Privacy Policy

PRIVACY POLICY

Privacy Policy

1. Introduction

The present Privacy Policy (hereinafter referred to as the "Privacy Policy" or "PP") applies to the website of the S.A. Company with the name "Hellas Gold Single Member SA" (hereinafter referred to as the "Company") and the distinctive title "Hellas Gold Single Member S.A.", a member of the "Eldorado Gold Corporation" group ("Eldorado"). The Company is the creator and owner of all rights of this website (hereinafter "the website") with the domain name: www.hellas-gold.com/

The Company attaches particular importance to the protection of personal data. For this reason, the Company has prepared this Privacy Policy to inform users about the way their personal data, collected during their browsing on the website, are processed.

The website includes links to the Company's applications, the operation of which is governed by specific terms and conditions, which in principle are posted in the interface of each application. Furthermore, the website includes links to other websites, which are under the responsibility of third parties.

 

2. Definitions concerning personal data

(note: The definitions abide with art. 4 GDPR)

Personal Data: any information relating to an identified or identifiable natural person (‘Data Subject’).

Controller: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. In this case, the Company is the Controller.

Processor: the natural or legal person, public authority, agency or other body which processes personal data on behalf of the Controller.

Data Subject: an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. In this case, the users of the website are data subjects.

Recipient: the natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.

 

3. Collection of personal data: purpose and legal basis

When the user visits the Company's website and as long as:

(i) interacts with it; or

(ii) fills in standard contact pages (forms); or

(iii) uses the electronic services provided,

personal data of the user are collected.

The purposes of the processing carried out in the context of the operation of the website, the data processed, and the respective legal bases are described below:

 

Α. Contact via a standard page (form) of the website

In cases where you address a message to the Company through the relevant standard page (form) of the website, we process the following personal data:

  1. Name,
  2. E-mail address,
  3. Any personal data included in your message.

The legal basis of processing depends on the nature - the subject of your message and is in principle: a) taking steps at your request prior to entering into a contract (Art. 6 par. 1(b) GDPR) and b) the legitimate interests of the Company (Art. 6 para. 1(f) GDPR).

 

B. Contact via e-mail

In cases where you address a message to the Company through the addresses posted on the website, we process the following personal data:

  1. Name,
  2. E-mail address,
  3. Any personal data included in your message.

The legal basis of processing depends on the nature - the subject of your message and is in principle: a) taking steps at your request prior to entering into a contract (Art. 6 par. 1(b) GDPR) and b) the legitimate interests of the Company (Art. 6 para. 1(f) GDPR).

 

C. Blog: article sharing

In cases where you choose to share an article posted on the "blog" of the website, we process the following personal data:

  1. Your full name,
  2. Your e-mail address,
  3. E-mail address of the recipient.

The legal basis of processing is the performance of a contract (Art. 6 par. 1(b) GDPR).

Furthermore, it is possible to collect in an automated way information such as:

  • the user's internet protocol address (IP address). The IP address is determined by the provider of the connection through which the visitor/user accesses the internet and then the website. The IP address and other data that may be derived from it (for example the location of the user - at city level) are only retained under the conditions of the law,
  • the type of browser and operating system,
  • the websites and links that the user selects (by "clicking") within a page of the website,
  • the basic connection information to the server,
  • information collected through software such as "HTML cookies", "Flash cookies", "web beacons" and other similar technologies.

 

Retention period

The personal data collected in the context of the operation of the website are kept for three (3) years.

 

CONFIDENTIALITY

For access to the personal data of the users of this website, competent executives of the Company have been appointed, who are committed to confidentiality.

 

TRANSMISSION - SHARING OF PERSONAL DATA

Your personal data is not transmitted to third parties, with the exception of the providers of website development, support and hosting services. These providers (Processors) have contractually provided guarantees for the protection of your personal data.

The data is stored on servers in Greece. No transfers outside the European Economic Area (EEA) take place.

 

RIGHTS OF DATA SUBJECTS

The Company, as a Data Controller, complying with the provisions of the legislation on personal data protection, satisfies and facilitates the exercise of the following rights:

 

Right of access

Data Subjects have the right to receive, at any time, information from the Company as to whether the Company processes their personal data and, if so, they may request to be informed of the purpose of the processing, the type of data processed, the recipients of the data, the period of storage, the existence of a right to request the rectification or erasure of personal data or restriction of processing or a right to object, the right to submit a complaint to a supervisory authority, if automated individual decision making takes place. In addition, the Subjects shall be provided with a copy of the personal data without undue delay.

 

Right to rectification

The Data Subject has the right to request from the Company the rectification of inaccurate or outdated personal data concerning him or her. The Data Subject also has the right to request the completion of incomplete personal data, including by means of a supplementary declaration. Furthermore, the Company undertakes to communicate any rectification of personal data to each recipient to whom the personal data were disclosed, unless this proves to be impracticable or involves a disproportionate effort. The Company undertakes to inform the Data Subject about such recipients upon request.

 

Right to erasure

The Data Subject has the right to request the Company and under the conditions of Art. 18 GDPR and Article 34 of Law 4624/2019 to delete personal data concerning him or her.

 

Right to restriction of processing

The Data Subject is entitled to request the Company to restrict the processing of personal data concerning him or her. If the processing of personal data is restricted, the said personal data, except for storage, shall be processed only if specific exceptions apply.

 

Right to data portability

The Data Subject has the right, under the conditions of Article 20 GDPR, to receive the personal data concerning him or her which he or she provided to the Company in a structured, commonly used and machine-readable format.

 

Right to object

The Data Subject shall have the right to object at any time and on grounds relating to his or her particular situation to the processing of personal data concerning him or her, subject to the conditions set out in Article 21 GDPR. If the Data Subject objects to the processing of personal data concerning him or her, the Company will no longer process the data in question, unless it proves that there are compelling legitimate grounds for the processing, which override the interests and rights of the Data Subject or for establishing, exercising or supporting legal claims.

 

Right to object to decisions based solely on automated processing, including profiling

The Company does not engage in automated individual decision-making. However, in any case and if in the future it proceeds to automated individual decision-making, the Data Subject shall have the right to object to a decision taken solely on the basis of automated processing, including profiling, where that decision produces legal effects concerning him or her or significantly affects him or her.

 

Fulfilment of rights

Overall, the Company ensures that:

  1. Procedures are in place to allow the rights of the Data Subjects to be easily exercised, so that all required actions can be initiated immediately.
  2. It shall respond to a request submitted by the Data Subject without undue delay and in any case not later than thirty (30) calendar days. In the event that it cannot satisfy a right exercised by the Data Subject, the Company shall ensure that a specific, adequate and complete explanation is provided.
  3. Except in cases of manifestly unfounded or excessive requests, all actions concerning the fulfilment of the rights of the Data Subjects will be carried out free of charge for the Data Subjects.

In order to exercise the above rights, Data Subjects may submit a written request to the Company's Data Protection Officer (DPO) via the following e-mail address: GR-Privacy@eldoradogold.com.

In the event that Data Subjects consider that the processing of their personal data violates the applicable regulatory framework for the protection of personal data, they have the right to file a complaint with the Personal Data Protection Authority (postal address Kifissias 1-3, P.C. 115 23, Athens, tel. 210. 6475600, e-mail address contact@dpa.gr).

 

Modification of this policy

The Company reserves the right, when it deems appropriate, to modify this Policy, either in whole or in part, and to post such modification on this website. Any modification to this Policy, will be effective immediately upon posting on the Company's website. Users are advised to consult this Policy periodically to ensure that they are aware of the most recent version.