Introduction
Purpose
At Obrela Security Industries, we are committed to providing our clients with exceptional services. As providing these services involves the collection and process of Personal Information about our clients, protecting their Personal Information is one of our highest priorities.
This Privacy Policy explains the conditions under which and the purposes for which we collect and use your Personal Data in connection with your use of our Website located at https://www.obrela.com/ (“Website”), the third parties to whom we disclose your Personal Data, and the choices and means, if any, we offer you for limiting the use and disclosure of your Personal Data. We will not use or share your Personal Data except as described in this Privacy Policy.
Definitions
Personal Data: Personal Data means any information relating to an identified or identifiable natural person (‘Data Subject’); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity.
Personal Data Processing: Processing Personal Data means any process, with or without the use of automated systems, to collect, store, organize, retain, modify, query, use, forward, transmit, disseminate or combine and compare data. This also includes disposing of and deleting data.
Controller: Controller is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data.
Processor: Processor is a natural or legal person, public authority, agency or other body which processes Personal Data on behalf of the Controller.
Allowed Website Users
The Website and our Services are not intended for minors under 18 years of age. We do not knowingly collect Personal Data from minors under the age of 18. If you are under 18, please do not provide us any Personal Information. We encourage parents and legal guardians to monitor their children’s Internet usage and to help enforce our Privacy Policy by instructing their children to never provide Personal Data through the internet without their permission. If you have reason to believe that a child under the age of 18 has provided Personal Data or any other information or content to us, please email us at dpo@obrela.com, and we will perform all appropriate action, without undue delay.
Personal Data Processing Principles
Fairness, Lawfulness, and Transparency
The Organization collects and processes Personal Data only in the context to perform a contract, or where the processing is in the Controller’s legitimate interests and not overridden by Data Subjects’ protection interests or fundamental rights and freedoms, or where the Data Subject’s consent has been obtained. In some cases, the Organization may also have a legal obligation to process Personal Data or may otherwise need the Personal Data to protect Data Subject’s vital interests or those of another person. Personal Data shall not be processed in a way that is unduly detrimental, unexpected or misleading to the individuals concerned. The Organization shall provide all required information to the Data Subject regarding the processing of Personal Data, such as: processing purposes, the identity of the Controller, third parties or categories of third parties to whom the data might be transmitted.
Purpose Limitation
Personal Data can be processed only for the purpose that was defined before the data were collected. Subsequent changes to the purpose are only possible to a limited extent (compatible with original purpose) and require the Data Subject to be informed and provide his / her consent or there is a clear basis in law (see article 6 of General Regulation on Personal Data Protection 2016/679/EU).
Data Minimization
The Organization shall ensure that Personal Data processed are:
- adequate – sufficient to properly fulfill your stated purpose;
- relevant – has a rational link to that purpose; and
- limited to what is necessary – you do not hold more than you need for that purpose.
Personal Data shall not be collected in advance and stored for potential future purposes unless required or permitted by law.
Storage Limitation / Deletion
The Organization retains Personal Data for as long as necessary for the purposes for which the Personal Data were collected or where the Controller has an ongoing legitimate business need to do so, or to comply with applicable legal, tax, or regulatory requirements. For that purpose, appropriate retention periods shall be defined taking under consideration legal, regulatory and business/contractual requirements.
When there is no ongoing legitimate business need to process Personal Data, the Organization will either securely destroy, erase, delete or anonymize them, or if this is not possible (for example, because Personal Data have been stored in backup archives), Personal Data shall be securely stored and isolated from any further processing until deletion is possible.
Accuracy
The Organization shall take all reasonable steps to ensure the Personal Data processed are correct, complete and, if necessary, kept up-to-date. Appropriate steps shall be taken to ensure that inaccurate or incomplete data are deleted, corrected, supplemented or updated.
Safeguard Security of Personal Data
Personal Data shall be treated as Confidential Information and shall be handled accordingly. Appropriate technical and organizational measures shall be enforced in order to safeguard confidentiality, integrity, and availability of Personal Data (measures to prevent unauthorized access, illegal processing or distribution, as well as accidental loss, modification or destruction).
Where We Process And Store Your Personal Data
The data collected by you is stored in ………………….., applying all the necessary technical and organizational measures to meet the requirements of the GDPR (GDPR). However, the transmission of information over the Internet may not be completely secure or error-free, and your data may be exposed to malicious third party actions.
Information We Collect and How We Process Them
OSI Newsletter
By registering to OSI newsletter you provide us your explicit consent for the purpose of allowing us to send free newsletters, surveys, offers, and other promotional materials related to OSI and/or the OSI Services. Provided that you have given your explicit consent, OSI also reserves the right, , to forward the information you submit to its parents, subsidiaries and affiliates for legitimate business purposes related to marketing purposes. You can stop receiving promotional emails by following the unsubscribe instructions in e-mails that you receive.
Collected Personal Data:
- Identification Data: email address
Protected Material
We collect Personal Information from you if you voluntarily provide it to us. Protected material (i.e. White Papers) distributed by OSI Website may require the visitor to provide some personally identifiable information such as your name, company name, business title, business e-mail address and phone number in order to grant access to this material (i.e. download a white paper). Upon your consent, we may contact you for an inquiry regarding our services.
Collected Personal Data:
- Demographic Data: Name, Surname
- Identification Data: email address
- Education & Career Related Data: job title
Careers
We collect Personal Data in response to employment listings. If you choose to submit your CV (careers@obrela.com) you are authorizing OSI to utilize this information for all lawful and legitimate hiring and employment purposes (i.e. contact for arranging interview) and store them for three (3) years. Provided that you have given your explicit consent OSI also reserves the right to forward the information you submit to its parents, subsidiaries and affiliates for legitimate business purposes related to hiring and employment purposes.
Collected Personal Data:
- Demographic Data: Name, Surname, Father’s Name, Age, Home Address
- Identification Data: email address
- Education & Career Related Data: Work experience, Job title, Educational background
Who We Will Share Your Personal Data With
We may share your personal data with third parties (eg Google Analytics, Google Ads, Google Adsense, Facebook Pixel, Mailchimp, Stripe, etc), however we won’t sell it to advertisers or other third parties. In order for us to be able to share your data you must provide your explicit consent by clicking on the relevant box indicated on our Website.
We are able to share the personal data you provide to us, at our sole discretion, in the following cases:
To third parties working for OSI: We engage certain trusted third parties (for example, providers of customer support and IT, accounting and legal services) to help us provide, improve, protect, and promote our Services. These third parties will access your data only to perform tasks on our behalf in compliance with this Privacy Policy and will remain responsible for their handling of your data as per our instructions.
Law & Order: We may disclose your data to third parties if we determine that such disclosure is reasonably necessary: (a) if required by Law, by court order or requested by any other competent governmental, judicial, police, administrative or regulatory authority, upon legitimate request and according to the pertinent laws; (b) to protect any person from death or serious bodily injury; (c) to prevent fraud or abuse of our users; or (d) to legally protect our property rights in relation to our Website.
Technical Information
Like most websites or apps, we use automatic data collection technology when you use the Website and our Services to record information that identifies your computer, to track your use of our Website and our Services, and to collect certain basic information about you and your usage habits. This information includes information about your operating system, your IP addresses, browser type and language, referring and exit pages and URLs, keywords, date and time, amount of time spent on particular pages, what sections of the Website you visit, and similar information concerning your use of the Website or our Services.
Collected Personal Data:
Technical Data/Metadata:
- Log Files: We gather certain information automatically and store it in log files. This information may include internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and/or clickstream data, mobile device type. We may combine this automatically collected log information with other information we collect about you. We do this to improve services we offer you. Only authorized employees have access to log files.
- Cookies: Cookies are small packets of data that a website or app stores on your device so that your device will “remember” information about your visit. We may use cookies to track the pages that you visit during each Website session to help us improve your experience, for marketing reasons and to help us understand how this Website or our Services are being used. Cookies categories:
- Strictly necessary cookies: are essential in order to enable you to navigate around our Website and use its features. Without these cookies, we would be unable to provide you with the services you have asked for.
- Functionality cookies: allow our Website to remember choices you make and help to provide an enhanced, more personal experience on our Website.
- Performance cookies: help us improve our Website and our online services. These cookies gather information about how our Website is used, including which pages are visited most often. This helps us to provide a better user experience. These cookies are anonymous – which means that they won’t collect information to identify you.
- Targeting & Advertising cookies: are used to help us better understand our advertising campaigns and how we can make these more relevant to you. These cookies are also anonymous, they won’t collect information to identify you.
Using Browser Settings to Block Cookies
While navigating on our Website you will be requested to give your consent for the storage of cookies and the processing of your data that are received through them. In any case, you can program your browser in such a way so that you are informed about the use of cookies and set the privacy protection you wish by choosing between maximum protection (for example ” accept only Strictly Necessary Cookies”) and minimum protection (for example “accept all cookies”) as well as an intermediate level of protection (for example “rejecting third party cookies” or “accepting cookies only on the displayed website”). These privacy settings will be presented clearly and comprehensibly through our Website.
Thus, you can program your browser in such a way so that it does not accept unnecessary cookies, however this may limit your ability to use the full range of functions and services of our Website, as there are certain features of the Website that may not function properly without the aid of cookies. If you refuse cookies, you assume all responsibility for any resulting loss of functionality.
Firefox (https://support.mozilla.org/en-US/kb/block-websites-storing-site-preferences)
Google Chrome (https://support.google.com/chrome/answer/95647)
Internet Explorer (https://support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-manage-cookies)
Safari (https://support.apple.com/en-gb/guide/safari/manage-cookies-and-website-data-sfri11471/mac)
In any case, remember that you can change the choices you have made about cookies at any time.
You can also delete all cookies that are already on your computer or device by clearing your browser’s browsing history. This will delete all cookies from all the websites you have visited.
However, please note that some saved items may be lost too (eg saved logins, site preferences).
Third Parties Cookies
If you follow us or get in touch with us through any of our sites on third party media or social media platforms such as Instagram, Facebook, Twitter, Υοutube, the information you provide or receive will be subject to the cookies policy of this third party, so we advise you to be informed about their policy before you consent.
Data Subjects Rights
The General Data Protection Regulation, grants Data Subjects a range of specific rights they can exercise under particular conditions. The Organization enforces appropriate mechanisms in order to handle these requests within the predefined by the Regulation time period. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests. We shall inform the Data Subject of any such extension within one month of receipt of the request, together with the reasons for the delay. Following is an overview of the fundamental Data Subject Rights. All requests must be sent to dpo@obrela.com .
If you wish to make a complaint regarding the processing of your personal data, we hereby notify you that the Competent Authority is the Data Protection Authority (DPA). Contact Details: +302106475600, contact@dpa.gr .
The Right to be Informed
Data Subjects shall have the right to be informed about the collection and use of their Personal Data. Privacy information such as: whether data concerning him or her are being processed, how Personal Data were collected, purposes for processing Personal Data, retention periods for that Personal Data, and information about the identity of the recipient or the categories of recipients, in case they are transferred to third parties.
The Right to Rectification
In case Personal Data are incorrect or incomplete, the Data Subject shall have the right to request that it be corrected or supplemented.
The Right to Restrict Processing
The Data Subject shall have the right to request the restriction of processing of their Personal Data. In this case, the Organization is allowed to store the data, but not use it for certain purposes.
The Right to Erasure or to be Forgotten
The Data Subject shall have the right to request his/her data to be deleted if the processing of such data has no legal basis, or if the legal basis has ceased to apply. The same applies if the purpose behind the data processing has lapsed or ceased to be applicable for other reasons. Existing retention periods and conflicting interests meriting protection must be taken under consideration.
The Right to Data Portability
The Data Subject shall have the right to receive the Personal Data concerning him or her, which he or she has provided to the Controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without undue delay from the Controller.
The Right to Object
The Data Subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of Personal Data concerning him or her, including profiling based on those provisions. The controller shall no longer process the Personal Data unless the Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the Data Subject or for the establishment, exercise or defense of legal claims.
The Right not to be Subject to Automated Decision Making
The Data Subject shall have the right to oppose to automated individual decision-making (deciding solely by automated means without any human involvement); and profiling (automated processing of personal data to evaluate certain things about an individual). Profiling can be part of an automated decision-making process.
Secure Processing
Personal data must be safeguarded from unauthorized access and unlawful processing or disclosure, as well as accidental loss, modification or destruction. This applies regardless of whether data are processed electronically or in paper form. Appropriate technical and organizational measures shall be enforced in order to ensure an appropriate level of security, taking into considering the state of the art and the costs of implementation in relation to the risks and the nature of the Personal Data to be protected. Especially before the introduction of new methods of data processing, particularly new IT systems, technical and organizational measures to protect Personal Data shall be defined and implemented.
The technical and organizational measures for protecting Personal Data are part of the Corporate Information Security Management System, which is certified from an independent authority against ISO 27001:2013 Security Standard.
Policy Update
We reserve the right to review this Policy at regular intervals and to make public its latest version. Any change to this Policy will apply once the revised Policy is publicly available. We suggest to our Website users to regularly visit the Policy, where it is available, so that they are aware of all the changes that have been made. If a review substantially reduces or alters their rights, they will be informed by OSI and may be asked to renew their consent regarding the collection and processing of their Personal Data.
Contact Us
If you have questions about this privacy policy, please contact us at:
Obrela Security Industries
Data Protection Officer
Address: 117 Argous str. & 33-35 Timeou str. 10441, Athens, Greece
Telephone: +30 211 8003773 / +30 210 9573750
Email: dpo@obrela.com