1. Introduction 

GEK TERNA S.A. (hereinafter referred to as “the Company” and/or “we”, “us”) is committed to protecting and respecting your privacy.  This Privacy Notice is provided in accordance with Regulation (EU) 2016/679 (General Data Protection Regulation – GDPR) and the applicable Greek data protection legislation, including Law 4624/2019, and explains how we collect, use, store and protect personal data of employee candidates, when submitting your CV and application through this web form. 

2. Data Controller – Data Protection Officer (DPO)

For the purpose of the General Data Protection Regulation (“GDPR”) the Data Controller is the Company under the company name “GEK TERNA S.A”  and the distinctive title “GEK TERNA” headquartered in Athens Municipality, on 85, Mesogeion Avenue, PC 115 26, Greece, telephone number: 210 6968000 and email: info@gekterna.com, hereinafter called GEK TERNA S.A

The contact details of the appointed Data Protection Officer (PISTIOLIS–TRIANTAFYLLOS & ASSOCIATES LAW FIRM, ANDERSEN LEGAL, Greece) is the following email: dpo@gekterna.com  

3. Categories of Personal Data

 In the context of the recruitment process for employee candidates, we collect and process the following categories of personal data, which are strictly necessary, relevant and proportionate to achieving our objectives:

• Identification data: e.g., Name, surname, date of birth, photograph (optional).
• Contact details: e.g.,Email address, postal address, phone number.
• CV/resume data: e.g., Information provided through job applications, CVs and interviews, educational background, professional qualifications, skills, employment history.
• Information included in your cover letter or other supporting documents
• Recruitment process data: Records of correspondence between you and the Company, records related to your progress and assessment throughout the hiring process.
• References and recommendations: Recommendations or other information received from former employers or other individuals you have authorized us to contact.
• Any other data you voluntarily submit through your application

4. Information from Other Sources
   In addition to the information you choose to share with us directly, we may also consider limited information about you from other lawful sources, such as:

• Public professional profiles (e.g. LinkedIn), to the extent relevant to the role you apply for.
• Recommendations or referrals provided by individuals or organizations who suggest you as a candidate.

We only use such information to support our recruitment process and evaluate your application fairly.

5. Lawful basis for processing 

We rely on the performance of the contract to collect and use your personal data at the pre-contractual stage in order to conclude the employment contract. The provision of data is necessary because it is a requirement for the potential conclusion of a contract. Therefore, failure to provide the requested personal data will make it impossible to carry out actions in order to further conclude a contract.

We also rely on our legitimate interests as the lawful basis for collecting additional information and references related to your qualifications and experience, in order to further assess your suitability for the position.

6. Purposes of processing

The personal data we collect is processed for the following purposes:

• To consider your application in respect of the position  for which you have applied.
• To consider your application in respect of other available positions..
• To manage and administer the recruitment process (including communication with you regarding your application, arranging interviews and providing updates on the status of your candidacy).
• To enhance any information that We receive from you with information obtained from third party data providersas part of our legitimate interest in making informed and fair recruitment decisions..
• To identify suitable candidates for οur job openings.
  

7.Recipients of your personal data

Your personal data may be shared with specific third parties, only when necessary and in accordance with applicable data protection laws. These may include:

• Authorized employees of our HR and recruitment teams.
• Where necessary for the evaluation of your application, your data may also be shared with other companies of the GEK TERNA Group, strictly for recruitment-related purposes and under conditions of confidentiality
• Third-party service providers (e.g., IT support) where strictly necessary and under confidentiality agreements
• Any other administrative, judicial or public authorities, as well as any legal or natural persons, to whom the Company may be required or authorized to disclose such data by law, court order, or in order to safeguard its legitimate interests.

We have implemented all necessary safeguards to ensure that our staff and partners are duly authorized to process your personal data for these purposes and are fully committed to maintaining confidentiality and complying with all legal obligations related to the collection and further processing of your data.

8. Safeguarding your Personal Data

The Company implements appropriate technical and organizational measures aimed at the secure processing of personal data and the prevention of accidental loss or destruction, as well as unauthorized and/or unlawful access to, use, alteration, or disclosure of such data. To ensure an adequate level of security against risks and to select the appropriate technical and organizational measures, the Company takes into account the latest technological and other developments, the implementation costs, the nature, context, and purposes of the processing, as well as, on the one hand, the likelihood and risk of incidents involving accidental loss or destruction and unauthorized and/or unlawful access, use, alteration, or disclosure of personal data, and on the other hand, the severity of the potential consequences for the rights and freedoms of natural persons.

We store your data securely within our own facilities, utilizing advanced, protected servers and systems designed to safeguard your information. Our infrastructure and processes strictly adhere to all relevant data protection laws and industry standards, ensuring that your data remains confidential, protected against unauthorized access, and handled with the utmost care and responsibility.

9. Data Transfers

Your personal data are not transferred or stored outside the European Economic Area (“EEA”).In the event that a transfer outside the EEA becomes necessary, we ensure that appropriate safeguards are in place, such as: an adequacy decision by the European Commission, or the use of Standard Contractual Clauses approved by the European Commission, in order to guarantee that your data is protected at a level equivalent to that within the EEA.

10. Data Retention Period

We will retain your personal data for up to for 24  months  after the completion of the recruitment process, unless a longer period is required by law or you provide consent for further retention in our talent pool. After that, your data will be securely deleted. 

11. Your rights

Under the GDPR you have a number of important rights free of charge. In summary, those include rights to the following (where applicable): 

• Right of Access: You have the right to be aware and verify the legitimacy of the processing. So, you have the right to access the data and get additional information about how your data is processed. 
• Right to Rectification: You have the right to study, correct, update or modify your personal data by contacting our DPO by submitting relevant documentation. 
• Right to Erasure (“Right to be forgotten”): You have the right to request the erasure of your personal data when we process it based on your consent or in order to protect our legitimate interests. In all other cases, this right is subject to specific restrictions or may not apply, depending on the case. 
• Right to Restriction of Processing: You have the right to request a restriction on the processing of your personal data in the following cases: (a) when the accuracy of the personal data is questioned and until such accuracy is verified; (b) when you oppose the erasure of personal data and request (instead of erasure) the limitation of its use; c) when personal data is not needed for processing purposes, but is, however, indispensable for the reestablishment, exercise, defense of legal claims; and (d) when you object to the processing and until it is verified that there are legitimate reasons that concern us and supersede the reasons for which you oppose processing.
• Right to Oppose Processing: You have the right to oppose at any time the processing of your personal data where, as described above, such processing is necessary for the purposes of legitimate interests we seek as processors, as well as for processing for direct marketing and consumer profiling.
• Right to Data Portability: You have the right to receive your personal data free of charge in a format that allows you to access, use, and edit them, using commonly used editing methods. You also have the right to ask us, if technically feasible, to pass the data directly to another processor. This right exists for the data you have provided to us and is processed by automated means based on your consent or for the performance of a relevant contract.
• Right to Withdraw Consent: Where processing is based on your consent, you have the right to withdraw such consent freely, without prejudice to the lawfulness of the processing based on your consent prior to its withdrawal.

The exercise of any of the above rights is carried out by submitting a relevant written request to our Company, to which we undertake to respond within a period of one (1) month from its receipt. This deadline may be extended by an additional two (2) months, taking into account the complexity of your request, as well as the total number of requests received.

12. Right to lodge a Complaint

If you exercise any of your rights and you are not satisfied with the response, you have the right to lodge a complaint with the Hellenic Data Protection Authority via its online portal (https://eservices.dpa.gr/). For more information, you can visit the website of the Hellenic Data Protection Authority athttps://www.dpa.gr/.

13. Privacy Notice Amendments or Updates

The Company may amend or update this Privacy Notice whenever there are significant changes to its processing activities, applicable legislation or business procedures.