Call Recording Policy Greece

Introduction

This Policy outlines the Company’s call recording procedure, as the controller of your personal data. The purpose of this Policy is to ensure that recordings of communications are managed in line with the applicable legal framework, including the data protection legislation, namely the General Data Protection Regulation (EU) 2016/679 (GDPR) and the Greek Law 4624/2019, as well as the Directive 2002/58/EC (e-Privacy Directive) and the Greek Law 3471/2006 on the protection of personal data and privacy in the electronic communications sector.

You will be informed, at the outset of the call, that the call, including the related traffic data, will be recorded and transcribed, as well as on the purposes of the recording, while also being referred to in this Policy. This information will normally be provided via a live message or, less frequently, via a pre-recorded message within the telephone system.

Purposes of and Legal basis for Processing

The purpose of call recording is to provide a record of incoming and outgoing calls with respect to specific, dedicated lines in order to provide evidence of:

· Commercial transactions, including a preliminary part of such transaction; and

· Any other business communication (e.g. in the framework of the provision of educational services to you), when it is necessary to prove that the conversation in question took place and had a specific content.

The legal basis for the processing of call recordings is the legitimate interest of the Company, in accordance with Article 6 (f) of the GDPR.

Processing of Special Category Data

Given the nature of calls, special category data (i.e. information relating to religious beliefs or health etc.) may be disclosed inadvertently during a recorded conversation. In such a case, we will make every effort to delete the section containing the special category data. Otherwise, if this is not possible, we will delete the entire call recording.

In cases where special category data are intentionally provided by you during the phone call for the purposes of and in connection with the recorded transaction or other business communication, this intentional disclosure of data constitutes the legal basis for data processing, under Article 9 (e) of the GDPR, as constituting information that is manifestly made public by the data subject. In such a case, we will process the relevant special category data for the relevant purposes for which it was provided, in accordance with the data protection legal framework.

Recipients

In some cases, we may use external service providers (e.g. telephony providers) to process your personal data, which are obliged to take all necessary technical and organisational measures to prevent unauthorised disclosure of the personal data to which they gain access. We may also disclose the data to public authorities, where such disclosure is required for by law.

Cross-border Data Transfers

The personal data we collect is processed on servers located in the European Economic Area (EEA). In exceptional cases, where the Company may transfer your personal data outside the EEA, we will ensure that there is an appropriate level of protection corresponding to the level of protection of personal data in the EEA.

Confidentiality

The call recordings and their electronic files will be stored securely, and access to them will be controlled and managed by authorized staff.

Data Retention

The call recordings and their electronic files will be retained only for the time necessary for the specific purposes for which they were collected, unless the law permits or requires a longer retention period or the continuing nature of the transaction so requires. Based on the above, the call recordings and their files will be retained for a period of 6-12 months. Following the completion of the retention period, your data will be securely deleted or anonymized.

Data Subjects’ Rights

You have the following rights, under the data protection legislation:

  • Right of access: You have the right to ask us to confirm whether we are processing your personal data and ask us to send you an electronic copy of your data.
  • Right to rectification: If the data we hold about you is inaccurate or incomplete, you can request that we correct or update the information so that it is complete.
  • Right to erasure: In certain circumstances, you have the right to ask us to delete all or part of your data. Please note that we may still retain some personal data to the extent and for the time that is required under specific legal obligations (e.g. tax law).
  • Right to restriction: In certain circumstances, you have the right to request that we no longer process your personal data for particular purposes.
  • Right to object: You have the right to object to our use of your personal data or the way in which we process it.

To exercise all of the above rights, you may address your request to the Company via e-mail at legal@gus.global.

If the Company does not respond to your request or you believe that we have not handled your personal data in accordance with the applicable data protection legislation, or that your rights are infringed, you have the right to lodge a complaint with the Hellenic Data Protection Authority (www.dpa.gr).

Changes to this Policy

The terms of this Policy may be amended from time to time depending on the needs of the Company, as well as to comply with the applicable legal and regulatory requirements. For this reason, it is recommended to periodically review this Policy for any changes. For further information on this Policy, you may contact us at legal@gus.global.