The Company Optimal Business Action S.A. (hereinafter referred to as "Optimal HR Group” or the "Company” or "we”) tries to offer you an experience that meets the needs of our visitors, by using responsibly the information collected through our website. We are committed to respect your privacy and comply with applicable laws on data protection and privacy.

Processing of your personal data is governed by these terms, by the relevant provisions of Greek and EU legal framework on data protection, including the General Data Protection Regulation (2016/679) and the relevant decisions, guidelines and regulation issued by the Hellenic Data Protection Authority.

This Privacy Policy (the "Policy") forms an integral part and is incorporated into the Terms of Use of our Website and may be subject to modifications. We advise you to regularly check our Data Protection Policy in order to remain informed and updated on any amendments. By visiting and navigating through our Website you agree to this Data Protection Policy, as in force at the time. When substantial amendments are made, we will ensure that a relevant notice is posted for visitors of our Website.

This Policy explains how we collect, process and/or use information that we receive via our website and emails we send (hereinafter referred to as the "Website”) that link to this Policy, as amended from time to time. This Policy also describes how we collect, process, use and share the personal information you provide us with. It also describes your choices regarding use, access, transfer, correction and deletion of your personal information.

1.1. Directly from you: We collect personal data directly from you when you visit our website, when you request information, submit a request, CV, or subscribe to our updates (Newsletter).

1.2. By automated means through the use of the website: When you visit the company's website, we may collect data from you based on your browsing and using our services. This data may include search history, address IP, screen resolution, browser you used, operating system and settings, access times and URL reference as well as data collected through cookies (See Cookies Policy).

1.3. From third parties: If you connect to www.optimalhrgroup.com through a third-party service (e.g. LinkedIn, Facebook), this third-party service may send us information, such as your registration information and profile from that service. This information varies and is controlled by or authorized by you through your privacy settings in the third-party service.

We collect information about you to provide our services. In order for us to best provide our services to you and to fulfill the relationship we have with you, it is essential that we are able to collect and use the information as described in this Policy.

2.1. Personal data in the context of communication with you: In this context, we collect the data you provide yourself, such as name, surname, e-mail address, telephone number and any other information that may be contained in the free text/ comment field.

2.2. Personal data in the context of the submission of your CV: When you submit your CV via our Website, we collect and maintain information about your identity (such as your first name, surname, father's name, date of birth), contact details (e-mail, telephone, home address), information about your education (qualifications, educational institutions), your skills (languages, computer skills and networks) and your professional experience (previous employers, length of employment, position), any other information included in your CV, the fulfillment of military obligations (if applicable), as well as the positions and areas of activity you are interested in.

2.3. Data We Collect Automatically: When you use the Website, your device is automatically providing information to us so we can respond and customize our response to you. The type of information we collect by automated means generally includes technical information about your computer, such as your IP address or other device identifier, the type of device you use, and operating system version. The information we collect may also include usage information and statistics about your interaction with the Website. That information may include the URLs of our web pages that you visited, URLs of referring and exiting pages, page views, time spent on a page, number of clicks, location data (if you have enabled access to your location on your mobile device), and other information about how you used the Website.This information is collected by using Cookies & other similar Tracking Technologies. We strongly advise you to review our Cookies Policy in order to learn more about Cookies, how we use them and how you can control the use of Cookies.

We process your data exclusively for the below purposes:

1. To enable you to access and use our website and the services we provide through our website
2. To respond to customer service requests. When submitting your information to the contact form, we use it to contact you and offer you the information and/or services you have requested.
3. To evaluate your job application. When you submit your CV via either the contact form or the special CV form, we collect your data and process it to assess your qualifications and skills so as to match your abilities with the most suitable job opening.
4. To send you notices and commercial communications, perform marketing and promotional campaigns
5. To be able to detect and prevent cases of fraud, abuse, security incidents and other harmful activities and to perform security and risk assessments.
6. To enforce the terms of use of the website and other policies.
7. To ensure the company’s compliance with legal obligations
8. To improve our services and improve the user experience, for the purposes of controlling, troubleshooting and improving the content, the structure, the functionality and quality of our online services and generally to optimize and tailor our web platform to your needs, making our website easier and more efficient to use.

The legal basis for the processing of personal data collected in accordance with the above is:

i. processing of the personal data is necessary for the performance of the contract between you and OPTIMAL HR GROUP, or in order to take steps at your request prior to entering into a contract, specifically to provide the services and/or information requested.

ii. processing is necessary for the purposes of the legitimate interests pursued by OPTIMAL HR GROUP or by a third party ( for instance to send you notices and commercial communications and to use historical usage date to evaluate visits and user navigation through our website, in order to improve its content and structure). OPTIMAL HR GROUP will always balance your rights and interests in the protection of your personal data against OPTIMAL HR GROUP’ rights and interests or those of the third party.

iii. processing is necessary for compliance with a legal obligation to which OPTIMAL HR GROUP is subject (such as tax law or lawful law enforcement requests).

iv. your consent, in order to process your personal data for direct marketing purposes, to provide personalized offers, or any other instance where consent is required under applicable law.

It is our legitimate interest to appear on social networks and promote our products and services. OPTIMAL HR GROUP has official social media accounts, specifically on Facebook, Linkedin and Twitter. On its website, the company incorporates an additional social media share button, inviting website visitors and users to follow the company in the respective social media (follow/like) as well as upload posts and comments. During your use of the social media, we may collect certain personal data (such as your profile data in the corresponding medium).

Based on European Court of Justice case-law, the Company is considered a Joint Controller for processing your data together with each social medium. Within this context, the company has posted the Privacy Policy on an easily accessible spot on each corporate social media account, it strictly complies with the obligations relating to the protection of personal data by taking the appropriate technical and organisational measures (such as limiting the number of people with access to corporate social media accounts) in order to ensure the safe processing of data (see below par.9)

The purpose of the data processing is to make visible and promote the company's image and services, to provide updates or to communicate with you, responding to the messages/comments you send us.

The legal basis for processing is your consent, which you provide when you actively click on the social media share button, the "like” or "follow” button on the Company's social media. You can withdraw your consent at any time in the same manner in which you provided it, i.e. by clicking "unlike” or "unfollow”.

The Company is not responsible for how each social medium processes your data and it is your responsibility to be informed about it by reviewing the Facebook, Linkedin and Twitter Privacy Policy.

Finally, while OPTIMAL HR GROUP wishes and encourages users to comment on posts and/or pages it maintains on social media, it informs users that any post or comment uploaded should respect the basic rules of politeness, decency and respect to different views, ensuring a safe online environment and .will remove any content deemed to violate the terms of use of the website, such as insulting, pornographic, or threatening content or content violating intellectual property rights, and may block users who violate these terms. In any case, if you consider that content posted on OPTIMAL HR GROUP’s official social media accounts violates the terms of use, please contact us immediately.

The recipients of the user's data may be:

1. Authorized employees of the company. Only authorized members of our staff, bound by confidentiality clauses are allowed to process your data solely to the extent it is necessary to perform their duties and in the context of the purposes which you have already been informed about.
2. Tax and other authorities or other public authorities in case of audits
3. External partners providing accounting services, audits, market research Internet services, technical support services or other services necessary for the operation of the website and the performance of the services by the company.

It should be noted that when storing, accessing and/or processing the user's personal data, the employees and agents of the company fully comply with the relevant provisions of the European General Data Protection Regulation 2016/679 on the protection of Data as well as with current Greek legislation and jurisprudence on the protection of personal data. The company requires of its employees, its website hosting and service providers, as well as its third-party partners to take all necessary technical and organisational measures (including appropriate policies and procedures) to prevent unauthorised disclosure of users’ personal data to which they gain access, and implement procedures for the management and processing of personal data in a manner that is lawful and protect such data according to GDPR imposed obligations.

Finally, your data will be transferred to our Customers, that is the potential employers, who are searching for employees with your qualifications, experience and work skills. Please note that such transfer is absolutely necessary for the performance of the contract between you and the Company, since without it, the Customer/ potential employer will not be able to evaluate your application. Each Customer/ potential employer acts a Joint Controller with OPTIMAL HR GROUP as to this specific processing but in addition, once you are hired, the Customer, as an employer, maintains its own separate obligations to comply with the data protection legislation as well as with all other applicable legislation ( labour law, tax law etc.).

Retention periods can vary significantly based on the type of data and the purpose of processing. Our retention periods are based on criteria that include legally mandated retention periods, pending or potential litigation, our intellectual property or ownership rights, contract requirements, operational directives or needs and historical archiving.

When you send your CV without applying for a specific job, the Company will register and maintain your CV for five (5) years from the last submission of your CV. Subsequently, your data will be deleted, unless you request from us to retain your data for a longer period of time. In addition, you may request that we delete your data at any time.

When you apply for a specific job, your personal data is deleted from our Company's database six (6) months after submitting your CV, unless you have requested us to keep your CV for any future jobs we judge that match your professional qualifications and experience. In this case, the Company will enter your CV in our database and retain it for five (5) years from its last submission. Subsequently, your data will be deleted, unless you renew your request for further processing. In any case, you can request that we delete your data at any time.

In the case of simply communicating with us via the contact form, your data will be retained for one (1) year from the submission of your query and will then be deleted.

We may also retain personal data:

1. To the extent required by law (for example, in order to comply with tax legislation)
2. In order to comply with court proceedings (any ongoing or future court proceedings)
3. To establish, exercise or defend our legal rights, personal security of the users and the public.

However, some necessary personal data regarding your contractual relationship with the Company as well as information concerning your notification on the processing of your data and your consent, where applicable, may be retained so as to establish the lawfulness of processing of user data by the company and the legal claims of the parties.

The company, its employees, processors, assistants, agents shall implement appropriate technical and organisational measures to ensure, as much as possible, the most appropriate protection of personal data against accidental or unlawful destruction, loss, alteration, unlawful disclosure or access to them and any unlawful processing, as well as to ensure the possibility of restoring availability and access to them. These measures also serve so as to demonstrate that processing is performed in accordance with GDPR, obviously taking into account the nature, scope, context and purposes of processing as well as the risks of varying likelihood and severity for the rights and freedoms of natural persons, while applying appropriate procedures for the regular testing, evaluation and evaluation of the effectiveness of the techniques and organisational measures.

Your data is stored in secure locations within Greece, the EU and the EEA. However, it is possible that we may transfer the Personal Data we collect from you to our Customers, partners or affiliates located in countries outside the EEA. These countries may not have the same laws for the protection of Personal Data as the country in which Personal Data was originally collected. When we transfer your Personal Data to these other "third” countries, we take appropriate measures to protect it in accordance with this Policy and all applicable privacy laws. Each time we transfer your personal data outside the EEA, we ensure a similar degree of protection applies, ensuring that one of the following protection measures is implemented:

• We will only transfer your personal data to countries for which the European Commission has issued an adequacy decision i.e. it considers that they provide an adequate level of protection for personal data.

• When we use specific service providers in third countries, we ensure that we employ one of the appropriate safeguards provided for by the GDPR (art.46) for instance to use specific contracts approved by the European Union Commission, which ensure personal data the same protection they have in Europe (Standard Contractual Clauses or SCC) and conduct the appropriate Transfer Impact Assessment when it is deemed necessary.

• One or more of the derogations provided for in Article 49 of the GDPR shall apply.

Our Company ensures your rights with respect to processing of personal data and ensures that you may exercise them.

You have the right to request:

10.1. Access to your personal data.

10.2. Rectification of your personal data if it is inaccurate or incomplete.

10.3. Deletion of your personal data, unless their processing is necessary for the exercise of legal rights of Optimal HR Group or third parties, for the fulfillment of a legal obligation, for public interest reasons or for defending our legal rights before judicial or other Authorities.

10.4. Restriction of processing of your personal data only for specific purposes.

10.5. To withdraw at any time your consent to the processing of your personal data for marketing purposes and/or targeted advertising by sending an email or written request using the contact details below. In such case, their processing by us will be suspended, nevertheless this will not impact the legitimacy of any processing performed until the time of withdrawal.

To exercise any of the above rights, you may contact us via e-mail: dpo@optimalhrgroup.com by mail or in person at the company’s premises at 286 Kifisias Ave., Halandri 152 32, Athens, Greece.We will take all possible measures to satisfy your request within a reasonable period, no later than one (1) month after the submission of the request and proper proof of your identity. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests. Please note that the absolutely necessary user data may be retained, in order to safeguard the legal interests of the Company.

Please note that depending upon the circumstances and the request, we may not be permitted to provide access to personal data or otherwise fully comply with your request; for example, where producing your information may reveal the identity of someone else. We reserve the right to charge an appropriate fee for complying with your request where allowed by applicable law, and/or to deny your requests where, in the Company’s discretion, they may be unfounded, excessive, or otherwise unacceptable under applicable law.

Finally, you have the right to submit a request to the company inquiring on how the company processes and protects your personal data, and if you consider that your rights are infringed, you have the right to file a complaint with the Hellenic Data Protection Authority (1-3 Kifissias Str., P.C. 115 23, Athens, tel. 210 6475600, in the special form of the DPA on the website https://www.dpa.gr/el/syndesi/polites/kataggelia).

We do not collect Personal Data from individuals under the age of 18.

The company may change this policy. Please check the effective date at the top of the policy to see when it was last revised. Every revision will be implemented as soon as we publish the revised policy.

If we make substantive changes to this policy that broaden our rights to use the personal data that we have already collected from you, we will inform you and provide you with a choice for the future use of these data.

DPO CONTACT INFORMATION:

Data Protection Officer