Cosmote Global Solutions NV, with its registered office at Leonardo da Vincilaan 19, 1831 Machelen, Belgium registered with the Crossroads Bank for Enterprises under n°0700.928.037, register of legal entities Brussels, (“COSMOTE”) is the controller for the Processing of your Personal Data.
'Personal Data' means any information relating to you, as an identified or identifiable natural person. You can be identified, directly or indirectly, in particular by reference to identifiers such as your name, an identification number, location data, an online identifier or to one or more factors specifically relating to your physical, physiological, genetic, mental, economic, cultural or social identity.
'Processing' means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
The following data might be processed:
• identification data: name, first name, language, civil status, date of birth, place of birth, nationality, title, gender etc.
• contact details: mail address, direct line / mobile phone, e-mail, etc.
• Marketing preferences
• Browsing and device usage information such as IP address.
We do not process special categories of personal data (also known as sensitive personal data).
Purposes and lawful basis
We use your personal data for a number of different purposes. We are required by law to always have a permitted reason or justification (called a “lawful basis”) for Processing your Personal Data. There are six such permitted lawful bases for Processing Personal Data.
We process your data for the following purposes:
• Responding to your enquiries;
• Establishing you/your organisation as a client on our systems;
• Providing you/your organisation with certain of our services;
• Hosting you at our offices for a meeting or event;
• Communicating promotional messages that interest you;
We rely on the following lawful basis for that Processing:
• Your consent, if this has been requested from you and you provided this. You can revoke your consent at any time. This revocation only affects the future and does not affect the lawfulness of the Processing that took place until the moment of revocation.
• Necessary for us to take steps to potentially enter into an agreement you, or to perform it.
• Necessary to comply with a legal obligation: we are subject to certain legal obligations.
• When required based on a legitimate interest of COSMOTE. In this case, it shall always be made clear to you and the Processing of Personal Data shall be done in a proportional manner.
Please note that where we indicated that the Processing of the Personal Data is either:
• necessary for us to comply with a legal obligation; or
• necessary for us to take steps to potentially enter into an agreement, to perform it
or to answer upon a request from you,
and you choose not to provide the relevant Personal Data, COSMOTE may not be able to enter into an agreement with you or to further engage with you.
Sharing and transfer of your Personal Data
Since COSMOTE is part of a group of companies, we will sometimes need to transfer your personal data to recipients in jurisdictions other than your own. It might be possible that we will need to share Personal Data with other companies of our group such as Hellenic Telecommunications Organization S.A. and/or COSMOTE Mobile Telecommunications S.A. (both entities are located in Greece and apply with GDPR) for our general business and workforce management purposes: to meet client needs where working across offices/locations, for line management, authorizations/approvals with relevant decision makers, parental reporting and where systems and services are provided on a shared basis.
If we would provide certain Personal Data to jurisdictions which may not provide the same level of protection (e.g., outside the European Economic Area, to the United Kingdom), we will only make such transfer if:
• that country ensures an adequate level of protection for your Personal Data;
• the recipient or recipient country is subject to an approved certification mechanism or code of conduct with binding and enforceable commitments which amount to appropriate safeguards for your personal data;
• we have put in place appropriate safeguards to protect your personal data, such as a contract with the person or entity receiving your Personal Data which incorporates specific provisions as directed by the European Commission;
• the transfer is permitted by applicable laws; or
• you explicitly consent to the transfer.
In case of whole or partial reorganization or cession of COSMOTE’s activities, whereby COSMOTE reorganizes, transfers, ceases her business activity or in case COSMOTE goes bankrupt, your Personal Data may be transferred to new entities or third parties. In such case, COSMOTE will try, if possible, to inform you beforehand of the fact your Personal Data might be transferred to a third person, but you must be aware of the fact that this is not always possible.
Duration of storage of Personal Data
We will only retain your Personal Data for a limited period of time, and for no longer than is necessary for the purposes for which we are processing it for. This will depend on a number of factors, including: (i) any laws or regulations that we are required to follow; (ii) the type of information that we hold about you; (iii) whether we are in any type of dispute with each other or any third party; and (iv) whether we are asked by you or a regulatory authority to keep your Personal Data for a valid reason.
Data security and integrity
COSMOTE has reasonable security policies and procedures in place to protect Personal Data from unauthorized loss, misuse, alteration, or destruction. Despite our best efforts, we cannot be absolutely guaranteed against all threats. To the best of our ability, access to your Personal Data is limited to those who have a need to know. Those individuals who have access to the Personal Data are required to maintain the confidentiality of such information.
You have certain legal rights, which are briefly summarised in the table below, in relation to any Personal Data about you which we hold.
|Your right||What does it mean?||Limitations and conditions of your right|
|Right of access||Subject to certain conditions, you are entitled to have access to your Personal Data (this is more commonly known as submitting an “Access request”).||
If possible, you should specify the type of information you would like to see to ensure that our disclosure is meeting your expectations.
We must be able to verify your identity. Your request may not impact the rights and freedoms of other people, e.g. privacy and confidentiality rights of other staff.
|Right to data portability||
Subject to certain conditions, you are entitled to receive the Personal Data which you have provided to us and which is processed by us by automated means, in a structured, commonly-used machine readable format.
|If you exercise this right, you should specify the type of information you would like to receive (and where we should send it) where possible to ensure that our disclosure is meeting your expectations.
|Rights in relation to inaccurate personal or incomplete data||
You may challenge the accuracy or completeness of your Personal Data and have it corrected or completed, as applicable. You have a responsibility to help us to keep your personal information accurate and up to date.
Please always check first whether there are any available self-help tools to correct the Personal Data we process about you.
This right only applies to your own Personal Data. When exercising this right, please be as specific as possible.
|Right to object to or restrict our data Processing||Subject to certain conditions, you have the right to object to or ask us to restrict the Processing of your Personal Data.||As stated above, this right applies where our Processing of your Personal Data is necessary for our legitimate interests. You can also object to our Processing of your Personal Data for direct marketing purposes.|
|Right to erasure||Subject to certain conditions, you are entitled to have your Personal Data erased (also known as the “right to be forgotten”), e.g. where your Personal Data is no longer needed for the purposes it was collected for, or where the relevant Processing is unlawful.||We may not be in a position to erase your Personal Data, if for example, we need it to (i) comply with a legal obligation, or (ii) exercise or defend legal claims.|
|Right to withdrawal of consent||As stated above, where our Processing of your Personal Data is based on your consent you have the right to withdraw your consent at any time.||If you withdraw your consent, this will only take effect for future Processing.|
If you wish to exercise any of your rights please contact firstname.lastname@example.org in the first instance.
You also have the right to lodge a complaint with the Belgian Data Protection Authority. More information can be found on their website at www.dataprotectionauthority.be
The latest updated version of this policy is always available on this website or on request via e-mail to email@example.com .
Last updated: February 2021