WEBSITE PRIVACY POLICY

1. Purpose of this Policy

Our Company, Diligent Holdings S.A. - hereinafter referred to as the “Company” or “Diligent” or “DH” - is a ship management Company based in Athens Greece, 43 Kifisias Avenue, 11523, VAT number: 997595905, contact telephone: 2106989900 and email address: diligent@diligentholdings.com. The purpose of this (website) privacy policy is to inform individuals and possible data subjects (users/visitors of this website www.diligentholdings.com) about the measures taken by DH in order to protect individuals’ personal data and comply with the legislation on the protection of personal data that includes the General Data Protection Regulation (EU) 2016/679 (GDPR), Law 4624/2019, Law 2472/1997 as well as Law 3471/2006 in the field of electronic communications and the opinions and guidelines of the Hellenic Data Protection Authority and the European Data Protection Board.

2. Useful Definitions

To provide you a better understanding of this Policy, here are the definitions of the following main concepts:

Data Subject means an identifiable natural person who can be identified, directly or indirectly. Here, means any user or any visitor of this website. 

Personal data means any information that may identify, directly or indirectly, a living natural person, such as their name, their address, their contact details (phone number, email address) etc.

Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

Controller means the Company Diligent Holdings S.A. based in Athens Greece, 43 Kifisias Avenue, 11523, telephone: 2106989900 and email address: info@diligent.gr  which determines the purposes and means of the processing of personal data.

Processor means a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.

Recipient means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not.

Third party means a natural or legal person, public authority, agency, or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.

Consent of the data subject means any freely given, specific, informed, and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

Data Protection Officer (DPO) designated by DH, who has the position and duties defined by the current legal framework for personal data protection.

3. What kind of data we collect and process and why

As a Data Controller, through our website we collect and process the above personal data under certain legal bases and specific purposes:

Important Note: Regarding the collection of Curriculum Vitae via the following e-mail address: hr@diligentholdings.com company informs you that your CV will be retained: 

(a) in case of recruitment, throughout the duration of the employment contract.

(b) in case of non-recruitment, your CV will be deleted / destroyed in a proper and safe way within a period of six (6) months from their collection.

4. Processing of special categories of personal data

Our Company does not process special categories of personal data through this website, such as data related to your racial or ethnic origin, your religious or philosophical beliefs, health data or data related to your sex life or your sexual orientation, as the above data is not necessary for us. In case such kind of personal data is provided by you, for the purpose of submitting a request or comment or in the context of our communication, their processing is carried out based on your explicit consent to the processing or if it is considered that there is a reason to defend our legal claims. Please do not include such data when posting your CV or when filling in message fields, which otherwise will be processed by the Company as an integral part of your CV.

5. Personal Data of minors 

Our Company does not process personal data of persons who have not completed the 18^th year of their age (minors). We reserve the right in case we find that a minor has provided data to us, without the consent of his legal representative, to delete such data. If you notice that a minor has provided his/her data to us without the consent of his/her legal representative, please contact us. 

When the processing of personal data is based on consent in accordance with art. 6 par. 1 a GDPR, in relation to information society services directly to a child, the consent provided by the minor and therefore the processing is legal, if the minor is at least 15 years old. In case the minor is under the age of 15, processing is legal only if the consent is given or approved by the legal representative of the minor (art. 8 GDPR in combination with art. 21 No 4624/2019).

6. Who the recipients of your personal data are 

Access to your personal data is available to:

• the trained and authorized personnel of our Company to cover the needs of your service, bound by absolute confidentiality and non-disclosure
• our Company’s partners (for example the Company supporting this website). DH ensures the data processing on behalf of the Company takes place under the provisions of the GDPR (articles 28, 32) and the applicable legislation
• in case you submit an interest for a job, your data is also provided to the cooperating Company "President Hotel" based on the specific position and the purpose of the recruitment for which you expressed an interest. The above company is bound by the same principles and obligations as "Diligent Holdings S.A."
• public authorities, courts, law enforcement agencies, regulatory bodies, including any data privacy, security, or similar audits, in compliance with applicable laws

At this point we should inform you that we do not transfer your personal data to third countries (outside the EU or EEA) or international organizations, which do not ensure an adequate level of protection. Any transfer of your data follows and complies with the relevant provisions of the applicable legal framework, in particular Articles 44 et seq. of the GDPR. In any case, you will be informed accordingly.

7. How long we retain your data for

We take every reasonable step to ensure that your Personal Data are only retained for as long as they are needed in connection with a lawful purpose. We retain your personal data in accordance with the requirements of the legislation, in particular for as long as provided for on a case-by-case basis, for as long as the nature and purpose of the processing so require, as long as defined by the applicable legal and regulatory framework and in each case the entire duration of the transaction between us and our individual contractual commitments, depending on its nature, taking also into account the legal obligations of our Company and any legal claims that may arise from it, in order to justify the retention time of the personal data. In case you have given your consent in view of specific processing and there is no other legal basis for it, you have the right to withdraw it, with a simple statement of withdrawal, which will be addressed to the Company, by completing a form of exercising your rights or through other means, without offending the legitimacy of the processing that was based on your consent until it was withdrawn.

Especially regarding the retention of CVs, when submitting them, you are informed about the time of keeping them [6 months from the selection of a candidate], unless you choose the immediate deletion.

In any case, we apply, as a maximum period, the twenty (20) years of retention (General Statute of Limitation on claims), with the chance of extending that period in case any form of arrogation or pending legal dispute or indication of control from a public authority arises. After the above period of time, the data which are no longer necessary will be erased in a safe and non-recoverable way.

In the above cases, your data will be immediately erased unless there is a lawful and valid ground for further retention. In any case, our Company will inform you respectively.

8. Your rights, as a data subject, according to GDPR

In any case, as a user/visitor of this website, you have control over the processing of your personal data. Specifically, according to the provisions of the General Data Protection Regulation for the Data Protection of natural persons (EU 679/2016), as a subject of personal data processing you preserve the following rights:

1. The right to be informed, announced, and briefed about exercising your rights (Art. 12, 13, 14 GDPR), meaning your right to be informed on how your personal data are used (as it is thoroughly provided by this Privacy Policy). 
2. The right to access the personal data that concern you and if the Company processes them, as a Data Controller (Art. 15 GDPR). The Company will provide a copy of the personal data after a relevant request is made from you.
3. The right to rectify inaccurate data as well as to add data when they are incomplete (article 16 GDPR).
4. The right to erase your personal data (“The right to be forgotten”), subject to the obligations and legal rights of the Company over their preservation according to the current legislative and regulatory provisions (Art. 17 GDPR).
5. The right to restrict the processing of your personal data if, either their accuracy is doubted, or the processing is illegal, or they lack the purpose of processing, but their erasure is not applicable (Art. 18 GDPR).
6. The right to transfer your personal data to another Data Controller (data portability), if the processing is based on you consent and is conducted with automated means or to execute the contract between us (Art. 20 GDPR).
7. The right to object for reasons that concern your special condition in case your data are being processed for purposes of the Company’s legitimate interest (Art. 21 GDPR) and especially to object to the automated decision-making (Art. 22 GDPR).
8. The right to withdraw your already given consent (article 7 GDPR) at any time, for processing conducted based on your consent. The legitimacy of the processing of your data is not influenced by the withdrawal of your consent up to the point you requested the withdrawal.
9. The right to file a complaint to the Hellenic Data Protection Authority the HDPA (1-3 Kifisias Avenue, 115 23, Athens, Greece, Tel.: 2106475600, email: contact@dpa.gr).

9. The way to exercise your rights and file a complaint

You are entitled to exercise your rights:

• sending an email to the electronic address dpo@diligentholdings.com or 
• by letter to our headquarters address 43 Κifisias Avenue, Αthens, Greece, 115 23, completing the appropriate rights request form that we provide you with (Data Subject Rights Request Form).

Your relevant requests must be accompanied by the appropriate identification documents of yourself, with the stated reservation of the Company to be able to ask for provision of additional information to identify and verify your personal information.

The above requests will be examined upon completing and sending the relevant rights request form, as it has been posted on our page and under the explicit instructions written in it. Diligent Holdings S.A., as Data Controller, will make every effort to proceed to the necessary actions within a month from the day of the request/exercise of the case-by-case right on your behalf, with the exception of the case in which the tasks concerning the fulfillment of your request are characterized by particularities and/or complications based on which the Company retains the right to extend the period of time taken to complete the actions.

In any case the Company will inform you about the course of your request within a month of its filing.

10. Security of your data 

Diligent Holdings S.A. concerns that appropriate technical and organizational measures (Article 32 GDPR) are taken to ensure an appropriate level of security during the processing of your data, to prevent accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access to personal data. Regarding the measures we take to ensure the security of your data through our website, we indicatively use a security certificate of the TLS protocol (TLS protocol 1.3), which encrypts the communication between the computer and the website. In addition, we take measures for the uninterrupted operation of the application (business continuity plan) with specific response times to a possible security incident, while taking all necessary measures of physical security and graded access (physical and logical) to the critical information infrastructure (but also to the application) which supports the web application in accordance with international good practice. We ensure that our partners comply with a level of protection and compliance too. 

11. Privacy Policy amendment 

This Privacy Policy may be amended at any time and an updated version will be posted on the Website each time. You are invited to refer to this Policy regularly.

12. Useful Contact Details 

Last Update at: 5/8/2021