People Solutions | ICAP group of companies

People Solutions



In collaboration with international recognized organizations, ICAP People Solutions offers a wide range of HR Services in Greece and Cyprus:


Contact us




Tel.: +30 210 7200156

Data Protection Policy of ICAP PEOPLE SOLUTIONS S.A.

Data Protection Policy of ICAP PEOPLE SOLUTIONS S.A.
2, Eleftheriou Venizelou Avenue, Kallithea, Athens, Greece
with VAT number 997799810 (Reg. No. 9175001000)
Last Amended on 2018.11.12
1. Field of Scope
This privacy notice lays out the way ICAP PEOPLE SOLUTIONS S.A (hereinafter referred to as “ICAP PEOPLE SOLUTIONS”) collects, uses, processes, stores, manages, and protects the cv data, data related to skills, abilities and psychometric attributes of individuals, as well as development and behavior data of individuals (hereinafter referred to as “Personal Data”), so as to meet the data protection standards of the company and comply with the applicable data protection law.
This privacy policy shall apply to all information (i) that relates to the HR products and services (hereinafter referred to as “Services”) provided by ICAP PEOPLE SOLUTIONS (including but not limited to the provision of training, recruitment, executive search and selection solutions and human capital consulting services) (ii) pertaining to profiling data of individuals collected through third party talent assessment, valuation platforms, psychometric tools and executive search firms iii) pertaining to Client data obtained through the use of the Services. ICAP PEOPLE SOLUTIONS is bound to protect the privacy of Clients, individuals and other data subjects and adhere to the Data Protection legislation currently in effect.
This policy shall not apply to information collected through any other website, services, products, platforms or for practices of companies that we do not control. We are not responsible for any personal data protection practices pertaining to websites, services, products, platforms of other companies.
2. Categories & Types of Collected Data
Data Collected:
A. CV Data: Name/Surname, postal address, contact details (including e-mail address, mobile phone no.), academic qualifications, working experience, hobbies, interests, references
B. Personality Profiling Data: first name, last name, tax registration number, date of birth, skills, abilities and psychometric attributes (profiling)
C. Behavioral Profiling Data: name / surname linked with training results, individual’s development and behavior skills and capacity (profiling)
Declaration Regarding The Processing of Personal Data By ICAP PEOPLE SOLUTIONS (by its capacity as Data Controller and Processor – in accordance with the General Data Protection Regulation EU 679/2016)
Why will you process my Personal Data (PD)?
ICAP PEOPLE SOLUTIONS provides training, recruitment, executive search and selection solutions and human capital consulting services containing CV, personality and behavioral data of individuals on the basis of the intended purpose, such as described in paragraph 6 hereof. Their contents vary depending on the type and purpose of the provided service of ICAP PEOPLE SOLUTIONS. The lawful basis of the data processing, is ICAP PEOPLE SOLUTION’s legitimate interest and in some instances the consent of the data subjects.In addition ICAP PEOPLE SOLUTIONS may collect personal data of candidate employees with their consent for the purpose of providing employment opportunities and related employee training solutions.Furthermore ICAP PEOPLE SOLUTIONS collects CV data, psychometric, employee ability and personality assessment tests through third party sources (talent assessment and valuation platforms, psychometric tools and executive search firms or other) on the basis of its legitimate interest. More specifically:
(i) ICAP PEOPLE SOLUTIONS utilizes, an online talent network platform from which we receive and manage professional and cv data of individuals.
For more information about, please read their Privacy Notice at that represents the third party platform (careerbuilder) privacy terms.
(ii) ICAP PEOPLE SOLUTIONS has partnered with INAC, an international network of executive search firms from which we receive and manage professional and cv data of individuals
(iii) ICAP PEOPLE SOLUTIONS utilizes the online individual/corporate assessment platform Cut-e ( from which we receive and manage individual or corporate employees’ ability tests & assessments.
For more information about Cut-e please read their Privacy Notice at
(iv) When acting as data processor on behalf of Corporate Clients written instructions, ICAP PEOPLE SOLUTIONS utilizes the online personality assessment platform Hogan ( from which it receives profiling data related to individual skills, abilities and psychometric attributes.
For more information about Hogan please read their Privacy Notice at
(v) ICAP PEOPLE SOLUTIONS utilizes the online training platform “MyHuthwaite” ( for providing e-learning solutions.
For more information about Huthwaite International please read their Privacy Notice at
Information automatically collected when visiting and interacting in the websites: With regards to the data collected through the website you may review the pertinent privacy notice here [].
3. Data Collection Points
● Third party recruitment platforms (INAC, ICAP Career) – A
● Third party personality assessment platforms (Cut-e, Hogan) – B
● Third party e-learning platforms (Huthwaite)
● Individuals (via online forms, e-mails) – A, C
● Corporate Clients – C
4. Transfer of Data to Third Parties
ICAP PEOPLE SOLUTIONS does not share or discloses any of your personal information without your consent, other than for the purposes specified in this notice or where there is a legal requirement. ICAP PEOPLE SOLUTIONS reserves the right to disclose your personal data to any member of its affiliate/subsidiary companies (parent company and its subsidiaries) or other third parties to the extent it is reasonably necessary for the purposes determined in this notice and in particular:
● Certain data (CVs and professional data, ability and personality tests and assessments) will be transferred to corporate customers with which, we have entered into contractual agreements for the purpose of fulfilling our company’s legitimate interest (provision of HR services) in a correct and within our contractual terms framework
● Profiling data related to the development and behavior skills of individuals may be transmitted directly to individuals who request the provision of self training service or to corporate customers requesting pertinent training programs for their employees
● Profiling data related to skills, abilities and psychometric attributes, may be disclosed to individuals or to corporate customers with which we have entered into contractual agreements
● Your data may be disclosed to cloud hosting providers for the purpose of storing and safeguarding the data by applying the appropriate technical and security measures
● Your data may be transmitted, become accessible and processed by subsidiaries of our group within the European union, which apply the appropriate technical, physical and administrative security measures for the protection of the data from loss, misuse, damage, alteration, unauthorised access and disclosure, as provided by article 32 of the GDPR 679/2016
● Certain data (CVs and professional data) are transferred and stored to third party platform databases that we utilize, such as CareerBuilder.  For more information about CareerBuilder LLC, please read their Privacy Notice at:
● During all data transfers, we always take all appropriate measures so as to ensure that the transmitted data are the minimum required for the intended processing purpose and that the conditions for legitimate and lawful processing will always be met. In addition all data processors acting on our behalf only process your data in accordance with instructions from us and comply fully with this privacy notice.
● ICAP PEOPLE SOLUTION’S  servers are hosted at IBM’s data centre (hosting provider) located in Athens. You may find more information on IBM’s privacy notice in the following link:
5. Personal Data Retention Period
ICAP PEOPLE SOLUTIONS only ever retains personal data for as long as is necessary and we have strict review and retention policies in place to meet these obligations. The data retention period depends on the lawful basis of processing, as set out in detail below:
● In case the lawful basis for processing is the exercise of legitimate interest, the  processing of personal data is carried out for as long as it is considered necessary for the achievement of the intended statutory purpose of ICAP PEOPLE SOLUTIONS described in paragraph 6 below,  and until such time the limitation period of any related claims has expired.
● In case the personal data of the individual employees have been provided with their own consent and within the framework of our services, we shall retain those data until the granted consent by the data subject has been withdrawn. In case the consent is withdrawn for any valid reason, we shall retain them for as long as it is required until the limitation period of any related claims expires.
● In case the lawful basis for processing is the performance of the contract, we shall retain your data for as long as you retain the contractual relationship with ICAP PEOPLE SOLUTIONS in hard copy and in electronic form or we shall retain them for as long as it is required until the limitation period of any related claims expires.6. Legitimate Interest – Intended Purpose –  Lawful Basis for Data Processing
Data processing is necessary for the purposes of the legitimate interests pursued by the ICAP PEOPLE SOLUTIONS . ICAP PEOPLE SOLUTION’S  statutory purpose is the provision of training, recruitment, executive search, selection solutions and human capital consulting services.
Within this framework, ICAP PEOPLE SOLUTIONS collects, manages and provides  CV data, data related to skills, abilities and psychometric attributes of individuals, as well as development and behavior data of individuals for the performance of the contracts with corporate or individual clients. ICAP PEOPLE SOLUTIONS processes and stores said data within the E.U.
7. Rights of the Data Subjects
You may exercise, as the case may be, the rights deriving from the applicable Greek Legislation and the General Data Protection Regulation (Regulation (EU) 2016/679) which are as follows: (a. the right of information (article 13), b. the right of access (article 15), c. the right to rectification (article 16), d. the right to erasure “right to be forgotten” (article 17), e. the right to restriction of processing (article 18), f. the right to data portability (to receive your personal data in a structured and commonly used format – article 20 where applicable) and g. the right to object (article 21) which applies to certain data processing activities
These rights shall be exercised free of charge for you by sending a relevant letter to the Data Protection Officer (DPO) of ICAP People Solutions: 2, Eleftheriou Venizelou, Kallithea or via e-mail to In case however, the aforementioned rights are exercised excessively and without good cause thus causing us administrative burden, we may charge you with the cost related to the exercise of the respective right.
In case you exercise any of your rights, we will take all appropriate measures available for the satisfaction of your request within thirty (30) days following the receipt of the relevant request. We may either inform you on the acceptance of your request or on any objective grounds that hinder the processing of your request.
Notwithstanding the above, you may at any time object to the processing of your Personal Data, by withdrawing your consent (article 7, par. 3 of the GDPR 679/2016) by sending a letter to the Data Protection Officer (DPO) of ICAP PEOPLE SOLUTIONS: 2, Eleftheriou Venizelou, Kallithea, or via e-mail to,  This right applies only in cases where the lawful basis for the data processing is the consent of the Data Subject.
8. Data Processing by ICAP PEOPLE SOLUTIONS
In some instances, our corporate customers provide their employees’ data (profiling data related to development and behavior skills) for the purpose of providing to them customized training programs for their employees. In such cases, ICAP PEOPLE SOLUTIONS shall operate as the “Data Processor” of the personal data, which are included in the said training program data. Consequently, in those cases different provisions of the GDPR 679/2016 shall apply, with which we comply.
Additionally, ICAP PEOPLE SOLUTIONS applies throughout the data processing procedure, the appropriate technical, physical, and administrative security measures for the protection and security of the personal data from loss, misuse, damage or modification, unauthorised access and disclosure, in compliance with article 32 of the GDPR 679/2016, in order to ensure the appropriate security level against those risks. Those include, among others, as the case may be: a) application of encryption protocols b) the ability to ensure confidentiality (article 90 GDPR 679/2016), the integrity, availability, and resilience of processing systems and  services on an ongoing basis, c) the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident, d) a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing. Moreover, ICAP PEOPLE SOLUTIONS shall take measures so as to ensure that any physical person acting under the authority of the data controller or of the processor, who has access to personal data, shall not process those data except on instructions from the data controller and limits access to your personal information to authorised employees.
Indicative security measures applied by ICAP PEOPLE SOLUTIONS are as follows:
● ICAP PEOPLE SOLUTIONS maintains a dedicated information security team that plans, implements and provides surveillance of our information security program
● The company controls the security and functionality of its products and services before they are introduced to the Internet, for any vulnerabilities in technology
● The company performs ongoing infrastructure checks to detect weaknesses and potential intrusions, vulnerabilities in systems etc.
● The company uses https protocols for secure and encrypted client communication with ICAP PEOPLE SOLUTIONS
● The company uses the open standard protocol to access Lightweight Directory Access Protocol (LDAP) directory services and uses encrypted passwords
● The company uses a Secure Sockets Layer (SSL) certificate to create an encrypted connection between the web server and the Client’s/User’s browser
● ICAP PEOPLE SOLUTIONS has been awarded with ISO 9001 και ISO 27001 certifications
9. Profiling
We use the information we obtain from third party sources such as a) profiling data related to Individuals ability/personality assessments 2) corporate employees ability/personality assessments and reports, to in order to process, evaluate and categorize the data based on internal customer requirements. We may also carry out customized talent assessment, executive assessment, personality tests, 360 feedback, ability tests at the request of our customers.We recommend to our customers to review and interpret the reports on their own based on their actual business requirements. Our customers may choose to use our evaluation reports alone or combine the reports with other information available to them. We do not maintain blacklists of any kind and we do not encourage our customers to reject or approve under any circumstances employees or other individuals based on those reports.
10. Submission of Complaint – Appeal
● For any issue regarding the processing of your personal data, you may contact us via e-mail at
● Moreover, you shall always be entitled to contact the Hellenic Data Protection Authority, which may accept the submission of relevant complaints in writing at its protocol in its offices at 1-3, Kifisias Street, Postal Code 115 23, Athens or by e-mail ( in accordance with the instructions indicated on its website.
● If you no longer wish to receive newsletters from ICAP PEOPLE SOLUTIONS, please send an e-mail to or follow the unsubscribe instructions included in each relevant email/communication.
11. Amendments
This policy may be renewed from time to time, due to amendments to the related legislation or change to the corporate structure of ICAP PEOPLE SOLUTIONS. Thereby, we encourage the Clients to periodically visit the Website so as to be informed regarding recent information of privacy practices. In any case, the Clients may be informed by e-mail or a notice in our Website regarding any amendments to this policy.



This procedure document supplements the subject access request (SAR) provisions set out in [ICAP People Solutions] (hereinafter referred to as the ‘Company’ or ‘ICAP’) Data Protection Policy & Procedure and provides the process for individuals to use when making an access request, along with the protocols followed by the Company when such a request is received.

The Company collects personal information to effectively and compliantly carry out our everyday business functions and services and, in some circumstances, to comply with the requirements of the law and/or regulations.

As the Company processes personal information regarding individuals (data subjects), we are obligated under the General Data Protection Regulation (GDPR) to protect such information, and to obtain, use, process, store and destroy it, only in compliance with the GDPR and its principles.

The General Data Protection Regulation (GDPR) gives individuals the right to know what information is held about them, to access this information and to exercise other rights, including the rectification of inaccurate data. The GDPR is a standardised regulatory framework which ensures that personal information is obtained, handled and disposed of properly.

As the Company are obligated under the GDPR and Hellenic data protection laws, we abide by the Regulations’ principles, which ensure that personal information shall be: –

• processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’)
• collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes (‘purpose limitation’)
• adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’)
• accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’)
• kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed (‘storage limitation’)
• processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’).

The Regulation also requires that ‘the controller shall be responsible for, and be able to demonstrate, compliance with the GDPR principles’ (‘accountability’). The Company have adequate and effective measures, controls and procedures in place, that protect and secure your personal information and guarantee that it is only ever obtained, processed and disclosed in accordance with the relevant data protection laws and regulations.

Information protected under the GDPR is known as “personal data” and is defined as: –

“Any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.”

Further information on what constitutes personal information and your rights under the data protection regulation and laws can be found on the Hellenic Data Protection Authority

Under Article 15 of the GDPR, an individual has the right to obtain from the controller, confirmation as to whether or not personal data concerning them is being processed. We are committed to upholding the rights of individuals and have dedicated processes in place for providing access to personal information. Where requested, we will provide the following information:
• the purposes of the processing
• the categories of personal data concerned
• the recipient(s) or categories of recipient(s) to whom the personal data have been or will be disclosed
• If the data has been transferred to a third country or international organisation(s) (and if applicable, the appropriate safeguards used)
• the envisaged period for which the personal data will be stored (or the criteria used to determine that period)
• existence of automated decision-making, including profiling and meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject
• where the personal data was not collected directly from the individual, any available information as to its source.

A subject access request (SAR) is a request for access to the personal information that the Company holds about you, which we are required to provide under the GDPR (unless an exemption applies). The information that we provide is covered in section 3 of this document.

You can make this request in writing using the details provided in section 7, or you can submit your access request electronically. Where a request is received by electronic means, we will provide the requested information in a commonly used electronic form (unless otherwise requested by the data subject).

Identity Verification
Subject Access Requests (SAR) are passed to the [Data Protection Officer/Compliance Officer] as soon as received and a record of the request is noted. The person in charge will use all reasonable measures to verify the identity of the individual making the access request, especially where the request is made using online services.

We will utilise the request information to ensure that we can verify your identity and where we are unable to do so, we may contact you for further information, or ask you to provide evidence of your identity prior to actioning any request. This is to protect your information and rights.

If a third party, relative or representative is requesting the information on your behalf, we will verify their authority to act for you and again, may contact you to confirm their identity and gain your authorisation prior to actioning the any request.

Information Gathering
If you have provided enough information in your SAR to collate the personal information held about you, we will gather all forms (hard-copy, electronic etc) and ensure that the information required is provided in an acceptable format. If we do not have enough information to locate your records, we may contact you for further details. This will be done as soon as possible and within the timeframes set out below.

Information Provision
Once we have collated all the personal information held about you, we will send this to you in writing (or in a commonly used electronic form if requested). The information will be in a concise, transparent, intelligible and easily accessible format, using clear and plain language.

SARs are always completed within 30-days and are provided free of charge. Where the request is made by electronic means, we provide the information in a commonly used electronic format, unless an alternative format is requested.

The Company always aim to provide the requested information at the earliest convenience, but at a maximum, 30 days from the date the request is received. However, where the retrieval or provision of information is particularly complex or is subject to a valid delay, the period may be extended by one month. If this is the case, we will write to you within 30 days and keep you informed of the delay and provide the reasons.

Under the GDPR, you have the right to request rectification of any inaccurate data held by us. Where we are notified of inaccurate data, and agree that the data is incorrect, we will amend the details immediately as directed by you and make a note on the system (or record) of the change and reasons.
We will rectify the errors within 30-days and inform you in writing of the correction and where applicable, provide the details of any third-party to whom the data has been disclosed.
If for any reason, we are unable to act in response to a request for rectification and/or data completion, we will always provide a written explanation to you and inform you of your right to complain to the Supervisory Authority and to seek a judicial remedy.

In certain circumstances, you may also have the right to request from the Company, the erasure of personal data or to restrict the processing of personal data where it concerns your personal information; as well as the right to object to such processing. You can use the contact details in section 7 to make such requests.

The GDPR contains certain exemptions from the provision of personal information. If one or more of these exemptions applies to your subject access request or where the Company does not act upon the request, we shall inform you at the earliest convenience, or at the latest, within one month of receipt of the request.

Where possible, we will provide you with the reasons for not acting and any possibility of lodging a complaint with the Supervisory Authority and your right to seek a judicial remedy. Details of how to contact the Supervisory Authority are laid out in section 7 of this document.

To submit your SAR, you can contact us at [ or] or visit our Subject Access Request page on our website [SAR Form online].
You can also submit your request or complaint in writing using the form in Appendix-1, sending the request to: Complaints Department,
ICAP People Solutions S.A., 2 El. Venizelou, 17676, Greece, +302107200000

If you are unsatisfied with our actions or wish to place a further data subject request, you can contact us in writing at: DPO/Privacy Office,
ICAP People Solutions S.A., 2 El. Venizelou, 17676, Greece, +302107200419

Supervisory Authority
If you remain dissatisfied with our actions, you have the right to lodge a complaint with the Supervisory Authority. The Supervisory Authority can be contacted at:
Hellenic Data Protection Authority, 1-3 Kifisias Avenue, 11523, Athens, +302106475628,


We represent leading international companies, known for their recognized tools and methodologies !
Cookies Settings