«NIKOLAOS SARMPANIS GOERGIOU» or «HYDRONE» is a lawfully existing company in Piraeus, Greece, at the offices of 8 Ippodameias Sq. (hereinafter referred to as “We” or “the Company”). The Company mostly provides underwater inspections services by using portable inspection equipment.

By exclusively doing business with corporations, the Company collects, stores και processes very limited information that constitute personal data of its employees, other associates, its vendors and other service providers, their representatives and employees.

1. Personal data we collect

2. We collect and process the following categories of personal data of our clients, vendors and service providers (when it comes to individuals):

(a) Basic identification information (name, surname, registered seat/office address, occupation, representatives etc);

(b) Contact details (telephone, fax number or mobile number and email address, post address, billing address, shipping address);

(c) Data relating to the cooperation with the Company (terms of sales and services, relevant correspondence, email correspondence and its context, agreed fees, contracts, bank account details, other relevant billing information, such as tax number, tax agency, occupation etc) and

1. d) Data from our website (name, surname, email address, context of the email).

2. We also collect and process the following categories of personal data of our employees and other associates:

3. a) Basic workforce identification information that is required by law (name, surname, father`s name, mother`s name, spouse`s name, gender, place of birth, date of birth, residence, address, citizenship, identification number, passport number, family status, number of offspring, occupation, tax number, tax agency, social security numbers, social security registry number, starting date of employment, previous employments, degrees, salary, bank account numbers and other details required by law, such as days of illness per year etc);

(b) Contact details (telephone, fax number or mobile number and email address etc).

2. Purposes for collecting your personal data and legal bases for their processing

3. We only collect, process and store your personal data for the proper management of our business relationship and contracts ( services, sales, employment contracts), for being able to properly contact our employees and our clients, for the Company’s compliance with legal obligations and for the establishment, exercise or defense of our legal claims.

Β. These are the sole purposes, for which we collect and process your personal data, as well as the legal basis their processing.

1. C. We do not use personal data for promotional or advertising purposes or other purposes that do not facilitate our business relationships and contracts or our legal obligations, such as marketing or profiling.

2. In summary, we process your personal data either because it is required in order to manage a contract or other legal obligation and, if the Company is going to process your personal data for other purposes, such as marketing and profiling in the future, after properly informing you, we will seek to obtain your consent.

3. Where we get your personal data from

We collect your personal data:

1. Directly from our clients, vendors, associates or employees, who are the subjects of personal data and usually our counterparts in a contract. You provide us with the necessary information, for example when you get into a contract with us, when you seek an offer, when you arrange a meeting with us etc;

2. From third parties (clients, vendors etc), when they provide us with the necessary information that is your personal data, when they transfer it to us in order to facilitate the communication with their person in charge (most likely one of their employees or a legal representative), for example in order to clarify the details of a contract, seek an offer, deliver a project, supervise a project etc;

3. From our website: Every time you visit our website and/or use its applications, the Company may collect and process your personal data. Part of it is data collected using cookies in our website, which we do in order to facilitate the use of our website from you. However, you should note that the Company`s website does not use third-party cookies. Another part of your personal data collected from our website may be the limited data you provide (surname, name, email, context) when you seek to communicate with us using the online application form on our website.

4. We do not collect personal data from other sources and with other means, except for the data you provide the public with, such us basic communication information you may publicly share on your own website, on your professional cards or other documents, in professional catalogues etc.

5. To whom we disclose your personal data

Α. The Company may disclose your personal data only to our employees and/or our business associates, depending on the case.

Β. The Company may transfer the necessary part of your personal data to third parties, who provide services to the Company (such as accounting services, IT services, other technical services or subcontracting services etc). These third parties need to have access to some of your personal data in the context of their services and are data processors, who are bound to comply with legal obligations under the GDPR, with strict security and non – disclosure obligations to the Company and process the personal data only on behalf and under the instructions of the Company.

1. Some of your data may be transferred to competent authorities (such as tax agencies, social security agencies etc) for the company to meet its relevant legal obligations and/or protect legitimate interests, either own or yours.

Ε. In case of change in control or ownership of the Company, your data might be transferred to another business entity and every possible effort shall be made for you to be notified in time.

1. The company will not share your personal data with other third parties for any promotional, advertising or illegal purposes. In general, your personal data shall not be disclosed to third parties without your consent, except for the case of being lawfully taken by judicial Authorities.

2. How we treat and how long we retain your personal data

Α. The Company will process only the abovementioned personal data that are reasonably adequate and relevant to the purposes of the processing.

Β. The Company will not retain your personal data in its records and electronic files beyond the period required to serve these purposes. Therefore, the Company will retain your personal data for as long as our cooperation lasts, plus the limitation period under the Greek law after its termination for any reason. When the processing is no longer required, your personal data will be securely destroyed.

1. The Company is also entitled to retain your relevant personal data for any period required under the Greek tax laws or other legal obligations.

2. When the processing is no longer required, your personal data will be safely destroyed.

3. Your rights

4. The Company will satisfy the right to access, rectify, update and erase your personal data within 30 days.

Β. The rights of restriction and objection to the processing of your personal data which are kept in the Company’s records do not apply in this case mostly due to non-marketing or profiling purposes.

1. You also have the right to receive your personal data in a structured, commonly used and machine-readable format and to transmit them to another company.

2. If you have provided us with your consent, you also have the right to withdraw it at any time.

Ε. All the above rights, keeping in mind that exercising some of them, such as deletion right, can or may lead the Company not to be able to provide you with its services etc), can be exercised for free by sending a letter or an email to the Company (contact details are provided hereunder).

1. If you are not satisfied by the way we handled your complaint, you also have the right to lodge a written or electronic complaint with the Hellenic Data Protection Authority (www.dpa.gr).

2. Contact details for personal data

3. For any request regarding the above rights and/or the processing of your personal data from the Company, you may contact us by sending a letter to the attention of Mr. Sarmpanis at Ippodameias Sq. 8, Piraeus, 18531, Greece or by calling +30 6947 846448 or by sending an email to the email address info@hydrone.gr. We are committed to work with you for the peaceful resolution of any relevant matter.

Β. If you exercise any of your above rights, we will take every measure to satisfy your request within 30 days and we will inform you, in the manner you have appointed with your request, about the satisfaction or the reason which prevents it from being satisfied.

8. Data security and protection

9. Data security is a major commitment to the Company. In order to achieve this, we apply all the appropriate for the purpose of processing technical and organizational measures, such as, but not limited to, encoding the data of our clients, but also those organizational measures that apply to our business under frequent checks.

10. We make sure that our systems and our sites are technically and physically secured, that we execute contracts with our processors, that we apply accessibility checks with all our data (file servers, pc`s, mobile phones, erp/crm/logistics applications, filing system etc) using technical restrictions and by allowing access to extremely limited number of people under nda obligations.

11. All our partners are required to prove their compliance with our Privacy Policy and regulations and conclude with us the necessary contractual privacy clauses so that your data is kept safe from any form of violation or unauthorized use and disclosure.

12. However, your personal contribution to the security of your personal data is also required, as you must always ensure that your data is correct and that any keys and passwords are strong, secure and not shared with third parties.

13. Minors (Children)

Our services (underwater inspections etc) are to be used only by adults and are not intended to be used by children. Therefore, we have no knowledge of collecting and processing data by such subjects, unless their legal guardian has given us consent.

10. Data Processors

Α. When the processing of personal data must be done by a third party as a processor on behalf of the Company as a data controller, the Company only uses processors providing reasonable assurance that appropriate technical and organizational measures are in place to ensure that the processing meets the requirements of the Regulation (GDPR) and to safeguard the rights of the data subject. Processing by the processor is governed by a contract or other legal act that binds the processor in relation to the controller and determines the subject and duration of the processing, the nature and purpose of the processing, the type of personal data and the categories of data subjects and the obligations and rights of the controller. The Company will use processors who provide enough assurance to the Company about having taken appropriate technical and organizational measures in such a way that the processing complies with the requirements of the Regulation and safeguards the rights of the data subject.

1. All the above will apply in any case (unknown for the moment) that the Company will act as a processor itself on behalf of a controller.

Amendments of this Statement

1. This Statement is an integral part of our Company’s Service and Sales Terms and is posted on a prominent part of our website as part of our site`s Privacy Policy and Terms of Use.

2. This statement may be subject to changes and updates, for which we will notify you either by posting it at the same place on our website or by sending you a direct notification. In any case, the change in the statement will result from the “validity” date set at the end of it.

Thank you for your time and attention.