Privacy Notice - FF Hellas
1. Introduction
This notice describes how Fenchurch Faris Hellas, as a data controller, collects, uses, shares, and retains the personal information you provide and informs you about your choices regarding the use, access, and correction of your personal information. Fenchurch Faris Hellas is committed to ensuring that any personal data it receives is protected and handled in accordance with applicable data protection laws. For the purposes of this Privacy Notice, references to “we”, “us” or “our” shall refer to Fenchurch Faris Hellas.
2. Who we are
Fenchurch Faris Hellas is incorporated in Greece, following the Greek Chamber Authority with registration number 283790.
3. What personal information do we process about you
The personal information we hold is restricted to your name, correspondence address, email address, contact number, employer name, job title, and country of residence. We will also record past communication data with you and your communication preferences.
4. Why we collect your personal information and the lawful basis for processing
Business Communications: We will contact you with business communications. The lawful basis for this process is a legal obligation.
Regulatory information: Fenchurch Faris Hellas will provide you with information regarding the regulation of the market, including updates. The lawful basis for this process is a legal obligation.
Event management: Your personal details will be processed to support the communication and management of Fenchurch Faris Hellas-run events. The lawful basis which allows us to process your data is a legitimate interest.
Marketing: We will, from time to time, provide you with information regarding products and services provided by Fenchurch Faris Hellas. The lawful basis which allows us to process your data is a legitimate interest.
Training: Information regarding training courses will be sent to you periodically. The lawful basis which allows us to process your data is a legitimate interest. It is in the legitimate interests of Fenchurch Faris Hellas to carry out direct marketing activities, including training sessions, seminars, and “meet the market” workshops to members of the Fenchurch Faris Hellas market and other individuals. It is also a legitimate interest of Fenchurch Faris Hellas to inform members and individuals about its products and services.
5. Who we are sharing your data with
Your data will only be shared with event organizers which are co-hosting or sponsoring the event and, in some cases, Fenchurch Faris Hellas overseas offices appropriate to the event for event management purposes.
6. How long do we keep your data
We will retain your personal information for as long as is reasonably necessary to fulfill the relevant purposes set out in this Privacy Notice. The retention period will primarily be determined by relevant legal and regulatory obligations and/or the duration of our business relationship with you, your employer, or another associated party. We maintain and update regularly our data retention policy with a detailed retention schedule. We will securely delete or erase your personal information if there is no valid business reason for retaining your data. In exceptional circumstances, we may retain your personal information for longer periods of time if we reasonably believe there is a prospect of litigation, in the event of any complaints or if there is another valid business reason the data will be needed in the future.
7. International transfers
From time to time we may need to share your personal information with members of the Fenchurch Faris Hellas subsidiaries who may be based outside of the European Union. We may also allow our service providers, who may be located outside the EU, access to your personal information. We may also make other disclosures of your personal information overseas, for example, if we receive a legal or regulatory request from a foreign law enforcement body. We will always take steps to ensure that any international transfer of information is carefully managed to protect your rights and interests:
• We will only transfer your personal information to countries that are recognized as providing an adequate level of legal protection or where we can be satisfied that alternative arrangements are in place to protect your privacy rights.
• Transfers within the Fenchurch Faris Hellas overseas offices will be covered by standard contractual clauses, adopted by the European Commission which gives specific contractual protections designed to ensure that your personal information receives an adequate and consistent level of protection.
• Transfers to service providers and other third parties will always be protected by contractual commitments and where appropriate further assurances.
• Any requests for information we receive from law enforcement or regulators will be carefully checked before personal information is disclosed. Information relating to the safeguards in place for all international transfers can be obtained by writing to the DPO, whose details can be found in section 9.
8. Your rights
You have certain rights as an individual which you can exercise in relation to the information we hold about you. If you make a request to exercise any of your rights we reserve the right to ask you for proof of your identity. We aim to acknowledge your request as soon as possible and will address your query within one month from your request. You have the following rights:
The right to access You are entitled to a confirmation of whether we are processing your data, a copy of your data, and information about the purposes of the processing, who do we disclose it to, whether we transfer it abroad and how we protect it, how long we keep it for, what rights you have, where we got your data from and how you can make a complaint.
The right to rectification If you believe the personal information we hold about you is inaccurate or incomplete you can request for it to be rectified.
The right to erasure If you withdraw your consent, terminate a contract with us, or believe the personal information is no longer necessary for the purposes for which it was collected, you may request your data to be deleted. However, this will need to be balanced against other factors, for example, there may be certain regulatory obligations that mean we cannot comply with your request.
The right to restriction of processing You can ask us to restrict (i.e. keep but not use) your personal data, but only where:
• Its accuracy is contested, to allow us to verify its accuracy; or
• The processing is unlawful, but you do not want it erased; or
• It is no longer needed for the purposes for which it was collected, but we still need it to establish, exercise, or defend legal claims; or
• You have exercised the right to object, and verification of overriding grounds is pending. We can continue to use your personal data following a request for restriction, where we have your consent; to establish, exercise or defend legal claims; or to protect the rights of another natural or legal person.
The right to data portability If we collected your information under a contract or your consent, you can request from us to transfer your personal information to provide it to another third party of your choice.
The right to object
You have the right to object at any time to the processing of your personal data where processing is necessary for the performance of a task carried out in the public interest, or in the exercise of an official authority vested in the controller. You may also object where the processing is necessary for the purposes of the legitimate interests, except where such interests are overridden by your interests or fundamental rights and freedoms, in particular where you are a child.
9. Contact details of the Data Protection Officer
If you have any questions relating to data protection that you believe we will be able to answer, please contact our Data Protection Officer:
10 Complaints
If you are not satisfied with our response or believe we are not processing your personal data in accordance with legal requirements you can make a complaint to relevant Data Protection Authority.