Information notice on personal data protection
(Latest update: January 2025)
Subject of the Information Notice on Personal Data Protection
Hellenic Aerospace Industry (hereinafter “H.A.I.”), headquartered at 2-4 Mesogeion Avenue, Tower of Athens, P.C. 11527, Athens, Tel. 210-7799622, in its capacity as the Data Controller, collects and processes your personal data solely when necessary, for clear and lawful purposes, in accordance with Regulation (EU) 2016/679, Law 4624/2019, and Law 3471/2006, as applicable. The purpose of this information notice is to inform the users of the Hellenic Aerospace Industry website – Contact (haicorp.com) about the processing of their personal data.
Definitions
For the purposes of the Personal Data Protection Policy, the following terms have the following meanings:
- “Personal Data”: Any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, particularly by reference to an identifier such as a name, identity number, location data, online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that person.
- “Special Categories of Personal Data”: The processing of personal data that reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, or membership in a trade union, as well as the processing of genetic data, biometric data for the exclusive purpose of identifying a person, or data concerning health, sexual life, or sexual orientation.
- “Processing”: Any operation or set of operations which is performed on personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction.
- “Data Controller”: The authority which alone or jointly with others determines the purposes and means of the processing of personal data. For the purposes of this policy, H.A.I. acts as the Data Controller.
- “Processor”: The natural or legal person, public authority, agency, or other body that processes personal data on behalf of the Data Controller.
- “Data Subject”: The natural person whose personal data is being processed, e.g. employees, associates, trainees of the Company, etc.
- “Personal Data Breach”: A breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data processed.
- “Applicable Legislation”: The applicable national and EU legislation on the protection of personal data, specifically the General Data Protection Regulation (EU) 2016/679 (hereinafter “GDPR”), Law 4624/2019, Law 3671/2006, the case law of the Court of Justice of the European Union (CJEU), and the decisions, guidelines, and opinions of the European Data Protection Board (EDPB) and the Hellenic Data Protection Authority (HDPA).
Data Collected by H.A.I. via the Hellenic Aerospace Industry website (haicorp.com) automatically
When you use our website, we automatically collect information, some of which may constitute personal data. These include information such as language settings, IP address, location, device settings, operating system, activity data, time of use, referral URL, status report, user information (browser version), operating system, browsing results, browsing history, and the types of data you viewed. We may also collect data via cookies. For information regarding the use of cookies, click here.
Collection and Further Processing of Personal Data of Minors
As a rule, H.A.I. does not engage in the direct or indirect collection and processing of personal data of minors. However, as it is impossible to verify the age of individuals accessing or using the website, it is recommended that parents or guardians of minors contact H.A.I. immediately if they discover any unauthorized disclosure of data by minors under their responsibility in order to exercise their rights, such as requesting the deletion of their data.
Transfer of Personal Data Outside the EEA
As a rule, H.A.I. does not transfer your personal data to third countries or international organizations. If your personal data is transferred to a country outside the European Economic Area (EEA) or to an international organization, H.A.I. ensures that one of the lawful bases of Article 6 of the Regulation is satisfied, and cumulatively:
a) The European Commission has issued an adequacy decision for the third country to which the transfer will be made (Article 45 GDPR), or
b) Appropriate safeguards are in place according to the GDPR for the transfer of such data (Article 46 GDPR).
In the absence of an adequacy decision or appropriate safeguards, the transfer is permitted under the conditions set forth in Article 49 GDPR, such as explicit consent from the user and informing them about the risks of the transfer, the transfer being necessary for the performance of a contract upon the data subject’s request, public interest grounds, the necessity for supporting legal claims, or the protection of vital interests of the data subject, etc.
Rights of Data Subjects
H.A.I. ensures that it can promptly respond to data subject requests for the exercise of their rights in accordance with applicable legislation.
In particular, each data subject has the following rights:
- Right to Information and Access
- Right to Rectification
- Right to Erasure
- Right to Restriction of Processing
- Right to Data Portability
- Right to Object
In the event of exercising any of the above rights, H.A.I. will respond promptly [in all cases within thirty (30) days from the submission of the request], informing you in writing about the progress of fulfilling the request.
For any complaints regarding personal data protection issues, if your request is not satisfied, you can contact the Hellenic Data Protection Authority (HDPA) via the following link: www.dpa.gr.
Additionally, you may contact the European Data Protection Board (EDPB) and the European Data Protection Supervisor at the email address: edps@edps.europa.eu.
Data Protection Officer (DPO) Contact Information
For the exercise of all the above rights, as well as for any issues regarding the processing of your personal data by H.A.I., you may contact the Data Protection Officer (DPO) of H.A.I. at the email: dpo@haicorp.com.
Disclaimer for Third-Party Websites – Social Media Buttons
This website contains social media buttons/widgets (e.g., Facebook, Instagram), through which, once the user connects to the social network, a digital footprint is created. Both H.A.I. and the social network itself act as joint data controllers for this data.
For H.A.I., the purpose of processing such data is to improve the functionality of the website and the services provided, as well as to analyze its traffic. The lawful basis for processing personal data is the performance of a task carried out in the public interest.
H.A.I. does not control or assume any responsibility for any subsequent processing of personal data carried out by the entities to which the data has been transferred.
For more information on data processing policies and configuration options for these networks, you can visit the following websites:
- Vimeo
- YouTube
- ΕΣΗΔΗΣ
- Diavgeia Program – (diavgeia.gov.gr)
- Ministry of National Defense
- Hellenic National Defense General Staff (mil.gr)
- Hellenic Air Force (haf.gr)
- Main Page | Hellenic Army | Army gr
- Hellenic Navy – (hellenicnavy.gr)
- Ministry of Finance (minfin.gr)
- EMC
- Lockheed Martin Corporation | Lockheed Martin
- Thales – Building a future we can all trust (thalesgroup.com)
- Home | BAE Systems | International
- Boeing: The Boeing Company
- Rolls-Royce
- Home | Honeywell
- European Defence Agency (europa.eu)
- European Space Agency (esa.int)
- ICAS – International Council of the Aeronautical Sciences – Home
- TEE | Technical Chamber of Greece
- EASA | European Union Aviation Safety Agency (europa.eu)
Updates to the Personal Data Protection Policy
This Personal Data Protection Policy may be modified in the future as part of the company’s regulatory compliance efforts and the optimization and upgrading of its website services. Therefore, it is recommended to review the updated version of the Personal Data Protection Policy regularly for sufficient information.