Privacy Policy

1. Introduction

The Company named «QUALITY ASSURANCE AND CONTROL SYSTEMS LTD», under the distinctive title « QACS» having its registered office at Antigonis Str. 1, PC: 14451, with VAT No. 999709411, Tax Office of Νea Ionia, GEMI No 004763801000, telephone 210-2934745 & e-mail:  [email protected] (hereinafter referred to as the “Company” or “ QACS“), with respect to your privacy and the management, protection and security of your personal data, has established and applies this Privacy Policy (hereinafter “Privacy Policy”) concerning the website of

Through the Privacy Policy, we provide you with the necessary information concerning the processing of the personal data you provide us, as part of the relationship between us. The processing and protection of your personal data is always governed by the provisions of the General Data Protection Regulation (EU) 2016/679 – GDPR (hereinafter referred to as “GDPR”) of the applicable Greek legislation on protection of personal data (Law 4624/2019, Law 2472/1997, Law 3471/2006, as may be in force, etc.), as well as from the relevant decisions, directives and regulatory acts of the Hellenic Data Protection Authority (

2. Definitions

Personal Data «Subject»: means the website user and any other natural person, comes into contact with our website.

«Personal data»: means any information that can directly or indirectly identify a natural person (the “Subject”), such as his name, postal address, contact details (telephone, mobile), his electronic address (e- mail), etc.

«Processing»: means every act or series of acts performed with or without the use of automated means on personal data or sets of personal data, such as collection, registration, organization, structuring, storage, adaptation or alteration, retrieval, research of information, use, disclosure by transmission, dissemination or any other form of disposal, correlation or combination, restriction, deletion or destruction of personal data that has come of which the Company shall become aware , either directly by you through the website, or as part of your transactional relationship with it.

«Data Controller»: means the Company named «QUALITY ASSURANCE AND CONTROL SYSTEMS LTD», under the distinctive title « QACS» having its registered office at Antigonis Str. 1, PC: 14451, with VAT No. 999709411, Tax Office of Nea Ionia, GEMI No 004763801000, telephone 210-2934745 & e-mail:  [email protected], which determines the purposes and mode of processing personal data.

«Data Processor»: means the natural or legal person, public authority, agency or other entity that processes personal data on behalf of the controller.

«Recipient»: means the natural or legal person, public authority, agency or other body to which the personal data is disclosed, whether it is a third party or not.

«Third party»: means any natural or legal person, public authority, agency or body, other than the data subject, the controller, the processor and the persons who, under the direct supervision of the controller or the processor, are authorized to process personal data.

«Consent of the data subject»: means any indication of will, free, specific, explicit and fully informed, by which the data subject shows that he agrees, by statement or by a clear positive action, to be the subject of processing of the personal data that they concern him/her.

«Data Protection Officer, «DPO»: means the Data Protection Officer designated by the Company who holds the position and duties defined by the current legislative framework on personal data protection.

3. Type of data we collect, the purpose and the legal basis

We collect and process your following personal data on a case-by-case basis, in the following cases:

Activity Data Purpose Legal basis
Entrance in our website Such as IP address, date and time of access (timestamp-time zone), user name, access provider, browser and its version, operating system and its version. Provision of personalized services to you, proper connection establishment, security and system stability a) legitimate interest as part of making our website available to the general public and providing services to it
Contact via contact form Name, surname, e-mail, content of the message Contact, management/dealing with or resolution of your request, query or complaint a) the transactional relationship between us

b) legitimate interest, as part of your service

c) (if applicable) your consent

Contact via e-mail e-mail, first name, last name (if applicable), content of the message Contact, management/dealing with or resolution of your request, query or complaint a) the transactional relationship between us

b) legitimate interest, as part of your service



(see Cookies policy)

Sending and treating CVs of Employee Candidates

(see relevant information on prospective employees on personal data processing)

We must inform you that the personal data you provide to us through our website, for the above purposes, is necessary for us, for your optimal service and the arrangement, management or resolution of your request, query or complaint. Therefore, not providing your data as the case may be, might may communication between us through the website and our transactional relationship in general ineffective and/or impossible.

4. Processing of personal data of special categories

Our Company does not process through its website your sensitive personal data (data of special categories), such as data related to your racial or ethnic origin, your religious or philosophical beliefs, health data or data concerning your sexual life or your sexual orientation, since the above data is not necessary for us. In case these are provided by you, in order to submit a request or comment or in the context of our communication, they are processed based on your express consent or if it is considered that there is a reason to support our legal claims.

5. Data concerning minors

Our Company does not process personal data of persons under the age of 18 (minors). We reserve the right, in case we find that a minor has provided us with their data, without the consent of their legal representative, to delete said data. If you become aware that a minor has provided us with their data without the consent of their legal representative, please contact us.

However, we point out that, when the processing of personal data is based on consent in accordance with Art. 6 par. 1 f. a) GDPR, in relation to the offer of information society services directly to a child, the consent provided by the minor and consequently the processing is lawful, if the minor is at least 15 years old. In case the minor is under the age of 15, this processing is lawful only if and to the extent that said consent is provided or approved by the legal representative of the minor (Art. 8 GDPR in conjunction with Art. 21 n. 4624/2019).

6. Who are the recipients of your data

The personal data we collect from you as part of our relationship is processed by:

  1. authorized and properly trained competent staff of our Company bound by absolute secrecy and confidentiality,
  2. partners of our Company, to whom the Company in accordance with Article 28 GDPR entrusts the execution of specific tasks on its behalf (processors) and with which it has ensured GDPR-compliant processing for the protection of your data, by signing contracts and undertaking to observe adequate measures, in accordance with the corresponding provisions of the GDPR (Art. 28, 32), such as, indicatively but not limited to third party partners – technical companies as part of website management and service provision, support of our applications,
  3. public bodies and authorities, such as public agencies and bodies, independent authorities, regulatory authorities, police, competent authorities, prosecutors, other administrative agencies, etc., when we are required to do so by the applicable legal framework.

At this point, we would like to inform you that in principle we do not transmit your personal data to third (outside the EU or EEA) countries or international organizations, which do not ensure an adequate level of protection (based on an Adequacy Decision or certification. Any transmission follows and complies with the relevant provisions of the applicable legislative framework, in particular Article 44 et al of the GDPR. In any case, you will be informed accordingly.

7. What is the retention period of personal data?

We retain your personal data as provided by the law, in particular for as long as is provided for in each case, for as long as the nature and purpose of each processing requires, for as long as is defined by the applicable legislative and regulatory framework and in any case for the entire duration of the transactional relationship between us and our individual contractual commitments, depending on its nature, taking into account the legal obligations of our Company and any legal claims that may arise thereof, in order to justify the retention period of personal data.

In cases where the processing of personal data is based on the consent provided, the data is retained by the Company for as long as provided by law, depending on the purpose and type of processing, including our Company’s legal obligation for retention.

In any case, we apply a maximum retention period of twenty (20) years (general limitation for claims), with the possibility of extending the above period in case of any claim or pending litigation or indication of control by public authorities. After the above period of time, data that is no longer necessary will be deleted in a secure and unrecoverable manner.


8. Your rights based on the GDPR

In any case, you have control over the processing of your personal data. Any user, either registered or not, in their capacity of a data subject, may at any time exercise his rights, as provided for in the GDPR and in particular Articles 12 to 23 thereof, but also the relevant national legislation and in particular:

  1. Right to information, communication and update for the exercise of your rights (art. 12, 13, 14 GDPR), i.e. your right to be informed about how your personal data is used (as detailed in this Privacy Policy).
  2. Right of access to the personal data concerning you and as long as it is processed by the Company, as the Data Controller (Art. 15 GDPR). Our Company will provide a copy of the personal data upon your request.
  3. Right of correction of inaccurate data as well as completion of incomplete data (Art. 16 GDPR).
  4. Right of deletion of your personal data (“right to be forgotten”), without prejudice to the obligations and legal rights of the Company to comply with them based on the currently applicable legislative and regulatory provisions (Art. 17 GDPR).
  5. Right of limitation of your personal data, as long as either their accuracy is challenged, or the processing is illegal or the purpose of the processing is missing, but their deletion is not recommended (Art. 18 GDPR).
  6. Right of portability of your personal data to another Data Controller, if the processing is based on your consent and is carried out by automated means or for the conclusion of a contract between us (Art. 20 GDPR). In this case, you can receive the data that concern you and that you have provided us with in a structured, commonly used and machine-readable format.
  7. Right of objection for reasons related to your particular situation, in case your data is processed for the purposes of the Company’s legitimate interests (art. 21 GDPR) and particularly objection to automated decision-making, including profiling (Art. 22 GDPR).
  8. Right of withdrawal of your already given consent (Art. 7 par. 3 GDPR) at any time for processing based on consent. The lawfulness of your data processing is not affected by the withdrawal of consent until the point at which you requested the withdrawal.
  9. You also have the right to lodge a complaint with a supervisory authority, particularly in the Member State of your residence or your place of work or the place of the alleged infringement, if you consider that the processing of your personal data concerning violates the GDPR (art. 77 GDPR). The competent Supervisory Authority, in Greece is the Hellenic Data Protection Authority (1-3 Kifissias Avenue, PC 115 23, +30 210 6475600, [email protected]).

9. How to exercise your rights and file a complaint

You have the right to exercise your rights in one of the following ways:

  1. Either by sending an e-mail at [email protected] attaching the completed DATA SUBJECT RIGHT REQUEST FORM that we provide you.
  2. Or by sending a letter to our address or personally delivered to our Company’s offices, by completing the relevant exercise of rights form that we provide you.

Your requests must be accompanied by appropriate evidence of your personal details, with the express reservation that the Company may request the provision of additional information, in order to identify and confirm your details.

Your above requests will be evaluated upon completion and dispatch of the rights exercise form, as posted on our website and under the express instructions stated therein.

Our Company shall make every effort to take the necessary actions within (1) month from the date of receipt of your request, unless the tasks related to the satisfaction of the request are characterized by particularities and/or complications, based on which the Company retains the right to extend the time of completion of actions.

In all cases, you will receive be informed of the progress of your request within one (1) month of its submission.


10. Safety of your data processing

Our Company ensures, among other things, that sufficient and appropriate technical and organizational measures are taken to ensure the appropriate level of security against risks during processing and in particular from accidental or illegal destruction, loss, alteration, unauthorized disclosure or access of personal data transmitted, stored or otherwise processed but also the preservation of both technical and physical security in accordance with Article 32 of the GDPR. Our Company disposes of the relevant Policies and generally observes the principles of processing in accordance with the GDPR (Art. 5 GDPR), to ensure the availability, integrity and confidentiality of your data.

11. Social media

Our company uses the following social media:

As regards certain processing, we and the Data Controllers of the aforementioned social media platforms jointly act as Data Controllers of your data, within the meaning of Article 26 GDPR. As regards the data processing by the Social Media Data Controllers, we can only have a limited influence on the processing of data. Therefore, we act within the framework of the possibilities available to us and in accordance with the applicable legislation on protection of personal data.

The social media Data Controller manages the overall information infrastructure of each service, observes its own technical and organizational data protection measures and maintains its own relationship with you as a user and therefore as a data subject (on condition that you are a registered member of the respective social media service).

For more information regarding the processing of your data by the social media providers and your rights in general, please refer to the respective Privacy/Protection Policies of the respective provider:

–           For Facebook:

–           For YouTube:

–           For LinkedIn:

The data you provide us with when visiting our social media page, such as comments, videos, images, “likes”, public messages, etc., are made public on the social media platform you choose and are neither used nor processed by us for purposes other than your information regarding our promotional actions, such as discounts, special offers, competitions that we may organize, but also as part of your service, when you wish to contact us in this way. The processing of your personal data is carried out based on Article 6 par. 1f of the GDPR, as part of the optimal provision of our services to you.

12. More specific Company Declarations

  1. The Company declares that it is not responsible for any damage (direct, indirect, positive, and consequential) that may occur to the visitor on the occasion of the website or its use. The visitor is solely responsible for the protection of their system for viruses and other malware.
  2. The Company declares that it neither takes decisions nor makes profiling based on automated processing of your data.
  3. The Company declares that the present Privacy Policy can be modified at any time. The user will be informed of all the important changes, while each time the updated version will be posted on the website. To this end, the visitor must be informed and consult this policy at regular intervals.
  4. The Company declares that no other use of the visitor’s personal data will be made for purposes other than those indicated herein, without prior information and, where necessary, consent.

13. Useful contact details

Details of the Data Controller
Quality Assurance &Control Systems

Address: Antigonis 1 Metamorfosi 144 51, Greece

Email: [email protected]

Call: (+30) 210-2934745

Details of the Data Protection Data Authority (, competent National Supervisory Authority)
Address: 1 – 3 KIfissias Avenue, PC  115 23, Athens

Call Centre: +30 210 6475600

Fax: +30 210 6475628

E-mail: [email protected]


Details of the Data Protection Officer (DPO)
E-mail: [email protected]



Last update: 11/16/2022