At CPA Kudos Greece, we are committed to protecting and respecting your privacy.
Please read this Privacy Policy, as it contains important information about how we collect and manage the Personal Data we collect from you.
Website of our Company
Our website is https://cpakudos.gr
Information and consent
This Privacy Policy describes how we collect, use, process and transfer your Personal Data (hereinafter referred to as the “User”).
By reading this Privacy Policy, the “User” is fully informed of the above mentioned.
The “User” should carefully read this Privacy Policy, which has been drafted with simplicity and clarity in mind, in order to facilitate understanding, so that he/she can freely and voluntarily decide whether he/she wishes to provide his/her personal data to our Company for the stated purpose.
Identity
When this Policy refers to “we”, “us”, “our”, “our”, “Controller”, it is understood that we refer to CPA Kudos Greece.
Processing Manager
For the purposes of the General Data Protection Regulation (GDPR), we are the “Data Controller”.
Our contact details are:
CPA Kudos Greece
Mitropoleos 64,
10563, Athens, Greece
[email protected]
Personal information we collect and the reasons why we collect it
We collect the following data (on a case-by-case basis):
When you register on our Website to add you to our newsletter mailing list – Your email
The basic condition for your registration on our mailing list is your acceptance of the terms of use and this privacy policy
When using the contact form on our website – Your full name
– Your mail
– Your phone
– The service you are interested in
– Your message
The basic condition for your registration on the list of recipients is your acceptance of the terms of use and this privacy policy.
In order to provide our services to you In order to provide our services to our customers, we may request Personal Data of either customers or employees, customers and suppliers of our customers.
This Personal Data is either provided to us voluntarily, or collected by us from third party sources at the request of our customers.
This Data may be:
– Basic information such as name, position details, job details
– Contact details
– Financial details
– Other details that may be required
We collect this Data for:
– The provision of our services
– For marketing purposes
– For accounting purposes
– For tax purposes
– For compliance with Legal and Regulatory requirements
– For the defence of our legal rights and those of our customers
In particular:
For Consultancy Services we may request:
– Contact details (name, address, contact numbers and email)
– Supplier details which may include personal details of employees or suppliers of the client (e.g. name, contact details, date of birth, nationality, ID numbers, employment contracts etc.)
– Financial and salary details, pension details and bank account numbers
– Health information for people who receive
For tax services we may request:
– Personal Data of the customer, his/her dependents (e.g.e.g. address and contact details, tax data, demographic data, etc.)
– Various documents such as tax return records, requests and results of audits by authorities, etc.
– Various official and personal documents such as birth certificates, marriage licenses, diplomas, identity and passport details etc.)
– Bank account numbers and transactions
– Passwords to public platforms
– Employment status data
– Property data
– Other Personal Data as appropriate
For transaction auditing, we process transaction information, for transparency, money laundering, etc. in order to fulfil our audit Contractual obligations.
The checks we carry out may include the following:
– Proof of performance of contracts
– Conflicts of interest
– Identity verification
– Proprietary rights
– Legalisation of proceeds from illegal activities
– Political, judicial, media, financial, stock exchange, etc. connections to provide favourable conditions and/or decisions in violation of the principles of equality, proportionality and transparency
– As part of these checks, we may need to process special category Personal Data (for example, evidence of politically exposed persons or to collect information about criminal convictions where required by anti-money laundering laws).
We collect this Data for:
– The provision of our services with particular attention to the Principle of Transparency
– For compliance with Legal and Regulatory requirements
– For the defence of our Legal rights and those of our clients
– Full compliance with the Legislation on Independence
Collection of third party data that may be collected for the provision of our services In order to provide our services to our customers, we may collect Personal Data of individuals (e.g. employees, suppliers, etc.) with whom we do not have a direct (contractual) relationship.
These Data may be.
For some services, we may also process special category Personal Data such as:
– Dependent Data
– Trade Union Activity
– Political Activity
– Medical Data
– Participation in charities
Such Personal Data may be collected and will only be used where necessary in connection with the provision of our services for which such Data was collected, such as determining the correct taxation of our customer’s income and claiming the correct tax deduction in relation to such payments.
For participation in meetings, conferences either in person or through online platforms We process Personal Data about participants in conferences, meetings, events and events of an educational (and not only) nature.
For this purpose, various applications may be used which provide high privacy protection based on their Privacy Policies.
This Data may be:
– Full name
– Email
– Contact telephone numbers
– Workplace
– Other data that may be required on a case by case basis
Our Company is allowed to receive photographic material and/or videos from events and conferences that it organizes for marketing purposes.
Images and voices of attendees may be recorded and the material may be published on our Website.
We may collect the above information for:
– Preventing access by unauthorized persons
– Participant management reasons
– Safeguarding information
Details of our suppliers and/or subcontractors We may process Personal Data from our suppliers and/or subcontractors in order to obtain various services from them if and when required.
This Data may be:
– Full name
– Employer details
– Contact details
– Details required for payments
In addition, we may use Data about our suppliers and subcontractors to check if we have a conflict of interest or if there are various legal restrictions (bribery, corruption, etc.)
We may collect the above data for:
– The good performance of the Contract
– Our legitimate interest to manage any potential conflict of interest etc.
– The right to recover money in cases of poor performance of works and/or breach of contractual obligations
Social Network Links On our Website you will find buttons that lead to various social networks.
We have no control or influence over the Personal Data collected by social media providers based on the buttons to enter them, nor do we have any access to your login credentials to them.
You can refer to the respective Privacy Policies of these networks to find out more, using the following links:
– Facebook
– Instagram
– Twitter
– Google – Instagram – Twitter – Google.
To express your interest in working for our Company In order to assess your knowledge and experience, we may ask for the following:
– CVs
– Identification documents
– Academic documents
– Work history
– Proof of experience
You may also be asked for additional information during your potential interview by our Company’s executives, in which interview you will be asked for your explicit consent to keep your CV in our Company’s records for possible future employment by you in our Company.
We may receive the above Data from:
– Directly from you
– From a third party who manages/forwards your CV
– From recruitment agencies available for recruitment
– From online sources e.g. Linkedin
– Through a recruitment platform
Lawful basis of processing
Our processing of user data:
It is carried out pursuant to the contractual obligations between us and in full compliance with the legislation governing our activities.
It is based on your consent (where required).
It is based on the legal obligations of our Company or our legitimate interest which, in any case, does not affect your rights.
Data transmission
Recipients of the Data are our Company’s employees, who are bound by confidentiality, our partners, our suppliers, who process your Data as Processors on our behalf and in accordance with our instructions.
In addition, we may share or disclose your Data when you have expressly requested it or when required by law.
The Data Processors on our behalf are contractually bound to maintain confidentiality, not to transmit Data to third parties without the Company’s permission, to take appropriate security measures, to comply with the legal framework for the protection of personal data and in particular the GDPR Regulation.
Data retention
Our company retains your data only for the time required for the purpose for which they were collected or until you request their deletion (if earlier), with the exception of cases in which the Law or the Contracts we have signed stipulate otherwise.
The retention periods for Personal Data are reflected in the records of processing activities maintained by our company.
Certain categories of Data are kept for longer than expected in order to defend the Company’s rights and exercise its legitimate claims.
Processing in these cases will be necessary for as long as required for the expiry of claims, the irrevocable resolution of judicial or administrative proceedings we may bring or the completion of out-of-court dispute resolution proceedings between us.
In addition, we mention the need to investigate security incidents.
We will process the User’s Data at all times in a strictly confidential manner and will maintain the mandatory obligation of confidentiality in relation to such Data, in accordance with the provisions of the applicable regulations and, to this end, adopting the technical and organizational measures necessary to ensure the security of your Data and to prevent the alteration, loss, processing or access to unlawful information, given the capabilities of the present technology, the nature of the data stored, the nature of the data stored, the nature of the data stored, the nature of the data stored, the nature of the data stored, the nature of the data stored, the nature of the data stored, the nature of the data stored, the nature of the data stored, the nature of the data stored, the nature of the data stored, the nature of the data stored, the nature of the data stored, the nature of the data stored, the nature of the data stored, the nature of the data stored, the nature of the data stored and the nature of the data stored.
The measures we use are:
Disk encryption
Desktop and laptop firewalls
Anti-virus and anti-malware software
Strong physical, environmental, network and perimeter controls
Monitoring and detection systems
Finally, our website is HTTPS and uses an SSL certificate for maximum security.
SSL security certificates serve the following 2 processes:
Secure data transfer between a web server (server) and a browser (browser).
Authentication and identification, helping the user to confirm the identity of the website with which they are dealing.
Once the process that activates the SSL security certificate is started (e.g. filling in a contact form), then a series of checks / actions are performed to ensure the secure interface between the website and the user.
The web browser checks the SSL Certificate to see if it is valid and to authenticate the identity of the website.
The web server then communicates with the web browser and data encryption is activated in specific bits (usually 128bit or 256bit).
The web server and browser exchange unique encryption codes to use in the decryption that takes place upon completion of the data exchange.
The data exchange process starts, the SSL secure data transfer icon appears next to the website address bar and the data transfer is now secure.
Data disclosure
We will only disclose the Data if:
We must comply with the applicable law.
To respond to requests from Public or Government Authorities, for security or law enforcement purposes.
To protect any legitimate interests that may be affected by malicious users.
Minors’ data
We do not process data concerning children under 16 years of age.
If you are under 16 years old, do not provide Personal Data, even if requested.
If you believe you have inadvertently provided Personal Data, ask your parents or legal guardians to notify us and we will delete your Personal Data immediately.
Links leading to third parties
Our Website may provide links to other Websites.
These Sites may collect and use your Personal Data differently than we do.
We are not responsible for, and do not accept any liability for, the collection practices of these Sites and their Privacy Policies.
Should you wish to inquire about their Privacy Policies, please contact the respective Data Controllers of these Websites.
Your Rights in relation to your Personal Data
Our Company guarantees the observance of your Rights.
These Rights are:
Right to Information and Access to your Data: You will receive more and clearer information when your Data is collected, about its Processing and your Right of Access to it.
Right of rectification: you have the right to demand from the Data Controller the rectification of inaccurate and incomplete data concerning you.
Right to restriction of processing: You have the right to obtain from the Controller the restriction of the processing of your Data under certain conditions.
Right to object to processing: you have the right to object to the processing of your Data under certain conditions, in particular when it comes to “profiling” or for direct marketing purposes.
Right to Deletion: when you no longer wish to have your Personal Data Processed and/or Retained, you have the Right to request their Deletion, provided that the Data is not held for a specific Lawful and stated purpose.
Right to Data Portability: you have the right to receive or request the transfer of your Data, in unreadable form, from one Controller to another under certain conditions, if you wish.
If you intend to exercise any of the aforementioned Rights, please contact us at [email protected]
When we respond to your requests
We will respond to your Requests as soon as possible, and in any event within one month of receiving your request.
However, if your request is complex or there are a large number of pending requests, we will let you know if we need to obtain an extension of another month, within which we will respond to you.
User Responsibility
The user:
You warrant that you are of legal age, fully competent, and that the information you provide is true, accurate and up to date.
For these purposes, the User is responsible for the truthfulness of all Data transmitted and will keep the information up to date so that such Data reflects their true/current/updated status.
He/she will be liable for false or inaccurate information provided through the Website and for any damages, direct or indirect, that they may cause to us or to third parties.
Covid-19 treatment
Our Company complies with all the Health Protocols against Covid-19 both within our offices and when our staff visit our clients’ premises.
We keep a record of visits to our offices (name, date of visit and contact details of visitors), so that it is possible to trace possible outbreaks should this be required by the relevant Health Authorities.
Changes to this Policy
We reserve the right to revise this Privacy Policy in cases where:
We are expanding our services
We are required to comply with the newest Institutional/Regulatory Framework
Any changes/revisions will be posted on our Website, or may be communicated to you via email.
This Policy was last revised on 15 April 2021.
