GDPR
Information on the Processing of Personal Data (Privacy Notice)
The protection of personal data is important to us. We process personal data in accordance with applicable legal regulations, in particular the General Data Protection Regulation (“GDPR”) and related national legislation.
How We Protect Your Data
We have implemented appropriate technical and organizational measures designed with regard to the nature, scope and purposes of processing and the potential risks to the rights and freedoms of individuals. These measures include in particular:
- protection of personal data through appropriate security mechanisms, including encryption or pseudonymization where appropriate,
- ensuring the confidentiality, integrity and availability of our information systems,
- the ability to restore data availability and access in the event of a technical or security incident,
- established processes for handling security incidents and reporting them in accordance with applicable legal regulations,
- procedures enabling the exercise of data subject rights (e.g. right of access, rectification or erasure),
- regular evaluation of the effectiveness of the implemented measures and their continuous improvement.
Controller
The controller of personal data is ALEF DISTRIBUTION GR M.I.K.E., Leof. Mesogeion 455, Ag. Paraskevi 153 43, Greece, e-mail: dpo@alef.com
(hereinafter referred to as the “Company”)
In justified cases, personal data may be shared between companies within the ALEF Group acting as independent controllers, in particular for internal administrative purposes, service provision and group reporting.
Scope of Processing
This notice explains how we process personal data of:
- customers and business partners and their representatives,
- website visitors,
- participants in marketing activities and training sessions,
- job applicants,
- visitors to our premises,
- users of WiFi connectivity.
Purposes and Processing of Personal Data
Where processing is based on the Company’s legitimate interests, these interests include in particular business communication with customers and partners, development of business relationships, organization of events, and ensuring IT and physical security.
Marketing and Business Communication
We process contact details, communications and marketing preferences for the purposes of B2B marketing, communication and management of business relationships.
Legal basis: legitimate interest of the Company in developing business relationships and communicating with customers; or consent where applicable.
Retention period: for the duration of the business relationship and up to 4 years thereafter.
Marketing Events
We process contact details, registration information, photographs and video recordings for the purposes of organizing and documenting events.
Legal basis: performance of a contract, legitimate interest in organizing events, or consent (especially for sensitive data).
Retention period: for the duration of the event and up to 4 years thereafter.
Contracts and Orders
We process contact, contractual and invoicing data for the purposes of contract performance, delivery and invoicing.
Legal basis: performance of a contract, legal obligation, legitimate interest in protecting rights and maintaining records of business relationships.
Retention period: for the duration of the business relationship and up to 10 years thereafter (in accordance with applicable legal regulations).
Training and Certifications
We process contact and professional data, training participation and exam results for the purposes of providing training and certifications.
Legal basis: performance of a contract, legitimate interest, or legal obligation.
Retention period: training records up to 5 years; certifications for the duration of validity and up to 10 years thereafter. Test recordings (VUE Pearson) are not retained.
Recruitment
We process identification and professional data (CVs, references) for recruitment purposes.
Legal basis: pre-contractual measures and legitimate interest in selecting suitable candidates.
Retention period: 12 months
WiFi Access
We process technical device identifiers and connection data to ensure the operation of the WiFi network, protection of IT systems and prevention of misuse.
Legal basis: legitimate interest of the Company in ensuring IT security.
Retention period: for the period necessary to ensure network security, for the maximum of 18 months, according to internal security rules.
CCTV System
We process video recordings from CCTV systems for the purposes of protecting property and individuals, controlling access to premises and investigating security incidents. Only entrances to offices and technical IT areas (e.g. server rooms) are monitored. Monitoring does not take place inside offices, workstations or rest areas.
Legal basis: legitimate interest of the Company in ensuring security and protecting property; or legal obligation where applicable.
Retention period: the CCTV system operates continuously (24×7×365). Recordings are retained for a maximum of 72 hours and are then automatically deleted. Longer retention is possible only in justified cases, in particular when investigating a specific security incident.
Recipients of Personal Data
Personal data may be disclosed to:
- IT and cloud service providers,
- marketing and event partners,
- logistics and payment partners,
- companies within the ALEF Group,
- public authorities where required by law.
Transfers to Third Countries
In some cases, personal data may be transferred outside the EU/EEA (e.g. cloud services).
Such transfers are carried out in accordance with GDPR, in particular through adequacy decisions, standard contractual clauses (SCCs) and supplementary measures.
Sources of Personal Data
We obtain personal data directly from data subjects, from business partners, from public sources and from internal systems.
Data Subject Rights
You have the right to access, rectification, erasure, restriction of processing, data portability and to object.
Where processing is based on consent, you may withdraw your consent at any time.
Obligation to Provide Data
Providing personal data is in some cases a contractual or legal requirement.
Without providing such data, it may not be possible to conclude a contract or provide the requested service.
Automated Decision-Making
No automated decision-making or profiling within the meaning of Article 22 GDPR takes place.
Supervisory Authority
You have the right to lodge a complaint with the national data protection authority – see.
Contact
To exercise your rights or for any inquiries, please contact us at: dpo@alef.com