1. INTRODUCTION

The present Privacy Policy (hereinafter, the “Policy” or “Privacy Policy”) refers to the company “FYNTANIS DIMITRIOS KAI SIA L.P.” (VAT No. 998087122, General Commercial Registry no.: 8926401000] (46, Dimokratias Ave., Ilioupoli, P.C. 16345) (hereinafter, the “Company”) and the personal data of visitors that it gathers, uses and shares through the website https://www.skywalker.gr as well as through the respective mobile applications (apps), which are owned by it and are used by our company (hereinafter, the “Platform”).

The Company commits to protect the confidentiality and privacy of Personal Data and complies with the relevant provisions of the “General Data Protection Regulation” (hereinafter, the “”GDPR”).

Please note that the present Privacy Policy is not valid and applicable with regard to your interactions with other Users of our Platform. Users must process data gathered by them and obtain a relevant consent, when required, on their exclusive responsibility and according to their own personal data protection policies. For any information on the manner, in which our Users manage the personal data provided by you through the Platform, or the use of our Services, please refer to their privacy policies.

2. DEFINITIONS

Personal data: means any information relating to and identifying a natural person, such as: identification details (name and surname, age, domicile, profession, family status, etc.), natural characteristics, education, work (work experience, work attitude, etc.), financial condition (revenues, assets, financial behaviour), interests, activities, habits. The person (individual), to whom the data shall refer, shall be called data subject.

Personal data breach: the breach of security that causes the casual or illegal destruction, loss, alteration, unauthorized disclosure or access of personal data which were transmitted, stored or processed in any other manner.

Data Controller: the natural or legal person which determines the purposes and means of the processing of personal data.

Data Processor: the natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Processing of personal data: any operation or set of operations which is related to personal data, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Third party: a natural or legal person other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data individual or legal entity.

Public Profile: The public profile is determined by the person. He/she shall be able to select which details shall be public and accessible by companies seeking personnel. For instance, his/her work experience may appear but not his/her personal details or vice versa or both may appear.

3. WHO IS THE COLLECTOR?

Within the scope of the present Privacy Policy, the Company usually manages the Data of a platform User in its capacity as “Data Processor”. This means that we collect, store and manage each User’s Personal Data in our capacity as provider of our Services to any User wishing to post a job ad (hereinafter, the “Job Ad”) and use our Services (hereinafter, “Employer”). This applies to the overwhelming majority of Personal Data kept by us, irrespective of whether you are i) an Employer; or ii) any User outside the Employer’s personnel searching for a job (hereinafter, “Job Applicant”). When we manage the Data as Data Processors, the rules of processing your Data, such as indicatively the manner of using and disclosing such data, are determined by the Employer’s respective personal data protection policy. The Company, as Data Processor, processes your Data according to the Employer’s instructions. Therefore, most clauses of the present Privacy Policy shall not apply when we act as Data Processors.

Nevertheless, we sometimes operate on the Platform as Data Controllers. This means that we collect and use Data on our own account and not as the Employer’s Service provider. Consequently, the present Privacy Policy shall apply when we act in our capacity as Data Controller. This happens when you visit our Platform or use our Services within a framework other than applying for a job. For example, if you use the Platform without submitting an application for a specific Job Ad, you shall complete your profile, as the Employer evaluates you on the basis of the profile edited by you and its completeness shall contribute to your better evaluation. Within this framework, you submit Data, but not under a specific Job Offer, therefore we collect and process your Data as a Data Controller.

The Company is the collector of personal data, which it processes within the framework of providing its services by keeping and processing your personal data with confidentiality and respect for your private life and by taking the necessary technical and organizational measures for their further protection.

4. OUR BASIC PRINCIPLES

The Company commits to abide by the following principles of personal data processing under Article 5 of the GDPR:

• Lawfulness, fairness and transparency
• Purpose limitation – The personal data are collected for specified, explicit and legitimate purposes and are not further processed in a manner that is incompatible with those purposes.
• Data minimization – The personal data are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
• Data accuracy / quality – The personal data must be accurate and, where necessary, kept up to date.
• Storage limitation – The personal data must be kept for no longer than necessary or as provided by the Law.
• Integrity and confidentiality – Personal data must be processed in such a manner that ensures security, particularly their protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, by using appropriate technical or organizational measures.
• Accountability Principle.

5. COLLECTION OF PERSONAL DATA

We collect personal data which are absolutely necessary for the purpose of their processing. The collected personal data vary depending on whether:

1) The user is a candidate;
2) it is a company; &
3) he/she is a visitor to the webpage and wishes to contact Skywalker.gr – Jobs in Greece electronically and receives notifications.

More specifically:

5.1. Personal Data that are collected through the platform and are required for the creation of a candidate’s account:

• Name and surname
• E-mail
• Password

Alternatively, the user may create an account by using an existing Facebook, LinkedIn or Gmail password; in such case, the personal data collected are as follows:

• Name and surname
• E-mail
• Password Password

5.2. Updating a Candidate’s Profile:

• Personal Details

o Photograph
o Sex
o Date of birth
o Nationality
o Communication language
o Telephone
o Mobile phone
o Address
o Location
o Fulfilment of military obligations

• Job Profile

o Desirable job posts
o Driver’s license
o Ability to relocate
o Ability to travel
o Desirable salary

• Interests (free text)
• Work experience
• Education
• Computer skills
• Workshops
• Reference Letters
• Social networks’ Addresses

Through your profile, you can adjust the details accessible to visitors of your public profile.

5.3. Personal Data that are collected through the platform and are required for the creation of a new company account:

• Contact person’s name and surname
• Mobile phone number
• E-mail

In case you select the “Individual” capacity:

• Name and Surname
• Tax Identification Number
• Municipality of Residence
• Mobile phone number
• Landline Number
• E-mail

5.4. Personal Data that are collected through the platform and are relate to finding a job:

• A curriculum vitae that is automatically created by the system (details of the candidate’s profile are indicatively mentioned)
• A curriculum vitae together with the personal data included therein (indicatively: education, work experience, skills, interests, personal details)

5.5. Personal Data that are collected through the platform and are relate to other services provided by Skywalker.gr – Jobs in Greece:

• For contacting the platform’s administrators (Name and surname, e-mail, mobile phone)
• For subscribing to the company’s newsletter, the e-mail.
• For browsing the webpages of the events organized by us

5.6. Personal Data that are collected when you use the platform Skywalker.gr - Jobs in Greece (Browsing):

• Information on the device used by the User to access the Platform (such as an IP address, device, browsing program, type of operating system and other operating system support details).
• URL pages and addresses redirecting User to the Platform and URL pages and addresses, to which Users are redirected when they follow links to other webpages that are operated by third parties and are available on the Platform.
• Dates and times of visits to the Platform.
• Geographical location (such as country and city), from where a User visits the Platform. You may choose not to provide us with certain types of information, but if you do so your capacity of using certain Services might be affected. For example, if you select location information, in accordance with the iOS and Android user guides, we will be able to inform you about Services adapted to your needs, otherwise your ability to use the service will be limited.
• The actions performed by the User while browsing the Platform (such as page views, browsing patterns and viewing job posts or submitting requests expressing interest for job posts).
• Actions of users on the platform.

We process personal data for the purposes mentioned in detail hereinafter.

It is prohibited to post in any manner (e.g. on the profile or inside a curriculum vitae) any special categories of personal data. Such data are, indicatively, those disclosing the racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, data concerning health or data relating a natural person’s sexual life or orientation.

Please help us keep an update of your information by notifying us on any changes to your personal data.

6. CATEGORIES OF DATA SUBJECTS

Data subject categories include:

• Natural persons (candidates) looking for a job;
• Natural persons under the capacity of representative of a company seeking employees;
• Natural persons browsing our platform and/or contacting us;
• Natural persons advertised on our platform;
• Our personnel.

7. THE PURPOSES OF PROCESSING & THE LEGAL BASIS FOR DATA PROCESSING

The processing of personal data is based on one of the “legal bases”, as those are mentioned in article 6 §1 of the GDPR. The legal basis for processing each use of your data is mentioned in each purpose of processing.

More specifically, as regards the signing in / creation of CVs, the submission of requests to find a job by the Platform’s Users, the legal basis for processing Personal Data is the performance of the contract/provision of the Services.

For natural persons – representatives of companies - the legal basis for processing Personal Data is the performance of the contract between us.

As regards the communication and use of cookies while browsing the Platform, the legal basis is the consent.

We may also process Personal Data of Users who are existing customers when our legal interest is to do so, unless the legal interest or fundamental rights and liberties of the person, to whom the Personal Data relate, prevail over such interests. Our legal interests include, indicatively, marketing, selling and providing our products and Services, developing and improving of products and Services, understanding our Users’ behavior, activities, preferences and needs.

Finally, we may process Personal Data of Users when this is necessary for the protection and prevention of fraud as well as for the compliance with industry standards, the applicable legislation (including indicatively the Applicable Law on Personal Data Protection). For instance, we may be obliged to disclose and announce Personal Data of Users under a court decision, prosecutor’s order, instruction, or a decision taken by another person or administrative body that is competent by law to oblige to the disclosure of such information. If we have substantial reasons to believe that Personal Data of Users could be useful in investigating any inappropriate or unlawful activity, we may disclose such information to law enforcement agencies or other competent authorities.

8. USE OF «COOKIES» TYPE RECORDS

8.1. What do cookies mean and why do we use them?

Cookies are small parts of information that are stored in computers with the purpose of recognizing the browsing program used when browsing platforms. The device identifiers are collected by the system’s available data, which may include IP addresses, user agent information (browsing program version, operating system type and version) or identifiers created by devices, such as Apple identifiers for advertised parties, Apple identifiers for suppliers, Android identifiers by Google or Google Play Store advertisement identifiers. Cookies and similar technologies may used for memorizing data, such as identifiers and user preferences.

The use of cookies enables our Platform to memorize information with regard to your visit, by collecting useful details of your search preferences. In this way, the search experience will be enhanced next time you visit us.

8.2. Which cookies do we use?

The cookies described below may be stored in the browsing program. You can see and manage cookies on the browsing program (however, browsing programs for mobile devices may not offer such visibility). Our Platform may use the following cookies:

Absolutely Necessary Cookies

These cookies are essential for the platform’s proper function, allows you to browse and use its functions, such as access to secure areas. These cookies are necessary for the platform’s function and the platform’s provision of services would be technically impossible without them.

FUNCTIONAL COOKIES

THIRD PARTY COOKIES

8.3. Method of management and deletion of "Cookies"

Most browsing program menus provide options regarding the method of managing “Cookies”. Depending on the options given to users by the browsing program, the user may allow the installation of “Cookies”, deactivate / delete already existing “Cookies” or be notified each time he/she receives “Cookies”. Instructions on managing and deleting Cookies are usually available in the “Help”, “Tools” or ‘Edit” menu of each browsing program.

More information on the types of cookies is available on the webpage http://www.allaboutcookies.org. If you wish to learn how to control or take out cookies, you may visit the webpage www.AboutCookies.org.

9. MINORS

During the collection of information directly from you, we take appropriate care in order to ensure, insofar as this is technically possible, which collected information relate to minors. In any case, if we ascertain that we have collected any personal information on a minor child who is younger than 16 years without a verifiable parental consent as provided under article 8 of the Regulation (EU) 2016/679 (General Data Protection Regulation), we will delete such information from our databases the soonest possible. If you believe that we may have collected information from a minor child below the age of 16 years, please contact the Company’s Data Protection Officer at the following address: [email protected]

10. HOW WE ENSURE PERSONAL DATA SECURITY

We ensure that the personal data are processed in compliance with policies and procedures that are compatible with processing purposes. For instance, the following security measures are used for the protection of personal data against an unlawful use or any other form of unauthorized processing:

• Access to personal data is limited only to a certain number of authorized persons for the specific purposes.
• The personnel of the competent departments managing your contract is bound by confidentiality clauses, having a gradual and limited access only to the data which are necessary for completing the provision of services.
• Sensitive data are stored in a PC with authorized access. Those in printed form are kept in lockers, which are only accessible by authorized persons.
• We select reliable partners, who are bound in writing under article 28 §4 of the GDPR with the same obligations regarding the protection of personal data. We also reserve the right to check upon them under article 28 §3 item (h).
• The information systems used for data processing are technically isolated from the other systems, in order to prevent unauthorized access, for example by means of hacking.
• In addition, access to such information systems is monitored on a permanent basis, in order to trace and prevent any unlawful use at an early stage.

11. FOR HOW LONG DO WE STORE DATA?

We store personal data for as long as it is required from the relevant purpose of processing and any other permitted and related purpose. The data are maintained during the entire term of our agreement and, upon its expiry, for as long as it is provided under applicable law.

Any information that is not more necessary is destroyed in a secure manner or anonymized.

With particular regard to the data processed by us based on your consent (e.g. for marketing purposes), those data are kept as of the receipt of the relevant consent and until its revocation.

We limit access to your data to persons who need to use them for the specific.

More particularly, candidates’ CVs, details of users, details of the candidates’ profile as well as contact details are kept in places leased by the company from third parties within the EU, as well as within the company’s infrastructure.

12. WHO ARE THE RECIPIENTS OF DATA?

Personal data collected by us may be transmitted to third parties, on condition that the reason for the transmission is justified.

Furthermore, in the event that the lawfulness of the transmission is justified, personal data may be disclosed to the following recipient categories:

• Our employees or partners who may process your personal data under our instructions.
• Collaborating companies within their framework of competence (e.g. maintenance of information systems).
• External partners, who are bound in writing under article 28 §4 of the GDPR with the same obligations as regards the protection of personal data.
• Any supervising authority, as required under the supervisory framework each time applicable.
• Any public or judicial authority, if this is required by law or a court decision.
• The customers of the entity seeking personnel.

Even though the transmission of data through the internet or a webpage cannot be protected in a guaranteed manner from cyberattacks, our partners and we are working to maintain physical, electronic and procedural security measures in order to protect your data.

13. WHERE DOES PROCESSING TAKE PLACE?

Our customers’ personal data are processed within the European Economic Area (EEA).

In the event that the conduct of a research on the provision of services is also required outside the EEA, then this takes place upon your explicit consent. Article 49, §4 (a).

14. BREACH OF PERSONAL DATA

In case of breach of the security and integrity of the data being available to us and relate to personal data, the Company will take the following measures: (under articles 33 and 34 of the GDPR):

• Investigates and assesses such procedures as required for breach limitation;
• Estimates the risk and its impact on the rights and liberties of data subjects;
• Tries to reduce as much as possible the damage that has been or may be caused;
• Informs within 72 hours after the breach has been made known to it, if required; and
• It will assess the impact on privacy and will take all appropriate measures to avoid repeating the breach.

15. YOUR RIGHTS AS A DATA SUBJECT AND HOW YOU MAY EXERCISE THEM

You have the right to demand access to the personal data concerning you, rectification/erasure of your personal data, restriction of processing, the right to object to the processing and/or to exercise your right to data portability.

If the processing of data is based on your consent, you may revoke your consent at any time with effect for the future.

In more detail, you have the following rights:

α. Access: The right to obtain information on the processing of personal data by us and be granted access to such data.

β. Rectification: The right to demand the rectification or completion of your data, if those are inaccurate or incomplete.

γ. Erasure: The right to demand the erasure of your data. We can satisfy such right if:

• The data are no longer necessary in relation to the purposes for which they were collected;
• There is no other legal ground for the processing apart from the consent;
• You exercise the right to object (please see below);
• The data have been processed in breach of the applicable legislation;
• The data have to be erased for compliance with a legal obligation.

We reserve our right to refuse satisfying the above right if the processing of data is necessary for our compliance with a legal obligation for reasons of public interest or for the establishment, exercise or defence of legal claims (article 17 §3)

δ. Restriction of Processing: The right to specify the data, in order to restrict their processing. For instance, when you have contested the accuracy of your personal data for the period to be required for verification.

ε. Portability: The right to receive your data in a structured, commonly used and machine-readable format as well as to demand their transmission to you or to another person who will process them.

στ. Objection: The right to object at any time to the processing of your data, including profiling, and also when the data are processed for direct marketing purposes.

The Company will investigate your request and will reply to you within one month from its receipt, either that it will take action on the request or that there are objective grounds for not taking action, or within two further months, taking into account the complexity and number of the requests (Article 12 §3).

The exercise of your above rights is made free of charge, by sending a relevant request/letter/email to the Data Protection Officer. A reasonable fee may be imposed in case of abusive exercise of the above rights (Article 12 §5).

In the event that you are not satisfied with our use of your rights or our response to your exercise of the above rights, you have the right to file a complaint with the Data Protection Authority.

You may exercise your aforementioned rights at the contact details stated herein below.

By way of exception:

if you wish the rectification of your Data in your user account, you may sign in and make any rectification / modification without being required to submit a Request.
• if you wish to revoke your consent on the mailing of a newsletter, you may do so by selecting the special link at the bottom part of each newsletter.

16. CONTROLLER'S CONTACT DETAILS

For any issue regarding the processing of your personal data and the exercise of your aforementioned rights, you may contact the company, by phone on +30210 9730280 (Monday – Friday 10:00 – 17:00), by e-mail: [email protected] and by post at the following address: 46, Dimokratias Ave., 16345 Ilioupoli.

17. CONTACT DETAILS OF THE DATA PROTECTION AUTHORITY

Telephone: +30 21064.75.600, e-mail: [email protected] and postal address: 1-3, Kifissias Ave., P.C. 115 23, Athens.
Update of the Privacy Policy
The present policy is revised in case of a significant change. Such revision will be made available on our platform https://www.skywalker.gr/