INFORMATION ON THE PROCESSING OF PERSONAL DATA OF JOB APPLICANTS

With this Notice, the hotel chain “DOMOTEL HOTELS & RESORTS” (hereinafter the “Company”) aims to inform job applicants regarding the processing of their personal data, in accordance with the General Data Protection Regulation 2016/679(EU), Law 4624/2019, the Decisions, Guidelines and Opinions of the Hellenic Data Protection Authority, and generally the national and EU legislation and case law on personal data protection (hereinafter referred to as Existing Legislation).

This Notice concerns and applies to the personal data of job applicants in the context of submitting resumes for employment with the Company, either electronically or in physical form at the Company’s headquarters.

  1. DEFINITIONS

“Controller”: The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data, namely, in this specific case, the Company.

“Processing”: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction, whether in electronic or printed form.

“Personal Data”: any information relating to an identified or identifiable natural person, who is the natural person whose identity can be ascertained, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. IP address, cookies) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

“Sensitive personal data”: personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation. Data relating to criminal convictions and offences and related security measures are also treated as a special category of data.

  1. WHAT PERSONAL DATA THE COMPANY PROCESSES

With a view to future cooperation, the Company collects personal data of applicants such as name, surname, father’s name, mother’s name, marital status, date and place of birth, ID card number/passport, nationality, gender, telephone, email, professional status, professional experience, degrees, certifications, military status, as well as other personal information of applicants included in resumes and applications of interest sent/submitted to the Company. The Company does not seek to collect sensitive personal data during the evaluation stage of job applicants.

  1. PURPOSE AND LEGAL BASIS FOR PROCESSING PERSONAL DATA

The purpose of processing the personal data of job applicants is to evaluate their suitability for a specific job position. The legal basis for processing the personal data of job applicants is the Company’s legitimate interest in recruiting the appropriate employee for each job position. When job applicants send resumes or personal information to the Company on their own initiative, without the Company having advertised a specific open job position, the applicants provide their consent for the processing of their data, in accordance with the provisions of the applicable legal framework.

  1. PERSONAL DATA SECURITY

Taking into account the latest developments, the cost of implementation, and the nature, scope, context, and purposes of processing, as well as the risks of varying likelihood and severity for the rights and freedoms of individuals, the Company implements appropriate technical and organizational measures to ensure an adequate level of security, integrity, and confidentiality of personal data, in accordance with the Existing Legislation.

For this purpose, the Company has adopted Policies and Procedures for the protection of personal data and has implemented significant information protection measures, including secure storage and operating environments, tiered access, etc.

The Company may transfer the personal data of applicants to its competent staff, to other hotels of the DOMOTEL HOTELS & RESORTS chain, namely DOMOTEL Kastri, DOMOTEL Olympia, DOMOTEL Xenia Volos, DOMOTEL Arni, DOMOTEL Neve, DOMOTEL Anemolia, DOMOTEL Agios Nikolaos, depending on the needs arising in each of them, or to third parties to whom it has entrusted the processing of personal data on its behalf. In any case, the third parties to whom applicants’ data may be transferred are contractually bound to the Company to ensure the required confidentiality obligation as well as all obligations provided for by the Existing Legislation. The Company will under no circumstances transfer your personal data to unauthorized third parties, nor to countries/organizations outside the EU/EEA.

  1. PLACE AND PERIOD OF PERSONAL DATA RETENTION

The personal data of applicants are retained in the Company’s database and in a physical file for a period of 12 months from their receipt from each applicant, provided that the Company does not proceed with their recruitment. In case of recruitment of the applicant, the retention period of employees’ personal data is determined in the “Company’s Personal Data Processing Information” sent to each employee of the Company.

  1. RIGHTS

In accordance with the Existing Legislation, individuals have and can exercise:

  • Right of access and information, so that they receive information from the Company about the personal data it processes and receive a copy thereof,
  • Right to rectification, i.e., to request the correction and/or completion of inaccurate, incomplete data held about them,
  • Right to erasure, i.e., to request the erasure of their data, provided that the Company holds them without a legal basis for processing,
  • Right to restriction of processing, if one of the conditions of Article 18 of the GDPR applies:
  • Right to data portability, i.e., to request the provision of their data in a structured, commonly used and machine-readable format, or to request their transmission to a third party.
  • Right to object to the processing of their personal data, including objection to automated individual decision-making and profiling.
  • Right to withdraw their consent (only for processing activities for which consent could be considered freely given as stated above).

In case of exercising one or more of the aforementioned rights, the Company will ensure to respond promptly and in any case within one (1) month at the latest from the submission of the request and the identification of the applicant. This period may be extended by two (2) additional months, if necessary, if the request is complex or there is a large number of requests. If individuals believe that their personal data is being violated according to the Existing Legislation, they have the right to lodge a complaint with the Hellenic Data Protection Authority.

  1. CONTACT

If you have any questions or concerns regarding how the Company processes your personal data, or wish to exercise your rights referred to in Article 6 hereof, you may contact the Company’s Data Protection Officer (DPO) via email at: [email protected].