Employment Solutions

ICAP Employment Solutions has been successfully operating since 1999 with branch offices in five Greek cities (Athens, Thessaloniki, Larisa, Patra, Heraclion) and has a strong presence in Southeastern Europe, with subsidiaries in Bulgaria and Cyprus, offering end to end recruitment solutions.

 

With more than 2.500 employees working at its clients’ premises, ICAP Employment Solutions is distinguished for its consistency in offering services that add real value to  customers.

 

 

The company’s customer portfolio consists of clients from various sectors, such as Banking, Insurance, Manufacturing, Telecommunications, Tourism, Retail, Information   Technology and Health Sectors.

 

In 2015, ICAP Employment Solutions received, in the context of HR Community Awards, the bronze award in the category “Transboundary HR Management”.

 

The division of Employment Solutions provides a wide range of services:

Contact us

Tel.: +30 210 7200 569

Email: es@icap.gr

URL: www.icapjobs.gr

Staffing Solutions

ICAP Employment Solutions offers staffing solutions that cover short or long term needs with specialized workforce. Our specialized recruitment consultants undertake to carry out the entire recruitment cycle, covering seasonal needs (due to extra workload, maternity leaves, sickness leaves, etc.) as well as long term requirements of projects.

 

Benefits of  Temporary Employment:

Read more

  • Avoiding dismissal reasons, through multiple renewed contracts
  • Monitoring of legislative changes, in order to avoid mistakes and fines
  • Simplification of procedures (exemption from wage and insurance obligations)
  • Immediate availability of experienced and specialized staff
  • Timely coverage of seasonal or unexpected needs
  • Effective staff management (publication of reports and forecasts)
  • Controlled payroll management (budgeting)

Recruitment Process Outsourcing (RPO)

ICAP Outsourcing Solutions has a proven record of successful recruitment process outsourcing (RPO) and customized recruitment projects, delivering best practices into the businesses we support.

ICAP Outsourcing Solutions is committed to providing high quality services to meet our clients’ needs, offering full end to end RPO, or recruitment solutions (sourcing, screening, assessments, offer management, exit interviews etc.).

 

Benefits of Recruitment Process Outsourcing:

Read more

  • Saves your organization time and money, since our experienced recruitment consultants undertake to carry out the project utilizing streamlined recruitment processes and best practices with monitored transparency and they have direct access to professional networks and talent pools.
  • Furthermore, the use of RPO improves the quality of hire since all KPI’s are set up specifically to meet the needs of the specific project, ensuring compliance with the company’s procedures and processes.

Payroll Services

ICAP Outsourcing Solutions fully undertakes to efficiently and effectively calculate and carry out the payroll processes of your organization, offering compliance to the labor law, confidentiality, accuracy of results and cost control.

Experienced consultants are dedicated to each project, undertaking full responsibility for the fulfillment of obligations and the compliance with the legal authorities.

Read more

Through the outsourcing of payroll, the cost of this function is controlled accurately and is reduced, since ICAP Outsourcing Solutions undertakes the updates of the IT infrastructure and continuous training of personnel on labor law issues.

ICAP Outsourcing Solution monitors, records and controls the working hours of each employee, providing:

  • Payroll Calculation
  • Reporting and Forecasting

Outsourcing Services

ICAP Outsourcing Solutions provides a variety of outsourcing services for full time, part time, temporary or permanent needs of your organization offering a full service line which includes:

  • The sourcing and recruitment of personnel, which has been previously defined to meet the needs not only of the position but of the organization as well
  • Preparing and signing of employment contracts
  • Submitting relevant paperwork to public authorities
  • Calculating and carrying out payroll
  • Providing full staff administrative services to both employees and clients

 

Benefits of Outsourcing Services:

 

Read more

 

  • Cost Reduction & Control
  • Expertise available in a short period of time
  • Workforce Flexibility
  • Simplification of administrative tasks
  • Efficient personnel management

Managed Services

ICAP Outsourcing Solutions acts as a true business partner, creating and delivering solutions with mesurable results that enable companies to focus on their operational functions and strategic business needs.

ICAP Outsourcing Solutions undertakes to carry out, fully or partially, secondary procedures of your organization, that are not identified with the core business, based on Service Level Agreements.

 

The procedure for the Managed Services is as follows:  

Read more

  • The process that is to be undertaken is recorded
  • The parameters of the process are defined, so to ensure its autonomy
  • Staffing  needs are covered, as well as equipment needs, when and if necessary

Field Marketing Services

ICAP Outsourcing Solutions provides end-to-end Field Marketing Solutions and is capable of taking over the full management of a project.

By exploiting our expertise in the fields of search, selection, and management of employees and also by utilizing the latest technologies, we ensure best management processes.

 

Main focus on specialties:

 

Read more

 

  • Sales
  • Merchandising
  • Promotion
  • Mystery Shopping
  • Auditing
Search and claim new jobs with ICAP Employment Solutions on your side !

Data Protection Policy of ICAP Employment Solutions S.A

Data Protection Policy of ICAP Employment Solutions S.A
2, Eleftheriou Venizelou Avenue, Kallithea, Athens, Greece
with VAT number 999842443 (Reg. No. 122566601000)
Last Amended on 2020.01.14
1. Field of Scope
This privacy notice lays out the way ICAP Employment Solutions S.A (hereinafter referred to as “ICAP Employment Solutions”) collects, uses, processes, stores, manages, and protects the employment, academic, health and payroll data of individuals (hereinafter referred to as “Personal Data”), so as to meet the data protection standards of the company and comply with the applicable data protection law.
This privacy policy shall apply to all information (i) that relates to the products and services (hereinafter referred to as “Services”) provided by ICAP Employment Solutions (including but not limited to Outsourcing Services, Recruitment Process Outsourcing (RPO), Payroll Services, Staffing Solutions, Business Process Outsourcing)  where such data is collected directly by the individuals (ii) pertaining to candidate employee or employment data, academic and payroll data collected through third party recruitment platforms, ICAP’s network or existing Clients iii) pertaining to certain health data of employees iv) pertaining to Client data obtained during the use of the Services. ICAP Employment Solutions is bound to protect the privacy of Clients, individuals and other data subjects and adhere to the Data Protection legislation currently in effect.
This policy shall not apply to information collected through any other website, services, products, platforms or for practices of companies that we do not control. We are not responsible for any personal data protection practices pertaining to websites, services, products, platforms of other companies.

2. Categories & Types of Collected Data
Data Collected:

 

A. Candidate Employee Data: name/surname, date of birth, address, academic and professional qualifications, contact details, address, nationality, candidates suitability evaluation reports, previous employment information, marital status, e-mail, military service completion/exemption certificate.

 

B. Employment & Payroll data: first name, last name, Tax Registration No. Identification Card/Passport No. (Date of issuance & issuing authority), IKA’s Registration No., father’s name, mother’s name, date of birth, AMKA Registration No., address, Tax Authority Department (ΔΟΥ), contact details, nationality, marital status, protected members (numbers, date of birth, name), social insurance history, educational level, health record for chronic disease, unemployment card nr., bank account particulars, social security stamps, family status certificate, military service completion/exemption certificate.

 

C. Outsourced employees payroll data: all employment registration data (first name, last name, Tax Registration No. Identification Card/Passport No. (Date of issuance & issuing authority), IKA’s Registration No., father’s name, mother’s name, date of birth, AMKA Registration No., address, Tax Authority Department (ΔΟΥ), contact details, nationality, marital status, protected members (numbers, date of birth, name), social insurance history, educational level, health record for chronic disease, unemployment card nr., bank account particulars, social security stamps, family status certificate, military service completion/exemption certificate) salary and benefits package).

 

D. Employee health/medical data: Names/surnames, diagnostic results, doctors’ notes, health treatments, illnesses, hospital reports.Declaration Regarding The Processing of Personal Data By ICAP Employment Solutions (by its capacity as Data Controller and Processor – in accordance with the General Data Protection Regulation EU 679/2016)

 

Why will you process my Personal Data (PD)?
ICAP Employment Solutions provides outsourcing, recruitment process outsourcing (RPO), payroll staffing solutions, business process outsourcing services, containing employment, academic, health and payroll data of individuals on the basis of the intended purpose, such as described in paragraph 6 hereof. Their contents vary depending on the type and purpose of the provided service of ICAP Employment Solutions. The lawful basis of the data processing is ICAP Employment Solutions’s legitimate interest and in some instances the consent of the data subjects.In addition ICAP Employment Solutions may collect personal data of candidate employees with their consent for the purpose of exploring employment opportunities.Furthermore ICAP Employment Solutions collects candidate employee data through third party sources (online recruitment platforms or business networking sites/platforms or other) on the basis of its legitimate interest. More specifically:
(i) ICAP Employment Solutions utilizes  the Careerbuilder S.A (Luceo) platform to provide us with the ATS Luceo from which we receive job applications and manage all necessary candidate employee (CV) data. For more information about  Careerbuilder S.A, please read their Privacy Notice at https://hiring.careerbuilder.com/company/privacy-policy?_ga=2.190219435.1804941326.1531996993-234062023.1531996993
(ii) ICAP Employment Solutions utilizes the online business opportunity and networking platform Kariera.gr from which we receive job applications and manage all necessary candidate employee (CV) data. For more information about Kariera S.A, please read their Privacy Notice at https://hiring.careerbuilder.com/company/privacy-policy?_ga=2.190219435.1804941326.1531996993-234062023.1531996993
(iii) ICAP Employment Solutions utilizes the online business opportunity and networking platform skywalker.gr from which we receive job applications and manage all necessary candidate employee (CV) data. For more information about Skywalker.gr, please read their Privacy Notice at https://www.skywalker.gr/elGR/static/politiki-aporritou
(iv) ICAP Employment Solutions utilizes  the Workable platform from which we receive job applications and manage all necessary candidate employee (CV) data. For more information about  Careerbuilder S.A, please read their Privacy Notice at https://www.workable.com/privacy
Lastly ICAP Employment Solutions collects within the framework of the aforementioned provided Services, certain special categories of Personal Data as defined in Article 9 of the GDPR (i.e health records or doctors’ notes, hospital reports etc) with the explicit consent of the Data Subjects. Said data are submitted for absence justification of the employee or his/her inclusion to a private insurance program utilisation. Only data that are essential for those purposes, are being collected and processed. The processing of these data may also be necessary for compliance with a legal obligations to which ICAP Employment Solutions  is subject.

 

Information automatically collected when visiting and interacting in the websites https://www.icap.gr/ and www.icapjobs.gr: With regards to the data collected through the websites https://www.icap.gr/ and www.icapjobs.gr (hereinafter referred to as “Website”) you may review the pertinent privacy notice here.

3. Data Collection Points
● Third party recruitment platforms (Luceo, Skywalker, Kariera etc) – A
● Third party business networking platforms (linkedin) – A, B
● ICAP Network – A
● Corporate Clients (employers) – B, C
● Employees – D

4. Transfer of Data to Third Parties
ICAP Employment Solutions reserves the right to disclose your personal data to any member of its affiliate/subsidiary companies (parent company and its subsidiaries) or other third parties to the extent it is reasonably necessary for the purposes determined in this notice and in particular:
● Certain data (CVs and evaluation reports) will be transferred between members of ICAP Group (inter-group data transfers).
● Your employment and payroll data may be transmitted and become accessible by legal entities (corporate customers) with which, we have entered from time to time into contractual agreements for the purpose of fulfilling our company’s legitimate interest (provision of staffing recruiting and payroll services) in a correct and within our contractual terms framework.
● Your payroll data may be transmitted and become accessible by bank institutions with which we cooperate for the purpose of processing the payments of employees.
● Your data may be disclosed to cloud hosting providers for the purpose of storing and safeguarding the data with the appropriate technical and security measures.
● Your data may be transmitted, become accessible and processed by subsidiaries of our group within the European union, which apply the appropriate technical, physical and administrative security measures for the protection of the data from loss, misuse, damage, alteration, unauthorised access and disclosure, as provided by article 32 of the GDPR 679/2016.
● Your data (specifically employment and payroll data) may be disclosed to public authorities (EFKA, Ergani) in compliance with pertinent legal obligations of ICAP Employment Solutions.
● During all data transfers, we always take all appropriate measures so as to ensure that the transmitted data are the minimum required for the intended processing purpose and that the conditions for legitimate and lawful processing will always be met.
● ICAP Employment Solutions’ servers are hosted at IBM’s data centre (hosting provider) located in Athens. You may find more information on IBM’s privacy notice in the following link: https://www.ibm.com/privacy/details/us/en/#section_2


5. Personal Data Retention Period
ICAP Employment Solutions only ever retains personal data for as long as is necessary and we have strict review and retention policies in place to meet these obligations. The data retention period depends on the lawful basis of processing, as set out in detail below:
● In case the lawful basis for processing is the exercise of legitimate interest, the  processing of personal data is carried out for as long as it is considered necessary for the achievement of the intended statutory purpose of ICAP Employment Solutions described in paragraph 6 below,  and until such time the limitation period of any related claims has expired.
● In case the personal data of the employees have been provided with their own consent and within the framework of our services, we shall retain those data until the granted consent by the data subject has been withdrawn. In case the consent is withdrawn for any valid reason, we shall retain them for as long as it is required until the limitation period of any related claims expires.
● In case the lawful basis for processing is the performance of the contract, we shall retain your data for as long as you retain the contractual relationship with ICAP Employment Solutions in hard copy and in electronic form or we shall retain them for as long as it is required until the limitation period of any related claims expires.
● In case the  the lawful basis for processing is the explicit consent of the data subject (such in the case of medical-health records), we shall retain those data until the granted consent by the data subject has been withdrawn unless specific legislation in effect allows us or ordains to retain the data.


6. Legitimate Interest – Intended Purpose –  Lawful Basis for Data Processing
Data processing is necessary for the purposes of the intended statutory purpose of ICAP Employment Solutions which is the provision recruitment process outsourcing and payroll Services, staffing solutions and related services.

Within this framework, ICAP Employment Solutions collects, manages and provides employment, academic, health and payroll data of individuals for the performance of the contracts with corporate clients. ICAP Employment Solutions processes and stores the said data within the E.U.


7. Rights of the Data Subjects
You may exercise, as the case may be, the rights deriving from the applicable Greek Legislation and the General Data Protection Regulation (Regulation (EU) 2016/679) which are as follows: (a. the right of information (article 13), b. the right of access (article 15), c. the right to rectification (article 16), d. the right to erasure “right to be forgotten” (article 17), e. the right to restriction of processing (article 18), f. the right to data portability (to receive your personal data in a structured and commonly used format – article 20 where applicable) and g. the right to object (article 21) which applies to certain data processing activities.
● These rights can be exercised only in cases where ICAP Employment Solutions acts as Data Controller and in particular when ICAP Employment Solutions (i) processes the personal data of employees in relation with the products and services provided by it in pursuance of its statutory objectives (ii) processes the personal data of candidate employee or employment data, academic, health and payroll data collected through individuals or outsourced employees (iii) pertaining to Client data obtained during the use of the Services.
● This Privacy Notice does not apply to personal data mentioned on business documents that our customers transmit to our systems when using our Services.
● These rights shall be exercised free of charge for you by sending a relevant letter to the Data Protection Officer (DPO) of ICAP Employment Solutions: 2, Eleftheriou Venizelou, Kallithea or via e-mail to privacy@icap.gr. In case however, the aforementioned rights are exercised excessively and without good cause thus causing us administrative burden, we may charge you with the cost related to the exercise of the respective right.
● In case you exercise any of your rights, we will take all appropriate measures available for the satisfaction of your request within thirty (30) days following the receipt of the relevant request. We may either inform you on the acceptance of your request or on any objective grounds that hinder the processing of your request.
● Notwithstanding the above, you may at any time object to the processing of your Personal Data, by withdrawing your consent (article 7, par. 3 of the GDPR 679/2016) by sending a letter to the Data Protection Officer (DPO) of ICAP Employment Solutions: 2, Eleftheriou Venizelou, Kallithea, or via e-mail to privacy@icap.gr.   This right applies only in cases where the lawful basis for the data processing is the consent of the Data Subject.


8. Data Processing by ICAP Employment Solutions
In some instances, our corporate clients provide their employees’ data, for the purpose of providing to them outsourced payroll services- which contain personal data. In such cases, ICAP Employment Solutions shall operate as the “Data Processor” of the personal data, which are included in the said business data. Consequently, in those cases different provisions of the GDPR 679/2016 shall apply, with which we comply.

 

Additionally, ICAP Employment Solutions applies throughout the data processing procedure, the appropriate technical, physical, and administrative security measures for the protection and security of the personal data from loss, misuse, damage or modification, unauthorised access and disclosure, in compliance with article 32 of the GDPR 679/2016, in order to ensure the appropriate security level against those risks. Those include, among others, as the case may be: a) application of encryption protocols b) the ability to ensure confidentiality (article 90 GDPR 679/2016), the integrity, availability, and resilience of processing systems and  services on an ongoing basis, c) the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident, d) a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing. Moreover, ICAP Employment Solutions shall take measures so as to ensure that any physical person acting under the authority of the data controller or of the processor, who has access to personal data, shall not process those data except on instructions from the data controller and limits access to your personal information to authorised employees.

 

Indicative security measures applied by ICAP Employment Solutions are as follows:
● ICAP Employment Solutions maintains a dedicated information security team that plans, implements and provides surveillance of our information security program.
● The company controls the security and functionality of its products and services before they are introduced to the Internet, for any vulnerabilities in technology.
● The company performs ongoing infrastructure checks to detect weaknesses and potential intrusions, vulnerabilities in systems etc.
● The company uses https protocols for secure and encrypted client communication with ICAP Employment Solutions.
● The company uses the open standard protocol to access Lightweight Directory Access Protocol (LDAP) directory services and uses encrypted passwords.
● The company uses a Secure Sockets Layer (SSL) certificate to create an encrypted connection between the web server and the Client’s/User’s browser.


9. Profiling
We use the information we obtain from candidate employees to in order to evaluate and categorize the data based on internal customer requirements. We may also carry out customized candidate suitability evaluation reports.We recommend to our customers to review and interpret the reports on their own based on their actual business requirements. Our customers may choose to use our evaluation reports alone or combine the reports with other information available to them. We do not maintain blacklists of any kind and we do not encourage our customers to reject or approve candidates under any circumstances based on those reports.


10. Submission of Complaint – Appeal
● For any issue regarding the processing of your personal data, you may contact us via e-mail at es@icap.gr
● Moreover, you shall always be entitled to contact the Hellenic Data Protection Authority, which may accept the submission of relevant complaints in writing at its protocol in its offices at 1-3, Kifisias Street, Postal Code 115 23, Athens or by e-mail contact@dpa.gr in accordance with the instructions indicated on its website.
● If you no longer wish to receive newsletters from ICAP Employment Solutions, please send an e-mail to es@icap.gr or follow the unsubscribe instructions included in each relevant email/communication.


11. Amendments
This policy may be renewed from time to time, due to amendments to the related legislation or change to the corporate structure of ICAP Employment Solutions. Thereby, we encourage the Clients to periodically visit the Website so as to be informed regarding recent information of privacy practices. In any case, the Clients may be informed by e-mail or a notice in our Website regarding any amendments to this policy.

Data Protection Policy ICAP Outsourcing S.A.

Data Protection Policy  ICAP Outsourcing S.A.
“ICAP Outsourcing S.A..”, Kallithea, Eleftheriou Venizelou Ave. number 2, 17676, with VAT number [099365259] (Gen. Com. Reg. No. [123471101000])
Last Amended on 2019.12.03

1. Field of Scope
This privacy notice lays out the manner in which ICAP Outsourcing  S.A. (hereinafter referred to as “ICAP”) collects, uses, processes, stores, manages, and protects the individuals’ personal data (hereinafter referred to as “Personal Data”), so as to meet the data protection standards of the company and comply with the applicable law.

ICAP provides services in the field of Inbound and Outbound calls and establishes call centers  on behalf of any client or business. In particular an outbound call center is one in which call center agents make outbound calls to customers on behalf of a business or client. An inbound call is one that a customer initiates to a call center or contact center of ICAP’s customers. Call centers established by ICAP may handle either inbound or outbound calls exclusively or might deal with a combination of the two, according to the contract, signed between ICAP and each particular Client. In addition, ICAP provides employee payroll services as well as Business Process Outsourcing solutions and services to legal entities.

The company’s activities include, but are not limited to, the following purposes: (a) The provision of telephone services third parties by creating a call center to receive incoming calls and making outgoing calls, (b) The provision of services for the promotion and services and products of third parties or themselves, either through telephone or other means of communication, (c) The provision of business advisory services to sales promotion, and design and organization of call centers, (d) conducting market research for products and third party services, excluding television market, (e) The provision of administrative and technical support to private or public third parties as well as the undertaking of projects with similar context according to the instructions of the Client (f) The provision of services (including but not limited to Outsourcing Services, Recruitment Process Outsourcing (RPO), Payroll Services, Staffing Solutions, Business Process Outsourcing)  where such data is collected directly by the individuals (g) The personal data processing that pertains to candidate employee or employment data, academic and payroll data collected through third party recruitment platforms, ICAP’s network or existing Clients (h) The personal data processing that pertains to certain health data of the employees.

This privacy policy shall apply to all information:

(i) pertaining to Client, User and candidate employee data obtained during the use of the Services
(ii) pertaining to the personal data of clients, employees or candidate employees obtained during the provision of the aforementioned services
(iii) pertaining to clients, employees or candidate employees of ICAP’s websites www.icapcontactcenter.com and www.icapjobs.gr (hereinafter called “Website”).

This policy shall not apply to information collected through any other website, services, products, platforms or for practices of companies that we do not control. We are not responsible for any personal data protection practices pertaining to websites, services, products, platforms of other companies.


2. Categories & Types of Collected Data
Taking into consideration all the above, it is necessary to clarify that ICAP Outsourcing SA in most instances, collects, uses, processes, stores, manages data provided by ICAP’s clients themselves such as customers, suppliers or third parties’ data – which may contain personal data (who may refer to individuals or companies)  – within the framework of provision of our services. Such data in most instances has been collected by ICAP’s clients and are related to data of their customers. However, ICAP may collect customer’s data on behalf of its Clients directly from any data subject. ICAP shall operate then as the “Processor” of the personal data, which are included in the said business data. Consequently, in those cases different provisions of the GDPR 679/2016 shall apply, with which we comply. So in these cases that ICAP collects on behalf of his client the following categories of data.

Data Collected By Icap By Its Capacity As Data Processor:

In these cases, ICAP undertakes on behalf of its clients to make and to receive telephone calls according to the instructions of the individual client, as they are imprinted in the relevant contract signed between ICAP and the client. In addition ICAP collects employee personal data within the context of its statutory purposes (provision of payroll and business outsourcing services to legal entities). In the context of executing the specific contract, ICAP usually collects on behalf of its clients the following categories of data:

A. Communication Data that includes any communication that any individual or legal entity send to ICAP whether that be through the contact form on our website, through email or especially via telephone calls. It should be mentioned that in most instances the phone calls are recorded via relevant software. This software usually belongs to the ICAP, but in some cases it may be software that belongs to the client itself. If the software belongs to the client, ICAP’s employees have access through the use of passwords.
B. Customer Data that includes data relating to any purchases of goods and/or services that ICAP has undertaken the responsibility to communicate to customers on behalf of ICAP’s clients. Customer data usually includes information such as customer’s name, title, billing address, delivery address email address, phone number, contact details, purchase details, tax number, card details, identity card number, nationality.
C. Marketing Data that includes data about how customers use our website and any online services  and especially  data about your preferences in receiving marketing from us on behalf of our Clients/Users and your communication preferences.


Data Collected By Icap By Its Capacity As Data Controller:

A. Client’s data: this category of data may include data relating to businesses, legal entities and individuals that want to or already use the Inbound/Outbound services provided by ICAP, such as client’s name, title, billing address, delivery address email address, phone number, contact details, purchase details, tax number, card details, identity card number, the collection, management, and provision of commercial and economic information (business information) etc.
B. Website visitors or user data: IP Address, contact details and full name, e-mail (via contact form on website).
C. Candidate Employee Data: name/surname, date of birth, address, academic and professional qualifications, contact details, address, nationality, candidates suitability evaluation reports, previous employment information, marital status, e-mail, military service completion/exemption certificate.
D. Employment & Payroll data: first name, last name, Tax Registration No. Identification Card/Passport No. (Date of issuance & issuing authority),IKA’s Registration No., father’s name, mother’s name, date of birth, AMKA Registration No., address, Tax Authority Department (ΔΟΥ), contact details, nationality, marital status, protected members (numbers, date of birth, name), social insurance history, educational level, health record for chronic disease, unemployment card nr., bank account particulars, social security stamps, family status certificate, military service completion/exemption certificate.
Ε.   Outsourced employees payroll data: all employment registration data (first name, last name, Tax Registration No. Identification Card/Passport No. (Date of issuance & issuing authority), IKA’s Registration No., father’s name, mother’s name, date of birth, AMKA Registration No., address, Tax Authority Department (ΔΟΥ), contact details, nationality, marital status, protected members (numbers, date of birth, name), social insurance history, educational level, health record for chronic disease, unemployment card nr., bank account particulars, social security stamps, family status certificate, military service completion/exemption certificate) salary and benefits package).
F.  Employee health/medical data: Names/surnames, diagnostic results, doctors’ notes, health treatments, illnesses, hospital reports.

Declaration Regarding The Processing of Personal Data By ICAP (by its capacity as Data Controller and Processor – in accordance with the General Data Protection Regulation EU 679/2016)

Why will you process my Personal Data (PD)?
ICAP provides products and services containing commercial and financial, personal, academic information about legal entities and individuals on the basis of its statutory purpose, such as described in detail above in paragraph 1. Their contents vary depending on the type and purpose of the provided service of ICAP.

The lawful basis of the data processing in relation to the contact center services, is the performance and execution of the contract.
The lawful basis of the data processing within the context of the provision of payroll and business outsourcing services, is ICAP’s legitimate interest and in some instances (health data) the explicit consent of the data subjects.

In addition, ICAP may collect personal data of candidate employees with their consent for the purpose of exploring employment opportunities.Furthermore ICAP collects candidate employee data through third party sources (online recruitment platforms or business networking sites/platforms or other) on the basis of its legitimate interest. More specifically:

(i) ICAP Outsourcing Solutions utilizes  the Careerbuilder S.A (Luceo) platform to provide us with the ATS Luceo from which we receive job applications and manage all necessary candidate employee (CV) data.
For more information about  Careerbuilder S.A, please read their Privacy Notice at https://hiring.careerbuilder.com/company/privacy-policy?_ga=2.190219435.1804941326.1531996993-234062023.1531996993
(ii) ICAP utilizes the online business opportunity and networking platform Kariera.gr from which we receive job applications and manage all necessary candidate employee (CV) data.
For more information about Kariera S.A, please read their Privacy Notice at https://hiring.careerbuilder.com/company/privacy-policy?_ga=2.190219435.1804941326.1531996993-234062023.1531996993
(iii) ICAP Outsourcing Solutions utilizes the online business opportunity and networking platform skywalker.gr from which we receive job applications and manage all necessary candidate employee (CV) data.
For more information about Skywalker.gr, please read their Privacy Notice at https://www.skywalker.gr/elGR/static/politiki-aporritou
(iii) ICAP Outsourcing Solutions utilizes the online business opportunity and networking platform skywalker.gr from which we receive job applications and manage all necessary candidate employee (CV) data.
For more information about Skywalker.gr, please read their Privacy Notice at https://www.skywalker.gr/elGR/static/politiki-aporritou
(iv) ICAP Outsourcing Solutions utilizes  the Workable platform from which we receive job applications and manage all necessary candidate employee (CV) data.

For more information about  Careerbuilder S.A, please read their Privacy Notice at https://www.workable.com/privacy

Information automatically collected when visiting and interacting in the Website: We inform you that your personal data and information that are collected and processed when you manage your account in the Website, are appropriate to the purpose for which they are collected and are required for the processing of your inquiries, applications and the use of ICAP Services.
In particular, when visiting and interacting with the Website, certain information may be automatically collected, such as:
– your computer’s Internet protocol address (ΙΡ)

In addition, certain information regarding the contact particulars of an interested party (user or visitor) may be obtained through the contact form embedded on the Website.
In this instance the legal basis for the data processing, is the consent of the Data Subject.

ICAP does not manage, collect or process geolocation data, which are collected and processed exclusively by the companies providing operating systems for each device you use (in case of use of iOS-Apple Inc or in case of android – Google Inc). ICAP does not have access to the positioning refresh rate of GPS.

3. Data Collection Points
1. Users/visitors- A, B
2. Corporate Customers of Users/Clients – A, B, C
3. Website (contact form, cookies) -B
4.Third party recruitment platforms (Luceo, Skywalker, Kariera etc) C, D, E, F
5. Third party business networking platforms (linkedin)- A,B
6. ICAP Network -A
7.Employees  -C, D, E, F

4. Transfer of Data to Third Parties
ICAP reserves the right to disclose your personal data to any member of its affiliate/subsidiary companies (parent company and its subsidiaries) or other third parties to the extent it is reasonably necessary for the purposes determined in this notice and in particular:

  • Client and user/visitor data will be transferred to the departments of ICAP that are competent for the smooth and trouble-free operation of the Website services and functions.
  • Your data may be transmitted and become accessible by legal entities with which, we have entered from time to time into contractual agreements for the purpose of fulfilling our company’s commitment under any signed contract with any Client/User (provision of inbound and outbound call services, business outsourcing and payroll services) in a proper and within our contractual terms framework. Given that ICAP acts as data processor in these instances, the data subjects are encouraged to review the privacy notices of each respective Client under whose instructions ICAP operates.
  • Client and user/visitor as well as employee data may be disclosed to cloud hosting providers for the purpose of storing and safeguarding the data with the appropriate technical and security measures.
  • Your payroll data may be transmitted and become accessible by bank institutions with which we cooperate for the purpose of processing the payments of employees as well as to competent state authorities in compliance with a legal obligation to which ICAP is subject.
  • Client and user/visitor data may be transmitted, become accessible and processed by subsidiaries of our group within the European union, which apply the appropriate technical, physical and administrative security measures for the protection of the data from loss, misuse, damage, alteration, unauthorized access and disclosure, as provided by article 32 of the GDPR 679/2016.
  • During all data transfers, we always take all appropriate measures so as to ensure that the transmitted data are the minimum required for the intended processing purpose and that the conditions for legitimate and lawful processing will always be met.
  • ICAP servers are hosted at IBM’s data center (hosting provider) located in Athens. You may find more information on IBM’s privacy notice in the following link: https://www.ibm.com/privacy/details/us/en/#section

5. Personal Data Retention Period
The data retention period depends on the lawful basis of processing, as set out in detail below:

  • In case the lawful basis for processing is the exercise of legitimate interest, the  processing of personal data is carried out for as long as it is considered necessary for the achievement of the intended statutory purpose of ICAP described in paragraph 1 above,  and until such time the limitation period of any related claims has expired.
  • In case the lawful basis for processing is the performance of the contract, we shall retain your data for as long as you retain the contractual relationship with ICAP in hard copy and in electronic form or we shall retain them for as long as it is required until the limitation period of any related claims expires.
  • In case the lawful basis for processing is the consent of the data subject (such in the case of the Websites contact form and CV data), we shall retain those data until the granted consent by the data subject has been withdrawn unless specific legislation in effect allows us or ordains to retain the data.
  • In case the lawful basis for processing is the explicit consent of the data subject (such in the case of the processing of employee health data), we shall retain those data until the granted consent by the data subject has been withdrawn unless specific legislation in effect allows us or ordains to retain the data.
  • As regards the retention time of call recordings, it should be mentioned that ICAP usually deletes them after a period of 60 days. However, this also depends on the obligations described in the contract between ICAP and each Client/User, since it may be predicted a different retention period that responds better to the to the purposes and activities of the Client/User. In any case each customer is properly informed during the telephone communication about the recording and retention period of the recordings (according to ICAP’s contract obligations and the instructions of each Client/User).

6. Legitimate Interest – Statutory Purpose –  Lawful Basis for Data Processing
Data processing is necessary for the purposes of the legitimate interests pursued by the ICAP which is described in detail in the first paragraph.
Within this framework, it is necessary for ICAP to process the categories of data, described in detail above in paragraph 2 of the present policy (provision of call center, business outsourcing, recruitment outsourcing and payroll services and related services and solutions) for the purpose of fulfilling its statutory purposes.
Within this context, ICAP, collects, process and provides data related to the employment, academic profile, health and payroll of individuals for the performance of its contracts which it has signed with legal entities.
In addition ICAP collects, processes and provides marketing, client and contact data, which are described in paragraph 2 of the present policy, for the execution of its contractual obligations towards its corporate clients.
ICAP processes and stores the said data within the E.U.


7. Rights of the Data Subjects
You may exercise, as the case may be, the rights deriving from the applicable Greek Legislation and the General Data Protection Regulation (Regulation (EU) 2016/679) which are as follows: (a. the right of information (article 13), b. the right of access (article 15), c. the right to rectification (article 16), d. the right to erasure “right to be forgotten” (article 17), e. the right to restriction of processing (article 18), f. the right to data portability (to receive your personal data in a structured and commonly used format – article 20 where applicable) and g. the right to object (article 21) which applies to certain data processing activities.

  • These rights can be exercised only in cases where ICAP acts as Data Controller and in particular when ICAP (i) processes the personal data of clients/visitors during the use of its Website (contact form and cookies) (ii) pertaining to Client data obtained during the use of the Services (iii) pertaining to services that relate to employee data in relation to the products and services offered within the framework of ICAP’s statutory purpose (iv) pertaining to candidate employee data or data related to the recruitment, academic profile, health or payroll which have been collected through individuals or outsourced employees.
  • This Privacy Notice does not apply to personal data mentioned on business documents that our customers transmit to our systems when using our Services.
  • These rights shall be exercised free of charge for you by sending a relevant letter to the Data Protection Officer (DPO) of ICAP: Eleftheriou Venizelou Street, number 2, Kallithea, PC 17676, Athens, or via e-mail to privacy@icap.gr. In case however the aforementioned rights are exercised excessively and without good cause thus causing us administrative burden, we may charge you with the cost related to the exercise of the respective right.
  • In case you exercise any of your rights, we will take all appropriate measures available for the satisfaction of your request within thirty (30) days following the receipt of the relevant request. We may either inform you on the acceptance of your request or on any objective grounds that hinder the processing of your request.
  • Notwithstanding the above, you may at any time object to the processing of your Personal Data, by withdrawing your consent (article 7, par. 3 of the GDPR 679/2016) by sending a letter to the Data Protection Officer (DPO) of ICAP: Eleftheriou Venizelou Street, number 2, Kallithea, PC 17676, Athens, or via e-mail to privacy@icap.gr. This right applies only in cases where the lawful basis for the data processing is the consent of the Data Subject.


8. Data Processing by ICAP
ICAP in most instances, collects, uses, processes, stores, manages data provided by ICAP’s clients themselves such as customers, suppliers or third parties’ data – which may contain personal data (who may refer to individuals or companies)  – within the framework of the provision of our services. Such data in most instances has been collected by ICAP’s clients and are related to data of their customers. However, ICAP may collect customer’s data on behalf of its Client directly from any data subject. ICAP shall operate then as the “Processor” of the personal data, which are included in the said business data. Consequently, in those cases different provisions of the GDPR 679/2016 shall apply, with which we comply.

Additionally, ICAP applies throughout the data processing procedure, the appropriate technical, physical, and administrative security measures for the protection and security of the personal data from loss, misuse, damage or modification, unauthorised access and disclosure, in compliance with article 32 of the GDPR 679/2016, in order to ensure the appropriate security level against those risks. Those include, among others, as the case may be: a) application of encryption protocols b) the ability to ensure confidentiality (article 90 GDPR 679/2016), the integrity, availability, and resilience of processing systems and  services on an ongoing basis, c) the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident, d) a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing. Moreover, ICAP shall take measures so as to ensure that any physical person acting under the authority of the data controller or of the processor, who has access to personal data, shall not process those data except on instructions from the data controller and limits access to your personal information to authorised employees.

Indicative security measures applied by ICAP are as follows:

  • We maintain a dedicated information security team that plans, implements and provides surveillance of systems and information protection mechanisms.
  • We control the security and functionality of our products and services for any technological vulnerabilities before they are introduced into the production environment.
  • We maintain a High Availability Cluster Infrastructure and Systems.
  • We perform ongoing infrastructure checks to detect weaknesses and potential intrusions, vulnerabilities in systems and applications.
  • We use https protocols for secure and encrypted communication of data subjects.
  • We use the open standard protocol to access Lightweight Directory Access Protocol (LDAP) directory services with encrypted passwords.
  • We use a Secure Sockets Layer (SSL) certificate to create an encrypted connection between the web server and the Client’s/User’s browser (data subject).

 


9. Profiling
We use the information we obtain from candidate employees in order to evaluate and categorize the data based on internal customer requirements. We may also carry out customized candidate suitability evaluation reports.
We recommend to our customers to review and interpret the reports on their own based on their actual business requirements. Our customers may choose to use our evaluation reports alone or combine the reports with other information available to them. We do not maintain blacklists of any kind and we do not encourage our customers to reject or approve candidates under any circumstances based on those reports.


10. Submission of Complaint – Appeal
● For any issue regarding the processing of your personal data, you may contact us via e-mail at www.icapcontactcenter.comes@icap.gr
● Moreover, you shall always be entitled to contact the Hellenic Data Protection Authority, which may accept the submission of relevant complaints in writing at its protocol in its offices at 1-3, Kifisias Street, Postal Code 115 23, Athens or by e-mail contact@dpa.gr in accordance with the instructions indicated on its website.


11. Amendments
This policy may be renewed from time to time, due to amendments to the related legislation or change to the corporate structure of ICAP. Thereby, we encourage the Clients/Users to periodically visit this site so as to be informed regarding recent information of privacy practices. In any case, the Clients/ Users may be informed by e-mail or a notice in our Website regarding any amendments to this policy.

Employment Solutions Subject Access Request Procedure

ICAP EMPLOYMENT SOLUTIONS SA
SUBJECT ACCESS REQUEST PROCEDURE

1 INTRODUCTION
This procedure document supplements the subject access request (SAR) provisions set out in ICAP Employment Solutions SA (hereinafter referred to as the ‘Company’ or ‘ICAP Employment Solutions) Data Protection Policy & Procedure and provides the process for individuals to use when making an access request, along with the protocols followed by the Company when such a request is received.

The Company collects personal information to effectively and compliantly carry out our everyday business functions and services and, in some circumstances, to comply with the requirements of the law and/or regulations.

As the Company processes personal information regarding individuals (data subjects), we are obligated under the General Data Protection Regulation (GDPR) to protect such information, and to obtain, use, process, store and destroy it, only in compliance with the GDPR and its principles.

THE GENERAL DATA PROTECTION REGULATION
The General Data Protection Regulation (GDPR) gives individuals the right to know what information is held about them, to access this information and to exercise other rights, including the rectification of inaccurate data. The GDPR is a standardised regulatory framework which ensures that personal information is obtained, handled and disposed of properly.

As the Company are obligated under the GDPR and Hellenic data protection laws, we abide by the Regulations’ principles, which ensure that personal information shall be: –
• processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’)
• collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes (‘purpose limitation’)
• adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimization’)
• accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’)
• kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed (‘storage limitation’)
• processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures (‘integrity and confidentiality’).
The Regulation also requires that ‘the controller shall be responsible for, and be able to demonstrate, compliance with the GDPR principles’ (‘accountability’). The Company have adequate and effective measures, controls and procedures in place, that protect and secure your personal information and guarantee that it is only ever obtained, processed and disclosed in accordance with the relevant data protection laws and regulations.

2 WHAT IS PERSONAL INFORMATION?
Information protected under the GDPR is known as “personal data” and is defined as: –

“Any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.”

Further information on what constitutes personal information and your rights under the data protection regulation and laws can be found on the Hellenic Data Protection Authority www.dpa.gr

3 THE RIGHT OF ACCESS
Under Article 15 of the GDPR, an individual has the right to obtain from the controller, confirmation as to whether or not personal data concerning them is being processed. We are committed to upholding the rights of individuals and have dedicated processes in place for providing access to personal information. Where requested, we will provide the following information:
• the purposes of the processing
• the categories of personal data concerned
• the recipient(s) or categories of recipient(s) to whom the personal data have been or will be disclosed
• If the data has been transferred to a third country or international organisation(s) (and if applicable, the appropriate safeguards used)
• the envisaged period for which the personal data will be stored (or the criteria used to determine that period)
• existence of automated decision-making, including profiling and meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject
• where the personal data was not collected directly from the individual, any available information as to its source.

3.1 HOW TO MAKE A SUBJECT ACCESS REQUEST (SAR)?
A subject access request (SAR) is a request for access to the personal information that the Company holds about you, which we are required to provide under the GDPR (unless an exemption applies). The information that we provide is covered in section 3 of this document.

You can make this request in writing using the details provided in section 7, or you can submit your access request electronically. Where a request is received by electronic means, we will provide the requested information in a commonly used electronic form (unless otherwise requested by the data subject).

3.2 WHAT WE DO WHEN WE RECEIVE AN ACCESS REQUEST
Identity Verification
Subject Access Requests (SAR) are passed to the Data Protection Officer/Compliance Officer as soon as received and a record of the request is noted. The person in charge will use all reasonable measures to verify the identity of the individual making the access request, especially where the request is made using online services.

We will utilise the request information to ensure that we can verify your identity and where we are unable to do so, we may contact you for further information, or ask you to provide evidence of your identity prior to actioning any request. This is to protect your information and rights.

If a third party, relative or representative is requesting the information on your behalf, we will verify their authority to act for you and again, may contact you to confirm their identity and gain your authorisation prior to actioning the any request.

Information Gathering
If you have provided enough information in your SAR to collate the personal information held about you, we will gather all forms (hard-copy, electronic etc) and ensure that the information required is provided in an acceptable format. If we do not have enough information to locate your records, we may contact you for further details. This will be done as soon as possible and within the timeframes set out below.

Information Provision
Once we have collated all the personal information held about you, we will send this to you in writing (or in a commonly used electronic form if requested). The information will be in a concise, transparent, intelligible and easily accessible format, using clear and plain language.

4 FEES AND TIMEFRAMES
SARs are always completed within 30-days and are provided free of charge. Where the request is made by electronic means, we provide the information in a commonly used electronic format, unless an alternative format is requested.

The Company always aim to provide the requested information at the earliest convenience, but at a maximum, 30 days from the date the request is received. However, where the retrieval or provision of information is particularly complex or is subject to a valid delay, the period may be extended by one month. If this is the case, we will write to you within 30 days and keep you informed of the delay and provide the reasons.

5 YOUR OTHER RIGHTS
Under the GDPR, you have the right to request rectification of any inaccurate data held by us. Where we are notified of inaccurate data, and agree that the data is incorrect, we will amend the details immediately as directed by you and make a note on the system (or record) of the change and reasons.

We will rectify the errors within 30-days and inform you in writing of the correction and where applicable, provide the details of any third-party to whom the data has been disclosed.

If for any reason, we are unable to act in response to a request for rectification and/or data completion, we will always provide a written explanation to you and inform you of your right to complain to the Supervisory Authority and to seek a judicial remedy.

In certain circumstances, you may also have the right to request from the Company, the erasure of personal data or to restrict the processing of personal data where it concerns your personal information; as well as the right to object to such processing. You can use the contact details in section 7 to make such requests.

6 EXEMPTIONS AND REFUSALS
The GDPR contains certain exemptions from the provision of personal information. If one or more of these exemptions applies to your subject access request or where the Company does not act upon the request, we shall inform you at the earliest convenience, or at the latest, within one month of receipt of the request.

Where possible, we will provide you with the reasons for not acting and any possibility of lodging a complaint with the Supervisory Authority and your right to seek a judicial remedy. Details of how to contact the Supervisory Authority are laid out in section 7 of this document.

7 SUBMISSION & LODGING A COMPLAINT
To submit your SAR, you can contact us at privacy@icap.gr or visit our Subject Access Request page on our website SAR Form online.
You can also submit your request or complaint in writing using the form in Appendix-1, sending the request to: Complaints Department, es@icap.gr
ICAP Employment Solutions S.A., 2 El. Venizelou, 17676, Greece, +302107200000

If you are unsatisfied with our actions or wish to place a further data subject request, you can contact us in writing at: DPO/Privacy Office, privacy@icap.gr
ICAP People Solutions S.A., 2 El. Venizelou, 17676, Greece, +302107200419

Supervisory Authority
If you remain dissatisfied with our actions, you have the right to lodge a complaint with the Supervisory Authority. The Supervisory Authority can be contacted at:
Hellenic Data Protection Authority, 1-3 Kifisias Avenue, 11523, Athens, +302106475628, complaints@dpa.gr

8. APPENDIX-1

ICAP Outsourcing Subject Access Request Procedure

ICAP OUTSOURCING SA
SUBJECT ACCESS REQUEST PROCEDURE
Last Amended on 2019.01.18
1. INTRODUCTION
This procedure document supplements the subject access request (SAR) provisions set out in ICAP Outsourcing SA (hereinafter referred to as the ‘Company’ or ‘ICAP) Data Protection Policy & Procedure and provides the process for individuals to use when making an access request, along with the protocols followed by the Company when such a request is received.The Company collects personal information to effectively and compliantly carry out our everyday business functions and services and, in some circumstances, to comply with the requirements of the law and/or regulations.
As the Company processes personal information regarding individuals (data subjects) as well as personal data provided by our Client (data controllers) for contact center services, we are obligated under the General Data Protection Regulation (GDPR) to protect such information, and to obtain, use, process, store and destroy it, only in compliance with the GDPR and its principles.

THE GENERAL DATA PROTECTION REGULATION
The General Data Protection Regulation (GDPR) gives individuals the right to know what information is held about them, to access this information and to exercise other rights, including the rectification of inaccurate data. The GDPR is a standardised regulatory framework which ensures that personal information is obtained, handled and disposed of properly.As the Company are obligated under the GDPR and Hellenic data protection laws, we abide by the Regulations’ principles, which ensure that personal information shall be: –
• processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’)
• collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes (‘purpose limitation’)
• adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimization’)
• accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’)
• kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed (‘storage limitation’)
• processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures (‘integrity and confidentiality’).

The Regulation also requires that ‘the controller shall be responsible for, and be able to demonstrate, compliance with the GDPR principles’ (‘accountability’). The Company have adequate and effective measures, controls and procedures in place, that protect and secure your personal information and guarantee that it is only ever obtained, processed and disclosed in accordance with the relevant data protection laws and regulations.

2. WHAT IS PERSONAL INFORMATION?
Information protected under the GDPR is known as “personal data” and is defined as: –

“Any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.”
Further information on what constitutes personal information and your rights under the data protection regulation and laws can be found on the Hellenic Data Protection Authority www.dpa.gr

3. THE RIGHT OF ACCESS
Under Article 15 of the GDPR, an individual has the right to obtain from the controller, confirmation as to whether or not personal data concerning them is being processed. We are committed to upholding the rights of individuals and have dedicated processes in place for providing access to personal information. Where requested, we will provide the following information:
• the purposes of the processing
• the categories of personal data concerned
• the recipient(s) or categories of recipient(s) to whom the personal data have been or will be disclosed
• If the data has been transferred to a third country or international organization(s) (and if applicable, the appropriate safeguards used)
• the envisaged period for which the personal data will be stored (or the criteria used to determine that period)
• existence of automated decision-making, including profiling and meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject
• where the personal data was not collected directly from the individual, any available information as to its source

3.1 HOW TO MAKE A SUBJECT ACCESS REQUEST (SAR)?
A subject access request (SAR) is a request for access to the personal information that the Company holds about you, which we are required to provide under the GDPR (unless an exemption applies). The information that we provide is covered in section 3 of this document.
You can make this request in writing using the details provided in section 7, or you can submit your access request electronically. Where a request is received by electronic means, we will provide the requested information in a commonly used electronic form (unless otherwise requested by the data subject).

3.2 WHAT WE DO WHEN WE RECEIVE AN ACCESS REQUEST
Identity Verification
Subject Access Requests (SAR) are passed to the [Data Protection Officer/Compliance Officer] as soon as received and a record of the request is noted. The person in charge will use all reasonable measures to verify the identity of the individual making the access request, especially where the request is made using online services.
We will utilise the request information to ensure that we can verify your identity and where we are unable to do so, we may contact you for further information, or ask you to provide evidence of your identity prior to actioning any request. This is to protect your information and rights.
If a third party, relative or representative is requesting the information on your behalf, we will verify their authority to act for you and again, may contact you to confirm their identity and gain your authorisation prior to actioning the any request.
Information Gathering
If you have provided enough information in your SAR to collate the personal information held about you, we will gather all forms (hard-copy, electronic etc) and ensure that the information required is provided in an acceptable format. If we do not have enough information to locate your records, we may contact you for further details. This will be done as soon as possible and within the timeframes set out below.
Information Provision
Once we have collated all the personal information held about you, we will send this to you in writing (or in a commonly used electronic form if requested). The information will be in a concise, transparent, intelligible and easily accessible format, using clear and plain language.
Please note that when acting as data processors (Contact Center Services), we are obliged to handle any data subject request according to the instructions agreed with our Clients (data controllers)

4. FEES AND TIMEFRAMES
SARs are always completed within 30-days and are provided free of charge. Where the request is made by electronic means, we provide the information in a commonly used electronic format, unless an alternative format is requested.
The Company always aim to provide the requested information at the earliest convenience, but at a maximum, 30 days from the date the request is received. However, where the retrieval or provision of information is particularly complex or is subject to a valid delay, the period may be extended by one month. If this is the case, we will write to you within 30 days and keep you informed of the delay and provide the reasons.

5. YOUR OTHER RIGHTS
Under the GDPR, you have the right to request rectification of any inaccurate data held by us. Where we are notified of inaccurate data, and agree that the data is incorrect, we will amend the details immediately as directed by you and make a note on the system (or record) of the change and reasons.We will rectify the errors within 30-days and inform you in writing of the correction and where applicable, provide the details of any third-party to whom the data has been disclosed.If for any reason, we are unable to act in response to a request for rectification and/or data completion, we will always provide a written explanation to you and inform you of your right to complain to the Supervisory Authority and to seek a judicial remedy.
In certain circumstances, you may also have the right to request from the Company, the erasure of personal data or to restrict the processing of personal data where it concerns your personal information; as well as the right to object to such processing. You can use the contact details in section 7 to make such requests.

6. EXEMPTIONS AND REFUSALS
The GDPR contains certain exemptions from the provision of personal information. If one or more of these exemptions applies to your subject access request or where the Company does not act upon the request, we shall inform you at the earliest convenience, or at the latest, within one month of receipt of the request.
Where possible, we will provide you with the reasons for not acting and any possibility of lodging a complaint with the Supervisory Authority and your right to seek a judicial remedy. Details of how to contact the Supervisory Authority are laid out in section 7 of this document.

7 SUBMISSION & LODGING A COMPLAINT
To submit your SAR, you can contact us at privacy@icap.gr or visit our Subject Access Request page on our website SAR Form online.You can also submit your request or complaint in writing using the form in Appendix-1, sending the request to: Complaints Department, es@icap.gr (for the employment services) or contactcenter@icap.gr (for the contact center services)
ICAP Outsourcing S.A., 2 El. Venizelou, 17676, Greece, +302107200000
If you are unsatisfied with our actions or wish to place a further data subject request, you can contact us in writing at: DPO/Privacy Office, privacy@icap.gr
ICAP Outsourcing S.A., 2 El. Venizelou, 17676, Greece, +302107200419
Supervisory Authority
If you remain dissatisfied with our actions, you have the right to lodge a complaint with the Supervisory Authority. The Supervisory Authority can be contacted at:
Hellenic Data Protection Authority, 1-3 Kifisias Avenue, 11523, Athens, +302106475628, complaints@dpa.gr 
Cookies Settings