In our everyday business operations, we make use of a variety of data about identifiable individuals, including data about current, past, and prospective employees, customers, users of our websites, other stakeholders, etc. In addition, we provide software tools to our customers that process different types of data, which conform to the principles of confidentiality, integrity, and availability. We ensure that the information these tools are processing are safeguarded against inappropriate disclosure.
One of these tools is SOFIA Innovation Scoring (SOFIA), which is a data-driven Decision Support System (DSS) to automate the Innovation Scoring process in the Financial Sector. The purpose of this policy/information sheet is to describe the steps RENVIS P.C. (RENVIS) is taking to ensure that it complies with all relevant terms included in the EU General Data Protection Rule (GDPR) and with all Ethical aspects that may arise. This control applies to all systems, people and processes that constitute the organization’s information systems, including employees, suppliers and other third parties who have access to RENVIS systems.
2. Types of data collected
The personal data collected and processed by SOFIA are limited to those necessary for the specific and clearly defined purpose and the specific legal basis, for each circumstance. In this context, the processing that takes place concerns the personal data you provide to SOFIA when you visit the service’s official website, when using SOFIA’s specific services or interact with us, for example by sending a contact form.
Such personal data are:
- Identification data (e.g., User ID, Full Name)
- Communication data (e.g. Name, postal address, phone numbers, e-mail address)
- Customer data and invoices (Company ID, corporate form, VAT ID, email, country, street address, city, fax, telephones)
- Visitor data on our premises (Name, ID)
In case the processing of data is based on consent, we follow all the relevant procedures provided by the EU GDPR.
The data fields that can relate to Personal Data gathered during the use of SOFIA are Company/Bank legal name, Company VAT number, Name, Email address, Address, Phone number. From these data fields, only a few are required to create a user account: Bank name, User Name, Company VAT Number, User Email. The required information is needed to create the respective user account. Without a user account, the user is not able to access, use or enter data into SOFIA.
3. How we collect and use your personal data (Legal Basis for Processing)
Personal information is collected in accordance with the GDPR and the applicable legislation, either at the beginning of your usage of SOFIA or later, and are processed on a legal basis:
- consent to the processing of your personal data for one or more specific purposes
- for the performance of a contract
- for compliance with our legal obligations
- in order to protect your or another natural person’s vital interests
- for the performance of a task carried out in the public interest
- for the purposes of our legitimate interests
Your personal data might be processed by SOFIA for the following purposes on a legal basis:
- Consent to the processing of your personal data for one or more specific purposes, such as to
identify and communicate with you
- For the performance of a contract, such as during pre-contract or contract performance
- For compliance with our legal obligations, such as to fulfill our obligations to our customers, our staff, and our external collaborators, or disclosure to Public Authorities.
- In order to protect your or another natural person’s vital interests
- For the performance of a task carried out in the public interest
- For the purposes of our legitimate interests, such as to develop our services through your activities and interests, for complaints management, for the protection and security of our IT system, for the protection and safety of our facilities, etc.
4. Sharing and disclosing your data
5. Retention of data
We will also retain usage data for internal analysis purposes. Usage data is generally retained for a shorter period, except when this data is used to strengthen the security or to improve the functionality of our services, or we are legally obligated to retain this data for longer time periods.
6. About cookies
We are not using cookies to track the activity on our service or to hold certain information. Cookies are files with a small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent.
7. Safeguarding measures
By using SOFIA, we work to ensure that the personal data we receive are processed in a legal, fair and transparent manner, are collected solely for specific and legitimate purposes, are adequate, are related to the purpose for which we collect them and are limited to what is necessary, are accurate and up-to-date, are maintained exclusively within the specified timeframe and no longer, are processed in a way as to ensure the necessary security of personal data.
Every user registration data and credentials related data (e.g. password) is encrypted, provided only to the specific user and concealed both to all other SOFIA users and administrators. During the registration process, users set their own password, available only to them. The other users of the system that can be invited by the administrators to access SOFIA, receive an email message where it is noted that by proceeding to logging into the system, they provide their consent described in the present Privacy & Personal Data Policy information sheet. The database fields used to store all the relevant user credentials are concealed from system administrators.
8. Your rights
- You may at any time be informed by us of access to your personal data we hold.
- You have the right to contact us to correct the data that is inaccurate or incomplete.
- If we are not obliged by law to maintain the data we hold and relate to you, you can ask for your personal data to be deleted.
- You can ask us to forward your data to another authority.
- In case you disagree with the way we process your personal data, you can request the interruption or limitation of the processing
- You have the right to withdraw your consent to process your data at any time.
RENVIS will make every effort to respond to your request regarding SOFIA data and services without delay and in any case within one month of receiving it. This period is extended for a further two months if it is necessary taking into account the complexity of the request and the number of requests. RENVIS will inform you of this extension within one month of receipt of the request and of the reasons for the delay. If you have submitted the request by electronic means, the update is provided, if possible, by electronic means, unless you request otherwise.
In case RENVIS satisfies your request to limit the processing of your data; or to terminate the processing of your data; or to delete your data from RENVIS records and if they are necessary for the preparation or continuation and performance of a contract, then either the termination by you of the relevant agreement or the inability to process your request is automatically implied. RENVIS is in any case entitled to refuse the satisfaction of your request to restrict the processing or deletion of your personal data if such processing is necessary for the foundation, exercise or support of its legitimate rights or the fulfillment of its obligations. The above services are provided free of charge. However, if your claims are manifestly unfounded, excessive or recurrent, RENVIS may either impose a reasonable end, inform you or refuse to respond to them.
To exercise your rights you can send an email to firstname.lastname@example.org
9. Consent withdrawal
You have the right to withdraw your consent for the use of SOFIA at any time. The withdrawal of your consent does not affect the legitimacy of the processing that was previously based on it and was made prior to its revocation.
10. Consequences of not providing your data
You are not obligated to provide your personal information to SOFIA however, as this information is required for us to provide you with our services/ security purposes /legitimate interests, we will not be able to offer some/all our services without it.
11. Questions about Data Protection
If you have any questions about protecting your data, you can email to email@example.com or write to RENVIS postal address, and we will respond to you as soon as possible and not later than one month.
11. Personal Data Protection Authority
You have the right to file a complaint to the Personal Data Protection Authority (www.dpa.gr) which is the competent supervisory authority for the protection of the fundamental rights and freedoms of natural persons with regard to the processing of their personal data if you believe that your rights are being infringed in any way.
12. Processor – Contact Details
RENVIS is considered a processor with the following contact details:
Address: 10, Ioanni Passalidi Str., 54453, Thessaloniki, Greece
Telephone: +30 231 118 0008