1. INTRODUCTION
The present Privacy Policy (hereinafter, the “Policy” or “Privacy Policy”) refers to the company “FYNTANIS DIMITRIOS KAI SIA L.P.” (VAT No. 998087122, General Commercial Registry no.: 8926401000] (46, Dimokratias Ave., Ilioupoli, P.C. 16345) (hereinafter, the “Company”) and the personal data of visitors that it gathers, uses and shares through the website https://www.skywalker.gr as well as through the respective mobile applications (apps), which are owned by it and are used by our company (hereinafter, the “Platform”).
The Company commits to protect the confidentiality and privacy of Personal Data and complies with the relevant provisions of the “General Data Protection Regulation” (hereinafter, the “”GDPR”).
Please note that the present Privacy Policy is not valid and applicable with regard to your interactions with other Users of our Platform. Users must process data gathered by them and obtain a relevant consent, when required, on their exclusive responsibility and according to their own personal data protection policies. For any information on the manner, in which our Users manage the personal data provided by you through the Platform, or the use of our Services, please refer to their privacy policies.
2. DEFINITIONS
Personal data: means any information relating to and identifying a natural person, such as: identification details (name and surname, age, domicile, profession, family status, etc.), natural characteristics, education, work (work experience, work attitude, etc.), financial condition (revenues, assets, financial behaviour), interests, activities, habits. The person (individual), to whom the data shall refer, shall be called data subject.
Personal data breach: the breach of security that causes the casual or illegal destruction, loss, alteration, unauthorized disclosure or access of personal data which were transmitted, stored or processed in any other manner.
Data Controller: the natural or legal person which determines the purposes and means of the processing of personal data.
Data Processor: the natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Processing of personal data: any operation or set of operations which is related to personal data, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Third party: a natural or legal person other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data individual or legal entity.
Public Profile: The public profile is determined by the person. He/she shall be able to select which details shall be public and accessible by companies seeking personnel. For instance, his/her work experience may appear but not his/her personal details or vice versa or both may appear.
3. WHO IS THE COLLECTOR?
Within the scope of the present Privacy Policy, the Company usually manages the Data of a platform User in its capacity as “Data Processor”. This means that we collect, store and manage each User’s Personal Data in our capacity as provider of our Services to any User wishing to post a job ad (hereinafter, the “Job Ad”) and use our Services (hereinafter, “Employer”). This applies to the overwhelming majority of Personal Data kept by us, irrespective of whether you are i) an Employer; or ii) any User outside the Employer’s personnel searching for a job (hereinafter, “Job Applicant”). When we manage the Data as Data Processors, the rules of processing your Data, such as indicatively the manner of using and disclosing such data, are determined by the Employer’s respective personal data protection policy. The Company, as Data Processor, processes your Data according to the Employer’s instructions. Therefore, most clauses of the present Privacy Policy shall not apply when we act as Data Processors.
Nevertheless, we sometimes operate on the Platform as Data Controllers. This means that we collect and use Data on our own account and not as the Employer’s Service provider. Consequently, the present Privacy Policy shall apply when we act in our capacity as Data Controller. This happens when you visit our Platform or use our Services within a framework other than applying for a job. For example, if you use the Platform without submitting an application for a specific Job Ad, you shall complete your profile, as the Employer evaluates you on the basis of the profile edited by you and its completeness shall contribute to your better evaluation. Within this framework, you submit Data, but not under a specific Job Offer, therefore we collect and process your Data as a Data Controller.
The Company is the collector of personal data, which it processes within the framework of providing its services by keeping and processing your personal data with confidentiality and respect for your private life and by taking the necessary technical and organizational measures for their further protection.
4. OUR BASIC PRINCIPLES
The Company commits to abide by the following principles of personal data processing under Article 5 of the GDPR:
• Lawfulness, fairness and transparency
• Purpose limitation – The personal data are collected for specified, explicit and legitimate purposes
and are not further processed in a manner that is incompatible with those purposes.
• Data minimization – The personal data are adequate, relevant and limited to what is necessary in
relation to the purposes for which they are processed.
• Data accuracy / quality – The personal data must be accurate and, where necessary, kept up to date.
• Storage limitation – The personal data must be kept for no longer than necessary or as provided by the
Law.
• Integrity and confidentiality – Personal data must be processed in such a manner that ensures
security, particularly their protection against unauthorized or unlawful processing and against
accidental loss, destruction or damage, by using appropriate technical or organizational measures.
• Accountability Principle.
5. COLLECTION OF PERSONAL DATA
We collect personal data which are absolutely necessary for the purpose of their processing. The collected personal data vary depending on whether:
1) The user is a
candidate;
2) it is a company; &
3) he/she is a visitor to the webpage and wishes to contact Skywalker.gr – Jobs in Greece electronically
and receives notifications.
More specifically:
5.1. Personal Data that are collected through the platform and are required for the creation of a candidate’s account:
• Name and surname
• E-mail
• Password
Alternatively, the user may create an account by using an existing Facebook, LinkedIn or Gmail password; in such case, the personal data collected are as follows:
• Name and surname
• E-mail
• Password Password
5.2. Updating a Candidate’s Profile:
• Personal Details
o Photograph
• Job Profile
o Desirable job posts
• Interests (free text) Through your profile,
you can adjust the details accessible to visitors of your public profile. 5.3. Personal
Data that are collected through the platform and are required for the creation
of a new company account:
• Contact person’s name and surname In case you select the
“Individual” capacity:
• Name and Surname 5.4. Personal
Data that are collected through the platform and are relate to finding a
job:
• A curriculum vitae that is automatically created by the system (details of the
candidate’s profile are indicatively mentioned) 5.5. Personal
Data that are collected through the platform and are relate to other services
provided by Skywalker.gr – Jobs in Greece:
• For contacting the platform’s administrators (Name and surname, e-mail, mobile
phone) 5.6. Personal
Data that are collected when you use the platform Skywalker.gr - Jobs in Greece
(Browsing):
• Information on the device used by the User to access the Platform (such as an IP
address, device, browsing program, type of operating system and other operating system
support details). We process personal
data for the purposes mentioned in detail hereinafter. It is prohibited to
post in any manner (e.g. on the profile or inside a curriculum vitae) any special
categories of personal data. Such data are, indicatively, those disclosing the racial or
ethnic origin, political opinions, religious or philosophical beliefs or trade union
membership, data concerning health or data relating a natural person’s sexual life or
orientation. Please help us keep an
update of your information by notifying us on any changes to your personal data.
6. CATEGORIES
OF DATA SUBJECTS Data subject
categories include:
• Natural persons (candidates) looking for a job; 7. THE
PURPOSES OF PROCESSING & THE LEGAL BASIS FOR DATA PROCESSING The processing of
personal data is based on one of the “legal bases”, as those are mentioned in article 6
§1 of the GDPR. The legal basis for processing each use of your data is mentioned in
each purpose of processing. More specifically, as
regards the signing in / creation of CVs, the submission of requests to find a job by
the Platform’s Users, the legal basis for processing Personal Data is the performance of
the contract/provision of the Services. For natural persons –
representatives of companies - the legal basis for processing Personal Data is the
performance of the contract between us. As regards the
communication and use of cookies while browsing the Platform, the legal basis is the
consent. We may also process
Personal Data of Users who are existing customers when our legal interest is to do so,
unless the legal interest or fundamental rights and liberties of the person, to whom the
Personal Data relate, prevail over such interests. Our legal interests include,
indicatively, marketing, selling and providing our products and Services, developing and
improving of products and Services, understanding our Users’ behavior, activities,
preferences and needs. Finally, we may
process Personal Data of Users when this is necessary for the protection and prevention
of fraud as well as for the compliance with industry standards, the applicable
legislation (including indicatively the Applicable Law on Personal Data Protection). For
instance, we may be obliged to disclose and announce Personal Data of Users under a
court decision, prosecutor’s order, instruction, or a decision taken by another person
or administrative body that is competent by law to oblige to the disclosure of such
information. If we have substantial reasons to believe that Personal Data of Users could
be useful in investigating any inappropriate or unlawful activity, we may disclose such
information to law enforcement agencies or other competent authorities. 8. USE OF
«COOKIES» TYPE RECORDS 8.1. What do
cookies mean and why do we use them? Cookies are small
parts of information that are stored in computers with the purpose of recognizing the
browsing program used when browsing platforms. The device identifiers are collected by
the system’s available data, which may include IP addresses, user agent information
(browsing program version, operating system type and version) or identifiers created by
devices, such as Apple identifiers for advertised parties, Apple identifiers for
suppliers, Android identifiers by Google or Google Play Store advertisement identifiers.
Cookies and similar technologies may used for memorizing data, such as identifiers and
user preferences.
The use of cookies
enables our Platform to memorize information with regard to your visit, by collecting
useful details of your search preferences. In this way, the search experience will be
enhanced next time you visit us. 8.2. Which
cookies do we use? The cookies described
below may be stored in the browsing program. You can see and manage cookies on the
browsing program (however, browsing programs for mobile devices may not offer such
visibility). Our Platform may use the following cookies:
Absolutely
Necessary Cookies These cookies are
essential for the platform’s proper function, allows you to browse and use its
functions, such as access to secure areas. These cookies are necessary for the
platform’s function and the platform’s provision of services would be technically
impossible without them. FUNCTIONAL
COOKIES THIRD PARTY
COOKIES 8.3.
Method of management and deletion of "Cookies" Most browsing program
menus provide options regarding the method of managing “Cookies”. Depending on the
options given to users by the browsing program, the user may allow the installation of
“Cookies”, deactivate / delete already existing “Cookies” or be notified each time
he/she receives “Cookies”. Instructions on managing and deleting Cookies are usually
available in the “Help”, “Tools” or ‘Edit” menu of each browsing program.
More information on
the types of cookies is available on the webpage http://www.allaboutcookies.org. If you
wish to learn how to control or take out cookies, you may visit the webpage www.AboutCookies.org. 9.
MINORS During the collection
of information directly from you, we take appropriate care in order to ensure, insofar
as this is technically possible, which collected information relate to minors. In any
case, if we ascertain that we have collected any personal information on a minor child
who is younger than 16 years without a verifiable parental consent as provided under
article 8 of the Regulation (EU) 2016/679 (General Data Protection Regulation), we will
delete such information from our databases the soonest possible. If you believe that we
may have collected information from a minor child below the age of 16 years, please
contact the Company’s Data Protection Officer at the following address: [email protected] 10. HOW WE
ENSURE PERSONAL DATA SECURITY We ensure that the
personal data are processed in compliance with policies and procedures that are
compatible with processing purposes. For instance, the following security measures are
used for the protection of personal data against an unlawful use or any other form of
unauthorized processing:
• Access to personal data is limited only to a certain number of authorized persons for
the specific purposes. 11. FOR HOW
LONG DO WE STORE DATA? We store personal data
for as long as it is required from the relevant purpose of processing and any other
permitted and related purpose. The data are maintained during the entire term of our
agreement and, upon its expiry, for as long as it is provided under applicable
law. Any information that
is not more necessary is destroyed in a secure manner or anonymized. With particular regard
to the data processed by us based on your consent (e.g. for marketing purposes), those
data are kept as of the receipt of the relevant consent and until its revocation.
We limit access to
your data to persons who need to use them for the specific.
More particularly,
candidates’ CVs, details of users, details of the candidates’ profile as well as contact
details are kept in places leased by the company from third parties within the EU, as
well as within the company’s infrastructure. 12. WHO ARE
THE RECIPIENTS OF DATA? Personal data
collected by us may be transmitted to third parties, on condition that the reason for
the transmission is justified. Furthermore, in the
event that the lawfulness of the transmission is justified, personal data may be
disclosed to the following recipient categories:
• Our employees or partners who may process your personal data under our
instructions. Even though the
transmission of data through the internet or a webpage cannot be protected in a
guaranteed manner from cyberattacks, our partners and we are working to maintain
physical, electronic and procedural security measures in order to protect your
data. 13. WHERE DOES
PROCESSING TAKE PLACE? Our customers’
personal data are processed within the European Economic Area (EEA). In the event that the
conduct of a research on the provision of services is also required outside the EEA,
then this takes place upon your explicit consent. Article 49, §4 (a). 14. BREACH OF
PERSONAL DATA In case of breach of
the security and integrity of the data being available to us and relate to personal
data, the Company will take the following measures: (under articles 33 and 34 of the
GDPR):
• Investigates and assesses such procedures as required for breach limitation; 15. YOUR
RIGHTS AS A DATA SUBJECT AND HOW YOU MAY EXERCISE THEM You have the right to
demand access to the personal data concerning you, rectification/erasure of your
personal data, restriction of processing, the right to object to the processing and/or
to exercise your right to data portability. If the processing of
data is based on your consent, you may revoke your consent at any time with effect for
the future. In more detail, you
have the following rights: α. Access:
The right to obtain information on the processing of personal data by us and be granted
access to such data.
β.
Rectification:
The right to demand the rectification or completion of your data, if those are
inaccurate or incomplete. γ. Erasure:
The right to demand the erasure of your data. We can satisfy such right if:
• The data are no longer necessary in relation to the purposes for which they were
collected; We reserve our right
to refuse satisfying the above right if the processing of data is necessary for our
compliance with a legal obligation for reasons of public interest or for the
establishment, exercise or defence of legal claims (article 17 §3) δ. Restriction of
Processing: The right to specify the data, in order to restrict their
processing. For instance, when you have contested the accuracy of your personal data for
the period to be required for verification. ε. Portability:
The right to receive your data in a structured, commonly used and machine-readable
format as well as to demand their transmission to you or to another person who will
process them. στ. Objection:
The right to object at any time to the processing of your data, including profiling, and
also when the data are processed for direct marketing purposes.
The Company will
investigate your request and will reply to you within one month from its receipt, either
that it will take action on the request or that there are objective grounds for not
taking action, or within two further months, taking into account the complexity and
number of the requests (Article 12 §3). The exercise of your
above rights is made free of charge, by sending a relevant request/letter/email to the
Data Protection Officer. A reasonable fee may be imposed in case of abusive exercise of
the above rights (Article 12 §5). In the event that you
are not satisfied with our use of your rights or our response to your exercise of the
above rights, you have the right to file a complaint with the Data Protection
Authority.
You may exercise your
aforementioned rights at the contact details stated herein below. By way of
exception:
if you wish the rectification of your Data in your user account, you may sign in and
make any rectification / modification without being required to submit a Request.
16.
CONTROLLER'S CONTACT DETAILS For any issue
regarding the processing of your personal data and the exercise of your aforementioned
rights, you may contact the company, by phone on +30210 9730280 (Monday – Friday 10:00 –
17:00), by e-mail: [email protected] and by post at
the following address: 46, Dimokratias Ave., 16345 Ilioupoli. 17. CONTACT
DETAILS OF THE DATA PROTECTION AUTHORITY Telephone: +30
21064.75.600, e-mail: [email protected] and postal
address: 1-3, Kifissias Ave., P.C. 115 23, Athens.
o Sex
o Date of birth
o Nationality
o Communication language
o Telephone
o Mobile phone
o Address
o Location
o Fulfilment of military obligations
o Driver’s license
o Ability to relocate
o Ability to travel
o Desirable salary
• Work experience
• Education
• Computer skills
• Workshops
• Reference Letters
• Social networks’ Addresses
• Mobile phone number
• E-mail
• Tax Identification Number
• Municipality of Residence
• Mobile phone number
• Landline Number
• E-mail
• A curriculum vitae together with the personal data included therein (indicatively:
education, work experience, skills, interests, personal details)
• For subscribing to the company’s newsletter, the e-mail.
• For browsing the webpages of the events organized by us
• URL pages and addresses redirecting User to the Platform and URL pages and addresses,
to which Users are redirected when they follow links to other webpages that are operated
by third parties and are available on the Platform.
• Dates and times of visits to the Platform.
• Geographical location (such as country and city), from where a User visits the
Platform. You may choose not to provide us with certain types of information, but if you
do so your capacity of using certain Services might be affected. For example, if you
select location information, in accordance with the iOS and Android user guides, we will
be able to inform you about Services adapted to your needs, otherwise your ability to
use the service will be limited.
• The actions performed by the User while browsing the Platform (such as page views,
browsing patterns and viewing job posts or submitting requests expressing interest for
job posts).
• Actions of users on the platform.
• Natural persons under the capacity of representative of a company seeking
employees;
• Natural persons browsing our platform and/or contacting us;
• Natural persons advertised on our platform;
• Our personnel.
Cookie
Type/Provider
Duration
Description
skywalker_session
Session
Cookie
4 hours
This cookie
is essential for
maintaining user sessions in a web application. It enables the storage of user
data across multiple
requests and is used to identify a session instance for a user, ensuring that
the user\'s session
data can be retrieved and maintained across the website. This is crucial for
functionalities like
user authentication, form data retention, and flash messages.
XSRF-TOKEN
CSRF Token
Cookie
4 hours
The CSRF
token cookie is used
as part of Laravel\'s mechanism to protect the application from cross-site
request forgery (CSRF)
attacks. Each time a form is opened, Laravel generates a unique token which must
be submitted with
the form to validate the request origin. The XSRF-TOKEN cookie is set to
facilitate the validation
of this token in AJAX requests, enhancing the security of the application by
ensuring that only
forms submitted from the application are accepted by the server.
euconsent-v2
InMobi CMP
(Consent)
390 days
Stores the
user\'s cookie
consent state for the current domain
addtl_consent
InMobi CMP
(Consent)
390 days
Stores the
user\'s cookie
consent state for the current domain regarding additional cookies
Cookie
Type/Provider
Duration
Description
_ga
Analytics
(Google)
1 year 1
month 4 days
Google
Analytics sets this
cookie to calculate visitor, session and campaign data and track site usage for
the site\'s
analytics report. The cookie stores information anonymously and assigns a
randomly generated number
to recognize unique visitors.
_gcl_au
Marketing
(Google)
3 months
Google Tag
Manager sets the
cookie to experiment advertisement efficiency of websites using their services.
_fbp
Analytics
(Facebook)
3 months
Facebook sets
this cookie to
display advertisements when either on Facebook or on a digital platform powered
by Facebook
advertising after visiting the website.
lastExternalReferrerTime
Analytics
(Meta Platforms
Inc.)
Persistent
Detects how
the user reached
the website by registering their last URL-address.
lastExternalReferrer
Analytics
(Meta Platforms
Inc.)
Persistent
Detects how
the user reached
the website by registering their last URL-address.
IDE
Marketing
(Google
DoubleClick)
390 days
Used by
Google DoubleClick to
register and report the website user\'s actions after viewing or clicking one of
the advertiser\'s
ads with the purpose of measuring the efficacy of an ad and to present targeted
ads to the user.
ARRAffinity
Salary
Calculator (Epsilonet)
Session
Used in the
salary calculator
page
fpestid
ShareThis
13 months
Fpestid is a
ShareThis cookie
ID set in the domain of the website operator.
NID
Google
6 months
Registers a
unique ID that
identifies a returning user\'s device. The ID is used for targeted ads.
DSID
Marketing
(Google)
2 years
Used to
identify a logged in
user on non-Google sites and to store user preferences regarding ad
personalization
__Secure-1PAPISID
Marketing
(Google)
2 years
This cookie
is used for
targeting purposes to build a profile of the website visitor\'s interests in
order to show relevant
& personalised Google advertising.
__Secure-1PSID
Marketing
(Google)
2 years
This cookie
is used for
targeting purposes to build a profile of the website visitor\'s interests in
order to show relevant
& personalised Google advertising.
__Secure-1PSIDCC
Marketing
(Google)
1 year
This cookie
is used for
targeting purposes to build a profile of the website visitor\'s interests in
order to show relevant
& personalised Google advertising.
__Secure-3PAPISID
Marketing
(Google)
2 years
This cookie
is used for
targeting purposes to build a profile of the website visitor\'s interests in
order to show relevant
& personalised Google advertising.
__Secure-3PSID
Marketing
(Google)
2 years
This cookie
is used for
targeting purposes to build a profile of the website visitor\'s interests in
order to show relevant
& personalised Google advertising.
__Secure-3PSIDCC
Marketing
(Google)
1 year
This cookie
is used by Google
to build a profile of website visitor interests to show relevant and
personalised ads through
retargeting.
• The personnel of the competent departments managing your contract is bound by
confidentiality clauses, having a gradual and limited access only to the data which are
necessary for completing the provision of services.
• Sensitive data are stored in a PC with authorized access. Those in printed form are
kept in lockers, which are only accessible by authorized persons.
• We select reliable partners, who are bound in writing under article 28 §4 of the GDPR
with the same obligations regarding the protection of personal data. We also reserve the
right to check upon them under article 28 §3 item (h).
• The information systems used for data processing are technically isolated from the
other systems, in order to prevent unauthorized access, for example by means of
hacking.
• In addition, access to such information systems is monitored on a permanent basis, in
order to trace and prevent any unlawful use at an early stage.
• Collaborating companies within their framework of competence (e.g. maintenance of
information systems).
• External partners, who are bound in writing under article 28 §4 of the GDPR with the
same obligations as regards the protection of personal data.
• Any supervising authority, as required under the supervisory framework each time
applicable.
• Any public or judicial authority, if this is required by law or a court decision.
• The customers of the entity seeking personnel.
• Estimates the risk and its impact on the rights and liberties of data subjects;
• Tries to reduce as much as possible the damage that has been or may be caused;
• Informs within 72 hours after the breach has been made known to it, if required;
and
• It will assess the impact on privacy and will take all appropriate measures to avoid
repeating the breach.
• There is no other legal ground for the processing apart from the consent;
• You exercise the right to object (please see below);
• The data have been processed in breach of the applicable legislation;
• The data have to be erased for compliance with a legal obligation.
• if you wish to revoke your consent on the mailing of a newsletter, you may do so by
selecting the special link at the bottom part of each newsletter.
Update of the Privacy Policy
The present policy is revised in case of a significant change. Such revision will be
made available on our platform https://www.skywalker.gr/
Try scrolling the rest of the page to see this option in action.