Privacy Policy

Victus Networks S.A., seated at the 18^th km of Marathonos & Pylou Avenue, PC 153 51 Pallini, Attica, with GCR number 129071801000 (“we”, “us” or “the Company”), has been established to serve the interests of its shareholders, namely the companies VODAFONE-PANAFON HELLENIC TELECOMMUNICATIONS COMPANY S.A. and WIND HELLAS TELECOMMUNICATIONS S.A. (collectively referred to as “Providers”).

With the aim of protecting and safeguarding your privacy and personal data, to which it attaches great importance, the Company has to date implemented a series of actions, rules and procedures to ensure its full compliance with the applicable European and national legislative framework. This statement, provided to you in compliance with the General Data Protection Regulation (Regulation (EU) 2016/679) and any relevant law issued and applicable in Greece, is intended to inform you of:

• the Company’s policy regarding the collection and processing of your personal data;
• your personal data that we process and the purposes of processing; as well as
• other necessary information to ensure fair and transparent processing of personal data when we are acting as Controllers or Processors, in accordance with the General Data Protection Regulation (GDPR).

This may happen, for example, when you visit our website, apply to work for the Company, hold a contract as the owner of a property on which a base station or any telecommunication equipment is installed or will be installed, when filing applications/complaints as a subscriber/user of our Providers’ networks, when you are a supplier, partner, or any other person who comes into contact with us (collectively, each referred to as “user”, “you”, “your”).

This statement may be amended and adjusted, whenever deemed necessary, to ensure its compliance with any new proposals by the competent Greek Regulatory Authority (Hellenic Data Protection Authority), the EU or with the applicable national law.

For more information, please contact dataprotection@victus.gr.

i. In the framework of fulfilling its statutory purpose, the company may conclude lease agreements with the owners of properties in which telecommunications equipment is installed or is to be installed. We may also handle any issue arising from the lease agreement you have signed with one of our Providers. During your contractual relationship either with us or with our Providers, we may collect the following data:

• Personal details (full name, address, father’s name, etc.)
• Contact details (e.g. email, phone number)
• Ownership deeds
• Tax Identification Number, Tax Office, ID Card Number
• Bank account numbers
• Any debts to third parties or to the State
• Any liens on the property (prenotations, mortgages, etc.)
• Any attachment recorded on the property
• Certificates/Authorisations for concluding the lease agreement
• Lease agreements, amendments and terminations thereof

ii. If we receive your CV as part of an online application for work at the Company, we will retain the data we have been provided with to check whether they match any job opportunities at Victus, for a period of two (2) years. Indicatively, we may collect the following data:

• Personal details
• Contact details (e.g. email, phone number or other)
• Academic information
• Work experience
• Education history
• Letters of reference

iii. In the course of its business activities, the Company may also conclude contracts with contractors and partners for the rendering of services by them relating to the Company’s business. Indicatively, we may collect the following data regarding their staff:

• Personal details (full name)
• Contact details (e.g. email, phone number)
• ID card number, passport number, license plate numbers
• Certificates/Certifications, in order to determine their suitability for performing specific tasks (e.g. climbing on base stations)
• Supplier evaluation data

iv. Finally, when you visit our website, we automatically collect certain information from your computer or mobile device, through the use of cookies. Our website’s use of cookies is explained in the separate Cookies Policy.

The Company collects and processes your personal data with your consent and on condition that you have previously been informed through this policy of the type of data processed, the purpose and extent of processing and the recipients thereof. Your consent may be revoked at any time. Please visit the section “Your rights” of this policy for more information.

However, as detailed below, the processing of your personal data may also be based on a legal basis other than consent, such as performance of a contract, support for Victus Networks’ legitimate business interests and compliance with other legal obligations:

i. For the performance of a contract: the processing of your personal data is necessary for the fulfilment of our obligations under the contract

ii. For compliance with a legal obligation: the processing of your personal data is mandatory, as in the case of keeping records for tax purposes or providing your personal data to a public entity or law enforcement authority.

iii. For reasons pertaining to the protection of legitimate interests: your personal data may be processed in the course of a legitimate activity in order to ensure the continuity of such activity, as long as this does not exceed your interests

Your personal data is not processed or distributed for further purposes, unless required by the law and the regulatory framework or by a signed contract or imposed by other legal obligations of the Company.

i. Transmission to Third Parties

Victus Networks does not transmit your personal data to third parties that are not affiliated with the Company, unless this is required for the Company’s legitimate business purposes and needs, in order to meet your requests and/or if required or permitted by law. When providing your personal data to third parties, we ensure that such parties comply with the provisions of the General Data Protection Regulation (GDPR).

For property owners in particular, recipients may include:

• all public authorities (tax authorities, urban planning authorities, the Hellenic Telecommunications & Post Commission and other administrative authorities) to which personal data is transmitted by the Company as a legal requirement;
• courts, judicial authorities, bailiffs, law enforcement authorities or independent/regulatory authorities in the context of resolving any civil, criminal or administrative dispute;
• affiliated partners of the Company such as contractors, lawyers, engineers, real estate agents, chartered auditors, tax consultants, technical and support service providers and IT consultants;
• banks/credit Institutions;
• insurance companies;
• our Providers and any of their consultants that are required to have access to your personal data under any legal basis for the relevant processing.

The personal data of employees of Company contractors and partners may be transmitted to the following recipients:

• lessors, security and/or management companies of commercial buildings/premises/shopping centres, embassies, camps, media premises, public gathering areas (museums, concert halls, stadiums, etc.) which, based on their entrance security regulations, request visitor details prior to their visit.

ii. Transmission outside the European Economic Area

Your personal data is not transmitted to other countries. If, in the future, we transmit personal data or need to share it with others, outside this context, you will be informed immediately. We will also have ensured that we and those individuals or companies to which we will need to transmit personal data agree to protect them from inappropriate use or disclosure, in accordance with applicable European and national data protection legislation, through standard clauses or other appropriate mechanisms.

We retain the personal data that we collect from you only when necessary. We do not retain this information indefinitely and when it no longer serves any purpose.

Indicatively, the criteria used to determine our retention policy are:

• applicable legislation and regulations,
• guidelines on best practices and standard industry practices,
• time constraints for filing legal claims under Greek and EU law,
• evidential support during audits performed by Providers, public supervisory authorities and/or entities,
• legitimate business needs

When we have no legitimate business need or legal obligation to process and retain your personal data, these are deleted.

We use appropriate technical and organisational measures to protect the personal data we collect and process on your behalf. The measures we use are designed to provide a level of security appropriate for the processing risk of your personal data. In particular, processing is performed exclusively by personnel authorised for this purpose and all appropriate organisational and technical measures are taken to protect such data and secure them against any accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access and from any other kind of unlawful processing.

You can exercise the following rights, in each case:

i. information: to receive any information about the processing of your data in a concise, comprehensible and easily accessible form.

ii. access: to find out which of your data we process, why and the recipients thereof.

iii. rectification: to rectify any incomplete or inaccurate data we retain concerning you

• deletion, [also known as “right to be forgotten”]: to have them deleted from our records, provided that their processing is no longer necessary
• restriction of processing: in the event that the accuracy of the data is questioned etc.
• portability: to receive your data in a structured, commonly used format

vii. withdrawal of consent/objection: regarding the processing of your personal data, at any time.

To exercise any of the above rights, please send a request to the Company at: dataprotection@victus.gr.

The Company will take all possible measures to satisfy your request within thirty (30) calendar days from its receipt, notifying you in writing that your request has been satisfied or of the reasons preventing the exercise of your right, and/or the satisfaction of one or more of your above rights, in accordance with the General Data Protection Regulation.

You also have the right to file a complaint with the Personal Data Protection Authority, if you consider that the Company violates the applicable legislation when processing your Personal Data.

The contact details of the Hellenic Data Protection Authority (HDPA) are:

Postal Address: 1-3 Kifisias Avenue, P.C. 115 23, Athens

Call Centre: +30-210 6475600

Fax: +30-210 6475628

E-mail: contact@dpa.gr

If you have any questions about this Statement, please contact us by e-mail at: dataprotection@victus.gr.

Victus Networks may periodically make changes to this Statement to reflect updated personal data protection practices.

Cookies are small size text files that are stored in the computer while you are browsing the web and are used by the website to identify the visitor.

To protect the privacy of the visitor, the site needs your consent before using cookies. For this purpose, when you first visit the site, you will receive a notice requesting your consent before continuing your tour.

The site uses the Google Analytics cookies. More information on how to use Google Analytics and the visitor’s choices regarding cookies’ise can be found here: www.google.com/policies/privacy/partners/

Regulation (EU) 2016/679 of 27 April 2016, which aims to harmonise the European legislation on the protection of personal data. It came into force on 25 May 2018; any reference thereto shall be construed so as to include the national implementing legislation.

Any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identity number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, psychological, economic, cultural or social identity of said natural person.

The Regulation sets out that:

• The processing of personal data must be lawful, fair and transparent.
• Personal data should be collected only for specific, explicit and legitimate purposes.
• The personal data should be sufficient, relevant to the purpose of the processing, and limited only to those necessary.
• The personal data retained should be accurate and up-to-date.
• The personal data should be retained for as long as strictly necessary, not for longer.
• Appropriate measures should be taken for the security of personal data.

Any operation or series of operations carried out using automated means or not on personal data or sets of personal data such as collection, registration, organisation, structuring, storage, customisation or alteration, retrieval, search of information, use or disclosure by transmission, dissemination or any other form of disposal, correlation or combination, restriction, deletion or destruction.

A natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data; when the purposes and means of such processing are set out by EU law or the national law of a member state, the controller or the specific criteria for his appointment may be provided for by EU law or the national law of the member state.

The natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller.

Any natural or legal person, public authority, agency or body, other than the data subject, the controller and the processor.

Any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

A security breach leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.