I. PARTICULARS OF THE CONTROLLER

The civil law non-profit company under the name ‘INSTITUTE OF GREEK TOURISM CONFEDERATION’ and the trade name ‘INSETE’, which has its registered office in Athens (32 Voukourestiou Street, 10671 Athens), holder of VAT Number 997419805 [hereinafter ‘we’ or ‘the company’ or ‘INSETE’], is the Controller of the personal data of job applicants, pursuant to the Regulation (EU) 2016/679 (General Data Protection Regulation, hereinafter ‘GDPR’) and to the pertinent provisions of Greek law about the protection of personal data.

 

ΙI. SCOPE

The present Information Policy about the processing of Personal Data of Job Applicants (hereinafter ‘the/this present’ or ‘the Policy’) informs you about the way in which we process all types of information which may identify you (‘Personal Data’), which you provide to us as job applicants when you apply to INSETE either on your own initiative or following the posting of a job advertisement. Specifically, we inform you about the way in which we process the personal data which you provide to us, either directly or through authorized third parties (e.g. employment agencies) in the course of the recruitment process, i.e. from the submission of your job application to your potential selection for a job with us or the potential rejection of your application. In the event you should be selected, the company will inform you about the way in which it processes personal data of its employees in its capacity as employer through the Employee Information Policy it has in place.

 

ΙII. PERSONAL DATA CATEGORIES AND SOURCES

The provision of personal data is required in order for us to decide about entering into an employment agreement with you, in other words, in order for us to decide to recruit you. The provision of personal data on your part is optional. However, if you do not provide your personal data, the process for the submission of applications may be delayed and/or we may be unable to fully evaluate your applications.

 

A. Submission of Job Application

We ask you to provide us with the following personal data categories when you submit a job application to join our team:

Identification particulars, such as your full name.

Communication particulars, such as your telephone number and email address.

Curriculum vitae (CV) with whatever information you have included therein about your education and professional experience (e.g. professional and educational background, language skills, qualifications, competences, professional expertise, reference letters).

 

B. Evaluation of Job Application

We may invite you to attend an interview in order to further evaluate your application and the information you provided therein. In that case, we collect and process the following information about you:

  1. Information which you provide to us in the course of the interview, such as your responses to certain questions about the job post, information about your capacity to be employed in Greece, your ability to meet the requirements of the specific post, the reasons for which you wish to work with us.
  2. Any notes we may take on your answers.

 

C. Conditional Job Offer

If we send you a conditional job offer and you accept it, we will ask you for additional information in order to be able carry out certain checks which are required before your recruitment. Specifically, before recruiting staff members, we are required as a company to verify their identity, capacity, reliability and integrity. At this stage, we process the following categories of personal data which you provide to us:

 

  1. Identification particulars, such as father’s and mother’s name, ID card number, sex, date and place of birth, nationality, passport type photograph.
  2. Communication particulars, such as postal address, email address, telephone number (landline and/or mobile).
  3. Curriculum vitae, education credentials, degrees & diplomas, such as foreign language degrees & certificates or professional training seminar certificates (if available).
  4. Personal and family status particulars, such as evidence of Social Security Institute (IKA) stamps or Social Security Number (AMA or AMKA), VAT number, family status, dependent family members.
  5. Bank particulars, i.e. bank account number.

 

Should you accept the job offer and be definitively recruited by our company, we will inform you about the way in which it processes personal data of its employees in its capacity as employer through the Employee Information Policy it has in place.

 

III. Purposes and legal basis for processing

Our company collects and processes your personal data to the extent that this is permitted or required by the applicable legislation for the following purposes:

  • to determine your suitability for the post for which you submitted an application and to assess whether you meet the terms of recruitment and cooperation with our company. Specifically, we will use your communication particulars in order to communicate with you and to proceed with the assessment process for your application (e.g. to arrange an interview meeting). We will use the information you provide to us with your application or in the course of the job interview and the recruitment process in order to assess your suitability for the job post.
  • to offer you other job posts in which you may be interested (provided you have given your consent and your initial job application has been rejected),
  • to protect our company’s lawful interests (e.g. as necessary to address legal claims), and
  • to comply with legal or regulatory obligations arising from the applicable legislation pertaining to our operations.

 

The legal basis for the processing of your personal data is paragraph 1 (b) of article 6 of the GDPR, pursuant to which processing of your personal data is necessary in order to take steps at your request for a potential cooperation and prior to your potential recruitment.

 

By exception, in the event that your application has been rejected and you have asked us to retain your curriculum vitae for future job openings in INSETE, we shall base the processing of your personal data on the legal basis of your consent, pursuant to paragraph 1 (a) of article 6 of the GDPR.

 

IV. Transmission of data – Recipients

We may transmit some of your personal data to third parties, as permitted pursuant to article 6 paragraph 1 item (f) of the GDPR, for our company’s legal rights, i.e. in order for us to be able to support the recruitment procedures. We may use information systems or services provided by independent providers (e.g. recruitment software service providers) in order to support the recruitment process.

 

We may also transmit your personal data to public authorities, if we are required to do so pursuant to the applicable national legislation or pursuant to article 6 paragraph 1 item (c) of the GDPR.

 

V. Data retention period

In the event you should be recruited, you will be informed about the time period for which your personal data will be retained through our Employee Information Policy, which is communicated by our company to all employees.

 

Personal data of job applicants whose job application is rejected are deleted immediately upon the completion of the recruitment process.

 

If your job application is rejected and you ask INSETE to inform you about job openings in the future, your personal data will be stored for 12 months or until you withdraw your consent for the retention of your personal data. In the event you should send a job application on your own initiative, although no job advertisement has been posted by INSETE, we will retain your personal data for future job openings only upon your request, again for a maximum period of 12 months or for a shorter time if you request in writing that they be deleted.

 

VI. International transmission

INSETE transmits personal data in accordance with the legislation in force. In case that the extent, the context and the needs of the aforesaid purposes require that your personal data be transmitted outside the European Union or the European Economic Area, transmission of such data shall be made in accordance with the legislation in force and INSETE shall ensure an adequate level of data protection. By entering into appropriate data transmission contracts, based on Standard Contractual Clauses, which you may access by submitting a request to dpo@insete.gr, or by taking other steps in order to provide an adequate level of data protection, INSETE ensures or ascertains that recipients provide an adequate level of protection for your personal data.

 

VII. Your rights

As the case may be, you may exercise the rights arising from the applicable Greek legislation and the GDPR as follows:

  1. the right to information (GDPR article 13),
  2. the right to access (GDPR article 15),
  3. the right to rectification (GDPR article 16),
  4. the right to erasure (‘right to be forgotten’) (GDPR article 17),
  5. the right to restriction of processing (GDPR article 18),
  6. the right to data portability (to receive your personal data in a structured and commonly used format (GDPR article 20 where applicable), and
  7. the right to object (GDPR article 21), which applies to certain data processing activities.

Moreover, whenever we request your express consent for the processing of your personal data (e.g. in case you should ask us to retain your personal data in the event of your rejection so that we may inform you about future job openings), you are entitled to withdraw your consent at any time (GDPR article 7 paragraph 3) by contacting us in writing at the communication particulars which may be found on our website.

 

The table below presents your rights per processing purpose and the respective legal basis:

 

RIGHTS (GDPR ARTICLES)
Access (15) Rectification (16) Erasure (17) Restriction (18) Portability (20) Objection (21) Withdrawal of consent (7.3)
PURPOSE LEGAL BASIS  
Recruitment Evaluation GDPR 6.1b

(measures taken upon your request)

 Χ Χ Χ Χ Χ
Information about future job openings in the event you should be rejected  GDPR 6.1a (consent) Χ Χ Χ Χ Χ Χ

 

Please bear in mind that the aforesaid rights may be restricted pursuant to the applicable legislation.

Moreover, you are entitled to submit a complaint before the Hellenic Data Protection Authority (HDPA) about issues pertaining to the processing of your personal data.

Should you wish to find more detailed information about your rights, kindly refer to the applicable section of our website’s Data Protection Policy.