1. Introduction
1.1. Brief Presentation
FASMA Consulting Group is a consulting firm, with the aim to provide highly skilled SAP Professionals across all industry sectors.
We aim to be the choice for our customers and our business partners, for innovating SAP Consulting services and solutions.
Our work focuses on designing, realizing, customizing and implementing SAP solutions and providing consulting services based on our wide background
and experience to create and sustain a competitive advantage for our customers.
The qualifications and capabilities of our highly-motivated consultants are vital to achieve and exceed these objectives.
1.2. Protection & Processing of Personal Data (PD)
Personal Data (PD) means any information relating to an identified or identifiable natural person (data subject). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. PD may include more personal information such as habits, preferences, biometric data e.t.c. Every company that processes PD relating to live data subjects who are in the EU is required to fully comply from May 25, 2018 with EU's General Data Protection Regulation 679/2016. This Regulation shall be binding in its entirety and directly applicable in all Member States. Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. The company, through its Privacy Policy, informs natural persons about the processing of PD, thus helping natural persons to make informed decisions about their relationship with the business.
1.3 Privacy Policy
The company must collect PD (ie, personal information) for the effective execution of everyday business functions and services and, in some cases, for its compliance with the requirements of the legislation and / or regulations it applies.
This Privacy Policy declares our compliance with the General Data Protection Regulation and our respect for the protection of the privacy and security of personal data.
tt
In addition, it aims to:
- Inform the natural persons (you) about the PD we collect and process, for what purpose, in which way and for how long.
- Ensure that natural persons are aware of their rights and our duty to accountability and security.
- Provides an easy and clear means of ensuring your consent as the legal basis (lawfulness of processing) for the processing of the PD, and at the same time gives you the right to withdraw this consent whenever you want.
This Privacy Policy was posted on our company's website on May 25, 2018 and replaces a previous post / issue. The Privacy Policy generally applies to any natural person who has or intends to have any kind of cooperation with us.
2. Information (PD) we collect about you
When you call us, visit our website, cooperate with us, ask questions or ask for our cooperation, we may ask you for information (ie PD such as: name, address, email, phone, etc.) depending on the type of our relationship.
Moreover, you may choose to voluntarily disclose additional PD (as in the case of sending a CV) or additional information (such as tax or commercial information, as part of your briefing or collaborative inquiry).
We collect information, directly or indirectly, in the following ways:
- Information you send us or give us, when you contact us or visit our website, by electronic or other means.
- Information we receive from your use of our services or our partners' services.
- We use various technologies for collecting and storing information which may include the use of technologies such as cookies (see Section 7).
- We may use information from advertising networks, our customers or third parties to let you know about specific services that may be of interest to you.
- Our website collects information (such as IP address, search engine, ...) used for activities such as number of visitors of our website, identifying visitors' points of interest, communication effectiveness etc,
For more information on how to access, manage, modify, or delete information, see Sections 5 & 6 below.
3. How we use PD
We use the information we collect (as described in Section 2 above) and consistently with the consents you have given us, in order to:
- provide you with personalized and up-to-date services and / or products
- communicate with you to let you know about new services or products that may be of interest to you
- process your payment or prevent or detect potential frauds
- answer any questions you have asked us
- implement the framework of this Privacy Policy
When communicating with us, we keep a record of our communications messages, so we can resolve any issues may arise.
We do not allow unauthorized entities, and without your consent, to access your information (PD).
For all the above, indispensable prerequisite is your consent (see sections 5 & 8 below).
4. Disclosure of your information
We do not disclose or share your PD with companies, organizations, and individuals outside of our company unless one of the following situations applies:
- By your own consent: We share your personal information (PD) with companies, organizations, and individuals only when we have your explicit consent (see Sections 5 & 8 below).
- For outsourced processing: We provide personal information to our third party associates partners and businesses or individuals that we trust, in order to process them for our own use, based on our guidelines and in accordance with our Privacy Policy and any other confidentiality and security measures such as EU Regulation 679/2016.
- For legal purposes: We share personal data with competent public authorities when it is reasonably necessary and in order to comply with laws, regulations, legal procedures or governmental enquiries.
- In the context of scientific research: We provide data in an unidentifiable form (anonymous) for scientific or statistical studies.
5. Your Rights & Our Obligations
5.1 Your Rights
Our clients, users of our services and our website's visitors have rights (which should not be against the relevant legislation) under this Privacy Policy and the GDPR.
These rights of natural persons (your rights) are:
- Right to access your PD
- Right to correct your PD
- Right to delete your PD
- Right to limit the processing of your PD
- Right to information about correcting or deleting or limiting the processing of your PD
- The right of portability of PD
- Right to oppose the processing of your PD
- Opportunity to oppose automated individual decision making including profiling.
The way to exercise your rights is described in the Section 6.
5.2 Our obligations
Our duties include:
- Accountability for the 6 principles governing the processing of PD (ie lawfulness, objectivity and transparency, purpose limitation, minimization of PD, accuracy of PD, storage period limitation, security, integrity and confidentiality).
- Any processing of PD is lawfu only if one of the following 6 conditions is true:
▫ the subject of the data has consented to the processing of the PD
▫ Processing of PD is necessary for the execution of a contract where the subject (you) is a party
▫ Processing is necessary to comply with a legal obligation of the controller (us)
▫ Processing is necessary to safeguard a vital interest of the natural person (you)
▫ Processing is necessary for the performance of a duty of public interest or in the exercise of public authority entrusted to the controller (us)
▫ Processing is necessary for the purpose of serving the legal interests pursued by the controller (us) or by a third party, unless the interest or fundamental rights and freedoms of the natural person prevail.
In addition, we implement the appropriate technical and organizational measures to protect our company and our partners from unauthorized access or alteration, violation or destruction of the PD we have in our possession.
Specifically:
- We encrypt many of our services.
- We control data collection, storage and processing practices, including physical security measures, to protect against unauthorized access to systems and processes.
- Access to personal information is limited and controlled, and these individuals are subject to strict contractual obligations of confidentiality.
- If third parties (for maintenance or support purposes) have potentially access to PD, relevant appendices to existing cooperation agreements (contracts) cover the requirements of the GDPR.
Throughout the entire processing cycle (from collection to the destruction of PD), we take the appropriate technical and organizational measures to ensure the confidentiality,
integrity and availability of PD. Similar steps are required by third parties handling or processing PD.
Our services, products and website are not intended for children under the age of 16. We do not, to our extent of knowledge, process PD of children under the age of 16.
6. Access to your own PDs and information supplied
Under the Rights provided by the Regulation (GDPR: General Data Protection Regulation), you may request an update of your own PD or request a correction or limitation of processing or deletion of PD (see in detail your rights in Section 5.1).
In such cases, you are requested to fill out a SAR (Subject Access Request). We are required to respond to you within one month of receipt of the SAR.
-
WANT TO FILL A SAR APPLICATION? Download Subject Access Request Form
The exercise of a natural person's rights can always be done under existing legislation (such as tax or labor law).
Whenever you use our services, our aim is to provide you with access to your own PD. If this data is incorrect, we are working to provide you with ways to quickly update or delete them - unless we need to keep this information because it is required by relevant legislation or for lawful purposes.
7. Cookies
We may use small text files called cookies to improve overall site experience. A cookie is a piece of data stored on the user's hard disk containing information about the user.
Cookies, generally, do not allow us to personally identify you.
The visitor of the site is informed of their use and may disable them.
8. Your consent and its withdrawal
Our company in accordance with:
- Our Privacy Policy;
- Compliance with the GDPR (Reg 679/2016) and the relevant national legislation;
- Our respect for protecting the privacy and security of personal data;
would like your written consent (opt-in) for the collection and processing of your personal data, as outlined in this Privacy Policy.
Your consent is for distinct purposes and may be withdrawn (per case/object or in total) at any time by:
- the use (opt-out) at any time of the unregister link provided in all FCG's email communications or
- by sending an email to the contact information supplied in Section 9 below.
The company will only collect and process PD where it can lawfully do so, such as (a) following a requirement of the relevant legislation; (b) a necessary process for the execution of a contract of which the natural person is a party; (c) a necessary process to comply with legal obligations of the controller (d) necessary process to safeguard the vital interest of the natural person; (e) necessary process for the purpose of the lawful interests pursued by the controller or by a third party; unless the above interest are inferior to a different prevailing interest or fundamental rights and freedoms.
You may be asked to provide additional consent if the PD should be used for purposes not covered by this Privacy Policy.
9. Contact
If you have any questions, concerns, or complaints about this Privacy Statement, or our privacy practices in general, please send an email to or contact us by writing at: Address details