Privacy Policy

For the Website Users www.esgforall.com
Publication date: October 2024

Notification for the Processing of Personal Data

(Articles 13, 14 of Regulation (EU) 2016/679)

The Company called as “GLOBAL SUSTAIN TECHNOLOGIES ANONYMI ETAIRIA” with the distinctive title “GLOBAL SUSTAIN TECHNOLOGIES S.A.”, with GEMI registration number 172454201000, having its registered office at 11, Amfitheas str., P.C. 17122, N. Smyrni, Attica, Greece (hereinafter called as the “Company”), handles with responsibility and as a matter of fundamental importance the issues of processing personal data and privacy and complies with Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and the repealing of Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as “GDPR”) and the relative Greek legislation.

 

Considering the above, we provide you with this Notification according to Articles 13, 14 of the GDPR, in order to inform you about the way we collect and process your personal data in terms of your browsing experience on our Company’s website www.esgforall.com, and for every website or online application of the subsidiaries of SoftOne Group, as well as for every service or function provided by us or provide a connection to us.

 

  1. Controller

The Controller for the collection of your data and their processing is the Company, as defined above. That means that the Company determines the purposes and means of processing your personal data, in accordance with the GDPR and the data protection legislation in general.

 

  1. Sources of personal data collection

The Company collects your personal data directly from you and not from third parties. Your personal data is being provided in terms of your visit on the website. In order to serve the above purposes and to fulfill the service that you, as a user, have requested, it is deemed necessary to provide us with the following personal data, otherwise it will be impossible to provide the service.

 

  1. Processing of personal data and legal bases

The following table lists the purposes of processing of personal data collected by the Company for the above-mentioned purposes, the categories of the data collected, as well as the legal basis for such processing.

 

Purpose of Processing

Personal Data

Legal Basis of Processing

Visit and Communication through the website

Personal details (name, surname), contact details (phone number, e-mail), message subject and content and cookie data.

Art.6 par.1 (f) – processing is necessary for the purposes of the legitimate interests pursued by the Company and in particular the corporate communication and the promotion of corporate purposes.

Communication for free trial of a product

 

Personal details (name, surname), contact details (phone number, e-mail), business’s details (trade name, number of employees), and cookie data.

Art.6 par.1 (f) – processing is necessary for the purposes of the legitimate interests pursued by the Company and in particular the corporate communication and the promotion of corporate purposes.

Newsletter subscription

Personal details (name, surname), contact details (phone number, e-mail) and cookie data.

Art.6 par.1 (a) – processing takes place only following the user’s prior consent.

Social Media

Login credentials and cookie data.

Art.6 par.1 (f) – processing is necessary for the purposes of the legitimate interests pursued by the Company and in particular the corporate communication and the promotion of corporate purposes.

 

  1. Disclosure to third parties and recipients

 

For the purposes described in paragraph 3, your personal data may be available to outsourcing services providers or public authorities.

In certain cases, depending on the nature of the request we receive, it may be necessary for your personal data to be transferred to third countries. This transmission will be made in full compliance with the special provisions of GDPR and after taking appropriate organizational and technical measures to protect and secure your personal data.

  1. Security

The Company shall process your personal data in a manner that ensures its protection by taking all appropriate organizational and technical measures for data security and its protection against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access and any other form of illicit processing.

 

  1. Subjects’ rights

This section presents your rights with respect to your personal data. These rights are subject to certain exceptions, reservations or limitations. Please submit your requests responsibly. The Company will respond as soon as possible and in any case within one (1) month of receipt of the request. If the review of your request is going to take longer, you will receive relevant information. To exercise your rights, you can contact us on the following email-addresses: dpo@softone.gr, gdpr@drakopoulos-law.com .

 

The Company ensures the exercise of your rights:

6.1. The right to information

You have the right to request and receive clear, transparent and easily understandable information about how we process your personal data in accordance with the Company’s policies and procedures.

 

  • The right to access

You have the right to access your personal data free of charge, in accordance with the relevant policies and procedures of the Company, with the exception of the following cases where there may be a reasonable charge to cover the administrative expenses of the Company:

  • manifestly unreasonable or excessive / repeated requests, or
  • additional copies of the same information.

 

  • The right to rectification

You have the right to ask for your personal data to be corrected if it is inaccurate or incomplete, in accordance with the relevant policies and procedures of the Company.

 

  • The right to erasure («to be forgotten»)

You have the right to request the deletion or removal of your personal data when it is no longer necessary for the purposes collected or there is no legitimate reason to continue processing it in accordance with the Company’s policies and procedures. The right of deletion is not absolute, to the extent that there is a particular legal obligation or other legitimate reason for the retention of your personal data by the Company.

 

  • The right to restriction of processing

In some cases, you have the right, in accordance with the relevant policies and procedures of the Company, to restrict or remove further processing of your personal data. In cases where processing has been restricted, your personal data remains stored, without further processing.

 

  • The right to data portability

You have the right to request your personal data, which you have provided us with in a structured, commonly used and machine-readable format, and to transfer that data to another controller in accordance with the relevant policies and procedures of the Company.

 

  • The right to object

You have the right to oppose, at any time and for reasons related to your particular situation, to the processing of your personal data based on Article 6 (1) (f) of the GDPR (processing for reasons of lawful interest of the Company), on the basis of that provision. In such a case, the Company as controller will no longer submit the personal data unless it demonstrates imperative and legitimate reasons for processing that override the interests, rights and freedoms of the subject, or the filing, exercise or support legal claims.

 

  • The right to withdraw your consent

You have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

 

  • Rights on automated decision-making mechanisms

The Company does not make automated individual decision-making, including profiling.

 

6.10 How to exercise the right

The exercise of the aforementioned rights takes place with the submission of a written application to the Company in accordance with its policies and procedures. The Company reserves the right to reply no later than one month after receiving the request, in accordance with the terms of the GDPR.

 

  1. Retention period for personal data

For each category of personal data, the Company determines the retention period in accordance with the provisions of the law and its policies and procedures.

  1. Company’s Data Protection Officer

For any matter related to the procession of personal data and the current notification, please contact with the

 

Company’s DPO

DRAKOPOULOS LAW FIRM

Telephone

(+30) 210 6836561                

e-mail:

gdpr@drakopoulos-law.com

 

  1. Contact of the Data Protection Authority

 

For further information and advice on your rights or to submit a complaint, you may contact the Hellenic Data Protection Authority at 1-3, Kifissias str., P.C. 115 23, Athens, Greece, Tel: +30 210 6475600, Fax: +30 210 6475628, email: contact@dpa.gr .

  1. Amendments of the present Notice

We aim to review and keep up to date the present Notice in order to comply with privacy laws and new developments. Any updates to this Notice will be communicated to you immediately.