1. Introduction
1.1. Brief Presentation
FASMA Consulting Group is a consulting firm, with the aim to provide highly skilled
SAP Professionals across all industry sectors. We aim to be the choice for our
customers and our business partners, for innovating SAP Consulting services and
solutions.
Our work focuses on designing, realizing, customizing and implementing SAP
solutions and providing consulting services based on our wide background and
experience to create and sustain a competitive advantage for our customers. The
qualifications and capabilities of our highly motivated consultants are vital to achieve
and exceed these objectives.
1.2. Protection & Processing of Personal Data (PD)
Personal Data (PD) means any information relating to an identified or identifiable
natural person (data subject). An identifiable natural person is one who can be
identified, directly or indirectly, in particular by reference to an identifier such as a
name, an identification number, location data, an online identifier or to one or more
factors specific to the physical, physiological, genetic, mental, economic, cultural or
social identity of that natural person. PD may include more personal information such
as habits, preferences, biometric data etc.
Every company that processes PD relating to live data subjects who are in the EU is
required to fully comply from May 25, 2018 with EU's General Data Protection
Regulation 679/2016. This Regulation shall be binding in its entirety and directly
applicable in all Member States.
Processing means any operation or set of operations which is performed on personal
data or on sets of personal data, whether or not by automated means, such as
collection, recording, organisation, structuring, storage, adaptation or alteration,
retrieval, consultation, use, disclosure by transmission, dissemination or otherwise
making available, alignment or combination, restriction, erasure or destruction.
The company, through its Privacy Policy, informs natural persons about the
processing of PD, thus helping natural persons to make informed decisions about
their relationship with the business.
1.3 Privacy Policy
The company must collect PD (ie, personal information) for the effective execution of
everyday business functions and services and, in some cases, for its compliance
with the requirements of the legislation and / or regulations it applies.
This Privacy Policy declares our compliance with the General Data Protection
Regulation and our respect for the protection of the privacy and security of personal
data.
In addition, it aims to:
▪ Inform the natural persons (you) about the PD we collect and process, for
what purpose, in which way and for how long.
▪ Ensure that natural persons are aware of their rights and our duty to
accountability and security.
▪ Provides an easy and clear means of ensuring your consent as the legal basis
(lawfulness of processing) for the processing of the PD, and at the same time
gives you the right to withdraw this consent whenever you want.
This Privacy Policy was posted on our company's website on May 25, 2018 and
replaces a previous post / issue. The Privacy Policy generally applies to any natural
person who has or intends to have any kind of cooperation with us.
2. Information (PD) we collect about you
When you call us, visit our website, cooperate with us, ask questions or ask for our
cooperation, we may ask you for information (ie PD such as: name, address, email,
phone, etc.) depending on the type of our relationship. Moreover, you may choose to
voluntarily disclose additional PD (as in the case of sending a CV) or additional
information (such as tax or commercial information, as part of your briefing or
collaborative inquiry). We collect information, directly or indirectly, in the following
ways:
▪ Information you send us or give us, when you contact us or visit our website,
by electronic or other means.
▪ Information we receive from your use of our services or our partners' services.
▪ We use various technologies for collecting and storing information which may
include the use of technologies such as cookies (see Section 7).
▪ We may use information from advertising networks, our customers or third
parties to let you know about specific services that may be of interest to you.
▪ Our website collects information (such as IP address, search engine, ...) used
for activities such as number of visitors of our website, identifying visitors'
points of interest, communication effectiveness etc,
For more information on how to access, manage, modify, or delete information, see
Sections 5 & 6 below.
3. How we use PD
We use the information we collect (as described in Section 2 above) and consistently
with the consents you have given us, in order to:
▪ provide you with personalized and up-to-date services and / or products
▪ communicate with you to let you know about new services or products that
may be of interest to you
▪ process your payment or prevent or detect potential frauds
▪ answer any questions you have asked us
▪ implement the framework of this Privacy Policy
When communicating with us, we keep a record of our communications messages,
so we can resolve any issues may arise.
We do not allow unauthorized entities, and without your consent, to access your
information (PD).
For all the above, indispensable prerequisite is your consent (see sections 5 & 8
below).
4. Disclosure of your information
We do not disclose or share your PD with companies, organizations, and individuals
outside of our company unless one of the following situations applies:
▪ By your own consent: We share your personal information (PD) with
companies, organizations, and individuals only when we have your explicit
consent (see Sections 5 & 8 below).
▪ For outsourced processing: We provide personal information to our third-party
associates partners and businesses or individuals that we trust, in order to
process them for our own use, based on our guidelines and in accordance
with our Privacy Policy and any other confidentiality and security measures
such as EU Regulation 679/2016.
▪ For legal purposes: We share personal data with competent public authorities
when it is reasonably necessary and in order to comply with laws, regulations,
legal procedures or governmental enquiries.
▪ In the context of scientific research: We provide data in an unidentifiable form
(anonymous) for scientific or statistical studies.
5. Your Rights & Our Obligations
5.1 Your Rights
Our clients, users of our services and our website's visitors have rights (which should
not be against the relevant legislation) under this Privacy Policy and the GDPR.
These rights of natural persons (your rights) are:
▪ Right to access your PD
▪ Right to correct your PD
▪ Right to delete your PD
▪ Right to limit the processing of your PD
▪ Right to information about correcting or deleting or limiting the processing of
your PD
▪ The right of portability of PD
▪ Right to oppose the processing of your PD
▪ Opportunity to oppose automated individual decision-making including
profiling.
The way to exercise your rights is described in the Section 6.
5.2 Our obligations
Our duties include:
▪ Accountability for the 6 principles governing the processing of PD (ie
lawfulness, objectivity and transparency, purpose limitation, minimization of
PD, accuracy of PD, storage period limitation, security, integrity and
confidentiality).
▪ Any processing of PD is lawful only if one of the following 6 conditions is true:
▫ the subject of the data has consented to the processing of the PD
▫ Processing of PD is necessary for the execution of a contract where the
subject (you) is a party
▫ Processing is necessary to comply with a legal obligation of the controller
(us)
▫ Processing is necessary to safeguard a vital interest of the natural person
(you)
▫ Processing is necessary for the performance of a duty of public interest or in
the exercise of public authority entrusted to the controller (us)
▫ Processing is necessary for the purpose of serving the legal interests
pursued by the controller (us) or by a third party, unless the interest or
fundamental rights and freedoms of the natural person prevail.
In addition, we implement the appropriate technical and organizational measures to
protect our company and our partners from unauthorized access or alteration,
violation or destruction of the PD we have in our possession.
Specifically:
▪ We encrypt many of our services.
▪ We control data collection, storage and processing practices, including
physical security measures, to protect against unauthorized access to
systems and processes.
▪ Access to personal information is limited and controlled, and these individuals
are subject to strict contractual obligations of confidentiality.
▪ If third parties (for maintenance or support purposes) have potentially access
to PD, relevant appendices to existing cooperation agreements (contracts)
cover the requirements of the GDPR.
Throughout the entire processing cycle (from collection to the destruction of PD), we
take the appropriate technical and organizational measures to ensure the
confidentiality, integrity and availability of PD. Similar steps are required by third
parties handling or processing PD.
Our services, products and website are not intended for children under the age of 16.
We do not, to our extent of knowledge, process PD of children under the age of 16.
6. Access to your own PDs and information supplied
Under the Rights provided by the Regulation (GDPR: General Data Protection
Regulation), you may request an update of your own PD or request a correction or
limitation of processing or deletion of PD (see in detail your rights in Section 5.1).
In such cases, you are requested to fill out a SAR (Subject Access Request). We are
required to respond to you within one month of receipt of the SAR.
WANT TO FILL A SAR APPLICATION? Download Subject Access Request Form
The exercise of a natural person's rights can always be done under existing
legislation (such as tax or labor law).
Whenever you use our services, our aim is to provide you with access to your own
PD. If this data is incorrect, we are working to provide you with ways to quickly
update or delete them - unless we need to keep this information because it is
required by relevant legislation or for lawful purposes.
7. Cookies
We may use small text files called cookies to improve overall site experience. A
cookie is a piece of data stored on the user's hard disk containing information about
the user. Cookies, generally, do not allow us to personally identify you.
The visitor of the site is informed of their use and may disable them.
8. Your consent and its withdrawal
Our company in accordance with:
▪ Our Privacy Policy;
▪ Compliance with the GDPR (Reg 679/2016) and the relevant national
legislation;
▪ Our respect for protecting the privacy and security of personal data;
would like your written consent (opt-in) for the collection and processing of your
personal data, as outlined in this Privacy Policy.
Your consent is for distinct purposes and may be withdrawn (per case/object or in
total) at any time by:
▪ the use (opt-out) at any time of the unregister link provided in all FCG's email
communications or
▪ by sending an email to the contact information supplied in Section 9 below.
The company will only collect and process PD where it can lawfully do so, such as
(a) following a requirement of the relevant legislation; (b) a necessary process for the
execution of a contract of which the natural person is a party; (c) a necessary
process to comply with legal obligations of the controller (d) necessary process to
safeguard the vital interest of the natural person; (e) necessary process for the
purpose of the lawful interests pursued by the controller or by a third party; unless
the above interest are inferior to a different prevailing interest or fundamental rights
and freedoms.
You may be asked to provide additional consent if the PD should be used for
purposes not covered by this Privacy Policy.
9. Contact
If you have any questions, concerns, or complaints about this Privacy Statement, or
our privacy practices in general, please send an email
to privacy@fasmaconsulting.com