Data Protection Policy

 

DATA PROTECTION POLICY

 

1. Introduction

Doxiadis Associates was founded in 1951 by the noted architect Constantinos A. Doxiadis. Since its establishment, the firm has grown from a small group of architects and engineers to a large consulting organization of international scope.

Its activities span the whole spectrum of development, with special emphasis on addressing the problems of human settlements. The projects undertaken and successfully completed by Doxiadis Associates are estimated to have helped in improving the living conditions of over Two Hundred Million of people worldwide.

Today Doxiadis Associates is providing quality services in the following fields of specialization:

• Regional and Urban Planning
• Architectural, Structural, E&M
• Airport Projects
• Port Projects
• PPP / Concession Projects
• Transportation and Traffic Management Projects
• Surveying Engineering - Geographical Information Systems
• Hydraulic Projects
• Project / Construction Management and Supervision
• Geotechnical Surveys and Design
• Forest and Environmental Studies

The protection of our customers’ or business partners’ personal data is of primary importance for Doxiadis Associates. That is why we are taking all appropriate steps to protect the personal data we process as well as to ensure that their processing is always carried out in accordance with the obligations laid down by the applicable legal framework, both by the Company itself and by third parties that process personal data on its behalf.

Doxiadis Associates SA, based in Athens(174 Mesogeion Avenue, 15561, Cholargos) email: doxiadis@doxiadis.com website: www.doxiadis.com,  would like to inform the public that it processes the personal data of data subjects in accordance with the national laws applicable to its establishment as well as with the European Regulation 2016/679 on the protection of individuals with regard to the processing of their personal data and on the free movement of such data (General Data Protection Regulation, hereafter referred to as “the Regulation“) as is in force.

For any matter relating to the processing of personal data, you may directly contact Doxiadis Associates by e-mail on gdpr@doxiadis.com.

2. Type of personal data we process

Doxiadis Associates processes personal data related to (i) its customers, (ii) its business partners, (iii) and job applicants. Moreover, the Company processes personal data related to data subjects in cases where such data are transmitted to the Company by third party Companies and/or Organizations, including EU Institutions, public organizations, bodies or agencies, banking institutions and private enterprises, in the context of execution of various data processing contracts and/or subcontracts.

Personal data processed by Doxiadis Associates include the name, email address, telephone number, contact details, professional experience and education and might also include Date of Birth, Nationality, Bank Account information, National Identification Number and/or Passport number, VAT number etc. of data subjects falling within the aforementioned categories.

3. Purpose of processing and how we use your personal data

In the context of Design and Consulting Services Delivery, Doxiadis Associates does not systematically process personal data of natural entities or persons as a data Controller except in cases where the Company processes CVs’; data for the purposes of personnel recruitment or formulating teams for participation in a tender. There are however cases in the same context where Doxiadis Associates is engaged in processing activities on behalf of a data Controller for reasons of performing a project contract assigned to it by the latter. Under such conditions, any information referring to the purposes and means of processing, the personal data subjected to processing and the data retention periods, is solely determined by the specific Controller according to the scope of the associated project contract and therefore varies depending on the particular characteristics of each project. Doxiadis Associates’s processing activities are governed by the scope, terms and conditions of the specific agreement and are made in accordance with the written instructions provided by the Controller to the extent they are compatible with respective obligations imposed by the applicable legislative framework at a national and/or EU level. In such cases Doxiadis Associates acts under the capacity of a data Processor and performs its tasks in accordance with applicable legislation thereon.

Doxiadis Associates Data Protection Policy is publicly available at the Company’s site  www.doxiadis.com ).

4. The reasons for processing your personal data

Legitimate reasons for lawful processing your personal information are:

1. the performance of a contract or the intention to award a contract, such as the execution of a work or the provision of services, in order to meet contractual obligations in that context.
   1. safeguarding and protecting both your and our legitimate interests.
   2. compliance with obligations and duties imposed by the law or administrative acts, including cases where it is required to file with public records or publish corporate acts and information related to a societe anonyme.
   3. the consent you provide under the specific conditions set forth in the applicable legal framework or on the basis of contractual relations or when contacting departments of our Company.
   4. the explicit disclosure by the data subject itself and the processing necessary to protect the vital interests of the data subject or other natural person (where the data subject is physically or legally incapable of granting consent) are the legitimate reasons for which we process any information provided regarding health data.

5. Personal data recipients outside the Company

Doxiadis Associates transmits personal data to third parties to whom the Company assigns processing of personal data on its behalf, remaining liable for such processing, while determining in writing under a specific contract the subject-matter of the processing, its duration, its nature and purpose, the type of personal data, the categories of data subjects, the rights and obligations of the Controller, in order to ensure that processing is carried out in accordance with applicable laws and that every individual is fully afforded with the rights provided for thereunder.

6. Transfers of personal data to third countries or international organizations

Personal Data processed by Doxiadis Associates may be transferred to third countries outside the EU or International Organizations, including countries that ensure a level of protection of personal data lower than that defined by the European Union and the GDPR framework. Transfer of personal data hereunder may take place on specific grounds such as compliance with regulatory obligations, preparation or submission of a project proposal, execution or performance of a contract, protection of a legitimate interest of the Company. In any case Doxiadis Associates ensures that such data transfer is compatible with the legal obligations of privacy and in line with protection standards and requirements set by the GDPR legal framework.

7. Data Retention

Data retention conditions are determined on the basis of the following specific criteria:

1. When processing is required as an obligation under applicable laws, your personal data will be stored for the period prescribed in the relevant provisions applicable to each case.
2. When processing takes place on a contractual basis, your personal data will be stored for the period necessary to ensure due performance of the contract and thereafter for the establishment, exercise, and / or defense of legal claims arising from the contract or as otherwise required by compulsory law.
3. When processing takes place for recruitment purposes, your personal data is retained until your consent is withdrawn. Such withdrawal may take place at any time without affecting the lawfulness of consent-based processing in the period prior to its withdrawal.
4. For marketing purposes, your personal data is retained until your consent is withdrawn. Such withdrawal may take place at any time without affecting the lawfulness of consent-based processing in the period prior to its withdrawal.

To withdraw your consent, you may directly contact the Company’s competent department by email to on gdpr@doxiadis.com.

8. Your rights with respect to your personal data

Any data subject whose data is being processed by the Company has the following rights:

• Right of access: You have the right to be aware and verify the legitimate nature of the processing. So, you have the right to access your personal data and receive additional information about how we process it.
• Right to rectification: You have the right to study, correct, update or modify your personal data by contacting us at the above contact details.
• Right to erasure (Right to be forgotten): You have the right to request deletion of your personal data when we process it on your consent or in order to protect our legitimate interests. In all other cases (such as, where there is a contract, obligation to process personal data legally required, or public interest), this right is subject to specific restrictions or shall not exist, as the case may be.
• Right to restriction of processing: You have the right to request a restriction of the processing of your personal data in the following cases: (a) when the accuracy of the personal data is contested and until the accuracy is verified (b) when you oppose the deletion of your personal data and request the restriction of their use instead, c) when personal data are not needed for processing purposes, they are however required for the establishment, exercise, or defense of legal claims, and (d) when you object to the processing and the decision on your objection to processing is pending.
• Right to object to processing: You have the right to object at any time to the processing of your personal data where, as described above, the processing is based on the legitimate interests we pursue as data Controllers, as well as, for the purposes of direct marketing and consumer profiling, if applicable.
• Right to data portability: You have the right to receive your personal data free of charge in a format that allows you to access, use, and edit them with commonly used editing methods. You also have the right to ask us, in case it is technically feasible, to transmit the data directly to another Controller. Your right to do so exists for the data you have provided to us based on your consent or for the execution of a relevant contract.
• Right to withdraw your consent: In cases where processing is based on your consent, you have the right to withdraw it without affecting the lawfulness of processing based on consent prior to its withdrawal

In order to exercise any of the above rights you may directly contact Doxiadis Associates by e-mail on gdpr@doxiadis.com , where we will respond to this request within 30 days.

• Right to lodge a complaint with the Supervisory Authority: You have the right to file a complaint with the competent Personal Data Protection Authority (www.dpa.gr ): Tel: +30 210 6475600, Fax: +30 210 6475628, e-mail: contact@dpa.gr

9. Security of Personal Data

Doxiadis Associates applies all appropriate technical and organizational measures to ensure safe processing of personal data and to prevent the accidental loss or destruction and unauthorized and / or illegal access to, use, modification or disclosure thereof. In assessing the appropriate level of security and in the process of selecting and implementing suitable technical and organizational measures, the Company takes into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing, as well as the risks that are presented by processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data transmitted, stored or otherwise processed, and additionally, the risk of varying likelihood and severity for the rights and freedoms of natural persons.

 

 

Document Revision: 01, Date: September 2022