INFORMATION ON THE PROCESSING OF PERSONAL DATA OF JOB APPLICANTS

With this Notice, the hotel chain “DOMOTEL HOTELS & RESORTS” (hereinafter referred to as the “Company”) aims to inform prospective employees about the processing of their personal data, in accordance with the General Data Protection Regulation 2016/679 (EU), Law 4624/2019, the Decisions, Directives, and Opinions of the Personal Data Protection Authority, and, in general, national and EU legislation and case law on the protection of personal data (hereinafter referred to as Existing Legislation).

This Notice concerns and applies to the personal data of prospective employees in the context of submitting CVs for employment with the Company, either electronically or in physical form at the Company’s headquarters.

  1. DEFINITIONS

“Data controller“: The natural or legal person, public authority, agency, or other body that, alone or jointly with others, determines the purposes and means of the processing of personal data, i.e., in this case, the Company.

Processing“: Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adapting or altering, retrieving, consulting, using, disclosing by transmission, disseminating or otherwise making available, aligning or combining, restriction, erasure, or destruction, whether in electronic or paper form.

Personal Data“: Any information relating to an identified or identifiable natural person, who is the natural person whose identity can be ascertained, directly or indirectly, in particular by reference to an identifier such as a name, an identity number, location data, an online identifier (such as an IP address or cookies), or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

Sensitive personal data“: personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation. Data relating to criminal prosecutions and convictions, offences and related security measures are also treated as a special category of data.

  1. WHAT PERSONAL DATA DOES THE COMPANY PROCESS

With a view to future cooperation, the Company collects personal data from candidates such as name, surname, father’s name, mother’s name, marital status, date and place of birth, identity card/passport number, nationality, gender, telephone number, email address, professional status, professional experience, degrees, certifications, military status, as well as other personal information of candidates included in CVs and applications of interest sent/submitted to the Company. The Company does not seek to collect sensitive personal data during the evaluation of prospective employees.

  1. PURPOSE AND LEGAL BASIS FOR PROCESSING PERSONAL DATA

The purpose of processing the personal data of job applicants is to assess their suitability for a specific job position. The legal basis for processing the personal data of job applicants is the Company’s legitimate interest in recruiting the right employee for the job in question. When prospective employees send CVs or personal information to the Company on their own initiative, without the Company having advertised a specific job vacancy, the candidates give their consent to the processing of their data in accordance with the provisions of the applicable legal framework.

  1. PERSONAL DATA SECURITY

Taking into account the latest developments, the cost of implementation, and the nature, scope, context, and purposes of the processing, as well as the risks of varying likelihood and severity for the rights and freedoms of employees, the Company implements appropriate technical and organizational measures to ensure the appropriate level of security, integrity, and confidentiality of employees’ personal data, in accordance with the Applicable Legislation.

To this end, the Company has adopted Policies and Procedures for the protection of personal data and has implemented significant information protection measures, including secure storage and operating environments, graded access, etc.

The Company may transfer the personal data of candidates to the relevant members of its staff, to other hotels in the DOMOTEL HOTELS & RESORTS chain, namely DOMOTEL Kastri, DOMOTEL Olympia, DOMOTEL Xenia Volos, DOMOTEL Arni, DOMOTEL Neve, DOMOTEL Anemolia, DOMOTEL Agios Nikolaos, depending on the needs of each of them, or to third parties to whom it has entrusted the processing of personal data on its behalf. In any case, third parties to whom candidate data may be transferred are contractually bound to the Company to ensure the required confidentiality obligation as well as all obligations provided for by the Existing Legislation. The Company will under no circumstances transfer your personal data to unauthorised third parties or to countries/organisations outside the EU/EEA.

  1. PLACE AND TIME OF STORAGE OF PERSONAL DATA

Candidates’ personal data is kept in the Company’s database and in a physical file for a period of 12 months from the date of receipt from each candidate, provided that the Company does not proceed with their recruitment. In the event of the candidate’s recruitment, the retention period for employees’ personal data is specified in the “Information on the processing of personal data by the Company” sent to each employee of the Company.

  1. RIGHTS

According to current legislation, employees have and can exercise:

  • Right of access and information, so that they can receive information from the Company about the personal data it processes and obtain a copy thereof,
  • Right to rectification, i.e. to request the rectification and/or completion of inaccurate or incomplete data held about them
  • Right to erasure, i.e. to request the erasure of their data, if the Company retains them without any legal basis for processing,
  • Right to restriction of processing, provided that one of the conditions of Article 18 of the GDPR applies:
  • Right to data portability, i.e. to request that their data be provided in a structured, commonly used and readable format, or to request that it be transferred to a third party.
  • Right to object to the processing of their personal data, including objection to automated decision-making and profiling.
  • Right to withdraw their consent (only for processing for which consent could be considered freely given as described above).

In the event that one or more of the above rights are exercised, the Company will ensure that it responds immediately and in any case no later than one (1) month after the request is submitted and the applicant is identified. This deadline may be extended by two (2) additional months, if necessary, if the request is complex or there are a large number of requests. If employees believe that their personal data has been violated in accordance with the Existing Legislation, they have the right to file a complaint with the Personal Data Protection Authority.

  1. CONTACT

If you have any questions or concerns about how the Company processes your personal data, or if you wish to exercise your rights referred to in Article 6 herein, you may contact the Company’s Data Protection Officer (DPO) of the Company by email at: [email protected].