Giant Stride’s Personal Information management Policy

Updated 29/04/2020

Giant Stride recognizes the importance of the protection of natural persons with regard to the processing of their personal information as a fundamental right. In that respect, the Company complies with the principles of personal information lawful processing, respects the rights and freedoms of the data subjects and secures that the possessed personal information is:

  • collected for specified, explicit and legitimate purposes, which are stated at the Company’s Data Flow Map, and are also collected after data subject’s consent, when necessary,
  • are processed only for the purposes for which they have been collected and / or for legal and regulatory reasons and / or for the defence of the Company’s legal interest,
  • not further processed in a manner that is incompatible with the specified purpose(s),
  • adequate, relevant and limited to the minimum data required in relation to the specified purpose(s),
  • subject to legal processing according to data subjects’ rights, they are accurate, and, where necessary, kept up to date, particularly before taking critical decisions concerning the data subjects,
  • not retained for longer than is necessary for the purposes for which the data were collected or for which they are further processed or for compliance of the Company with legal and regulatory requirements,
  • retained secure from unauthorized access, unauthorized modification, loss or breaches,
  • transferred to third parties provided that secure level of data protection is ensured.

The above-mentioned are followed by all of the Company’s employees and third parties that process personal information of natural persons on behalf of the Company.

The Company ensures full compliance with all the above by:

  • applying a Personal Information and Information Security Management System and Information Security Management System, which covers its activities for monitoring and controlling the implementation of this policy, as well as effectiveness assessment regarding the regulatory framework and best practices for personal information protection,
  • applying procedures for satisfying the complete and effective fulfilment of data subjects’ rights,
  • explicitly informing data subjects regarding the processing of their personal information,
  • incorporating personal information processing requirements to all operational functions, that are relevant to their processing,
  • recognizing all internal and external interested parties and their requirements towards their personal information protection,
  • specifying roles and responsibilities associated with personal information management,
  • giving explicit directions to staff and third parties, who execute processing on behalf of the Company, for data use and data transmission according to the established Policies and Procedures,
  • ensuring that data transmission to and processing by third parties on behalf of the Company, complies with the regulatory framework for data protection as well as with the current policy,
  • designing, adopting and monitoring a system of indicators and targets for secure and lawful data management,
  • investing in continuous staff training and awareness on personal information protection issues as well as in constant improvement of know-how and its sharing with the staff,
  • providing all the necessary resources for ensuring Personal Information Management System effective application,
  • having designated a Data Protection Coordinator (DPC),
  • sharing the policy with all the employees continuously updating this policy according to the applicable regulatory and legislative framework

Giant Stride is committed to continuously monitor and enforce the regulatory and legislative framework and to continuously implement and improve the effectiveness of the Personal Information and Information Security Management System.

Executive Director of Giant Stride
Lefteris Karafilis