Information Security Policy
For PCC HELLAS, Information Security is a top priority in order:
- To ensure the secure retention, processing and transmission of data on corporate activities
- To ensure the full compliance of PCC HELLAS with the relevant applicable legal and regulatory requirements,
- To protect the interests of PCC HELLAS and of those who do business with it and trust it for the use and transfer of their data,
- To ensure the availability, integrity and confidentiality of information generated, received and handled in the context of corporate activities,
- To maximise the reliability of PCC HELLAS’ information resources.
The implementation of Information Security Policies and Procedures aims at:
- Protecting the computing resources and information handled at the services of PCC HELLAS from any threat, internal or external, intentional or accidental,
- The systematic assessment and evaluation of risks related to information security, aiming at their proper and timely management,
- Creating secure procedures for the development and maintenance of IT applications and services,
- Archiving data, avoiding viruses and external intrusions, controlling access to systems, recording all security incidents and handling unexpected developments,
- The continuous briefing of the management and staff on information security issues,
- Controlling the information and data handled and exchanged,
- The immediate and effective handling of incidents and security breaches,
- The full commitment of the Management of PCC HELLAS to the faithful implementation of the Security Policies and all applicable national and Community legislation.
The Information Security Officer is responsible for controlling and monitoring the operation of the System, and for informing all staff involved about the Information Security Policy.
All PCC HELLAS staff involved in the activities and procedures described and related to Information Security are responsible for implementing the policy and the relevant Procedures in their field of work.
The Management and all employees of PCC HELLAS are committed to the achievement of the objectives of PCC HELLAS and to the observance of the principles relating to Information Security.
Personal Data Protection Policy
PCC HELLAS recognises the criticality of protecting the personal data of natural persons and of their lawful and proper processing. In this context, the Company complies with the basic principles on the processing of personal data, respects the rights of natural persons and ensures that the personal data in its possession:
Are collected for specified, explicit and legitimate purposes, as reflected in the Processing Activities Record kept and are collected with the consent of the natural person where required.
Are processed only for the purposes for which they have been collected and/or for legal and regulatory reasons and/or for the protection of the legitimate interests of PCC HELLAS.
Are not subject to further processing beyond the specified purpose.
Are appropriate, relevant and limited to the minimum necessary for the purposes of processing.
Are processed lawfully in accordance with the rights of the natural persons, are accurate and updated when necessary and especially before taking critical decisions concerning the natural persons.
Are not retained for longer than required for the purpose of the processing and/or for PCC HELLAS to comply with its legal and regulatory obligations.
Are kept safe from unauthorised access, loss or destruction,
Are transmitted to third parties only if an adequate level of protection is ensured.
The above are complied with by all employees of PCC HELLAS, as well as by third parties processing the personal data of natural persons on its behalf.
To ensure the above, PCC HELLAS:
Implements an Information and Personal Data Security Management System covering all its activities, in order to monitor and control the implementation of this policy, as well as to evaluate its effectiveness in terms of compliance with the regulatory framework and best practices on personal data protection.
Implements procedures to ensure the full satisfaction of the rights of natural persons, whose requests are answered within one month from their submission or within 3 months if there are justified reasons for delay, which are notified to the Data Subject within the initial month from the submission of its request.
Clearly informs natural persons about the processing of their data.
Integrates personal data management requirements into all its business operations and processes related to their processing.
Has recognised all internal and external parties involved and their requirements regarding the protection of personal data.
Has defined roles and responsibilities pertaining to data management.
Provides clear instructions to staff and third parties performing operations on behalf of the Company regarding the safe use and transmission of data in accordance with the Management System.
Ensures that the transmission of data to and their processing by third parties on its behalf is carried out in compliance with the regulatory framework for data protection and with this policy.
Designs, adopts and monitors the implementation of a system of indicators and targets aimed at the secure and lawful management of data.
Invests in continuously training, raising the awareness and instructing its staff on personal data protection issues, in the continuous improvement of its know-how and its dissemination to all staff.
Has all the necessary resources for the effective implementation of the Information and Personal Data Security Management System.
Has appointed a Data Protection Officer (DPO).
Communicates this policy to all staff and ensures its continuous updating in order to achieve full compliance with the applicable regulatory framework.
PCC HELLAS is committed to monitoring and observing the regulatory and legislative framework at all times and to continuously implementing and improving the effectiveness of its Information and Personal Data Security Management System.