Table of Contents

Introduction

Moore Stephens Chartered Accountants S.A (hereinafter Moore Greece) is committed to safeguarding the integrity and safety of your personal data. We promise to respect any personal data you provide to us and keep it safe. We aim to be transparent when we collect and process your personal data by putting your rights and freedoms first.

This Privacy Policy outlines the categories of personal data we obtain, the reasons why we process them, the way in which these personal data are processed, the legal basis on which the processing is based, your rights, as well as any transfers that we may make of them.

We truly hope that this Privacy Policy is presented to you in a transparent, eligible way and that you are able to clearly understand what exactly occurs to your data. Nevertheless, we also provide our contact details for you to get in touch in case you have any questions about your personal data, which we will aim to address as soon as possible.

Please keep in mind that this Privacy Policy will be updated from time to time in order to keep with all developments in the field of privacy and data protection.

Contact Details

You can find below the contact details of our business:

  1. Business Name: Moore Stephens Chartered Accountants S.A
  2. Registered Seat: Akti Miaouli 93, 185 38 Piraeus, Greece
  3. Telephone Number: +30 2130186100
  4. Contact us: please click here

In case you have any queries regarding the processing of your personal data, please do not hesitate to contact us either via the Contact Page or telephone number.

Definitions

Personal data: Any information relating to an identified or identifiable individual; an identifiable individual is one who can be identified, directly or indirectly, in particular by reference to an identifier.

Special Category of data: A person’s personal data relating to his racial or ethnic origin, his or her political opinions, his religious or philosophical beliefs, his involvement in a trade union, his health, his social welfare, his personal life, criminal prosecutions and convictions, as well as participation in such unions.

Processing: Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, listing, organizing, structuring, storing, adapting or altering, retrieving, searching for information, use, dissemination or any other form of disposal, association or combination, restriction, deletion or destruction.

Data Subject: The individual whose data are subjected to processing.

Data Controller: An individual or legal entity, public authority, agency or other body which determines the purposes and means of the processing of personal data.

Data processor: An individual or legal entity, public authority, agency or other body which processes personal data on behalf of the controller.

Recipient: A natural or legal person, public authority, agency or another body, to which the personal data are disclosed.

Consent: Any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies to the processing of personal data relating to him or her.

Personal Data Breach: A breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.

Supervisory Authority: An independent public authority which is established by a Member State and is responsible for overseeing data protection laws and regulations.

Principles of Processing

Moore Greece, as a Data Controller processes personal data in accordance with the following principles and in compliance with the requirements of the GDPR:

Lawfulness, Fairness, Transparency: Personal data is processed lawfully, fairly and in a transparent manner.

Purpose Limitation: Personal data is collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.

Data Minimization: Processing relates to data that is adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed.

Accuracy: Personal data is accurate. Every reasonable step is taken to ensure that any personal data that are inaccurate are rectified without delay.

Storage Limitation: Personal data is kept in a form which permits identification of data subjects for no longer than is necessary for the purposes and scope of processing. However, in some cases Moore Greece may hold the personal data for longer periods in order to comply with its legal obligations.

Confidentiality and Integrity: Personal data is processed in a manner that ensures appropriate security, including protection against unauthorized and unlawful processing, access, loss etc.

Accountability: Moore Greece complies with transparent data protection processing and adheres to its legal obligations in relation to data protection and privacy

Processing and Categories of Personal Data

The personal data we collect from you is limited to what we consider necessary.

Your consent will be obtained in order to process your personal data during the registration process. The said data will be used exclusively to provide you with the user account. The legal basis for the aforementioned processing will be the consent given by the Data Subject.

In detail, the personal data we collect for such processing are the following:

  1. Contact Details (Name, Surname, email address)
  2. General Information (Occupation, Company’s details)

Υour personal data is retained until your consent is withdrawn. All you have to do is contact us and inform us that you are revoking your consent. Withdrawal of consent does not affect the legality of consent-based processing in the period before its revocation.

Τhe opening of the user account initiates a contractual relationship (acceptance of the Terms and Conditions) with us and therefore the processing of the aforementioned personal data is also necessary for the performance of the contract or is necessary in order to take steps at the request of the data subject prior to entering into that contract.

We also process specific personal data, such as your browser or your IP address, due to our website use of cookies.(click on this)

This processing, which makes our website more user-friendly, secure and efficient, is deemed necessary to perform a contract, insofar as specific cookies are used to collect data to initiate or process contractual relationships.

If this processing does not serve to initiate or process a contract, our legitimate interest lies in improving the functionality of our website. Such processing is deemed necessary for the purposes of the said legitimate interests, pursued by us or by a third party, except where such interests are overridden by your fundamental rights, interests or freedoms.

Third party cookies are used by the companies with whom we cooperate for the purpose of improving the security of our website.

More specifically, we use “Google reCAPTCHA” (hereinafter “reCAPTCHA”) on our websites to check whether the data entered on our website (such as on a contact form) has been entered by a human or by an automated program (click on this). reCAPTCHA evaluates information, such as your IP address. This service is provided by Google Inc.

Our legitimate interest lies in protecting our site from abusive automated crawling and spam and therefore provide an appealing and user-friendly homepage. Thus, this processing is necessary for the purposes of our legitimate interests, pursued by us or by a third party, except where such interests are overridden by your fundamental rights, interests or freedoms.

Additionally, due to technical reasons, the following data sent to us by your internet browser will be collected, especially to ensure a secure and stable connection. The server log files record:

The aforementioned data collected will be temporarily stored.

This processing provides an improved, stable, functional and secure website and therefore is deemed necessary for the purposes of our legitimate interests, pursued by us or by a third party, except where such interests are overridden by your fundamental rights, interests or freedoms.

Collection of Personal Data

You directly provide Moore Greece with most of the data we collect. We collect data and process data when you:

  1. Register online
  2. Use or view our website via your browser’s cookies
  3. Contact us via the Contact Page

Retention Period and Destruction of Personal Data

Moore Greece will only keep your personal data only for as long as is necessary to fulfil the processing purposes and provide its services to you. Depending on the processing of your personal data, we will not keep your data stored in our system longer than 5 years.

Once the retention period outlined above has passed, the personal data that we hold will be deleted.

Should the processing is based on our legitimate interests the data will be deleted within no more than thirty days, unless continued storage is required for evidentiary purposes. In which case, all or part of the data will be excluded from deletion until the investigation of the relevant incident is finally resolved.

Personal Data Transfers

As a general policy, we do not send your personal data to any third party without first informing you about it, explaining you the reason for the intended transfer and requesting your consent. However, we may need to disclose your personal data in order to comply with a legal obligation.

Awareness and Education of Employees

Moore Greece educates its employees on matters of data protection, either by training seminars or by informative emails, in order to build general awareness of GDPR across the organization. Training programme is covering information on data protection generally and in areas that are specifically relevant to the business. This training programme is repeated on a regular basis for all employees to keep up with new developments on data protection.

Data Subject Rights

Right of Access

The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information:

  1. The purposes of the processing
  2. The categories of personal data concerned
  3. The recipients or categories of recipients to whom the personal data have been or will be disclosed
  4. The envisaged period for which the personal data will be stored
  5. The safeguards taken by the controller in relation to third country data transfers

Right to Rectification

The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her.

Right to Erasure

The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:

  1. The personal data are no longer necessary in relation to the purposes for which they were collected
  2. The data subject withdraws consent on which the processing is based
  3. The data subject objects to the processing and there are no overriding legitimate grounds for continuing such processing
  4. The personal data have to be erased in order to comply with a legal obligation

Right to Restriction of Processing

The data subject shall have the right to obtain from the controller the restriction of processing where one of the following applies:

  1. The accuracy of the data is contested by the data subject
  2. The processing is unlawful and the data subject opposes the erasure of the personal data
  3. The controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims
  4. The data subject has objected to processing and the verification of whether the legitimate grounds of the controller override those of the data subject is pending

Right to Data Portability

The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to the controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller, where:

  1. The processing is based on consent
  2. The processing is based on the contractual performance

Right to Lodge a Complaint

Without prejudice to any other administrative or judicial remedy, the data subject shall have the right to lodge a complaint to the Greek Data Protection Agency (www.dpa.gr) if the data subject considers that the processing of personal data relating to him or her infringes his rights under the General Data Protection Regulation.

Personal Data Breaches

In the event of a breach in the safety and integrity of your personal data, Moore Greece will take into account the following:

  1. Steps needed to limit the breach
  2. Assessment of the risk and its impact on individuals’ rights and freedoms
  3. Mitigating the damage
  4. Breach Notification, if required
  5. Privacy Impact Assessment and appropriate measures to avoid recurrence of the breach.

Are things unclear?

We truly hope that this Privacy Policy explained to you in a clear and eligible way the way we process your personal data.

However, if things are still unclear or if you have further inquiries you would like to make, please contact us and will be happy to address them.