For CORINTH CANAL S.A. (A.E.DI.K.) the protection of the Personal Data of our partners, suppliers, customers and in general citizens that interact with the A.E.DI.K., as well as the respect for individual privacy, constitute a self-evident commitment. The company is committed to collect and process personal data according to the General Data Protection Regulation (EU) 679/2016 and the rest of the applicable legislation. In this context we undertake all necessary organizational and technical measures required to ensure security, availability and validity of the data of our partners and citizens interacting with A.E.DI.K.
A.E.DI.K. is a Public Utility Company that has as its main aim the management, maintenance and utilization of the Corinth Canal, with main objectives the safety of marine navigation, the faster circulation of cargo and the creation of economies of scale for the maritime industry. In this context it provides, among others, navigation and towing services, as well as ship maintenance services.
Personal Data and ways of collection
In the context of its activities, A.E.DI.K. collects personal data through its authorized employees and partners, which may include:
A.E.DI.K. takes all reasonable steps to collect personal data directly from the data subjects, through any appropriate mean. Only in exceptional cases A.E.DI.K. may collect personal data from any other source, after prior specific notification to the data subjects.
Legal Basis and purpose of personal data use
A.E.DI.K. collects only personal data that are absolutely necessary for the performance of its activities, its duties entrusted to it for safeguarding public interests, as described in the present, the performance of legal obligations and the performance of its contractual obligations. Specifically, the company collects and processes data of partners and suppliers for the purposes of provision of services, procurement of services or works, collects and process data that are necessary for the control and safety of maritime navigation in its area of control, collects and processes data for the performance of its contractual obligations in the context of the provision of its services, as well as for the performance of its legal obligations, such as, among others, regarding tax legislation but also the legislation applicable to companies of the wider public sector and legislation about public procurement.
In the context of pursuing these goals, our company processes personal data, according to the following legal bases, depending on each time particular act of processing:
Disclosures of personal data – categories of recipients
A.E.DI.K. does not disclose the personal data it collects and processes to third party, except if it is necessary for the purposes for the performance of legitimate professional and business needs, in order to perform contractual obligations to our suppliers and partners or is required or allowed by law.
The data of our partners, suppliers and citizens that engage with A.E.DI.K may be processed according to those mentioned in the present notice, by departments and employees of our company that are competent to perform each given task. The data may be processed by collaborating third parties, by order and on behalf of A.E.DI.K., in cases of outsourcing of functions of our company, such as IT services, accounting services etc. There are no stable collaborations of this sort and for this reason it is impossible to mention the particular details of such partners. In any case, the company takes all necessary steps to ensure that it assigns parts of processing to third parties only if they ensure high levels of security and confidentiality of the data, provide enough guarantees and commitment about their protection and undertake the contractual obligations required by law.
Furthermore, the data, to the extent necessary for the performance of the purposes of processing, may be transferred to Banks or business partners such as insurance companies, consultants or auditors, security services providers or archive managing services providers, IT companies, courier companies or companies providing printing services etc. Our company, under any circumstance in which such a transfer of data is necessary, takes all reasonable steps to disclose data only to third parties that demonstrate high levels of security and confidentiality and provide enough guarantees and commitment for their protection.
Finally, the company may disclose data to public authorities of any nature (public services, tax authorities, social security institutions etc.) or to judicial authorities or independent public authorities, prosecuting authorities etc., if such a disclosure is allowed or required by law or such a disclosure is deemed absolutely necessary for the protection of our legal rights or legal compliance.
Timeframe of retention of personal data
Personal data are retained for the period that is absolutely necessary for the performance and completion of the purposes of their processing mentioned above. The exact period of retention of each category of personal data is determined by (a) the needed period, within a reasonable business framework, for the performance of our contractual obligations (b) each time applicable legislation about mandatory retention of certain data, as indicatively applies in accounting and tax records or data regarding social security obligations (c) the duration of our commercial or otherwise contractual relationship with suppliers, partners or customers (d) the possible need for the retention of data in order to safeguard our legitimate interests, demonstrate compliance, protection against claims and judicial pursuit of our claims (e) obligations for retention that arise from the public duties assigned to our company and any special provisions governing the operation of companies of the wider public sector.
Confidentiality and security of personal data
A.E.DI.K. maintains appropriate technical and organizational measures to ensure the confidentiality and integrity of the personal data in its possession and to protect them from incidental or deliberate destruction, loss, change, unauthorized access or disclosure, as well as any other form of illegal processing.
The processing of personal data from our company is conducted only in a way that ensures confidentiality and security of the data, taking into consideration the latest developments, costs, nature, context and purposes of processing, through evaluation of the risks and the chances of their occurrence and its consequences for the data subjects. In this context, we take all reasonable steps to ensure that processing is carried out by authorized for such a procedure personnel, which is bound by confidentiality obligations and demonstrate the appropriate protection standards. The same applies to all our partners, which may be involved in the process (see above under “Disclosure of Personal Data – Categories of recipients”).
Personal Data & Personally Identifiable Information for the transit announcement or user registration to www.corinthcanal.com & Mobile App.
Data Subject’s Rights
According to applicable legislation and under the restrictions provided therein, data subjects have the following rights in respect to their personal data:
Greece: Data Protection Authority – DPA, 1 Kifissias Ave. -11523 Athens, telephone: +30210 6475600, www.dpa.gr)
To exercise any of your rights, as well as for any information or clarification in respect to those rights and their conditions, you have to contact with our Data Protection Officer at given contact details below. The Data Protection Officer will provide any further information and guidance for the steps that you must follow. Furthermore, you can contact our DPO for any queries, comments or complaints in respect with the management of your personal rights.
Data Protection Officer: Mastrogiannopoulos Dimitrios
Telephone: +30 2741 0 30880
Address: Isthmia Corinthias – GR 20100 – Greece
Deputy Data Protection Officer: Roussis Dimitrios
Telephone: +30 2741 0 30880
Address: Isthmia Corinthias – GR 20100 – Greece