TÜV HELLAS SECURITY AND PERSONAL DATA PROTECTION POLICY

TÜV HELLAS (TÜV NORD) SA, hereinafter referred to as "Company," as a distinguished and international Certification & Training Organization, attaches great importance to the lawful processing, security and protection of your personal data, in whatever capacity you cooperate with or communicate with us (as Candidates or active Clients, Partners, Trainees, Suppliers, Employees, Individuals, Website Visitors, or Generally Associated Third Parties with our Organization).

Please read carefully these terms and our Company's SECURITY AND PERSONAL DATA PROTECTION POLICY. By using our web sites and signing the relevant consent statement, you unreservedly accept the practices described herein and whose terms govern the contractual relationship between us and are incorporated into the terms of use of each of our services.

1. What is (your) personal data

You can generally visit the pages of TÜV NORD without us requiring your personal data.

Personal data is only acquired if you provide us with the data, for example, when registering, participating in a survey, or concluding a contract.

2. What personal data we collect

For example, we process and protect your personal data in accordance with the law, and in accordance with the relevant Legislative & Regulatory Framework for Certification / Training Bodies, Collection of Data from Certification / Inspections / Audits / Training, within Marketing and within the framework of your communication / support / information and any other activity of our Company.

3. Processing with your explicit consent

Our Company will use your information for the following legitimate purposes of processing within the framework of the Contract between us or if you have given us your explicit and specific consent per service (which you can freely revoke at any time), namely:

  • For managing your data & information within our Certification / Inspection / Audit / Training Services 
  • To support / inform you about our Company's services / projects / answer your requests and queries as well as update and respond to your suggestions and comments on improving our services.
  • For "internal" assurance of the quality of our services
  • For analyzing website traffic and improving your experience and providing you with information on services, training programs, general / technical information, etc.
  • For internal operations and analysis such as internal management, fraud prevention, use of management, pricing, accounting, billing and control information systems. In any case, you can change your preferences at any time using the write-off link at the end of each email you receive from us. 

4. What are the principles of collection and processing

This Privacy Policy is intended to inform you of the terms of collection, processing and transmission of your personal data that we may collect as Responsible for processing (Controller) or Performing the processing (Processor). Our Company and its trained staff apply the ten Principles for the Processing of GDPR 2016/679 (lawfulness, fairness, transparency, purpose limitation, data, data minimization, accuracy, storage limitation, integrity, confidentiality and accountability).

Our Company protects and safeguards your eight Rights (information, access, correction, deletion, processing limitation, portability, opposition, and non-automated decision-based profiling, as specified in the GDPR and Greek legislation). The above applies without any discrimination and to all the processes and to all the services provided by our Company.

5. What are the ways of collecting your personal data

Our Company collects your personal data with your consent and acceptance of the terms of use of each of our services, such as:

  • when you dial our numbers, when you send us an email or fill out a request for information / service offer / enrollment in an Educational program.
  • in the framework of the implementation of Inspections / Audits / Certification / Training
  • when you send us the postal address for issuing or sending an invoice or proof of service and delivery details of a document (eg a Certificate).
  • when you voluntarily subscribe to printed or electronic directories to receive printed, electronic or SMS informational material or other marketing material or renew these preferences
  • when you visit our web pages through which we collect, through cookies, the necessary information from your terminal device and your browser. 

6. Minimize, save and delete your data

Our Company will always ask you for the minimum required personal data for the implementation of our Services and your best possible service. Our Company retains your personal data only for as long as is required by the contractual terms of each service, in combination with the applicable for Certification / Training Bodies, as well as the general telecommunications, tax and other legislation and Regulatory Framework, on the basis of the purpose processing and then anonymizes or destroys them. You may ask us to know what data we collect about you and correct or delete it unless it is required by law for fiscal, evidentiary or judicial purposes and for prosecuting illegal acts.

7. Cookies Policy

In compliance with the relevant European Directive E-Privacy 2009/136 (soon to be replaced by a Regulation), our website (www.tuv-nord.com/gr) uses "cookies". Cookies are web-based "tools" to collect and analyze information from third party partner sites or social networking platforms in order to measure traffic, improve the functionality, content and overall appearance of our website and adapt to the needs of our customers.

By using our site, you agree (opt-in) to processing your personal data collected from search engines or social networks, such as Google Analytics, Facebook social plug-ins, Google+, etc. (which are not subject to any involvement, influence or control by our Company) and which are transmitted either inside or outside the European Economic Area (28 EU Member States plus Iceland, Liechtenstein and Norway), for which those third parties are solely responsible.

If you do not want third parties such as Google, Facebook, Twitter, etc. to receive information from your browser, when you visit the Company's websites, you can opt-out by choosing the appropriate option provided by the Usage Policy on the site of any such third party part.

Although most browsers automatically accept the use of cookies, you can always change the settings on your computer by choosing not to accept cookies, or asking you to accept each one of them separately. However, you should know that this will limit the range of browsing features available to you on any website.

8. Transmit your data to third parties

Our Company does not pass on, your personal data to third parties unless it is clearly required by the Legislation / Regulatory Framework or when we act as 'intermediaries' and to the extent that this is required to complete our service and to fulfill requests regarding on behalf of our services

Such third parties may be official Surveillance / State Agencies (e.g. Hellenic Accreditation System , Hellenic Data Protection Authority etc.) and / or the TÜV NORD Group when we are required to comply with legislation / regulations for Certification Bodies / Training and / or to prevent and to the detriment of our Customers, acts of unlawful interference (e.g. fraud, abuse, insulting personality, etc.).

In the Company we select trusted Affiliates and we endeavor to place contractual limitations on third parties who may receive your personal data in order to ensure as far as possible that they use them in accordance with this Policy and the applicable data protection laws in Europe and internationally.

In order to process your data, we may need to transfer your information to other countries, including countries basically inside and exceptionally outside the European Economic Area (EEA), on the basis of EU competence decisions, company binding rules, standard contracts and approved codes of conduct.

9. Security of your personal data

In any case, we take the appropriate technical and organizational measures to ensure that your personal information is transferred, stored and processed in accordance with the appropriate security standards and procedures and in accordance with the terms of this Policy and the applicable data protection laws.

We have trained and responsible Personnel and we recognize the importance of protecting privacy and all your personal information. To this end, we have appointed a Data Protection Officer (DPO), we have appropriate security policies and we use the appropriate technical and operational tools such as anonymization, pseudonymization, data encryption, firewalls, access levels, authorized employees, staff training, periodic inspections) and compliance with international security standards and business continuity.

Any partner who has access to the above information uses them to serve the above purposes only. We share the information you give us only in the ways described in this Policy and in accordance with your express and specific consent by type of processing that you can at any time and free to recall by contacting us.

10. View targeted ads

We may use your personal information along with other information we have collected (basic contact information such as Name / Company / Telephone / Address / email), following human intervention by our Commercial Department or other Executives, to perform, for your own better information / information, relevant Marketing promotions (emails, newsletters etc.).

However, we do not use automated tools to track and evaluate your consumer profile and general preferences with other personal information (such as your email address) to run ads or send you personalized offers. In addition, we do not share your personal information with third parties so that they may be able to send you relevant ads, unless you have explicitly consented to them If you wish to stop sending updates or promotions, you can use the unsubscribe link at the end of the email you received from us.

11. Links to third party websites

Our Company sites may contain links to other third party websites, independent agencies, such as, for example, consultancy or related service companies that are operated and maintained exclusively by them and which we do not control as we mentioned above. Therefore we do not bear any responsibility for the content, actions or policies of these websites. Please read carefully the corresponding data protection policies on the different websites you visit, as they may differ significantly from ours.

12. Unsolicited commercial communication

Our company does not allow the use of our website or our services for the transmission of mass or unwanted commercial email messages (spam). We also do not allow messages to and from our Clients that use or contain invalid or altered headings, invalid or non-existing domain names, techniques to conceal the origin of any message, false or misleading information or violate terms of use of web pages.

We do not permit in any way the collection of email addresses or general information of our customers and subscribers through our website or our services. We do not permit or authorize any attempt to use our services in a manner that could harm, deactivate, burden any part of our services, or prevent anyone wishing to use our services.

If we believe that any unauthorized or inappropriate use is made of any of our services, we may, without notice, in our sole discretion, take appropriate steps to block messages from a particular domain, a server emails, or an IP address. We have the ability to immediately delete any account that makes use of our services, which at our absolute discretion broadcasts or is associated with the transmission of any messages that violate this policy.

13. Name and address of the Data Protection Officer

If you have any questions or comments about this Privacy Policy or if you believe we have not followed the principles set out in this Privacy Policy, please email at tuvhellasdpo@tuv-nord.com.

TÜV HELLAS (TÜV NORD) Data Protection Officer

Mr Michalis Alexiou (MSc Computer Systems Engineer)

[Address] 282, Mesogeion Av.,155 62 Cholargos,Athens, Greece

[Telephone] + 30 215 215 7449

[Email] malexiou@tuv-nord.com

14. Security and Personal Data Protection Policy

This Policy was published by our Company on 25/05/2018 and is subject to periodic improvement and review. Any changes to this Policy will apply to the information collected from the date of publication of the revised version and to the existing information we hold. The use of the site after publishing changes implies acceptance by you of these changes.