PERSONAL DATA PROTECTION POLICY
Our company “Sequence Unified Communications”, which is based in Glyka Nera, Attica, at 6 Alexandrias Street, PC 15354, makes a systematic effort to comply with the current legislation (GDPR EU 679/2016 and Law 4624/2019) related to the Protection of Personal Data of European Citizens, in the field in which it operates. We declare that we fully recognize and respect your privacy and that the effective protection and security of your data is a high priority for us. This Policy sets out the basic principles by which our company processes the personal data of our customers, suppliers, employees and third parties.

1.Basic definitions

The following are the basic definitions of the terms used in this document, as set out in Article 4 of the General Data Protection Regulation (GDPR EU 679/2016), for the data subject to become familiar with the terminology of the Regulation:
Personal Data: any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more physical factors; physiological, genetic, mental, economic, cultural or social identity of that natural person. The concept of personal data does not include any anonymized data from which the individual cannot be identified.
“Sensitive” Personal Data – special categories: Personal data that are by nature particularly sensitive in relation to fundamental rights and freedoms require special protection, as the context of their processing could create significant risks to fundamental rights and freedoms. This personal data includes personal data revealing race, political opinions, religious or philosophical beliefs or trade union membership, as well as the processing of genetic data, biometric data for the purpose of uniquely identifying a person, data concerning health or data concerning a natural person’s sex life or sexual orientation.
Controller: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
Processor: the natural or legal person, public authority, agency, or other body that processes personal data on behalf of the controller.
Processing: any operation or set of operations which is performed on personal data or on sets of personal data, whether by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available; association or combination, restriction, deletion or destruction.
Authority: The Hellenic Data Protection Authority (HDPA).

2.Personal data processing purposes

The personal data provided to us by our employees, customers, and suppliers and any other – third parties are processed for the following purposes:

• for the purpose of providing (selling) our company’s products (computer programs and applications) as well as for the provision of our services (installation, configuration, maintenance, upgrade, etc.) to our customers.
• for the purpose of receiving services from our partners – suppliers.
• for the purpose of promoting products and services to existing and potential customers.
• for the purpose of searching, selecting and hiring employees to staff our company.
• for the purpose of legal employment, execution of employee payroll and payment of company partners’ fees.

The processing of personal data will be both automated and non-automated with the retention of a physical record.

3.Categories of Personal data We collect.

To serve the above processing purposes, our company may collect and keep for processing the following personal data, per category:

• for the purpose of providing (selling) our company’s products (computer programs and applications) as well as for the provision of our services (installation, configuration, maintenance, upgrade, etc.) to our customers, we collect and keep for processing: name or surname, registered office, address, landline phone, mobile phone, Tax Identification Number (TIN), Tax Office, credit and debit card details, bank account details, email addresses of persons responsible for communication and fulfillment of the commercial contract,
• for the purpose of receiving services from our partners – suppliers we collect and keep for processing: name or surname, registered office, address, landline phone, mobile phone, Tax Identification Number (TIN), Tax Office, bank account details, email addresses of persons responsible for communication and fulfillment of the commercial contract,
• for the purpose of promoting and promoting products and services to existing and potential customers, we collect and keep for processing: Name, address, contact phone, professional capacity, e-mail address,
• for the purpose of searching, selecting, and hiring employees to staff our company, we collect and keep for processing: Full name, father’s name, mother’s name, identity card number, address, landline and mobile phone, email address, marital status, studies, educational level, professional training and specialization, work experience, personal interview details, CV and any letters of recommendation.
• for the purpose of legal employment, the execution of employees’ payroll and payment of the company’s partners’ fees, we collect and keep for processing: full name, father’s name, mother’s name, identity card number, address, landline and mobile phone number, e-mail address, marital status, studies, educational level, vocational training and specialization, work experience, AMKA and social security details, VAT number, Tax Office, date of recruitment, salary, remuneration and allowances, bank account details, details of the health status of employees solely in cases of illness, for the calculation of legal leave, etc.

4.Rights of Personal Data Subjects

You may exercise the following rights in accordance with and within the limits set by the specific provisions of GDPR EU 679/2016:
The right to access your Personal Data. You have the right to be informed by our company about the type of your personal data it keeps, as well as the processing they undergo.
The right to rectification and erasure (the right to be forgotten). You have the right to correct any inaccurate information and the right to delete your data in case there is a legitimate interest in such deletion (articles 16-17 of Regulation 679/2016), with the express reservation of any overriding interest of the company or a legal obligation to retain personal data.
The right to restriction of processing. You have the right to request the suspension or restriction of the processing of your data when you have a legitimate interest in doing so, as provided for in Article 18 of Regulation 679/2016.
The right to portability. You have the right to receive your data in an easy-to-use and widely used storage, electronic medium and your right to request that such data be transmitted to other controllers (Article 20 of Regulation 679/2016).
The right to object. You have the right to object to the processing of your data when there is a legitimate interest in accordance with the terms and provisions of article 21 of Regulation 679/2016, including your right to object to any automated processing of your data and their processing for any marketing purposes.
The right to withdraw consent. You have the right to revoke the consent you have given to our company within the limits and provisions of the law.
The right to lodge a complaint with the competent supervisory authority. You can file a complaint with the Hellenic Data Protection Authority if you believe that your data has been unlawfully processed by our company.
You can exercise the above rights by filling in the form: “Form for the Exercise of Rights of the Subjects” and send it to our company in one of the following ways:

• By post to: “Sequence Unified Communications”, Alexandrias 6, P.C. 15354, Glyka Nera.
• By Email at: info@sequence.gr.

The relevant form can be found from the Secretariat of our company, upon your relevant telephone request, or by email.
You will not have to pay any fees to access your personal data or to exercise your above rights. However, we may charge you a reasonable fee if your request is manifestly unfounded or excessive, in particular due to its repetitive nature. Also, in such a case we may refuse to respond to your request.
The company will make every effort to respond to your above requests within one (1) month of their submission. In any case, if due to the complexity or volume of your requests a longer time is required, we will inform you accordingly.

5.Consent as the legal basis for processing

Where the collection of personal data is based on the consent of the data subject, Sequence Unified Communications is responsible for ensuring that data subjects give their consent freely, with affirmative action, explicitly and in full knowledge of the content of the text to which they consent. Also respecting the Regulation, our company provides data subjects with the ability to withdraw their consent at any time.
In case our company wishes to process collected personal data for another purpose, it must seek the consent of the data subjects in an explicit and specific written manner. Any such request must contain the original purpose for which the data was collected, as well as the new or additional purpose(s).

6.Basic principles & measures we apply while processing personal data

“Sequence Unified Communications” as controller strictly adheres to the data protection principles set out in Article 5 of the General Data Protection Regulation (GDPR EU 679/2016) and are briefly listed:
Legality, Objectivity and Transparency
“Sequence Unified Communications” processes personal data lawfully, objectively and transparently towards data subjects.
Limitation of Processing Purposes
Personal data is collected only for specific, explicit, and legitimate purposes and are not processed for any purpose other than those mentioned in paragraph 2 of this Policy.
Data minimization
“Sequence Unified Communications” collects and maintains only the personal data of the subjects referred to in paragraph 3 of this Policy and ensures that their retention is limited to what is strictly necessary in relation to the processing purposes. At the same time, it implements the appropriate technical and organizational measures in order to achieve the above objectives.
Accuracy
The personal data maintained by “Sequence Unified Communications” is accurate and up to date. Actions are taken to ensure that personal data that are inaccurate, in relation to the purposes for which they are processed, are erased or corrected within a reasonable time and in any appropriate and valid way.
Storage Limitation
Personal data is kept for no longer than is necessary for the purposes for which “Sequence Unified Communications” processes them. Indicatively, we mention conditions and conditions for determining the retention time of personal data such as: the satisfaction of legal, accounting or tax – information requirements and obligations, as well as for the possible fulfillment of duties performed in the public interest, or where it may be necessary to protect and safeguard the legitimate interests of the company in relation to possible liability related to the provision of our services. In some cases, we may take technical measures to anonymize personal data so that it can no longer be associated with you and cannot be identified, for statistical purposes, in which case we may use this information for an indefinite period without further notice to you.
Integrity and Confidentiality
Taking into account the technological level and other available security measures, the cost of implementation, as well as the likelihood and severity of risks to personal data, our company uses appropriate technical and organizational measures to process Personal Data in a way that guarantees the appropriate security of personal data and their protection against accidental destruction,  loss, damage, unauthorized or unlawful processing.
Accountability
“Sequence Unified Communications” bears the responsibility and is able to demonstrate compliance with the General Data Protection Regulation to the competent Personal Data Protection Authority (HDPA).

7.Recipients of personal data

Personal data may be processed by natural and/or legal persons, established inside and/or outside the European Union, acting in the name and on behalf of the company on the basis of specific contractual obligations. Furthermore, the transfer of personal data will take place only in the context of compliance with legal obligations, in the context of the execution of an order of public authorities and in the context of the exercise by the company of its rights before judicial and administrative authorities.

8.Transfer of personal data outside the European Union

As part of our contractual obligations, the company may also transmit and disclose personal data to countries outside the European Union, expressly including storing them in databases managed by entities acting on behalf of the company. The management of databases and the processing of personal data will always be carried out within the framework of the processing purposes referred to in paragraph 2 of this Policy and in accordance with the applicable law on the protection of personal data.

9.The Data Controller

The Data Controller is the company “Sequence Unified Communications”.

10.Amendments – Update

This Personal Data Protection Policy may be amended by following changes in the applicable legislation, or by incorporating newer principles and directives for compliance with the GDPR EU 679/2016, as officially announced by the Hellenic Data Protection Authority in our country. Please check our Company’s Personal Data Protection Policy at regular intervals and especially before providing any new personal data for any changes.

11.Communication

If, after being informed about our policy, you have any questions or need any clarification regarding the processing of your personal data by our company, please send your message to our email address info@sequence.gr and we will be happy to answer you.

Date of last update: September 2023