Welcome to our website https://www.the-sunlight-group.com/ (hereinafter «Website»).
1. What personal data do we process?
Personal data we collect and further process during your visit to the Website are the following:
· If you wish to contact us, we collect personal data, such as first name, last name, email address, phone number, company, country.
· If you wish to request a quote, we collect personal data through the submission of the relevant form, including first name, last name, email address, phone number, company, country, and job title.
· In case you wish to submit a job application through the section “Jobs” of the Website, the personal data you fill in the relevant form will be collected and processed in accordance with the terms specified in the Candidate Privacy Notice.
Candidate Privacy Notice
· If you wish to register in the RiSE Graduate Program, we will collect personal data, such as CV details.
· Technical information, such as IP address, date and time of visit, type of browser and operating system, device model, and other information collected through cookies and similar technologies, which are relevant to the analysis of your visit to the Website. For more information regarding data that are collected through cookies and similar technologies, visit the relevant section “Cookies Policy”.
2. For what purposes and under which legal basis do we process your personal data?
The Company processes your personal data for the following purposes:
· When you contact us
Our Website provides you with the information necessary, in order for you to be able to communicate with us through the contact form. If you contact us for any matter, we will process the information you provide us with, in order to respond to you and handle any message, request, information or query that you have communicated to us. It is in our legitimate interests to handle such a communication and properly respond to you.
· When you request a quote
Our Website enables you to fill in and submit a request for quote. In this case, we collect and further process the personal data of contact persons included in such a form. The processing of personal data is based on the steps required prior to entering into a contract. In this regard, we are able to contact prospective clients’ representatives, in order to respond to a request for quote and ultimately to enter into a contract with the company/organization they represent.
· When you submit your CV (for a job or for the RiSE Graduate Program)
Our Website enables you to apply for a job position or to join our RISE Graduate Program, by filling in an online application form or/and submitting your CV. We will process such data, in order to pre-contractually assess your qualifications and process your application. You will find detailed information about this processing operation, by accessing the Candidate Privacy Notice.
Candidate Privacy Notice
· To defend our legitimate interests
We may process your personal data for the establishment, exercise and/or support of legal claims and/or the defense of our rights before Courts, Administrative or Judicial Authorities or in the context of an extrajudicial procedure.
· To provide you with the website functionalities
We have legitimate interests to ensure the smooth, correct and secure operation of the Website, to keep backups of the data and to ensure business continuity issues in general.
3. With whom do we share your personal data?
The Company may disclose your personal data to the following recipients under specific circumstances and specifically to:
· Companies supporting and managing the Website.
· Other Group companies and third-party companies with which we cooperate to fulfill the above purposes.
· Any other administrative, judicial, or public authority or in general any natural or legal person against which the Company has a relevant obligation or right to disclose such data.
The Company has taken all necessary measures so that its staff and partners are specifically authorized for processing your personal data for the above purposes. In any case, our personnel and external partners are fully bound by confidentiality clauses provided for in the relevant legislation.
4. How long are your personal data retained?
Your personal data are retained for as long as it is required for the fulfillment of each processing purpose. Upon fulfilment of this purpose, your personal data will be deleted unless otherwise required under applicable legal and regulatory framework or for the establishment, exercise or defense of legal claims.
5. Do we transfer your personal data to any third country?
Whenever we transfer your personal data out of the European Economic Area (EEA), an adequate degree of protection is ensured by implementing at least one of the following safeguards:
We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
We may use appropriate safeguards referred to in Article 46 of the GDPR, for example Standard Contractual Clauses adopted by the EU Commission.
In the absence of an adequacy decision or of appropriate safeguards, a transfer or a set of transfers of Personal Data to a third country or an international organization shall take place only under certain conditions as set out in Article 49 of the GDPR.
6. What are your rights?
In any case, we would like to inform you that, according to the applicable legislation, you may exercise the following rights:
Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
Request rectification of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for marketing purposes.
Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
Request the portability (transfer) of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you.
You can exercise any of the above-mentioned rights by submitting a written request to our Company. You can expect a reply to such a request within one (1) month following its receipt by the Company and in any case, within two (2) months, depending on the perplexity of your request or the high volume of requests received. Furthermore, our Company is responsible for informing you, without undue delay, for any breach concerning your personal data, which may put in danger your rights and freedoms and under the condition that it doesn’t fall under the exceptions provided in the law.
7. Right to Lodge a Complaint
In case you deem that we have not duly satisfied your request and the protection of your personal data is somehow affected, you may lodge a complaint through the dedicated online portal of the Hellenic Data Protection Authority (Athens, 1-3 Kifissias Avenue, 11523 Athens, Greece | +30 210 6475600). You may find detailed guidelines on how to lodge a complaint on the DPA’s website.
8. What is the contact person for any privacy issues/requests?
For any questions, clarifications or requests regarding the processing of your personal data, please contact the Data Protection Officer:
Thivaidos 22, Kifissia, 14564, Athens, Greece
9. How does the Company protect your personal data?
Our Company has taken all appropriate organizational and technical measures, pursuant to applicable legal framework and standards, in order to safeguard that processing of data, either by the Company or by any third party, is legitimate, appropriate and secured against any non-authorized or illegal access, processing, deletion, amendment or any other use of the data. Our Company also applies security controls that are based on the sensitivity of the information and the risk level of the activity, taking into account current technology best practices and the cost of implementation. Our functional security policies include, but are not limited to, standards on business continuity and disaster recovery, encryption, identity and access management, information classification, information security incident management, network access control, physical security, and risk management.
10. What about third-party websites?
This Policy is updated when necessary. If there are significant changes in our Policy, we will modify the relevant text accordingly before these changes take effect and we will make every effort to inform you by any appropriate means.