PRIVACY NOTICE TO CUSTOMERS OF TITAN GROUP
1. Introduction
To become a customer of any TITAN Group entity you need to provide that entity certain information, such as your name, contact details, and business information, which is your personal data if you are an individual. The TITAN Group entity you wish to do business with will enter your information in TITAN Group’s electronic client database, which is accessible only to the local TITAN Group entity and us, TITAN CEMENT COMPANY SA (“TITAN”, “we”, “our”, “us”), a legal entity based at 22A Halkidos Street, Athens, Greece. Our access to, and any further use of, that information is subject to Regulation (EU) 2016/679 on the Protection of Personal Data (“GDPR”), which requires that we provide you this notice. We may amend this notice at any time and post it on our website.
2. Who is the Controller of your personal data?
According to the GDPR, we, TITAN CEMENT COMPANY SA, are the controller of your personal data that we access through TITAN Group’s electronic client database. You may contact us to ask questions, withdraw your consent (if you have granted it to us), or exercise your rights (see Section 11 below) in relation to your personal data (a) by mail (send to the attention of the Privacy Officer) at 22A Halkidos Street, 11143 Athens, Greece, (b) by email at dataprotection@titan-cement.com.
3. How do we collect your personal data?
When you request to become Titan Group’s customer and while you remain a customer we collect your personal data directly from you (e.g., when you provide us your information in person or through the TitanUP) or from third parties (e.g., your representatives, agents or our salespersons, business development agents).
4. Which categories of personal data does ΤΙΤΑΝ process?
We have access to the following categories of personal data:
a. Identification and communication data, such as full name, address, copy of ID or passport, mobile and fixed line phone, email, tax number, IP address and user-agent string.
b. Commercial and financial data, such as nature, quantity, and destination of materials that you purchase from us, location, status and delivery time of your order, transaction value, payment methods, credit card number, bank account number, information on your financial status.
Your personal data is not subject to any automated-decision making including profiling.
5. For which purposes does ΤΙΤΑΝ process your personal data?
We process your personal data for the purpose of screening you and onboarding you as customer according to legal requirements on our electronic systems, performing contracts for the sale of products and provision of services to you, executing your orders, providing information to you about our products and services, monitoring the function and maintaining, upgrading, and repairing our electronic client database system, adjusting the functionality of our electronic systems, conducting analytics on our products, services, sales, and overall commercial activities as well as other purposes compatible with our commercial relationship (e.g., pursuing the payment of amounts owed to us by you). If we must process your personal data for purposes that are not compatible with the foregoing purposes, we will provide you prior notice.
6. On which legal bases do we base the processing of your personal data?
The processing of your personal data must be premised on one of the legal bases provided in the GDPR. We base the processing of your personal data on the following legal bases, as appropriate from time to time: (a) performance of the contract between you and us (e.g., to deliver the materials you have purchased from us), (b) compliance with our legal obligations (e.g., conduct sanctions and anti-corruption screening before you become our customer), (c) pursuit of our legitimate interests (e.g., collection of amounts due to us from you), (d) your consent (e.g., when you provide us your data to become a customer or for promotion and advertising purposes), which we will request, when necessary, and you may provide it and withdraw it freely at any time.
7. Who has access to your personal data?
Your personal data are accessible only to our employees, who need such access to carry out their duties, and to other TITAN Group entities both in and outside the EEA. Your personal data may also be accessible to
a. Law enforcement or administrative authorities in order to comply with our legal obligations or a court order; and
b. providers of services for the operation, maintenance and technical support of our electronic systems (e.g., TitanUP, SAP), transport (e.g., to deliver your order) who may be based outside the EEA.
Such third parties may be headquartered outside the EEA. We ensure an appropriate level of protection of your personal data that are accessible to parties outside the EEA data through standard contractual clauses approved by the European Commission.
8. Do we transfer your personal data outside the European Economic Area (ΕEA)?
We process your personal data within the EEA. When required by law or necessary for Titan Group's business needs, we share your personal data (e.g., name, contact details, transaction details) with other companies of Titan Group or third parties (e.g., suppliers), located in countries outside the EEA. When we transfer your personal data to companies of Titan Group outside the EEA, we do so on the basis of intra-group contracts that ensure your personal data will remain as protected as they are in the EEA. When we transfer your personal data to third parties that are outside the EEA, we make sure your personal data will remain as protected as they are in the EEA, because those third parties either (a) are located in countries which the European Commission considers secure for personal data or (b) undertake contractual commitments with us to protect your personal data.
9. Protection and security of your personal data
We implement the appropriate technical and organizational measures to protect your personal data against any loss, misuse, unauthorized access, disclosure, alteration and destruction. Our information systems are protected with passwords and control mechanisms at various levels. Electronic transfer of personal data is done by using encrypted messages and strict criteria for identifying the recipient. We implement procedures to deal with breaches of personal data security. Your personal data are stored in a secure database, located in the EEA. That database is accessible only by specialists residing in the EEA solely for repair and maintenance purposes.
10. Retention time of your personal data
We will retain your personal data in our customer records throughout our business relationship with you. After the end of our business relationship with you we will keep your personal data in our archives for the maximum claims period under Greek law, to use them, if necessary, solely for the purpose of establishing, exercising or defending any related legal action that may arise. When this period ends, we will keep only your personal data which appear in documents that form part of the historic and operational continuity of the company, such as contracts, invoices, minutes of meetings, transaction documents.
11. Your rights in respect of your personal data
Depending on the legal basis we rely upon to process your personal data you have the following rights in connection with your personal data (restrictions apply to some of those rights) and you may exercise them by contacting us in any of the ways mentioned in section 2 above:
(a) Right of Access: You have the right to request from us a free copy of your personal data we process and information on the processing activities (e.g., which personal data we process, how and for what purpose).
(b) Right to Rectification: You have the right to request from us the rectification, completion or update of your personal data, if they are incorrect, incomplete or have changed.
(c) Right to Erasure: You have the right to request from us to erase your personal data, if among other reasons, the processing is no longer necessary or legitimate or if you have revoked your consent in case the processing is based on it.
(d) Right to Object: If we have processed your personal data for the performance of a task carried out in the public interest or for the pursuit of our legitimate interest, you have the right to object to the processing of your personal data, on grounds relating to your particular situation. If you exercise such right, we will cease processing your personal data, unless we demonstrate compelling legitimate grounds to continue processing your personal data or for the establishment, exercise or defense of legal claims.
(e) Right to Restriction: You have the right to ask us to restrict the processing of your personal data, if you contest their accuracy, the processing is illegal or no longer necessary or you have objected to the processing.
(f) Right to Data Portability: You have the right to ask us to provide you with your personal data in a structured, commonly used and machine-readable format to be transferred by you or by us to another controller.
(g) Right to file a Complaint: You have the right to file a complaint with the Hellenic Data Protection Authority (www.dpa.gr) if you consider we have breached your personal data and have failed to address your concern.