(Annexes hereto: Cookies Policy, 2nd Level Notification on the processing of personal data through a video surveillance system, CV Policy)
This Policy was updated on 10/08/2022
Purpose of this policy
The protection of your personal data is very important to ‘PORTO CARRAS S.A.’. This policy informs you about the personal data collection practices of ‘PORTO CARRAS S.A.’ through its website, including the categories of data collected, retained and processed, the purpose of their collection, the categories of persons to whom your data are disclosed, as well as your rights. ‘PORTO CARRAS S.A.’ makes every possible effort to protect your personal data, on the condition that the personal data you have provided are true and accurate. It also outlines certain security measures taken by the company in order to protect data confidentiality, and provides certain guarantees for things the company will not do.
Commitment of ‘PORTO CARRAS SA’
We at ‘PORTO CARRAS S.A.’ consider the protection of the privacy and data of our customers to be of the utmost importance and our are committed to providing them with personalised services that meet their requirements in a manner that safeguards their privacy. Your personal information (personal data) is used exclusively by ‘PORTO CARRAS S.A.’ and its employees in order to respond to your requests and better serve you, in accordance with this policy. The persons who handle personal information are trained for using appropriate procedures. The representatives and service providers of ‘PORTO CARRAS S.A.’ are required to keep your personal information private and not to use them for any purpose other than those serving the provision of specific services to us.
In addition, we may ask you in certain cases if we could share information with other reliable third parties. We will inform you when collecting such information if we expect this kind of information sharing with certain third parties. ‘PORTO CARRAS S.A.’ will define the types of businesses at the relevant point of collection of the information, describe the type of information to be transmitted (such as your address or your e-mail address) and will transmit the data to the other parties only if you consent.
Legal and regulatory framework
The Société Anonyme under the name ‘PORTO CARRAS TOURISM TECHNICAL INDUSTRIAL SOCIÉTÉ ANONYME’, trading as ‘PORTO CARRAS S.A.’ (Junction of 31, Agias Sofias Street and Ermou Street, GR-54623, Thessaloniki, Tel. No: 2375077000, https://www.portocarras.com), with the main object of providing hotel services, collects and processes personal data in order to carry out its competences, process its electronic services and perform its legal obligations. For the purposes hereof, ‘PORTO CARRAS S.A.’ shall be referred to as the “Controller” within the meaning of Article 4(7) of the General Data Protection Regulation. The management and protection of the personal data of visitors to the website https://www.portocarras.com owned by ‘PORTO CARRAS S.A.’ are subject to these terms, as well as the relevant provisions of European Regulation 2016/679 on the Protection of Personal Data (GDPR) and Law 4624/2019. These terms are set out taking account of both the radical development of technology and particularly the Internet and the existing set of legal regulations regarding these issues. The website https://www.portocarras.com shall not engage in any misuse without your prior approval, in conformity with the personal data protection principles laid down in the relevant laws and international conventions. The website https://www.portocarras.com shall in no way disclose, make public or exchange the personal data and information you entrust to us. Furthermore, it shall not transmit users’ personal information and data, e-mail addresses and any other information, in general, regarding its users to any other organisation or associate not affiliated with the company.
What is “GDPR” – Applicable Legislation.
The GDPR (General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, hereinafter the “Regulation”) aims at the establishment of a single legislative framework for the processing of personal data in the EU member states and replaces the previous Legislation (Directive 95/46/ΕC). The protection of natural persons in relation to the processing of personal data is a fundamental right. Article 8(1) of the Charter of Fundamental Rights of the European Union (the ‘Charter’) and Article 16(1) of the Treaty on the Functioning of the European Union (TFEU) provide that everyone has the right to the protection of personal data concerning him or her. The Regulation shall be binding in its entirety and directly applicable in all Member States (i.e. no special adaptation of the national legislation is required, as per Article 83 of the Regulation).
What are personal data?
The term “personal data” refers to a natural person’s information, such as their full name, postal address, e-mail address, telephone number, etc. that establish or may establish your identity, hereinafter referred to as “Personal Data or Data”.
What is the processing of personal data?
Any operation or set of operations performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Who is the Controller?
Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
Who is the Processor?
A Processor is the natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Is it compulsory to provide your Data?
Providing your Data to ‘PORTO CARRAS S.A.’ via this website may be necessary in order to achieve the goals set out in this Policy, or optional. If you refuse to provide the data marked as mandatory on the website (www.portocarras.com), it will be impossible to achieve the main objective of collecting specific Data and, it could, for example, become impossible for ‘PORTO CARRAS S.A.’ to provide the services available on the website (www.portocarras.com).
What type of data does ‘PORTO CARRAS S.A.’ collect through this website?
Any information within the meaning of personal data under the Personal Data Protection Regulation, the collection of which is not based on the law or the conclusion or performance of a contract, is collected by ‘PORTO CARRAS S.A.’ through this website only in the event that you choose to expressly consent.
We collect the following personal data:
|Full name, nationality, identity card/passport number, date of birth, telephone number.
|Postal address, e-mail address, telephone number.
|TIN, type, place, time of products or services provided.
|Contractual relationship Data:
|Contractual documents, information and consent forms, electronic statements of intention.
|Transactional Behaviour Data:
|Information concerning interests, preferences and participation in events, contests, surveys.
|Due to the COVID-19 pandemic, health data may be collected.
We do not collect or acquire any type of access to special categories of (“sensitive”) personal data (with the exception of the COVID-19 pandemic period due to strict instructions issued by the Ministry of Health) or data that concern criminal convictions and offences of our customers. Customers are obligated to abstain from providing such data that concern them or third data subjects (with the exception of the COVID-19 pandemic period due to strict instructions issued by the Ministry of Health). In the event that customers provide such data to ‘PORTO CARRAS S.A.’, these data will be deleted as soon as we are made aware of them (with the exception of the COVID-19 pandemic period due to strict instructions issued by the Ministry of Health). We at ‘PORTO CARRAS S.A.’ bear no liability whatsoever towards customers or third parties for any provision and/or processing of sensitive data due to acts or omissions on the part of customers in breach of the above obligation. Visits to the website of ‘PORTO CARRAS S.A.’ (www.portocarras.com) does not absolutely require the provision of any type of personal data on your part. However, in several cases, it is necessary for you to provide specific personal data indicated in the corresponding data entry fields on the website of ‘PORTO CARRAS S.A.’.
We at ‘PORTO CARRAS S.A.’ may collect and store the following personal information about you from the following exhaustive list of sources:
–contact data when you contact us to submit questions or requests or to ask information concerning the services provided by ‘PORTO CARRAS S.A.’.
– identification data, communication data, transactional data, contractual relationship data and transactional behaviour data when you book a room or a table at the restaurant, irrespective of the means used to complete the booking (electronically, via telephone, via the reception desk, etc.).
– identification data, communication data, transactional data, contractual relationship data and transactional behaviour data when you conclude an agreement with us for the provision of any services by ‘PORTO CARRAS S.A.’.
– identification data, communication data, transactional data, contractual relationship data and transactional behaviour data when you electronically purchase products or services provided by ‘PORTO CARRAS S.A.’.
– health data from questionnaires that must be filled out, due to the COVID-19 pandemic and following instructions issued by the Ministry of Health.
The data collected through this website, https://www.portocarras.com, may also be combined with data provided in other cases, e.g. when you call its call centres or participate in contests and promotional actions. The personal data provided to ‘PORTO CARRAS S.A.’ in these cases may be incorporated in existing databases and stored in order to simplify the systems used to manage your data.
‘PORTO CARRAS S.A.’ does not store and does not collect payment details during electronic or online payments via debit, credit or prepaid card. More specifically, upon recording the number, security code, holder’s full name and expiry date of the credit or debit card and upon completing the payment, these data are automatically transmitted to the competent Bank. The Bank collects the data, carries out the payment and then confirms the completion of the transactions to ‘PORTO CARRAS S.A.’.
Collection and purposes of use of personal data
‘PORTO CARRAS S.A.’ collects personal data from you for the following purposes:
Transactions: ‘PORTO CARRAS S.A.’ may use the personal data of visitors/users to process any transactions concluded with them, such as credit card payments etc.
Advertising/Marketing: ‘PORTO CARRAS S.A.’ may use the personal contact data of visitors/users for information purposes and promotional actions concerning contests, gifts, discounts on products and services of ‘PORTO CARRAS S.A.’ and associated companies and sponsors, following their express consent.
Improvements and adjustments to the website: ‘PORTO CARRAS S.A.’ will use this information solely for the reasons for which they were collected and in order to provide you with information. It will also use this information in order to adapt the content of the website to your needs and to improve its compositions, changes and dynamism.
Provision of online services through user authentication processes: ‘PORTO CARRAS S.A.’ will use this information in order complete your electronic application. More specifically: For registration or authentication on its applications.
Credit check: In certain cases, we at ‘PORTO CARRAS S.A.’ may carry out certain credit checks with the competent bodies when you request a service or product. If this applies, then it will be listed in the terms and conditions of the activity between you and ‘PORTO CARRAS S.A.’ or the company that will carry out the processing.
Legal use: We at ‘PORTO CARRAS S.A.’ may collect, store, disclose and, generally speaking, process the personal data of visitors/users when this is required by the Personal Data Protection Regulation and/or the law or when necessary in order to protect the interests of both sides, as they derive from the transactional and contractual relationship between them or the business-consumer relationship.
COVID-19: for reasons of public health prevention (tracing cases) and public interest, due to the COVID-19 pandemic.
DISCLAIMER: As regards the collection of personal data not conducted online through the websites owned by ‘PORTO CARRAS S.A.’ and concerning the processing of the personal data of employees, candidate employees, associates, contractors, suppliers, private citizens, customers and, generally speaking, natural persons, separate detailed notification is provided in writing to the data subjects during the collection of the above data, in line with the relevant requirement set forth in Articles 13 and 14 of the GDPR.
Data Retention – Storage
We at ‘PORTO CARRAS S.A.’ store your personal data solely for the time required to provide a service you requested or approved, without prejudice to any legal provisions to the contrary, as is the case with issues governed by commercial and/or taxation legislation, the various applicable provisions, etc. In any event, the personal data you provide us and which are recorded in written agreements, contracts and electronic correspondence concerning the execution of a contract or the realisation of a commercial transaction are stored for a period of 20 years in a physical and electronic archive kept at the legal department, the sales/contracts department and the accounting department of ‘PORTO CARRAS S.A.’ or any other third party that directly or indirectly provides the above services or assists the departments in question in the discharge of their duties or provides management services to us.
Any health data collected during the COVID-19 pandemic shall be deleted immediately after the pandemic ends and following instructions issued by the Ministry of Health.
Your data shall be erased on a case-by-case basis and always in accordance with the provisions laid down in the applicable legislation.
Personal data transmission
‘PORTO CARRAS S.A.’ does not transmit personal data to third parties unless it is required for legitimate purposes in order to respond to your requests and/or provided that it is required or permitted by law. In any case, access to your personal data is only allowed to authorised persons, who are required to have access to allow the attainment of their collection, use and processing, as hereby notified. In certain cases, ‘PORTO CARRAS S.A.’ may transmit your personal data to competent Public Authorities or natural or legal persons entrusted with processing, on the condition that we inform you in advance and obtain your prior consent, where it is required for the processing in question. Persons with access to the data shall respect their confidentiality.
We use IP (Internet Protocol) addresses to analyse trends in the use of Internet, manage the resources of our computers and our network, monitor any unauthorised illegal or malicious activity (attacks) and collect general demographic data (country of origin) for aggregate use.
The internet, just like any other medium used to transmit information, cannot be considered 100% secure. Security on the Internet is a sensitive issue and mainly relies on reliable organisations and companies respecting the confidentiality and safety of its Users’ data. ‘PORTO CARRAS S.A.’ endeavours to apply strict security and control measures for the protection of your personal data, in order to ensure compliance with all applicable legal requirements. We at ‘PORTO CARRAS S.A.’ employ security measures at a technical and organisational level aiming at the security of the data collected from you against any intentional or unintentional attempt of handling, loss, destruction and, generally speaking, access , to them by unauthorised individuals. Our security measures undergo continuous controls and updates in accordance with the latest technological developments. ‘PORTO CARRAS S.A.’ uses state-of-the-art encryption and data protection tools (256-bit encryption, secure pages, network protection system-firewall, digital signatures, etc.). Access to your personal data is limited solely to employees authorised for this purpose, so that they may provide you with products and services by accessing these data. Physical, electronic and procedural safeguards, harmonised with personal data protection regulations, have been activated. We at ‘PORTO CARRAS S.A.’ take every precaution possible to keep your personal data secure. However, due to the nature of the Internet, the company cannot guarantee the protection of communications or the data stored in its browsers from any unauthorised access by third parties.
If you contact ‘PORTO CARRAS S.A.’ online, we may occasionally use e-mail or postal address or telephone number to contact you, provided that you have provided them to us voluntarily. Please note that online communications such as emails etc. are not secure unless they are encrypted. ‘PORTO CARRAS S.A.’ shall bear no liability whatsoever for any unauthorised access or loss of your personal information that is beyond its control.
Contact through the platform website
If a user contacts us through the contact form or in any other way, the provision of their personal data takes place voluntarily and exclusively at the user’s free will. We will process the personal data in question solely to the extent that it is necessary for the specific purpose.
Social Networking Sites
Our Website may offer the possibility to share items on Social Networks and other related tools that allow you to share your actions on the Website to other applications, websites or mass media, and vice versa. The use of such features allows the exchange of information with your friends or the public in general, depending on the settings you have set on your personal profile. Please consult the Privacy Policies of the social network services for more information on the processing of your data.
Special Categories of Data
Please do not send us your sensitive personal data by e-mail or disclose such data using the contact platform. The processing of personal data under this category by no means serves the purpose of processing, as defined in this Policy.
Monitoring of communication
All communications of ‘PORTO CARRAS S.A.’ with you (including phone calls, e-mails, etc.) are neither monitored nor recorded.
Our website may contain links to other websites. This personal data protection Statement applies solely with regard to the access of users to this website and other websites exclusively managed by ‘PORTO CARRAS S.A.’. The administrator of this web portal shall in no way be held liable for the personal data protection terms of other websites under the responsibility of third parties (natural or legal persons).
Revisions to the Policy
‘PORTO CARRAS S.A.’ reserves the right to modify or revise this Policy periodically, at its unfettered discretion. Where changes occur, ‘PORTO CARRAS S.A.’ shall record the data of modification or revision herein and the updated Statement shall apply to you as of that date. We encourage you to periodically review this Policy in order to examine whether the way we process your personal data has changed.
Applicable law and Jurisdiction
With regard to any dispute arising between users and ‘PORTO CARRAS S.A.’, Greek law shall be the applicable law, and the courts of the Prefecture of Thessaloniki shall have jurisdiction ratione materiae over the dispute.
What are your rights?
Under the Personal Data Protection Regulation [EU General Data Protection Regulation (GDPR) 2016/679], as in force, you have the following rights:
- the right to access;
- the right to rectification;
- the right to erasure, under certain conditions, such as when processing is no longer necessary for the purpose for which the data were initially collected and there is no imperative reason to continue processing (or storing) your information;
- the right to restriction of processing;
- the right to data transmission;
- the right to object and the right not to be subject to a decision based solely on automated processing, including profiling;
- the right to lodge a complaint with a supervisory authority.
In other words, you have the right to receive, upon request, free information on the personal data we have stored that concern you, to object, upon request, to the processing of data that concern you, valid thenceforth, and to withdraw your consent, and, in accordance with the applicable provisions, the right to rectification, restriction of processing, data transmission, erasure of the data in question and the right to lodge a complaint with a supervisory authority. In such cases, please contact the competent Personal Data Protection department of the Company listed below in writing via original letter or fax or e-mail.
Right to lodge a complaint
Should you believe that the processing of your data infringes Regulation (EU) 2016/679, you have the right to lodge a complaint with the supervisory authority. The competent supervisory authority for Greece is the Hellenic Data Protection Authority, 1-3, Kifisias Street, GR-11523, Athens, https://www.dpa.gr/, tel.: 2106475600.
‘PORTO CARRAS S.A.’ informs you that it has appointed a Data Protection Officer, whom you may contact at: [email protected]. If you have questions or recommendations concerning this Policy, please contact the above address. Constant Internet developments in general necessitate the adaptation of our rules concerning the protection of online data from time to time. ‘PORTO CARRAS S.A.’ reserves the right to make any recommended changes to these rules at any time.
Cookies that are strictly necessary for the operation of the website and user identification: Strictly necessary or essential cookies are of essential importance for the proper operation of our Websites, enabling you to browse the website and use its features, as well as access secure areas or use the shopping cart. These cookies do not identify users. Without these cookies, our Websites cannot function effectively.
Functionality cookies: These cookies help us remember your preferences while browsing our website, enabling us to recommend more relevant products of interest to you, so that you can find what you are searching for more easily and quickly.
Performance cookies (Google Analytics): These cookies collect information about the performance of our website and help us identify which products have the highest traffic, which pages may present browsing problems, etc. These cookies are only used to improve our website and facilitate your browsing.
Marketing Cookies (Facebook Pixel, AdWorks): This presents advertisements to persons who have visited our website or used our mobile app. For example, when people leave our website without buying anything, remarketing helps us reconnect with you by displaying relevant advertisements, minimising meaningless advertisements.
Active Campaigns: This provides integrated e-mail marketing, marketing automation, and CRM for small businesses. We can send you beautiful newsletters, set automations based on behaviour and benefit from sales automation.
Moosend: This is electronic marketing and commerce automation software. With it we can design beautiful campaigns or start personalised conversations and communications with visitors on greater scale.
What if you do not wish to accept cookies? If you do not wish to accept cookies, you can click on the special pop-up banner to select which settings you wish for your computer each time: ACCEPT/MORE SETTINGS/REJECT (Check the Help menu of your browser to learn how you can change or correctly update your cookies settings).
What are webbeacons and how does the Company use them? Some of the webpages and newsletters of ‘PORTO CARRAS S.A.’ may contain electronic images called webbeacons, also known as one-pixel GIF files, pure GIF files or pixel tags. Their use on websites allows the counting of visitors who have accessed the pages of ‘PORTO CARRAS S.A.’ Their use in our product/service promotion e-mail messages and newsletters allows us to measure how many registered users have read the material we are sending. Webbeacons allow us to develop statistical information about the activities and functions that are most interesting to our visitors/users in order to provide more personalised material. They are not used to access personal information without your consent.
Disabling cookies may affect your ability to use certain products/services on the ‘PORTO CARRAS S.A.’ website.
2nd Level Notification on the processing of personal data through a video surveillance system
Controller Details: the Société Anonyme under the name ‘PORTO CARRAS TOURISM TECHNICAL INDUSTRIAL SOCIÉTÉ ANONYME’, trading as ‘PORTO CARRAS S.A.’ (Junction of 31, Agias Sofias Street and Ermou Street, GR-54623, Thessaloniki, Tel. No: 2375077000, https://www.portocarras.com).
Purpose of processing and legal basis: we use a surveillance system for the purpose of protecting goods and persons and their fundamental rights (Article 6.1(d) and (f) of the GDPR). The processing is necessary for the purpose of the legitimate interests that we pursue as Controller.
Analysis of legitimate interests: our legitimate interest consists of the need to protect our premises and the goods therein from illegal acts, including, for example, theft and destruction. This also applies to the safety of the lives, physical integrity, health and assets of our staff , its customers and third parties legitimately found in the area under surveillance. At the Casino, the CCTV system operates in performance of our legitimate and contractual obligation towards the State. We collect only image data and we record only in places, which, in our view, are at risk of illegal action e.g. robbery or vandalism, also due to the large area of the complex. The recording takes place at locations where special marking and signs have been installed, without focusing on areas where the privacy of those captured by the camera, including their right to the protection of personal data, is excessively restricted. The closed circuit television cameras (CCTV) in some cases may also have zooming capability and do not collect sound data.
Access – Transmission: Access to the recorder of the CCTV system is restricted to a specific group of people using a unique identifier which is updated regularly for security reasons. The material stored is accessible through access control only by our competent/authorised personnel and external associates who have entered into contracts with us, who are bound by us under processing agreements of Article 28 of the GDPR, and who are charged with the guarding and security of the space. The transmission of the data collected by the closed circuit television (CCTV) to third parties is generally allowed subject to prior notification to you and provided that the requirements of the applicable European and Greek legislation on the protection of personal data are met. This material shall be transmitted to third parties in the following cases: a) to the competent judicial, prosecution and police authorities when it includes information necessary to investigate a criminal act involving persons or goods relating to the controller; b) to the competent judicial, prosecution and police authorities when legitimately requesting data in the performance of their duties; and c) to the victim or the perpetrator of a criminal offence, in cases of data which may constitute evidence of the act.
Retention period: We retain the data referred to in this Notification (CCTV), for ten (10) days and, after this period has elapsed, the data are automatically deleted. If an incident comes to our attention during this period, we will isolate part of the video and retain it for one (1) further month, for the purpose of investigating the incident and institute legal proceedings to protect our legitimate interests; if the incident concerns a third party, we will retain the video for a further period of up to (3) months.
Rights of Data Subjects: Data Subjects have the following rights in relation to the processing concerned by this Notification (CCTV): • Right of access: You have the right to be informed whether we process your image and, if so, to receive a copy of it. • Right to restrict processing: You have the right to request that we restrict processing, such as, for example, not to delete data which you consider necessary to establish, exercise or defend legal claims. • Right to object: You have the right to object to processing. • Right to erasure: You have the right to request the erasure of your data. • Right to withdraw consent. You can exercise your rights, by sending an email to the address: [email protected] or a letter to our postal address or by submitting your request to our offices and premises or at the Reception of the hotels or the Casino. In order for us to examine a request related to your image, you will need to advise us approximately when you were within reach of our cameras and provide us with an image of yours to enable us to locate your data and withhold the data which portray third parties. Alternatively, you may visit our premises in order for us to display the images in which you appear. Please note that the exercise of your right to object or right to erasure does not entail the immediate deletion of your data or the modification of the processing. In any event we will respond in detail as soon as possible, within the time limits set forth in the GDPR.
CCTV record: The “Controller” keeps in records of requests regarding the processing of CCTV data that concern you at its offices. Also, the “Controller” keeps records describing and containing the following: (a) the technical characteristics of the cameras; (b) diagram representation of the cameras’ location; (c) the site where the data collected by the closed circuit television (CCTV) are kept.
Changes in this Notification: the “Controller” reserves the right to modify and update this Notification at any time and without prior notice. In such case, you will be informed about the changes as soon as possible. If you have any query or question about this Notification or the protection of your personal data in general, you can contact the Data Protection Officer (dpo) at the following e-mail address: [email protected].
Right to lodge a complaint: Should you believe that the processing of your data infringes Regulation (EU) 2016/679, you have the right to lodge a complaint with the supervisory authority. The competent supervisory authority for Greece is the Hellenic Data Protection Authority, 1-3, Kifisias Street, GR-11523, Athens, https://www.dpa.gr, tel. No: 2106475600.
The personal data contained in CVs are accessed solely, where necessary and depending on the processing purpose, by the authorised staff of ‘PORTO CARRAS S.A.’ and/or the staff of third-party associated companies (“Processors” or “Controllers” for whom ‘PORTO CARRAS S.A.’ is the “Processor”) with which ‘PORTO CARRAS S.A.’ has concluded agreements, under the condition of compliance with the relevant confidentiality obligations included in the relevant agreements. Data (if applicable) are processed by ‘PORTO CARRAS S.A.’ and are sent to the interested-advertised companies. ‘PORTO CARRAS S.A.’ shall not disclose, sell, exchange, assign or otherwise provide personal data from the CVs collected and processed to third parties, whether natural or legal persons, without the consent of the individuals they concern, except in the cases noted above for the needs of covering a vacant post and the selection process and due to the legitimation of Article 6(1b) of the General Regulation. These companies shall process data exclusively for the needs of their cooperation with ‘PORTO CARRAS S.A.’.
As regards personal data transmitted by interested parties in the context of sending or submitting CVs, the purpose of processing is the intention of concluding a cooperation agreement following an application by the interested party (“Data Subject”), the control of their qualification prior to the conclusion of the agreement (Article 6(1b) of the General Regulation), the minimum processing of these data necessary to assess the CV and whether its contents cover the needs of the specific position of cooperation with ‘PORTO CARRAS S.A.’ or associated-advertised companies, and the protection of the interests of ‘PORTO CARRAS S.A.’. Furthermore, the ranking of interested parties in advertising programmes of the company, the need of communication between ‘PORTO CARRAS S.A.’ and the ‘Subject’, use of data (e.g. photographs) on the company’s social networking media for the promotion of its actions. It is clear that if interested parties are ranked in advertising programmes of ‘PORTO CARRAS S.A.’, the photographs submitted or received during these programmes shall be used on social networking media on its account. This processing is carried out by the company solely for the purposes set out and does not extend to any other processing purposes.
If the consent of the parties interested in cooperation has been obtained, CV data shall be stored by ‘PORTO CARRAS S.A.’ for purposes of future ranking of new positions of cooperation with ‘PORTO CARRAS S.A.’, for a period of no more than 6 to 12 months after submission, following which they shall be destroyed/erased/anonymised in a secure manner.
If no such consent is obtained, after the coverage of the employment position in question for which interested parties sent or submitted their CV, the CV data shall be destroyed/erased/anonymised in a secure manner within a period of 1 month from the coverage of the position, unless ‘PORTO CARRAS S.A.’ is legally entitled or obligated to retain such data. The latter case occurs when interested parties do cooperate with ‘PORTO CARRAS S.A.’, in which case the CV and its accompanying documents (photographs etc.) shall be sent to associated companies for ranking of new positions and for the duration of the project agreement or the cooperation. Furthermore, any additional data that are requested and are necessary for the needs of insurance-taxation legislation shall be processed solely for purposes directly related to cooperation with ranked individuals. Upon the expiry or termination of the cooperation period, such data shall be retained for the period required by law, following which they shall be destroyed/erased/anonymised in a secure manner.