ATHEXGROUP PRIVACY STATEMENT FOR WEBSITE USERS
The EU General Data Protection Regulation (GDPR) comes into effect on 25 May 2018, ATHEXGROUP has established a comprehensive GDPR implementation program across its services, products and businesses, to ensure that the appropriate policies, procedures and controls are in place to facilitate compliance by the GDPR effective date.
ATHEXGROUP has arranged for a GDPR Privacy Statement to be read by each user of its internet website in order to provide information to meet our GDPR related transparency obligations. The Privacy Statement provides important information to individuals regarding how and why we process their personal data, with whom we share their personal data, certain rights that they may have, and how they can contact our Data Protection Officer.
The GDPR sets a new standard for the protection of personal data and seeks to strengthen the data protection rights of individuals in the EU, while also harmonizing data protection laws across the EU.
One of the key principles under the GDPR is that of transparency. This requires organizations such as ATHEXGROUP to provide people that use its website, with information about how we use or otherwise process their personal data. ATHEXGROUP's subsidiary entities (ATHEX, ATHEXCSD, ATHEXCLEAR) share the same website.
In order to meet our GDPR-related transparency obligations, we have prepared a Website Privacy Statement which provides important information to individuals regarding how and why we process their personal data, with whom we share their personal data, certain rights that they may have, and how they can contact our Data Protection Officer.
It is important that our website users are aware of this Products and Services Privacy Statement. For any questions, clients should contact ATHEXGROUP.
1. Who is responsible for your personal data and how can you contact them?
ATHEXGROUP entities (referred to as "we" and "ATHEXGROUP" in this document) are the controllers of your personal data. For more details you can contact our Data Protection Officer at firstname.lastname@example.org or 110 Athinon Avenue, 104 42 Athens, Greece.
2. Why do we process your personal data?
We process your personal data, as necessary to pursue our legitimate business and other interests, for the following reasons:
- To operate, maintain, develop, improve and customize our Website
- To manage our relationships with our clients and prospects
- To develop, produce, operate, and maintain our product and services
- To improve our products and services
- To recruit staff
- To protect the security, confidentiality and integrity of our Website, IT systems, hardware and networks, and information
- To comply with applicable laws, rules and regulations, and our related internal policies including compliance polices and records retention requirements
- To respond to your inquiries and requests that are based on legal rights that you may have (e.g., individual rights under GDPR)
- To manage, protect against and investigate fraud, risk exposure, claims and other liabilities, including but not limited to violations of our contract terms or laws or regulations
We do not track your online activities across the Internet. We do not use your personal information for automated decision making, including profiling. We do not sell or rent your personal information to third parties.
3. Information you provide
You may provide us with personal information when you communicate with us through our Website:
Information you provide through our Website: You may provide us with personal information whenever you fill out a form on our Website, for example, to ask us a question, or request that we contact you about our products and services, research or events; to subscribe to our marketing, careers or investor relations emails; to download content; to register for events; or to submit a form based on legal rights that you may have (e.g., individual rights under GDPR). The information that you provide to us includes your contact details, and any other information collected on the form to allow us to fulfil the request.
Information you provide as a client, through our client support portals: When you log in to use our products or into our client support portal, you provide us with your username and password, and we log your product use. Your login credentials may have been created by you, or assigned to you either by ATHEXGROUP or your organization with whom we have a direct contractual relationship.
Information you provide in connection with a job search: When you apply for a job through our careers portal, we collect contact details and CVs. If you apply through a social media platform (e.g., LinkedIn), then depending on the platform you use, we will receive either the information contained in your online profile or the CV that you submit.
4. To whom do we disclose your personal data?
We disclose your personal data in order to comply with laws and regulations and as well as to pursue our legitimate interests in cooperating with our regulators and other authorities, complying with laws, preventing or detecting financial and other crimes and regulatory breaches, and protecting our businesses and the integrity of the capital markets.
5. How long do we keep your personal data?
We keep your personal data for as long as is necessary for the purposes of our relationship or complying with a legal or regulatory obligation.
6. What are your rights in relation to personal data?
You can ask us to: (i) obtain confirmation as to whether or not your personal data are being processed, and access to the personal data and relevant information, (ii) provide you with a copy of your personal data; (iii) correct your personal data; (iv) erase your personal data, (v) restrict our processing of your personal data, (vi) object at any time to processing of personal data (including profiling), (vii) not to be subject to a decision based solely on automated processing (including profiling).
You can also opt out of the processing of your personal data for direct marketing purposes or object to our other processing of your personal data. These rights will be limited in some situations; for example, where we are required to process your personal data by EU or EU member state law.
To exercise these rights or if you have questions about how we process your personal data, please contact us using the contact details in Section 1. You can also complain to the relevant data protection authorities in the EEA member state where you live or work or where the alleged infringement of data protection law occurred.
7. Changes to this Privacy Statement
This Privacy Statement takes effect on 25 May 2018. If we change it, to keep you fully aware of our processing of your personal data and related matters, we will post the new version to our website.