For CORINTH CANAL S.A. (A.E.DI.K.) the protection of the Personal Data of our partners, suppliers, customers and in general citizens that interact with the A.E.DI.K., as well as the respect for individual privacy, constitute a self-evident commitment. The company is committed to collect and process personal data according to the General Data Protection Regulation (EU) 679/2016 and the rest of the applicable legislation. In this context we undertake all necessary organizational and technical measures required to ensure security, availability and validity of the data of our partners and citizens interacting with A.E.DI.K.
A.E.DI.K. is a Public Utility Company that has as its main aim the management, maintenance and utilization of the Corinth Canal, with main objectives the safety of marine navigation, the faster circulation of cargo and the creation of economies of scale for the maritime industry. In this context it provides, among others, navigation and towing services, as well as ship maintenance services.
Personal Data and ways of collection
In the context of its activities, A.E.DI.K. collects personal data through its authorized employees and partners, which may include:
- Personal details (such as surname, first name, father’s name, address, V.A.T. number, id or passport number, signature);
- Data regarding financial transactions (such as bank accounts, credit and debit card details and other means of payment);
- Data necessary for transactions with legal entities and companies of the wider public sector, such as tax or social security clearance, criminal records etc.;
- Data that may be included in files submitted by companies to participate in procurement procedures for the provision of services or works;
- Data regarding marine traffic, such as full names/corporate names, addresses, contact details, V.A.T. numbers of ship owners, administrators, charterers, agents and contact persons;
- Data regarding image and location through CCTV, which supervises navigation through the Canal and critical facilities for the security of A.E.D.I.K. and the infrastructure which it manages;
- Contact details (telephone, email address, mail address);
A.E.DI.K. takes all reasonable steps to collect personal data directly from the data subjects, through any appropriate mean. Only in exceptional cases A.E.DI.K. may collect personal data from any other source, after prior specific notification to the data subjects.
Legal Basis and purpose of personal data use
A.E.DI.K. collects only personal data that are absolutely necessary for the performance of its activities, its duties entrusted to it for safeguarding public interests, as described in the present, the performance of legal obligations and the performance of its contractual obligations. Specifically, the company collects and processes data of partners and suppliers for the purposes of provision of services, procurement of services or works, collects and process data that are necessary for the control and safety of maritime navigation in its area of control, collects and processes data for the performance of its contractual obligations in the context of the provision of its services, as well as for the performance of its legal obligations, such as, among others, regarding tax legislation but also the legislation applicable to companies of the wider public sector and legislation about public procurement.
In the context of pursuing these goals, our company processes personal data, according to the following legal bases, depending on each time particular act of processing:
- Performance of contract: processing necessary for performance and compliance with contractual obligations.
- Compliance with legal obligations of our company, such as recording in our accounting records, issuance of lawful receipts etc. for compliance with tax and relevant obligations. Collection and processing of data, such as social security and tax clearances and criminal records for the compliance with obligations that arise from the legislation applicable to procurement of the legal entities of the wider public sector.
- Management of customers and suppliers and safeguarding the smooth operation of our company and the correct provision of its services.
- Processing of data for safeguarding the public interest and the performance of the duties assigned to our company, such as the marine traffic control through the Canal, safety of navigation, safety of the infrastructure. In this context, we collect and process data, which include data of traffic activity, image recording of infrastructure through CCTV etc.
- We collect and process data for safeguarding of legitimate interests, to the extent that it does not violate legitimate interests of higher stature of data subjects, such as record keeping for defending against claims, pursuing claims against liable parties, as well as documenting for the purposes of administrative reviews and reviews of relative nature and also processing necessary for the safety and security of the facilities and infrastructure.
Disclosures of personal data – categories of recipients
A.E.DI.K. does not disclose the personal data it collects and processes to third party, except if it is necessary for the purposes for the performance of legitimate professional and business needs, in order to perform contractual obligations to our suppliers and partners or is required or allowed by law.
The data of our partners, suppliers and citizens that engage with A.E.DI.K may be processed according to those mentioned in the present notice, by departments and employees of our company that are competent to perform each given task. The data may be processed by collaborating third parties, by order and on behalf of A.E.DI.K., in cases of outsourcing of functions of our company, such as IT services, accounting services etc. There are no stable collaborations of this sort and for this reason it is impossible to mention the particular details of such partners. In any case, the company takes all necessary steps to ensure that it assigns parts of processing to third parties only if they ensure high levels of security and confidentiality of the data, provide enough guarantees and commitment about their protection and undertake the contractual obligations required by law.
Furthermore, the data, to the extent necessary for the performance of the purposes of processing, may be transferred to Banks or business partners such as insurance companies, consultants or auditors, security services providers or archive managing services providers, IT companies, courier companies or companies providing printing services etc. Our company, under any circumstance in which such a transfer of data is necessary, takes all reasonable steps to disclose data only to third parties that demonstrate high levels of security and confidentiality and provide enough guarantees and commitment for their protection.
Finally, the company may disclose data to public authorities of any nature (public services, tax authorities, social security institutions etc.) or to judicial authorities or independent public authorities, prosecuting authorities etc., if such a disclosure is allowed or required by law or such a disclosure is deemed absolutely necessary for the protection of our legal rights or legal compliance.
Timeframe of retention of personal data
Personal data are retained for the period that is absolutely necessary for the performance and completion of the purposes of their processing mentioned above. The exact period of retention of each category of personal data is determined by (a) the needed period, within a reasonable business framework, for the performance of our contractual obligations (b) each time applicable legislation about mandatory retention of certain data, as indicatively applies in accounting and tax records or data regarding social security obligations (c) the duration of our commercial or otherwise contractual relationship with suppliers, partners or customers (d) the possible need for the retention of data in order to safeguard our legitimate interests, demonstrate compliance, protection against claims and judicial pursuit of our claims (e) obligations for retention that arise from the public duties assigned to our company and any special provisions governing the operation of companies of the wider public sector.
Confidentiality and security of personal data
A.E.DI.K. maintains appropriate technical and organizational measures to ensure the confidentiality and integrity of the personal data in its possession and to protect them from incidental or deliberate destruction, loss, change, unauthorized access or disclosure, as well as any other form of illegal processing.
The processing of personal data from our company is conducted only in a way that ensures confidentiality and security of the data, taking into consideration the latest developments, costs, nature, context and purposes of processing, through evaluation of the risks and the chances of their occurrence and its consequences for the data subjects. In this context, we take all reasonable steps to ensure that processing is carried out by authorized for such a procedure personnel, which is bound by confidentiality obligations and demonstrate the appropriate protection standards. The same applies to all our partners, which may be involved in the process (see above under “Disclosure of Personal Data – Categories of recipients”).
Data Subject’s Rights
According to applicable legislation and under the restrictions provided therein, data subjects have the following rights in respect to their personal data:
- Right to Rectification: You have the right to request the rectification of inaccurate data concerning you.
- Right to Erasure: You have the right to obtain from the controller the erasure of personal data concerning you, given that such an erasure is permitted by applicable law. We note that this right is subject to the restrictions provided by law.
- Right to Restriction of Processing: You have the right to obtain from the controller restriction of processing, if conditions set forth in applicable legislation are met. The exercise of such a right is possible if applicable legislation provides for such a possibility. If the relevant conditions are not met, the company may have no obligation to accept your request.
- Right to Data Portability: You have the right to receive the personal data concerning you, which you have provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller, if such a possibility is provided by applicable legislation for the type of data concerned.
- Right to Object: You have the right to object to processing of data concerning you, given that such a possibility is provided by applicable legislation. This right is subject to the conditions provided by law and the company may have legitimate reasons to deny your request.
- Right to withdraw your consent: If an act of processing is based on your consent you have the right to immediately, easily and without cost withdraw your consent at any time. The withdrawal of your consent does not affect the lawfulness of processing before the time of the withdrawal.
- Right to file a complaint with the Data Protection Authority: We note that you also have the right, according to applicable legislation, if you deem that some of your rights are being violated, to file a complaint with the competent Data Protection Authority (for
Greece: Data Protection Authority – DPA, 1 Kifissias Ave. -11523 Athens, telephone: +30210 6475600, www.dpa.gr)
To exercise any of your rights, as well as for any information or clarification in respect to those rights and their conditions, you have to contact with our Data Protection Officer at given contact details below. The Data Protection Officer will provide any further information and guidance for the steps that you must follow. Furthermore, you can contact our DPO for any queries, comments or complaints in respect with the management of your personal rights.
Data Protection Officer: Mastrogiannopoulos Dimitrios
Telephone: +30 2741 0 30880
Address: Isthmia Corinthias – GR 20100 – Greece
Deputy Data Protection Officer: Roussis Dimitrios
Telephone: +30 2741 0 30880
Address: Isthmia Corinthias – GR 20100 – Greece