achievement of these purposes, are accurate and timely, are kept for a period set out by the processing purposes, are protected by sufficient security measures and are not transmitted to countries that do not ensure a satisfactory level of protection.

Who collects personal data and for which purpose? Are they transmitted to third parties?

Personal data are collected and processed by authorised H TIF HELEXPO employees for each service, for the purposes and solely for the provision of each service. They are transmitted solely to third parties who have undertaken commitments for observing confidentiality, when they are required to have access to the framework of provision of these services.

Following an order on your part, your personal data may be transmitted to third parties / enterprises associated with TIF HELEXPO with which you have concluded contracts.

TIF HELEXPO undertakes the commitment to not trade your personal data by making them available for sale/rent, giving/transferring/making them public or communicating them to third parties or using them in any other manner and for other purposes that could endanger your privacy, rights and liberties, unless required by law, Court judgment/order, administrative act or if it is a contractual obligation that is necessary for the unhindered operation of the TIF HELEXPO Web Page and the realisation of its functions.

Your personal data may be transmitted to associates or third parties who comply with the terms of this Policy and are bound to observe confidentiality and who are acting on our behalf for further processing for the purpose of providing services, evaluating and improving the functionality of the website, as well as for marketing, data management and technical support purposes, solely after users have been notified in advance and their consent has been obtained. These third parties are contractually bound to us to use personal data solely for the above reasons, to not transmit personal information to third parties and to not disclose them to third parties unless required by law.

How long are my personal data kept?

Your personal data are kept as long as required by the nature of the TIF HELEXPO service you have selected and, additionally, as long as required by the applicable legislation.

What are my rights? What are my options if I have any issues with the processing of my personal data?

You have the right to ask us at any time which personal data we process, for which purposes we process them, whether we communicate them to third parties and if so to whom, and other relevant information. You also have the right to receive a free copy of your personal data upon request. Other rights under the relevant personal data protection legislation include the right to request the updating and/or rectification of your data, the right to have your personal data no longer processed and/or to restrict their processing and to have your personal data erased from the systems of TIF HELEXPO if there is no legal obligation for their retention. You also reserve the right to portability and/or to oppose the processing of your personal data.

More specifically, with respect to the newsletter service, you can unsubscribe by following the instructions included in each newsletter in order for the processing of the personal data relating to this service to cease.

You can exercise all your above rights by submitting a written request to dpo@helexpo.gr For any issue concerning your personal data and/or clarifications, please

contact the Data Protection Officer of TIF HELEXPO by calling +302310291244 , by e-mail at dpo@helexpo.gr

In any event, you have the right to contact the competent Hellenic Data Protection Authority (www.dpa.gr) and/or seek a judicial remedy. Any request submitted must be accompanied by appropriate identifying evidence and the necessary information (e.g. the data requiring rectification) as set out in the terms of use of each service. TIF HELEXPO may request additional information necessary to confirm your identity.

TIF HELEXPO makes every possible effort to ensure that we respond to your requests without delay and, in any event, within one month of receipt. That period may be extended by two (2) further months where necessary, taking into account the complexity and number of the requests. You will be notified of this extension and the reasons for the delay within one month of receipt of the request by TIF HELEXPO. If your request is submitted electronically, the response will be provided electronically, where possible, unless you request a different response (e.g. written letter).

In any event, you may contact the Data Protection Officer of the Group, the Hellenic Data Protection Authority and/or seek a judicial remedy if you believe your above rights were infringed.

Are my data secured?

TIF HELEXPO places the utmost importance on the privacy of individuals whose personal data it processes, be they customers, employees or third parties, and makes every possible effort to protect them, both in terms of confidentiality/discretion of the information and in terms of their integrity (preventing their alteration, accidental destruction, etc.). In this context, TIF HELEXPO applies an Information Security Management System that complies with the best practices of the ISO 9001:2015 and EN 15224:2012 standards.

TIF HELEXPO takes every appropriate organisational and technical measure designed to protect information from loss, misuse, unauthorised access, disclosure, distortion or destruction, and cares for the fair and lawful collection and processing of personal data, as well

as their secure retention in accordance with the relevant provisions of Greek, EU and international law concerning the protection of individuals from the processing of personal data, as well as the decisions of the Hellenic Data Protection Authority, safeguarding the secrecy and confidentiality of any information of which it becomes aware. More specifically, this Policy fully takes into consideration the provisions and Articles of Regulation (EU) 2016/679 of the European Parliament on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (‘General Data Protection Regulation’ – ‘GDPR’), and continuously makes every possible effort to comply with that Regulation.

Access to the contact details of visitors/users of the TIF HELEXPO Web Page is limited to authorised persons who are bound to observe confidentiality (employees, service providers) and are reasonably considered to be required to know these details in order to provide products or services to Web Page visitors/users or to carry out their work.

– What are Cookies & internet tags?

Cookie are small text files containing information stored in the browser software on the computers of visitors/users when they visit the Web Page, and may be deleted at any time. The TIF HELEXPO Web Page uses cookies for the following purposes:

  • To ensure that the Web Page operates smoothly and at the required speed.
  • To recognise the device you use to visit the Web page, the browser software and/or operating system you use, for the purpose of providing a tailored browsing experience and/or use of the TIF HELEXPO Web Page.
  • To store your settings during a visit or between visits (such as the username you have picked, the language you prefer or the use of social networking media) so that you do not have to re-enter certain data.
  • To improve the performance and/or security of the Web Page.
  • To provide content based on your interests and needs.
  • To analyse how you browse and/or use the Web Page.

TIF HELEXPO does NOT use cookies in the following cases:

  • To collect personal data without your consent.
  • To transmit your data to advertising companies.
  • To transmit your data to third parties without your consent.

The types of cookies used on the TIF HELEXPO Web Page are ‘persistent cookies’ and ‘session cookies’. Furthermore, certain third-party services that are active on the Web Page, such as ‘social media buttons’, place their own cookies on your computer; these are not controlled by the administrators of the TIF HELEXPO Web Page. The session cookies used by the TIF HELEXPO Web Page are deleted after your browsing has ended and/or the browser software has been shut down. Persistent cookies remain on your computer or device until you delete them or the period set out in the cookie expires.

You can set the browser you use to either alert you when cookies are used by specific Web Page services or not allow the use of cookies in any case. You can find further information on the general use of cookies and methods to limit or block them at https://cookiepedia.co.uk/all-about-cookies and http://www.allaboutcookies.org/. You can also delete cookies from your computer or device at any time. However, it must be stressed that by not accepting cookies or certain of them, some features of a web page might not be fully available. The TIF HELEXPO Web Page also uses ‘internet tags’. This method is used to measure visitor response to the Web Pages. TIF HELEXPO assures you that the use of ‘internet tags’ and cookies does NOT entail the collection or search of personal, identifiable information concerning web page visitors, such as names, addresses, e-mail addresses or telephone numbers.

-What is the policy concerning links to other web pages?

The TIF HELEXPO Web Page may contained hyperlinks to other web pages; the Company shall not be held liable with respect to the content and services of such web pages and cannot guarantee their continuous and secure accessibility. TIF HELEXPO shall not be considered to accept or endorse the content or services of the web pages of hyperlinks in any event or be considered to be affiliated with them in any way. Should any problems arise during the use of

the above web pages, the beneficial owner of each web page shall be exclusively responsible. In the event of hyperlinks to other web pages, TIF HELEXPO shall not be held liable for the terms of personal data management and protection they follow. We use social media to present the work and services of TIF HELEXPO through widely used, modern channels of communication. The use of social media by TIF HELEXPO is specifically presented on our Web Page.

TIF HELEXPO strongly encourages users to consult the corresponding policy of each third party (e.g. search engine service providers, social media providers such as Facebook, LinkedIn, Twitter, etc.) in order to learn about the practices they follow for the protection of personal data.

The TIF HELEXPO Web Page may show material with advertising/informative content, purpose and character. TIF HELEXPO shall bear no liability towards visitors/users and any third parties for any unlawful act or omission, inaccuracy or failure to comply with the laws and regulations of any country or the European Union with respect to the content of these notifications. TIF HELEXPO is not obligated to examine and shall not examine whether or not the informative material shown on the above web pages is lawful and as such no liability may be attributed to the Company. This liability is borne by the parties being advertised, the sponsors or the creators of the advertising material being shown.

Important information for the visitors

We would like to inform you that the requested data shall only be used by our Company in order to send you updates regarding our future events that are relevant to your fields of interest. We are obligated to retain these data for the minimum period required by the legislation in force in order to discharge our obligations to third parties (including tax authorities) for the period laid down in the relevant provisions. Should the above limitations cease to apply, we will permanently delete your data after having previously notified you. You have the right to access, rectification and erasure of your personal data, as well as the right to their portability for transmission to a different Controller or Processor by sending a relevant request to the Technical Studies Project and Monitoring ISO & GDPR Department, or an e-mail message to the address dpo@helexpo.gr. You also have the right to withdraw your consent for the processing of your data on our part. In this event, please bear in mind that this

withdrawal may automatically entail the cessation of our cooperation, given the necessity of processing your data in order to perform our contractual obligations. In any event, we may request your identity data in order to make sure that we are not communicating your personal data to anyone else. We will take every possible measure to satisfy your requests within thirty days from receiving them, as we are obligated to do, notifying you of the completion of your request or the reasons hindering the exercise of your rights or the satisfaction of one or more of your rights, as well as the reasons any delay on our part beyond thirty days. Additionally, we will notify you of your further rights in the event of undue response on our part to your requests. If you feel that your rights with respect to your personal data are being harmed, you always have the right to lodge a complaint with the competent Supervisory Personal Data Protection Authority: http://www.dpa.gr, 1-3, Kifissias Street, GR-11523, Athens, Tel.: 210 6475600, e-mail: contact@dpa.gr. In this event, we would particularly appreciate your prior communication with our Data Protection Officer (DPO) either by sending a physical letter to the company headquarters (Technical Studies Project and Monitoring ISO & GDPR Department 154, Egnatia str,. 546 36) or by sending an e-mail message (to the e-mail address: dpo@helexpo.gr), always including your full particulars and the reason for communicating with the company.