my.autodia GR

General Data Protection Regulation (GDPR)

1. PURPOSE

The purpose of this Policy is to define and formulate the general framework and basic principles set and implemented by the Organization for the Collective Management of Musical Copyrights "Autodia - Limited Liability Civil Cooperative" [AUTODIA] (hereinafter referred to as the Organization) for the management of personal data and for the protection of their security, confidentiality, integrity and availability.

2. SCOPE             

This Policy applies to all personal data managed by the Organization in the context of its activity.

3. RESPONSIBLE TO APPLY THIS POLICY                

  • Administration of the Organization
  • Data Protection Officer
  • All staff of the Organization               
  • All partners who manage and/or have access to personal data

4. DESCRIPTION

a) General
The Organization recognizes and respects the importance of the personal data it handles in the context of its activity, and for this reason it has fully adapted its policy to the requirements of the General Data Protection Regulation (hereinafter GDPR) 2016/679/EC.
With this statement, the Organization wishes to:

  • to inform those who transact with it at what capacity, for what purpose and on what legal basis it processes personal data, i.e. information that can be used to directly or indirectly identify people,
  • to identify the categories of data, the sources of the data (when the data is not provided by the people themselves) and the criteria for determining the period of retention of personal data,     
  • to inform about the possibility of subjects to contact our Organization for any issue regarding the processing of their personal data, the possibility to exercise the rights of access, correction and, where applicable, deletion, restriction and opposition to processing with regard to their personal data, as well as the possibility of people to report any violation of their rights related to their personal data to the Personal Data Protection Authority, 
  • to determine the principles governing the Organization's compliance with the relevant personal data protection policies and security guarantees.

For any question or concern, or anyone wishing to receive a copy of this statement, or wishing to exercise any of the rights related to their personal data, the interested party may contact the Data Protection Officer of our Organization at the email [email protected]

b) Details of the Controller, his Representative and the Data Protection Officer:


Data Controller

Organization for the Collective Management of Musical Copyrights "Autodia Civil Limited Liability Cooperation"

Address:

Sabah-Houri 3,151 25 Marousi, Greece

Phone:

2103215278

E-mail:

[email protected]

Data Protection Officer (DPO):

Company name: INVESTMENTS AUDIT MIKE
Marathonos Ave., 15351, Pallini
Tel. 2103822218 ( ext . 122)
Email: [email protected]

c) Who collects personal data?
The Organization headquarters is in Athens and 3 Sabah-Houri Street, PC 15125 Marousi, Attica and is active in the collective management of Music Copyrights.      
This statement covers the collection and processing of personal data by the Organization during the development of its activity, including its presence on third-party websites, platforms and applications based on the Terms of Use of our website.
Please note that during your visit to our Organization's Website, simple data related to your interaction with the website and the installation of cookies is collected (see the relevant Cookies Policy). Third-party websites generally apply their own privacy statements and terms and conditions. We invite you to read them before using these websites.

d) What personal data is collected?
Personal Data means any information relating to an identified or identifiable natural person ("data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.
Due to the nature of the Organization's activities, the Personal Data it collects mainly concerns the following categories of subjects:       

  • Employees and Members: namely their personal data and information that refers purely to the employment relationship with the Organization, which includes indicative identity and contact details, financial information as well as health data of the same or additional members related to the Organization's compliance with labor and insurance legislation.
  • Candidate employees for recruitment: namely their personal data and information referred to in their evaluation as candidates and in their recruitment procedures by the Organization, which include indicative identity and contact details, as well as details of the candidates' professional CV.              
  • Partners of the Organization (suppliers, outsourcing and other partners in general): namely their personal data and information relating to the contractual relationship between us, which includes indicative identity and contact details, as well as financial information related to the Organization's compliance with its legal contractual obligations.
  • Those dealing with the Organization (customers, prospective customers and in general individuals who communicate with the Organization): namely their personal data and information referring to the contractual relationship between us, where it exists, which includes indicative identity and contact information, transaction data as well as financial information related to the Organization's compliance with its legal contractual obligations.

Furthermore, Personal Data may be collected from individuals who enter the Organization and its facilities.

e) How is my personal data collected?
We may collect personal data from various sources, namely:       

  • Personal data provided to the Organization directly by the subjects, such as information provided by employees and prospective employees, our customers and partners in general and those who generally deal with the Organization when they communicate with us. Personal data generated in the context of the development of each employee's employment contract with the Organization.     
  • Personal data generated in the context of the development of each client and partner's contract with the Organization.           
  • We also receive and store certain types of personal data whenever anyone interacts with us online, namely when we use cookies and tracking technologies to receive personal data and also when the web browser used by the internet user accesses our website or listings, as well as other content displayed by the Organization or on its behalf on other websites.

We note that we do not collect special categories of personal data, other than the health data referred to herein, such as personal data relating to race, ethnic origin, religion, sexual orientation or genetic biometric data, etc., which are categorized as special categories of data and receive additional protection in accordance with European personal data protection legislation.

f) Particularly regarding children's privacy
Personal data of children may be collected exclusively in the context of the employment relationship of our employees, namely on the one hand for the description of the family status of the employees for matters of remuneration, employment rights, etc. and on the other hand for the inclusion of minors/additional members in the group insurance policy provided to the employees and for the purpose of servicing the said insurance contract. It is understood that this data is provided with the consent of the person who has parental responsibility for the child (see also below).

g) For what purposes is my data used?
The purpose of the processing is proportional to the function being performed. Specifically:

  • The personal data of employees are provided to the Organization for the purpose of concluding, executing or terminating the respective employment/cooperation contract. Also, the personal data of employees regarding attendance, absences, hours of attendance, leaves, medical documentation of sick leave are kept for the purpose of granting leaves, including sick leave, while the personal data concerning the performance of employees are provided by the heads of individual departments for the purpose of evaluating the personnel by the Organization.      
  • The personal data of the candidate employees, which they themselves provide during the individual stages of candidate selection and evaluation, are disclosed to the relevant Department of the Organization and to the Administration, for the purpose of informing the Organization, evaluation, interviews, etc. for the recruitment of employees and the establishment of cooperation.
  • The personal data of the Organization's partners and clients, which they themselves provide to the Organization, are collected and processed for the purpose of concluding and developing the contractual relationship between us and our compliance with our legal contractual obligations.
  • Furthermore, upon recruitment, the Organization provides new employees with details of provided corporate assets, access to electronic and physical files and work areas for the purpose of executing the employment contract.
  • Personal health data of employees and additional members are provided by the employees and by the insurance company, which collaborates with the Organization, to the HR Department for the purpose of including employees and additional members in the group insurance policy provided by the Organization as well as for the verification of expenses and the payment of compensation to the insured beneficiaries. In particular, financial data (expenses, premiums, compensations) are provided to the Organization's accounting department for relevant processing.
  • Personal data from employees regarding the use of company mobile phones (numbers called, charges) is provided to the HR Department by the collaborating mobile telephony provider for the purpose of monitoring company expenses as well as organizing and processing company operations.

h) What is the legal basis for the processing?
The collection and processing of personal data of the above subjects is based either on the preparation and execution of a contract, or on the Organization's obligation to comply with its legal obligations (as an employer in employment contracts but also in relation to its legal obligations in general), or to serve its own legitimate interest (in the exercise of its business activity, but also the safety of persons, goods and infrastructure, optimization of productivity). In cases where the legal basis is based on consent, the subject is expressly informed and retains the right to revoke it, easily and at any time.

i) Profile Preparation
The Organization does not use personal data for profiling.

j) Transfer of Data to Third Parties: To whom will my data be shared?
The Organization does not generally disclose data to third parties, except in the following cases. Specifically:
The Organization transfers personal data of its employees and associates to an external partner (outsourcing company), which undertakes the management of human resources issues (indicatively: payroll, leaves, data for the conclusion of a group insurance policy , etc. ) in compliance with the Organization's legal obligations, and with which it has signed a contract that binds it in its capacity as processor with regard to maintaining the confidentiality, security, integrity and availability of their personal data.
We note that the above company has access to the personal data necessary to perform its functions, but is prohibited from using them for other purposes, and in addition, they have not previously committed themselves to the Organization for their relevant obligations regarding the non-use of the data for a purpose other than the execution of the processing, the maintenance of confidentiality and general compliance with the Regulation.

k) How long is my personal data kept?
The retention period of personal data depends primarily on the purpose of the processing, as their simple retention constitutes a processing operation, which is permitted only if it is governed by the processing principles. After the retention period has elapsed, the personal data is deleted. In particular:

  • The personal data of the candidate employees are kept electronically on a mail server and fileserver, where the HR department and the Management of the Organization have access, for a period of two years from the completion of the employee selection - recruitment process. The retention is due to a possible re-evaluation of the candidates by the Organization.
  • The personal data of employees, i.e. those who have already drawn up an employment contract with the Organization, are kept in a physical file and on a file server by the HR department, first of all, for the duration of the employment relationship. After the termination of the employment relationship, for any reason, the relevant data are kept for a maximum of twenty years (indicative limitation period for any resulting legal claims), a period during which any legal case for processing them may arise, such as, for example, the case of civil cases or the investigation of a criminal act where an employee is likely to be involved, the case of a tax audit, etc. The above also applies to data on corporate assets provided to employees, access to electronic and physical files and to work areas and corporate mobile phones, for the purpose of executing the employment contract. They also apply to personal data relating to the granting of leave to employees (attendance, absences, hours of attendance, leaves, medical documentation of sick leave) and the evaluation of personnel.
  • The personal data of the Organization's clients and associates are kept in a physical file and on a file server by the HR department, initially for as long as the contractual relationship between us lasts. After the termination of the contractual relationship, for any reason, the relevant data are kept for a maximum of twenty years (indicative limitation period for any resulting legal claims), a period during which any legal case for processing them may arise, such as, for example, the occurrence of a civil case or the investigation of a criminal or non-criminal act, a tax audit, etc.
  • The personal health data of employees and additional members are provided to the HR department by the employees and by the insurance company that collaborates with the Organization within the framework of a group insurance policy and are kept in a physical file, on the mail server and on the file server until the termination of the employment relationship. After this termination, they are kept for up to 5 years after the end of the calendar year in which the employment relationship was terminated, unless the collaborating insurance company indicates otherwise. The pure financial data of the insurance contract are kept for as long as the tax audit of the corresponding financial corporate years is possible.

l) What are my rights?
The processing of your personal data is also linked to your respective rights, which, subject to any provisions that may limit their exercise, are:

  • The right to information. You have the right to receive clear, transparent and understandable information about how we use your personal data and what your rights are. For this purpose, we provide you with the information in this Privacy Policy and encourage you to contact us for any clarifications.
  • The right to access and correct. You have the right to access, correct and update your personal data at any time.
  • The right to data portability. The personal data you have provided for us is portable. This means that it can be moved, copied or transferred electronically.
  • The right to erasure. If you withdraw your consent to processing at any time, you have the right to request that we delete your data.
  • The right to restrict processing. You have the right to restrict the processing of your personal data.
  • The right to withdraw consent. If you have given your consent to the processing of your personal data, you have the right to withdraw your consent at any time by contacting us at the details provided herein.
  • The right to object exists for processing for direct marketing purposes (e.g. receiving newsletters from us).
  • The right to lodge a complaint with the Personal Data Protection Authority. You have the right to lodge a complaint directly with the local supervisory authority, the Personal Data Protection Authority, regarding how we process your personal data.
  • Rights related to automated decision-making. You have the right not to be subject to a decision based solely on automated processing which has legal or other significant effects on you. In particular, you have the right to:
  • to express your opinion
  • to receive explanations for the decision that resulted from an assessment, and
  • to challenge this decision.

In case of exercising one of your above rights, we will take every possible measure to satisfy your request within a reasonable time and at the latest within (1) month from the identification of your submitted request, informing you in writing about the satisfaction of your request, or the reasons that may prevent the exercise of the relevant right, or the satisfaction of one or more of your rights, in accordance with the General Data Protection Regulation. We point out that in certain cases satisfaction of your relevant requests may not be possible, such as when the satisfaction of the right is contrary to a legal obligation or conflicts with a contractual legal basis for processing your data.
However, if you believe that any of your rights or a legal obligation of the Organization regarding the protection of Personal Data is being violated and after you have previously contacted the Organization's Data Protection Officer (DPO) regarding the relevant issue, that is, you have exercised your rights towards the Organization and either you have not received a response within a month ( the deadline being extended to two months in the case of a complex request), or you consider that the response you received from the Organization is not satisfactory and your issue has not been resolved, you may submit a complaint to the competent supervisory authority, namely, the Personal Data Protection Authority (PDPA), 1-3 Kifissias Ave. , PC 115 23 Athens, email: [email protected], fax 2106475628.

m) How is my personal data protected?
We have taken appropriate organizational and technical measures to protect your personal data from misuse, interference, loss, unauthorized access, modification or disclosure. The measures we use include the implementation of appropriate measures in access control, technical information security as well as ensuring that personal data is encrypted, pseudonymized and anonymized, where necessary and feasible.
Access to your personal data is permitted only to our competent employees and associates and only if necessary to support the Organization's activity and is subject to strict contractual confidentiality obligations when processing is assigned and performed by third parties.

n) How can I contact the Organization?
You can contact us at our head office address, 3 Sabah-Houri Street, 15125 Maroussi, Attica or at the email address [email protected] or submit a request via the Contact form on our website.

o) Update – Updating of this Privacy Policy Statement
This statement will be revised, as necessary, to adapt to legislative changes, to respond to the comments and needs of the personal data subjects and to changes in our organization’s products, services and internal procedures. Any changes will be published with a simultaneous revision of the last update date at the top of this statement - Privacy Policy.

Share
Autodia Collective Management Organization of Music Authors & Rightholders
my.autodia
TUV
CISAC
Search