Privacy Policy

This Policy outlines the framework for how the Company will adhere to relevant data protection regulations.

Definitions

In this Privacy Policy:

  • Personal Data: Refers to any information that can identify a natural person.
  • Processing: Encompasses all activities related to personal data, such as collection, storage, and use.
  • Data Subject: The individual whose personal data is being processed.
  • Data Controller: The entity that determines how and why personal data is processed.
  • Consent: Permission granted by the data subject for the processing of their personal data.

1. SUBJECT

The Company “Confreight Helllas Ltd.” (hereinafter referred to as the Company) is a provider of freight forwarding, logistics, and customs clearance services.

The collection and processing of personal data form an ancillary part of our business activity.

In the course of its business, Confreight collects and processes personal data, acting as a data controller, for the following categories of data subjects:

  • Personnel, including administrative personnel, candidates, and former employees;
  • Business partners and potential business partners;
  • Clients and potential clients;
  • Suppliers and potential suppliers;
  • Website users.

2. PURPOSE (OF PERSONAL DATA PROCESSING)

This Policy ensures the Company operates in accordance with individuals’ fundamental rights and applicable data protection laws.

The Policy outlines the principles and strategies for protecting personal data, as required by Regulation (EU) 2016/679 (General Data Protection Regulation, or GDPR) and other relevant data protection legislation.

The purpose of this Policy is to define the procedures for collecting and processing personal data, implementing organizational and technical measures to safeguard data security and confidentiality, meeting accountability obligations, and managing relationships with third parties.

Adherence to this Policy represents an appropriate organizational measure under Article 32 of the GDPR, aimed at ensuring the security and confidentiality of personal data.

3. SCOPE

This Privacy Policy applies to:

  • All personal data collected through The Company’s website [www.confreighthellas.com] and any related online services, including contact forms, subscription services, and other data collection methods.
  • All activities involving the collection, use, processing, storage, and sharing of personal data as described in this Policy.
  • All personnel within The Company who handle personal data, including employees, contractors, and third-party service providers.
  • Any third parties who process personal data on behalf of The Company, including service providers, business partners, and affiliates.

This Policy does not cover:

  • External Websites: Websites or services not operated by The Company, even if linked from The Company’s website. These are governed by their own privacy policies.
  • Offline Data Collection: Data collected through offline means not covered by this Policy.
  • Data Outside GDPR Scope: Data processing that falls outside the scope of the GDPR, such as data related to legal persons.
  • Personal or Household Use: Processing of personal data by individuals for purely personal or household activities not associated with The Company’s activities.
  • Anonymized Data: Data that is anonymized or cannot be linked to an identified or identifiable natural person, as well as personal data that has been anonymized to the extent that the identity of the data subject can no longer be revealed.
  • Deceased Persons’ Data: Processing of data concerning deceased individuals.

4. INFORMATION COLLECTED

We collect and process the following types of personal data:

  • Personal Information: Name, contact details (e.g., email address, phone number), and job title.
  • Technical Data: IP address, browser type, operating system, device information, and usage data (e.g., pages visited, time spent on our Site).
  • Communication Data: Correspondence with us, including any feedback or inquiries.
  • Employment-Related Data: For job applicants and employees, the following information may be collected:
    • Application Information: Resume, cover letter, and other details provided during the application process.
    • Employment Records: Employment history, qualifications, certifications, performance evaluations, and other information relevant to employment and HR processes.
    • Background Checks: Information obtained from background checks and references.
    • Payroll Information: Bank account details, tax information, and other data required for payroll processing (if applicable).

5. USAGE OF COLLECTED INFORMATION

We use the collected data for various purposes, including:

  • Service Provision: To provide, maintain, and improve our services and ensure they meet your needs effectively.
  • Communication: To communicate with you regarding updates, respond to inquiries, and provide information related to our services that you have requested.
  • Analytics: To analyze usage patterns and enhance the functionality and performance of our website.
  • Compliance: To comply with obligations dictated by the applicable legal and regulatory framework. This includes purposes related to the prevention and suppression of money laundering, the avoidance and combating of fraud and financing of terrorism, and the application of Greek Tax Legislation. Additionally, we use data to address any legal or regulatory requirements and to enforce our terms and policies.

6. LEGAL BASIS FOR PROCESSING

The Company ensures that personal data processing is based on one or more of the following conditions:

  • The processing is based on the data subject’s consent;
  • The processing is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract;
  • The processing is necessary for compliance with a legal obligation of the Company;
  • The processing is necessary in order to protect vital interests of the data subject or of another natural person;
  • The processing is necessary for the performance of a task carried out in the public interest;
  • The processing is necessary for the purposes of the legitimate interests pursued by the Company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject.

Special Categories of Data

In addition to standard personal data, we may also process special categories of personal data, which require additional protection. This includes:

  • Health Information: We may process health data for employment-related purposes, such as medical assessments or occupational health evaluations. This processing is conducted in compliance with applicable laws and isnecessary for fulfilling legal obligations or managing our relationship with you.
  • Biometric Data: We may process biometric data for security purposes, such as access control or verification systems, if applicable. This data is processed with the utmost care and is protected with enhanced security measures.

The processing of special categories of data will occur only under specific conditions permitted by GDPR, including obtaining explicit consent or where processing is necessary for fulfilling legal obligations. We ensure that appropriate safeguards are in place to protect this data against unauthorized access or misuse.

When processing personal data based on legitimate interests, we maintain a record of the relevant data processing activities and the respective legitimate interests. We assess whether these interests override the fundamental rights and freedoms of the data subjects on a case-by-case basis. This assessment considers factors such as the relationship of the data subjects with us and their reasonable expectations at the time and context of data collection.

We process personal data only for specified, explicit, and legitimate purposes. Any further processing of personal data will be conducted with the data subject’s prior informed consent or, where permitted by law without consent, with appropriate safeguards and information provided to the data subject about their rights, including the right to object.

7. DATA SHARING AND DISCLOSURE

We may share your data in the following circumstances:

  • Service Providers: We may share your personal data with third-party vendors and service providers who perform functions on our behalf, such as payment processing, data analysis, email delivery, IT services, and customer support. These third parties are contractually obligated to handle your data securely and only use it for the purposes specified in our agreements.
  • Business Transfers: In the event of a merger, acquisition, sale of assets, or any other business reorganization, your data may be transferred as part of the transaction. We will take appropriate measures to ensure that your data remains protected and is used in accordance with this Privacy Policy.
  • Legal Requirements: We may disclose your personal data to comply with legal obligations, such as responding to lawful requests from government authorities, legal processes, or regulatory requirements. This includes protecting our rights, enforcing our terms and conditions, and preventing fraud or other illegal activities.
  • Professional Advisors: We may disclose your data to our professional advisors, such as lawyers, accountants, or auditors, where necessary to obtain legal advice or perform other professional services.
  • Third-Party Platforms: If you interact with third-party platforms (e.g., social media sites) through our website or services, data may be shared with those platforms according to their privacy policies.
  • Consent: We may share your personal data with other parties if you have given explicit consent for such sharing.

The Company does not sell, trade, or otherwise transfer personal data to outside parties except as described above. Any sharing of personal data is carried out in compliance with applicable data protection laws and with appropriate safeguards in place.

8. DATA SECURITY

The Company implements appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption: We use encryption to protect personal data both in transit and at rest, ensuring that data is securely transmitted and stored.
  • Secure Servers: Personal data is stored on secure servers with access controls to prevent unauthorized access.
  • Access Controls: We implement strict access controls and authentication procedures to limit access to personal data to authorized personnel only.
  • Data Backup: Regular backups are performed to ensure data can be restored in case of accidental loss or corruption.
  • Incident Response: We have an incident response plan in place to address and manage data breaches or security incidents promptly.
  • Employee Training: Our employees receive regular training on data protection and security best practices to ensure they understand and adhere to our security policies.

While the Company implements robust security measures, no method of internet transmission or electronic storage is entirely secure. The Company continually reviews and updates its security practices to address potential risks and enhance protection against evolving threats.

9. DATA RETENTION

The Company retains personal data only as long as necessary to fulfill the purposes for which it was collected and to comply with legal obligations. When data is no longer needed for these purposes, it will be securely deleted or anonymized.

For questions about our data retention practices, please contact us.

10. RIGHTS OF DATA SUBJECT

Without prejudice to the applicable law, the Company provides the following rights to all data subjects for whom it retains data:

  • Right to Access: You can request access to the personal data we hold about you and obtain a copy of it.
  • Right to Rectification: You can request correction of any inaccurate or incomplete data we hold about you.
  • Right to Erasure: You can request deletion of your personal data under certain conditions.
  • Right to Restriction: You can request restriction of processing in certain situations.
  • Right to Data Portability: You can request a copy of your data in a structured, commonly used, and machine-readable format.
  • Right to Object: You can object to the processing of your data based on legitimate interests or for direct marketing.
  • Right to Withdraw Consent: You can withdraw consent where processing is based on consent.
  • Right to Automated Decision-Making: You can object to decisions made solely based on automated processing, including profiling, that significantly affects you.

To exercise these rights, please contact us using the details provided below.

11. DATA TRANSFERS TO THIRD COUNTRIES OR INTERNATIONAL ORGANIZATIONS

In the course of its business, the Company transfers personal data to third countries outside the European Economic Area (EEA). These transfers are managed and supervised by the Company’s management and relevant data protection officers.

Personal data may be transferred to third countries or international organizations in the following cases:

  • Adequacy Decision: If the European Commission has determined that the third country or international organization ensures an adequate level of data protection through an adequacy decision.
  • Appropriate Guarantees: If the third-party data recipient (i) provides appropriate safeguards in accordance with Article 46 of the GDPR, such as standard contractual clauses, and (ii) if there are effective legal remedies available for data subjects.
  • Specific Circumstances: If any of the conditions outlined in Article 49 of the GDPR apply.

12. TRAINING AND AWARENESS

The Company is committed to fostering a strong culture of data protection. Regular training is provided to all staff and partners involved in data processing to ensure they understand and adhere to the principles of this Policy. This training supports effective compliance and integration of data protection practices into daily operations.

The Company fosters a culture of data protection that includes:

  • Raising Awareness: Emphasizing the importance of respecting the fundamental rights and freedoms of data subjects.
  • Understanding Policies: Ensuring staff and partners are knowledgeable about the Company’s privacy policy framework.
  • Active Participation: Encouraging proactive involvement in maintaining compliance with data protection rules.
  • Risk Detection: Promoting vigilance to identify risks and effectively address data breaches.

13. CHANGES TO THIS PRIVACY POLICY

The Privacy Policy may be updated periodically to reflect changes in practices, legal requirements, or operational needs. Updates will be posted on this page with an updated effective date. We recommend reviewing this policy periodically to stay informed of any changes.

14. COOKIES AND TRACKING TECHNOLOGIES

Our website uses cookies and similar tracking technologies to enhance your experience. For detailed information about our use of cookies and how you can manage your cookie preferences, please refer to our Cookie Policy.

15. CONTACT INFORMATION

For any questions or concerns about this Privacy Policy or our data practices, please contact us at:
Confreight Hellas Ltd.
2, Iasonos Street & Akti Miaouli, 185 37, Piraeus, Greece
info@confreighthellas.com
+30 210 4521 784   &   +30 210 4285 763

Last Updated: 17 May 2024

Want to learn more?

We are ready to help you maximize your logistics potential.

Get in touch today