1 INTRODUCTION
C2 Technologies SA (“Company”, “we”) develops and provides web applications and digital services. This Privacy and Data Protection Policy describes how we collect, use, store, and protect the personal data of Users of our applications. C2 Technologies respects and safeguards the right of visitors and Users of our website to privacy and to the protection of their personal data.
1.1 Who we are
C2 Technologies SA operates within the Information and Communications Technology (ICT) sector, providing integrated telecommunications and networking solutions to business entities and organizations.
The Company’s scope of activities includes among others:
• Telecommunications and Network Infrastructure design, installation and operation, including Virtual PBX and VoIP services.
• Cloud-based hosting services, communications and networking systems supervision and technical support.
• CRM and ticketing applications development, configuration and maintenance.
• ICT outsourcing and managed IT services for private and public sector customers.
• Consulting services in technological development and digital transformation
• Collaborations with telecom providers
• Training, technical support and after-sales service for customers under technical support contracts.
The Company operates both as a primary ICT provider and as a subcontractor in telecommunications and technology support projects, under its agreements with private entities or public sector organizations.
Registered Office: 67, Georgiou Papandreou Str, 124 62, Haidari Attica tel. 2109521111 – Branch: 81, 17th November Str, 81 555, Pylaia Thessaloniki tel: 2310933869 -www.c2technologies.gr
E-mail: welcome@c2technologies.gr
Company acts as a Data Controller (GDPR art.4(7))
C2 Technologies respects the privacy of its visitors and partners and is committed to protecting their personal data in accordance with the General Data Protection Regulation (“GDPR”) and applicable Greek legislation. This Policy explains how we collect, use, and protect your data when you visit the website www.c2technologies.gr and when we provide our services.
While providing our services, we collect, use, process, and disclose personal data. Personal data are defined as any information that can be used to identify you, either directly or indirectly through the use and combination of other identifiable information.
We may collect personal identification information from users, when completing a form on our website. User’s name and email address may be required, as appropriate. However, users may visit our website anonymously. We will collect personal identification information from Users only if they voluntarily submit such information to us. Users may always refuse to provide personally identifiable information, however, doing so may prevent them from engaging in certain website-related activities.
2 TO WHOM THIS POLICY APPIES
This Privacy and Data Protection Policy applies to every natural person whose personal data are processed by C2 Technologies SA in the context of its business activities.
This Policy concerns:
1. Employees and external partners (e.g. engineers, consultants, subcontractors)
2. Job candidates, whose information is provided during the recruitment process.
3. Customers and suppliers, natural persons or legal entities representatives, with whom the Company collaborates in the course of providing ICT, cloud telephony, applications and technical support services.
4. Users of the Company’s website and online applications or portals (e.g. ticketing system, helpdesk, CRM).
5. Visitors on Company’s premises who are potentially recorded by CCTV systems for security reasons.
6. Other natural persons, whose data may be processed in the context of the Company’s contractual or legal obligations, or legitimate interests.
3 TYPES OF DATA COLLECTED
While accessing the Company’s premises, website or portals, the following personal data may be collected (depending on the access type):
A. User account (portals): Firstname, Lastname, email, contact info, password (hashed & salted).
B. Technical Data: IP address, browser/OS version, cookies, session tokens.
C. Service Usage: activity logs, timestamps, error reports, analytics events.
D. Communication Information: support messages, communication forms.
E. Cookies /Analytics: functionality/statistics/marketing
F. Facility Security- CCTV: data for incident prevention/ investigation
G. Communication Form (website):
• First Name/ Lastname
• Email / Phone number
• Message / Communication Request
4 PROCESSING PURPOSE
The personal data we collect are used exclusively for the provision of our services, such as account creation, access, and the proper operation of the web application.
Additionally, the data are used for security purposes, including authentication, logging, fraud detection, and the prevention of abusive use. In the context of product improvement, we perform error analysis, collect usage statistics, and implement performance monitoring mechanisms.
We also use your contact details to send technical notifications, updates regarding upgrades, and to provide support.
Finally, we process data where required, to comply with our legal and contractual obligations, such as maintaining tax and accounting records.
5 COOKIES & TRACKING
Our website uses cookies and other similar technologies, to ensure the proper functioning of the service, enhance the user experience, and collect basic usage statistics.
Certain cookies are necessary for navigation and for using the website’s features, while others help us understand how the service is used and improve its performance. Users may manage their preferences at any time, through the cookie banner.
In some cases, processing is based on our legitimate interest in ensuring the security and optimization of our services, or on compliance with legal obligations, such as maintaining accounting and tax records.
6 DATA ORIGIN
Directly from Data Subject: By completing the communication form or by sending an email to the Company.
Automatically while using the website: From cookies or other tracking technologies (e.g. Google Analytics, session cookies).
From third parties or affiliated organizations: Hosting service providers (hosting provider, ISP). External IT, marketing, or website maintenance service providers. Potentially intermediary platforms (e.g., LinkedIn or job portals) when a job application is submitted.
Company’s internal information systems: Data consolidation through ERP, CRM or technical support ticketing systems. VPN logs or Internal Audit reports for security and accountability reasons.
All data are obtained lawfully and transparently, without automated collection of personal information beyond what is technically necessary for the operation of the website, in accordance with Articles 13–14 of the General Data Protection Regulation (GDPR).
7 DATA TRANSFERS
7.1 Internally within the organization
Only authorized personnel are granted access to the data according with the process purpose:
Α. IT Department – for information systems’ operation and security.
Β. Human Resources Department – for job applications and staff management.
C. Sales & Support Department – for communication with clients or partners.
D. Management and Compliance Officer – for internal audits and accountability.
7.2 Processors
The Company cooperates with selected service providers, under data processing agreements according to GDPR, article 28:
A. Hosting Providers for the web site and email servers operation.
B. External IT partners for systems maintenance, security and back-up.
C. ERP/CRM Provider for clients, suppliers and accounting management.
D. External accountant or tax consultant for tax obligations compliance.
E. Public Entities and Authorities (where legally required)
ΑΑΔΕ, ΕΡΓΑΝΗ, ΕΦΚΑ, Data Protection Authority or other authorities, only where required by law GDPR (Art. 6(1)(c)).
F. Third Parties or Subcontractors
While providing technical support or cloud telephony services, involving subcontractors, limited operational data are transferred for the contract execution. All third parties are bound by non-disclosure agreements and GDPR terms.
7.3 Transfers Outside the EEA
No transfers outside the EEA occur, unless this is required by a third-party ICT service provider established outside the EEA (e.g. Google LLC), in which case appropriate safeguards are ensured (GDPR Articles 45–49, e.g. Adequacy Decisions, Standard Contractual Clauses).
8 INTERNATIONAL TRANSFERS
The processing takes place within the EU/EEA. If, exceptionally, a transfer to a third country is to be required, appropriate safeguards will be implemented (e.g., Standard Contractual Clauses – SCCs, additional technical/organizational measures) in accordance with Articles 44 et seq. of the GDPR and this Policy will be updated accordingly.
9 LEGAL BASIS FOR PROCESSING
The processing of personal data is carried out in accordance with the General Data Protection Regulation (GDPR) and is based on different legal basis depending on the purpose. Specifically, we process data when necessary for the provision of the service and the conclusion of our contract, when we have obtained your consent for the use of cookies or analytics tools, when necessary for security and service optimization purposes under our legitimate interest, as well as when required by applicable law, such as for tax and accounting purposes.
10 DATA RETENTION
Personal data are retained only for as long as necessary to fulfill the purposes described above. Data provided in the context of communication are retained only as long as necessary to respond to your request. Technical data and logs are retained for a limited period serving security purposes. In any case, the data are deleted or anonymized, when retention is no longer required.
11 USER RIGHTS
In accordance with the General Data Protection Regulation (GDPR), you have a number of rights regarding your personal data. These include:
• The right to access your data and to obtain a copy
• The right to make corrections or updates of inaccurate or incomplete data
• The right to erasure when there is no longer a lawful basis for processing
• The right to request restriction of processing
• The right to object to certain forms of processing
• The right to request data portability to another data controller
To exercise any of the above rights, you may contact us using the contact details provided in this Policy.
12 DATA YOU PROVIDE DIRECTLY
While browsing our website or using our applications, you may provide us with certain personal data, such as your name, email address, or other contact details through registration or contact forms. These data are used exclusively for the purposes for which you submit them (e.g., account creation, communication, provision of the service).
13 DATA WE COLLECT AUTOMATICALLY (TECHNICAL DATA AND LOGS)
When you visit our website or use our services, we automatically collect certain technical information for security and operational purposes. This includes IP address, browser type and version, operating system, system logs, timestamps of visits, and error reports. Such collection is necessary for the secure and efficient operation of our services.
14 DATA RESULTING FROM INTERNAL ANALYSIS
In addition to the data provided by you or collected automatically, we may internally generate reports and statistics regarding the use of our website and services. These reports concern aggregated data and are used exclusively for internal purposes, such as performance improvement, development of new features, and service quality monitoring. They are not used to create user profiles and are not disclosed to third parties, except where necessary to support the service.
15 DATA SUBJECT RIGHTS
In accordance with the General Data Protection Regulation (GDPR), users have the following rights regarding their personal data:
• Right of access
• Right to correct or update inaccurate or incomplete data;
• Right to erasure (“right to be forgotten”), where there is no longer a lawful basis for processing
• Right to request the restriction of processing in specific cases
• Right to object to processing for certain purposes
• Right to data portability to another data controller
To exercise any of the above rights, you may submit a relevant request to: privacy@c2technologies.gr.The Company will make every effort to respond within thirty (30) calendar days, with the possibility of a two (2) month extension, in cases of complexity or multiple requests.
16 CONTACT AND DATA PROTECTION AUTHORITY
To exercise any of your rights, please contact: privacy@c2technologies.gr – Tel.: 210-9521111
Should you consider your request unsatisfied, you may address the Greek Data Protection Authority (www.dpa.gr).
17 DATA SECURITY
The Company implements appropriate technical and organizational measures to protect personal data, such as encryption, restricted access, security policies, and monitoring systems. However, no method of transmission over the Internet or storage can guarantee absolute security.
18 CONTACT INFORMATION
You may address your questions or requests regarding the present Policy or your personal data processing, to C2 Technologies SA [67, Georgiou Papandreou Str, 124 62, Haidari, Attica] or by email: privacy@c2technologies.gr
