Table of Contents

Introduction

Moore Greece is committed to safeguarding the integrity and safety of your personal data. We promise to respect any personal data you provide to us and keep it safe. We aim to be transparent when we collect and process your personal data by putting your rights and freedoms first.

This Privacy Policy outlines the categories of personal data we obtain, the reasons why we process them, the way in which these personal data are processed, the legal basis on which the processing is based, your rights, as well as any transfers that we may make of them.

We truly hope that this Privacy Policy is presented to you in a transparent, eligible way and that you are able to clearly understand what exactly occurs to your data. Nevertheless, we also provide our contact details for you to get in touch in case you have any questions about your personal data, which we will aim to address as soon as possible.

“Moore Greece”, “we”, “us” and “our” refer to both Chartered Accountants Moore Stephens S.A and MS Accounting Services S.A.

“GDPR” refers to the Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.

Please keep in mind that this Privacy Policy will be updated from time to time in order to keep with all developments in the field of privacy and data protection.

Contact details

You can find below the contact details of our business:

In case you have any queries regarding the processing of your personal data, please do not hesitate to contact us either via GDPR@moore.gr or +30 2130186100.

Principles of processing

Moore Greece processes personal data in accordance with the following principles and in compliance with the requirements of the GDPR:

Lawfulness, Fairness, Transparency: Personal data is processed lawfully, fairly and in a transparent manner.

Purpose Limitation: Personal data is collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.

Data Minimization: Processing relates to data that is adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed.

Accuracy: Personal data is accurate. Every reasonable step is taken to ensure that any personal data that are inaccurate are rectified without delay.

Storage Limitation: Personal data is held for no longer than is necessary for the purposes and scope of processing. However, in some cases Moore Greece may hold the personal data for longer periods in order to comply with its legal obligations.

Confidentiality and Integrity: Personal data is processed in a manner that ensures appropriate security, including protection against unauthorized and unlawful processing, access, loss etc.

Accountability: Moore Greece complies with transparent data protection processing and adheres to its legal obligations in relation to data protection and privacy

Categories of personal data we may collect

The personal data we collect from you is limited to what we consider necessary.

Depending on the purpose for which your personal data are collected, we may collect various types of such data, including:

Identification information such as name, surname, email address, marital status, fixed and/or mobile number.

Your function such as your current position and the company’s name where you are employed.

Electronic identification data such as your IP address, access rights, cookies, logs, access and connection times, necessary for the provision of our services.

Purpose and lawfulness of processing

The purpose of processing your personal data is specific and we only process your personal data in order to fulfil this purpose in accordance with the applicable legal basis.

The applicable legal basis per explicit purpose is one of the following:

Performance of a contract: we may process your personal data prior to entering into a contract for the purpose of the evaluation of your educational and professional background when you apply for a vacancy within our firm.

Legitimate interests: we may process your personal data based on our legitimate interests except where such interests are overridden by your fundamental rights, interests or freedoms. Such processing of data refers the following purposes:

Consent: in some cases, we may require your consent in order to process some of your personal data, such as the processing of your data for subscription purposes to our newsletter or for evaluation purposes during the recruitment process or in order to navigate on our websites by accepting specific categories of cookies, having previously obtained clear and free permission by you to do so. You may withdraw your consent at any time by contacting us at GDPR@moore.gr.

Retention period and destruction of personal data

Moore Greece will only keep your personal data only for as long as is necessary to fulfil the processing purposes and provide its services to you. Depending on the processing of your personal data, we will not keep your data stored in our system longer than 5 years, unless there is a lawful reason for further retention.

Once the retention period outlined above has passed, the personal data that we hold will be deleted.

Should you have a contractual relationship with us, we will store your personal data until the termination of the contract, provided that further storage is not required by the applicable legislation. Personal data of unsuccessful candidates, collected and processed during the recruitment process will be stored for up to one year from the time of the collection. At the candidate’s request, we may delete or store the personal data for a shorter period of time by sending us an email to GDPR@moore.gr.

Personal data processed for subscription purposes to our newsletter will be deleted immediately after your relevant request (consent withdrawal), which can be addressed at GDPR@moore.gr. We will then delete all personal data stored in our systems.

You may also withdraw your consent to the use of cookies at any time by contacting us at GDPR@moore.gr.

Should the processing is based on our legitimate interests, your data will be deleted once you request us to do so by sending us an email at GDPR@moore.gr, unless continued storage is required for evidentiary purposes. In this case, all or part of the data will be excluded from deletion until the investigation of the relevant incident is finally resolved.

Personal data transfers

As a general policy, we do not send your personal data to any third party without first informing you about it, explaining you the reason for the intended transfer and requesting your consent.

However, we may need to disclose your personal data when this is required by law.

In addition, we use “Google reCAPTCHA” (hereinafter “reCAPTCHA”) only on our Newsletter website to check whether the data entered on our website has been entered by a human or by an automated program (click on this). reCAPTCHA evaluates information, such as your IP address. This service is provided by Google Inc.

Awareness and education of employees

Moore Greece educates its employees on matters of data protection, either by training seminars or by informative emails, in order to build general awareness of GDPR across the organization. Training programme is covering information on data protection generally and in areas that are specifically relevant to the business. This training programme is repeated on a regular basis for all employees to keep up with new developments on data protection.

Data subject rights

Right of Access

You shall have the right to obtain from us (the controller) confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data and the following information:

  1. the purposes of the processing;
  2. the categories of personal data concerned;
  3. the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
  4. where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
  5. the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
  6. the right to lodge a complaint with a supervisory authority;
  7. where the personal data are not collected from the data subject, any available information as to their source;
  8. the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject

Right to Rectification

You shall have the right to obtain from us (the controller) without undue delay the rectification of inaccurate personal data concerning you.

Right to Erasure

You shall have the right to obtain from us (the controller) the erasure of personal data concerning you without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:

  1. the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
  2. the data subject withdraws consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2) GDPR, and where there is no other legal ground for the processing;
  3. the data subject objects to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) GDPR;
  4. the personal data have been unlawfully processed;
  5. the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
  6. the personal data have been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.

Right to Restriction of Processing

You shall have the right to obtain from us (the controller) the restriction of processing where one of the following applies:

  1. the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
  2. the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
  3. the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
  4. the data subject has objected to processing pursuant to Article 21(1) GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject.

Right to Data Portability

You shall have the right to receive the personal data concerning you, which you provided to us (the controller), in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller, where:

  1. the processing is based on consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) GDPR or on a contract pursuant to point (b) of Article 6(1) GDPR; and
  2. the processing is carried out by automated means.

Right to object

You shall have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions. We (the controller) shall no longer process the personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

Right to Lodge a Complaint

Without prejudice to any other administrative or judicial remedy, you shall have the right to lodge a complaint to the Greek Data Protection Agency (www.dpa.gr) if the data subject considers that the processing of personal data relating to you infringes your rights under the General Data Protection Regulation.

Should you wish to exercise one of the above mentioned rights, you can send us an email at GDPR@moore.gr. We will take into serious consideration your request and will make reasonable efforts to reply to you the soonest possible.

Personal data breaches

In the event of a breach in the safety and integrity of your personal data, Moore Greece will take into account the following:

  1. Steps needed to limit the breach
  2. Assessment of the risk and its impact on individuals’ rights and freedoms
  3. Mitigating the damage
  4. Breach Notification, if required
  5. Privacy Impact Assessment and appropriate measures to avoid recurrence of the breach

Miscellaneous

Under no circumstances do we collect and store personal data of individuals less than 18 years old. Any such data found on our system will be deleted immediately without notice.

Are things unclear?

We truly hope that this Privacy Policy explained to you in a clear and eligible way the way we process your personal data.

However, if things are still unclear or if you have further inquiries you would like to make, please contact with us in GDPR@moore.gr to address them.