Transparency and Update
Natural persons (data subjects) have the right to be accurately and clearly informed about the collection and use (processing) of their personal data. This right is governed by the basic principle of the GDPR, the principle of transparency (related articles 12-14 GDPR).
In particular, based on the principle of transparency, the information must be concise, transparent, understandable, easily accessible and expressed in simple and clear language. Indefinite terms should be avoided (eg “could”, “might”, “likely to…”, etc.).
The information must include, among others, in particular the following information: the purpose of data processing, their sources (when the collection is from other sources and not from the subject himself) and any recipients. Articles 13 and 14 of the GDPR specify exactly what information must be included in the information, when the collection is from the subjects themselves or from other sources.
In particular, natural persons (data subjects) may request from the controller the following additional information: the categories of their data, the sources of their data (when the data is not provided by the subject), the time period of data retention them or, when this is not possible, the criteria for their retention time, their ability to exercise the right to rectification, erasure, restriction and opposition to processing, the existence of an automatic decision-making process, including profiling and the transmission of the data in a third country or international organization and the existence of relevant protection guarantees.
When must the update be made by the controller: a) at the time of collection, when it is done directly by the data subjects, and b) within a reasonable time from the collection of the data (no later than one month), when it is made from other sources. Subjects do not have the right to information when they already have the information or providing it involves a disproportionate effort for the controller.
You have the right to object when a decision concerning you is based solely on automated processing, including profiling, and that decision produces legal effects or significantly affects you.
The COMPANY does not make decisions based solely on automated personal data processing procedures.
However, it may legally take such decisions, including profiling, for the purposes of monitoring and preventing fraud against the COMPANY or a third party as well as for the assurance and reliability of the services provided by the COMPANY (e.g. insurance & investment services and products) or if such processing is necessary for the conclusion or performance of a contract, which is based on personal data obtained directly from you or from a search in the database of public bodies.Πληροφορίες