Privacy Policy

General Statement

The implementation and effective application of the General Data Protection Regulation (GDPR) constitutes a core priority for PM-PARTNERS. PM-PARTNERS processes personal data in full compliance with the applicable European and national data protection framework.

Data Controller

  • Official Name: PM-PARTNERS
  • VAT Number: 800377548
  • Telephone: +30 210 6100111
  • Email: info@pm-partners.gr

PM-PARTNERS processes personal data, defined as any information relating to an identified or identifiable natural person who is alive. Such information may include, indicatively, name, residential address, identification number, Internet Protocol (IP) address, information relating to health or insurance status, employment status, and similar data.

Special categories of personal data—such as data revealing health status, racial or ethnic origin, trade union membership, political opinions, or similar—are subject to enhanced protection.

These rules apply to the collection, use, and storage of personal data, whether processed electronically or in physical form, provided that the data are maintained in a structured filing system.

This policy is fully aligned with the EU General Data Protection Regulation (GDPR) and the opinions and decisions issued by the Hellenic Data Protection Authority.

Terms and Definitions

  1. “Personal data” means any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to identifiers such as a name, identification number, location data, online identifier, or factors specific to physical, physiological, genetic, mental, economic, cultural, or social identity.
  2. “Processing” means any operation or set of operations performed on personal data, whether or not by automated means, including collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
  3. “Restriction of processing” means the marking of stored personal data with the aim of limiting their processing in the future.
  4. “Filing system” means any structured set of personal data accessible according to specific criteria, whether centralised, decentralised, or dispersed on a functional or geographical basis.
  5. “Controller” means the natural or legal person, public authority, agency, or other body that determines the purposes and means of the processing of personal data.
  6. “Processor” means a natural or legal person, public authority, agency, or other body that processes personal data on behalf of the controller.
  7. “Recipient” means a natural or legal person, public authority, agency, or another body to which personal data are disclosed, whether a third party or not. Public authorities receiving data in the context of a specific inquiry under Union or Member State law shall not be regarded as recipients.
  8. “Third party” means any natural or legal person, public authority, agency, or body other than the data subject, controller, processor, or persons authorised to process personal data under the authority of the controller or processor.
  9. “Consent” means any freely given, specific, informed, and unambiguous indication of the data subject’s wishes, expressed by a statement or clear affirmative action, signifying agreement to the processing of personal data.
  10. “Personal data breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data.
  11. “Special categories of data” mean personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, as well as genetic data, biometric data, health data, or data concerning sexual life or sexual orientation.

Categories of Personal Data Collected

In the context of its activities and normal operations, PM-PARTNERS may collect personal data relating to its clients, associates, employees, collaborators, suppliers, and other natural persons with whom it maintains a professional relationship.

Depending on the purpose and nature of the processing, PM-PARTNERS may process the following categories of personal data:

Categories of Data Subjects and Data

Clients
Data of natural persons or legal representatives of legal entities, including:

  1. Identity and demographic data
  2. Contact information
  3. Business-related data
  4. Contractual data
  5. Account balances
  6. Bank account details
  7. Other relevant information

Suppliers / Contractors
Data of suppliers or legal representatives of supplier entities, including:

  1. Identity and demographic data
  2. Contact information
  3. Business-related data
  4. Account balances
  5. Bank account details
  6. Other relevant information

Other Natural Persons
Data of visitors to company premises or individuals associated with collaborating entities.

Employees (Current, Former, or Candidates)
Data relating to employment relationships, including:

  1. Identity and demographic data
  2. Insurance details (e.g. AMKA)
  3. Contact details
  4. Curriculum vitae
  5. Health-related data (where legally required)
  6. Financial data
  7. Family status data

Purposes and Legal Basis of Processing

PM-PARTNERS processes personal data solely for legitimate and predefined purposes. Indicatively, the main purposes and corresponding legal bases are as follows:

Purpose of ProcessingLegal Basis
Compliance with tax, insurance, and labour law obligationsArt. 6(1)(c) GDPR / Art. 6(1)(f) GDPR
Management of employment or cooperation relationshipsArt. 6(1)(b), 6(1)(c), 6(1)(f), Art. 9(2)(b) GDPR
Provision of products and servicesArt. 6(1)(b) and/or 6(1)(f) GDPR
CCTV operationLegitimate interest / HDPA Directive 1/2011

For any additional processing not covered above, PM-PARTNERS obtains prior, explicit, and informed consent, where required.

The reference to multiple legal bases does not constitute unlawful basis substitution but reflects cases where more than one lawful basis may apply.

As a general rule, PM-PARTNERS does not rely on consent as the primary legal basis, recognising the imbalance that may exist between the controller and data subjects, in line with the guidance of Working Party 29 (now the European Data Protection Board). Consent is used only exceptionally and where strictly necessary.

Data Transfer to Third Parties

Personal data may be disclosed to third parties where required by law or where necessary for the provision of services. PM-PARTNERS may engage external service providers, to whom only the data strictly necessary for the assigned task are disclosed. All such parties are bound by confidentiality and data protection obligations.

Rights of Data Subjects

PM-PARTNERS fully respects the rights of data subjects, including the right to:

  1. Be informed
  2. Access personal data
  3. Rectify inaccurate data
  4. Request erasure, subject to legal limitations
  5. Object to processing
  6. Request restriction of processing
  7. Lodge a complaint with the Hellenic Data Protection Authority or another competent supervisory authority

Communication

All requests regarding personal data protection may be submitted in writing or electronically to info@pm-partners.gr and are examined by PM-PARTNERS in accordance with applicable law.

Processing Principles

PM-PARTNERS processes personal data in accordance with Article 5 GDPR, ensuring lawfulness, fairness, transparency, purpose limitation, data minimisation, accuracy, storage limitation, and integrity and confidentiality.

Records of Processing Activities

PM-PARTNERS maintains records of processing activities as required under Article 30 GDPR, including purposes, data categories, recipients, retention periods, and security measures.

Protection of Personal Data

Taking into account the nature, scope, context, and purposes of processing, PM-PARTNERS implements appropriate technical and organisational measures to ensure GDPR compliance and data security, including policies for preventing and managing personal data breaches.

Staff Training

PM-PARTNERS recognises that effective data protection depends on staff awareness and training. Accordingly, it promotes education and guidance based on Fair Information Practices (FIP) to ensure compliance and accountability.

Processing of Personal Data via Social Media

PM-PARTNERS maintains a company profile on LinkedIn. Personal data processed via this platform (e.g. username, profile image) are subject to the privacy policies of the respective social media provider. PM-PARTNERS does not control or influence further processing carried out by such platforms and encourages users to review their privacy policies carefully.

Modification

This policy may be amended as necessary to reflect changes in processing activities or legal requirements. Where such changes are material, PM-PARTNERS will publish an updated version of the policy.