Privacy Policy
Evolve Networks, located at Andrea Papandreou Avenue 255, Thessaloniki, 56532, has been established to serve the interests of its stakeholders and clients.
With the aim of protecting and safeguarding your privacy and personal data, which we value greatly, Evolve Networks has implemented a series of actions, rules, and procedures to ensure full compliance with the applicable European and national legislative framework. This statement, provided in compliance with the General Data Protection Regulation (Regulation (EU) 2016/679) and any relevant law issued and applicable in Greece, is intended to inform you of:
- Our policy regarding the collection and processing of your personal data;
- The personal data we process and the purposes of processing; as well as
- Other necessary information to ensure fair and transparent processing of personal data when we act as Controllers or Processors, in accordance with the General Data Protection Regulation (GDPR).
This may happen, for example, when you visit our website, apply to work for Evolve Networks, hold a contract as the owner of a property on which a base station or any telecommunication equipment is installed or will be installed, when filing applications/complaints as a subscriber/user of our services, or when you are a supplier, partner, or any other person who comes into contact with us (collectively, each referred to as “user”, “you”, “your”).
This statement may be amended and adjusted whenever deemed necessary to ensure compliance with any new proposals by the competent Greek Regulatory Authority (Hellenic Data Protection Authority), the EU, or with applicable national law.
For more information, please contact info@evolvenetworks.gr.
i. Lease Agreements and Contractual Relationships
In the framework of fulfilling its statutory purpose, Evolve Networks may conclude lease agreements with the owners of properties where telecommunications equipment is installed or is to be installed. We may also handle any issues arising from the lease agreement you have signed with one of our clients. During your contractual relationship either with us or with our clients, we may collect the following data:- Personal details (full name, address, father’s name, etc.)
- Contact details (e.g., email, phone number)
- Ownership deeds
- Tax Identification Number, Tax Office, ID Card Number
- Bank account numbers
- Any debts to third parties or to the State
- Any liens on the property (prenotations, mortgages, etc.)
- Any attachment recorded on the property
- Certificates/Authorisations for concluding the lease agreement
- Lease agreements, amendments, and terminations thereof
ii. Job Applications
If we receive your CV as part of an online application for work at Evolve Networks, we will retain the data we have been provided with to check whether they match any job opportunities at Evolve Networks, for a period of two (2) years. Indicatively, we may collect the following data:- Personal details
- Contact details (e.g., email, phone number or other)
- Academic information
- Work experience
- Education history
- Letters of reference
iii. Contracts with Contractors and Partners
In the course of its business activities, Evolve Networks may also conclude contracts with contractors and partners for the rendering of services related to our business. Indicatively, we may collect the following data regarding their staff:- Personal details (full name)
- Contact details (e.g., email, phone number)
- ID card number, passport number, license plate numbers
- Certificates/Certifications, in order to determine their suitability for performing specific tasks (e.g., climbing on base stations)
- Supplier evaluation data
iv. Website Visitors
When you visit our website, we automatically collect certain information from your computer or mobile device through the use of cookies. Our website’s use of cookies is explained in the separate Cookies Policy.Evolve Networks collects and processes your personal data with your consent and on the condition that you have been informed through this policy of the type of data processed, the purpose and extent of processing, and the recipients thereof. Your consent may be revoked at any time. Please visit the section “Your Rights” of this policy for more information.
However, as detailed below, the processing of your personal data may also be based on a legal basis other than consent, such as the performance of a contract, support for Evolve Networks’ legitimate business interests, and compliance with other legal obligations:
i. For the Performance of a Contract
The processing of your personal data is necessary for the fulfillment of our obligations under the contract.
ii. For Compliance with a Legal Obligation
The processing of your personal data is mandatory, as in the case of keeping records for tax purposes or providing your personal data to a public entity or law enforcement authority.
iii. For Reasons Pertaining to the Protection of Legitimate Interests
Your personal data may be processed in the course of a legitimate activity in order to ensure the continuity of such activity, as long as this does not exceed your interests.
Your personal data is not processed or distributed for further purposes, unless required by law and the regulatory framework, or by a signed contract or imposed by other legal obligations of the Company.
i. Transmission to Third Parties
Evolve Networks does not transmit your personal data to third parties that are not affiliated with the Company, unless this is required for the Company’s legitimate business purposes and needs, in order to meet your requests and/or if required or permitted by law. When providing your personal data to third parties, we ensure that such parties comply with the provisions of the General Data Protection Regulation (GDPR).
For property owners in particular, recipients may include:
- All public authorities (tax authorities, urban planning authorities, the Hellenic Telecommunications & Post Commission and other administrative authorities) to which personal data is transmitted by the Company as a legal requirement;
- Courts, judicial authorities, bailiffs, law enforcement authorities or independent/regulatory authorities in the context of resolving any civil, criminal or administrative dispute;
- Affiliated partners of the Company such as contractors, lawyers, engineers, real estate agents, chartered auditors, tax consultants, technical and support service providers and IT consultants;
- Banks/credit institutions;
- Insurance companies;
- Our clients and any of their consultants that are required to have access to your personal data under any legal basis for the relevant processing.
The personal data of employees of Company contractors and partners may be transmitted to the following recipients:
- Lessors, security and/or management companies of commercial buildings/premises/shopping centres, embassies, camps, media premises, public gathering areas (museums, concert halls, stadiums, etc.) which, based on their entrance security regulations, request visitor details prior to their visit.
ii. Transmission Outside the European Economic Area
Your personal data is not transmitted to other countries. If, in the future, we transmit personal data or need to share it with others, outside this context, you will be informed immediately. We will also have ensured that we and those individuals or companies to which we will need to transmit personal data agree to protect them from inappropriate use or disclosure, in accordance with applicable European and national data protection legislation, through standard clauses or other appropriate mechanisms.
We retain the personal data that we collect from you only when necessary. We do not retain this information indefinitely and ensure it is deleted when it no longer serves any purpose.
Indicatively, the criteria used to determine our retention policy are:
Applicable legislation and regulations
Guidelines on best practices and standard industry practices
Time constraints for filing legal claims under Greek and EU law
Evidential support during audits performed by our clients, public supervisory authorities, and/or entities
Legitimate business needs
When we have no legitimate business need or legal obligation to process and retain your personal data, it is deleted.
We use appropriate technical and organisational measures to protect the personal data we collect and process on your behalf. The measures we use are designed to provide a level of security appropriate for the processing risk of your personal data. In particular, processing is performed exclusively by personnel authorised for this purpose, and all appropriate organisational and technical measures are taken to protect such data and secure them against any accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access, and from any other kind of unlawful processing.
You can exercise the following rights, in each case:
i. Information
To receive any information about the processing of your data in a concise, comprehensible, and easily accessible form.
ii. Access
To find out which of your data we process, why, and the recipients thereof.
iii. Rectification
To rectify any incomplete or inaccurate data we retain concerning you.
iv. Deletion (Right to be Forgotten)
To have your data deleted from our records, provided that their processing is no longer necessary.
v. Restriction of Processing
In the event that the accuracy of the data is questioned, etc.
vi. Portability
To receive your data in a structured, commonly used format.
vii. Withdrawal of Consent/Objection
Regarding the processing of your personal data, at any time.
To exercise any of the above rights, please send a request to the Company at: dataprotection@evolvenetworks.gr.
Evolve Networks will take all possible measures to satisfy your request within thirty (30) calendar days from its receipt, notifying you in writing that your request has been satisfied or of the reasons preventing the exercise of your right, and/or the satisfaction of one or more of your above rights, in accordance with the General Data Protection Regulation.
You also have the right to file a complaint with the Personal Data Protection Authority if you consider that Evolve Networks violates the applicable legislation when processing your Personal Data.
The contact details of the Hellenic Data Protection Authority (HDPA) are:
Postal Address: 1-3 Kifisias Avenue, P.C. 115 23, Athens
Call Centre: +30-210 6475600
Fax: +30-210 6475628
E-mail: contact@dpa.gr
Evolve Networks may periodically make changes to this Statement to reflect updated personal data protection practices.
Cookie Policy
Cookies are small text files that are placed on your computer or mobile device when you visit a website. They are widely used to make websites work more efficiently, as well as to provide information to the site owners. Cookies can remember your preferences, improve your user experience, and help us understand how our website is being used.
To protect the privacy of the visitor, the site requires your consent before using cookies. For this purpose, when you first visit the site, you will receive a notice requesting your consent before continuing your tour
The site uses Google Analytics cookies. More information on how to use Google Analytics and the visitor’s choices regarding the use of cookies can be found here:
Frequently Asked Questions
The General Data Protection Regulation (GDPR) is a comprehensive data protection law that came into effect on May 25, 2018, across the European Union (EU). It aims to protect the privacy and personal data of EU citizens and residents, giving them greater control over their personal information. The GDPR imposes strict rules on how organizations collect, store, and manage personal data, with significant penalties for non-compliance.
Personal data refers to any information that relates to an identified or identifiable individual. This includes data such as names, addresses, email addresses, phone numbers, identification numbers, location data, online identifiers, and other information that can be linked to a specific person.
The basic principles of GDPR include:
- Lawfulness, Fairness, and Transparency: Data must be processed lawfully, fairly, and transparently.
- Purpose Limitation: Data must be collected for specified, explicit, and legitimate purposes and not further processed in a manner incompatible with those purposes.
- Data Minimization: Data collected must be adequate, relevant, and limited to what is necessary for the purposes for which it is processed.
- Accuracy: Data must be accurate and kept up to date. Inaccurate data should be corrected or deleted.
- Storage Limitation: Data must be kept in a form that permits identification of individuals for no longer than necessary for the purposes for which the data is processed.
- Integrity and Confidentiality: Data must be processed in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage.
- Accountability: Data controllers must be able to demonstrate compliance with all these principles.
Processing refers to any operation or set of operations performed on personal data, whether by automated means or not. This includes collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure, dissemination, alignment, combination, restriction, erasure, or destruction of personal data.
The controller is the entity (person, company, public authority, agency, or other body) that determines the purposes and means of processing personal data. Essentially, the controller decides why and how personal data is processed.
The processor is the entity that processes personal data on behalf of the controller. The processor acts on the instructions of the controller and does not decide the purposes and means of processing.
A third party refers to any entity (person, company, public authority, agency, or other body) other than the data subject, the controller, the processor, and persons who, under the direct authority of the controller or processor, are authorized to process personal data. Third parties may receive or have access to personal data through the controller or processor.
The data subject's consent is a freely given, specific, informed, and unambiguous indication of the data subject's wishes by which they, by a statement or by a clear affirmative action, signify agreement to the processing of personal data relating to them. Consent must be explicit and can be withdrawn at any time.
A personal data breach is a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed. Organizations must notify the relevant supervisory authority of a data breach within 72 hours of becoming aware of it, and in some cases, also inform the affected data subjects.