Data controller
Cosmote Global Solutions NV, with its registered office at Leonardo da Vincilaan 19, 1831 Machelen, Belgium registered with the Crossroads Bank for Enterprises under n°0700.928.037, register of legal entities Brussels, (“COSMOTE”) is the controller for the Processing of your Personal Data.
COSMOTE (also referred to with “we”, “us”, “our”) will respect the protection of your personal data in accordance with the requirements of the General Data Protection Regulation (“GDPR”) and of any local data protection laws (if applicable). ) This Privacy Policy applies to you when you use our website, when we provide you with certain services, when we answer to your e-mail correspondence or any of your requests (via mail/phone) or when we send you marketing communications.
We also have a specific privacy policy in place with respect to applicants. If you consider applying for any job opportunity with COSMOTE or if you have applied but not yet received our specific privacy policy, please request this specific privacy policy for applicants via e-mail to info@cosmote-gs.com .
Definitions
'Personal Data' means any information relating to you, as an identified or identifiable natural person. You can be identified, directly or indirectly, in particular by reference to identifiers such as your name, an identification number, location data, an online identifier or to one or more factors specifically relating to your physical, physiological, genetic, mental, economic, cultural or social identity.
'Processing' means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Personal Data
The following data might be processed:
• identification data: name, first name, language, civil status, date of birth, place of birth, nationality, title, gender etc.
• contact details: mail address, direct line / mobile phone, e-mail, etc.
• Marketing preferences
• Browsing and device usage information such as IP address.
We do not process special categories of personal data (also known as sensitive personal data).
Purposes and lawful basis
We use your personal data for a number of different purposes. We are required by law to always have a permitted reason or justification (called a “lawful basis”) for Processing your Personal Data. There are six such permitted lawful bases for Processing Personal Data.
We process your data for the following purposes:
• Responding to your enquiries;
• Establishing you/your organisation as a client on our systems;
• Providing you/your organisation with certain of our services;
• Hosting you at our offices for a meeting or event;
• Communicating promotional messages that interest you;
We rely on the following lawful basis for that Processing:
• Your consent, if this has been requested from you and you provided this. You can revoke your consent at any time. This revocation only affects the future and does not affect the lawfulness of the Processing that took place until the moment of revocation.
• Necessary for us to take steps to potentially enter into an agreement you, or to perform it.
• Necessary to comply with a legal obligation: we are subject to certain legal obligations.
• When required based on a legitimate interest of COSMOTE. In this case, it shall always be made clear to you and the Processing of Personal Data shall be done in a proportional manner.
Please note that where we indicated that the Processing of the Personal Data is either:
• necessary for us to comply with a legal obligation; or
• necessary for us to take steps to potentially enter into an agreement, to perform it
or to answer upon a request from you,
and you choose not to provide the relevant Personal Data, COSMOTE may not be able to enter into an agreement with you or to further engage with you.
Sharing and transfer of your Personal Data
Since COSMOTE is part of a group of companies, we will sometimes need to transfer your personal data to recipients in jurisdictions other than your own. It might be possible that we will need to share Personal Data with other companies of our group such as Hellenic Telecommunications Organization S.A. and/or COSMOTE Mobile Telecommunications S.A. (both entities are located in Greece and apply with GDPR) for our general business and workforce management purposes: to meet client needs where working across offices/locations, for line management, authorizations/approvals with relevant decision makers, parental reporting and where systems and services are provided on a shared basis.
We also ask third party service providers to carry out certain business functions for us. These might include IT support, cloud platform and data hosting providers who help us with the operation of our website, workflow management systems; professional advisors (such as third party law firms and accountants) and other third parties in connection with our legitimate business activities. We will have in place an agreement with our service providers which will restrict how they are able to process your Personal Data and impose appropriate security standards on them. These companies may use your Personal Data as a data controller, meaning that they might have their own privacy policy applying to you which we recommend you should read.
If we would provide certain Personal Data to jurisdictions which may not provide the same level of protection (e.g., outside the European Economic Area, to the United Kingdom), we will only make such transfer if:
• that country ensures an adequate level of protection for your Personal Data;
• the recipient or recipient country is subject to an approved certification mechanism or code of conduct with binding and enforceable commitments which amount to appropriate safeguards for your personal data;
• we have put in place appropriate safeguards to protect your personal data, such as a contract with the person or entity receiving your Personal Data which incorporates specific provisions as directed by the European Commission;
• the transfer is permitted by applicable laws; or
• you explicitly consent to the transfer.
In case of whole or partial reorganization or cession of COSMOTE’s activities, whereby COSMOTE reorganizes, transfers, ceases her business activity or in case COSMOTE goes bankrupt, your Personal Data may be transferred to new entities or third parties. In such case, COSMOTE will try, if possible, to inform you beforehand of the fact your Personal Data might be transferred to a third person, but you must be aware of the fact that this is not always possible.
Duration of storage of Personal Data
We will only retain your Personal Data for a limited period of time, and for no longer than is necessary for the purposes for which we are processing it for. This will depend on a number of factors, including: (i) any laws or regulations that we are required to follow; (ii) the type of information that we hold about you; (iii) whether we are in any type of dispute with each other or any third party; and (iv) whether we are asked by you or a regulatory authority to keep your Personal Data for a valid reason.
Data security and integrity
COSMOTE has reasonable security policies and procedures in place to protect Personal Data from unauthorized loss, misuse, alteration, or destruction. Despite our best efforts, we cannot be absolutely guaranteed against all threats. To the best of our ability, access to your Personal Data is limited to those who have a need to know. Those individuals who have access to the Personal Data are required to maintain the confidentiality of such information.
Your rights
You have certain legal rights, which are briefly summarised in the table below, in relation to any Personal Data about you which we hold.
Your right | What does it mean? | Limitations and conditions of your right |
Right of access | Subject to certain conditions, you are entitled to have access to your Personal Data (this is more commonly known as submitting an “Access request”). |
If possible, you should specify the type of information you would like to see to ensure that our disclosure is meeting your expectations. We must be able to verify your identity. Your request may not impact the rights and freedoms of other people, e.g. privacy and confidentiality rights of other staff.
|
Right to data portability |
Subject to certain conditions, you are entitled to receive the Personal Data which you have provided to us and which is processed by us by automated means, in a structured, commonly-used machine readable format.
|
If you exercise this right, you should specify the type of information you would like to receive (and where we should send it) where possible to ensure that our disclosure is meeting your expectations.
|
Rights in relation to inaccurate personal or incomplete data |
You may challenge the accuracy or completeness of your Personal Data and have it corrected or completed, as applicable. You have a responsibility to help us to keep your personal information accurate and up to date.
|
Please always check first whether there are any available self-help tools to correct the Personal Data we process about you. This right only applies to your own Personal Data. When exercising this right, please be as specific as possible.
|
Right to object to or restrict our data Processing | Subject to certain conditions, you have the right to object to or ask us to restrict the Processing of your Personal Data. | As stated above, this right applies where our Processing of your Personal Data is necessary for our legitimate interests. You can also object to our Processing of your Personal Data for direct marketing purposes. |
Right to erasure | Subject to certain conditions, you are entitled to have your Personal Data erased (also known as the “right to be forgotten”), e.g. where your Personal Data is no longer needed for the purposes it was collected for, or where the relevant Processing is unlawful. | We may not be in a position to erase your Personal Data, if for example, we need it to (i) comply with a legal obligation, or (ii) exercise or defend legal claims. |
Right to withdrawal of consent | As stated above, where our Processing of your Personal Data is based on your consent you have the right to withdraw your consent at any time. | If you withdraw your consent, this will only take effect for future Processing. |
If you wish to exercise any of your rights please contact info@cosmote-gs.com in the first instance.
You also have the right to lodge a complaint with the Belgian Data Protection Authority. More information can be found on their website at www.dataprotectionauthority.be.
Miscellaneous
This Privacy Policy is governed by Belgian law.
If any part of this Privacy Policy is declared unlawful, void or unenforceable, that part will be considered divisible and interpreted in accordance with the applicable law. Such a condition shall not affect the validity and enforceability of the remaining provisions.
Amendments to this Privacy Policy
The latest updated version of this policy is always available on this website or on request via e-mail to info@cosmote-gs.com .
COSMOTE may change this privacy policy from time to time, for example, in response to new legislation, business developments or if we introduce new processing activities. We therefore invite you to always consult the most recent version of this policy on our website. It goes without saying that we will inform you in advance of any significant change in content via our websites or other commonly used communication channels, and will ask for your prior consent for our (new) processing activities when the law requires this. The date of the version indicates when the latest changes were made.
Last updated: February 2021