Privacy notice
For The Candidate Employees
Publication date: February 2026
Notification for the Processing of Personal Data
(Articles 13, 14 of Regulation (EU) 2016/679)
The Company under the name “ENTERSOFTONE SOCIETE ANONYME” with the distinctive title “ENTERSOFTONE S.A.”, having its registered office at 8, Achilleos and Lambrou Katsoni str., P.C. 17674, Kallithea, Attica, Greece (hereinafter called the “Company”), handles the issues of processing personal data and privacy with responsibility and as a matter of fundamental importance and complies with Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and the repealing of Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as "GDPR") and the relative Greek legislation.
Considering the above, we provide you with this Notification according to Articles 13 and 14 of the GDPR, in order to inform you about the way we collect and process your personal data in terms of your expressed interest for future collaboration with our Company. In the context of this activity and in its capacity as a Data Controller, the Company is fully committed to safeguarding the security of the Personal Data of its Candidate Employees, meeting all the prescribed data security standards imposed by the Data Protection Legislation.
1. Controller
The Controller for the collection of your data and their processing is the Company, as defined above. That means that the Company determines the purposes and means of processing your personal data, in accordance with the GDPR and the data protection legislation in general.
2. Sources of personal data collection
As a rule, the Company collects personal data directly from you and not from third party sources. It may, however, in certain cases, also obtain your personal data from authorized third parties - recruiters or professional websites (e.g. LinkedIn). In any case, the provision of your personal data is considered as a necessary condition for starting and ensuring a smooth cooperation with you as a candidate employee, while any failure on your part to provide such data could constitute a significant obstacle to its continuation..
3. Processing of personal data and legal bases
The following table sets out the purposes of the processing of personal data processed by the Company, the categories of such personal data, as well as the legal basis for their processing.
Purpose of Processing: Receipt of CVs
Personal Data: Personal details, CV data (work experience, studies, interests, military obligations), contact details, recommendations, any further information included in the CV or voluntarily provided by the data Subject
Legal Basis of Processing:
- Art. 6 par. 1 (b) – processing is necessary in order to take steps at the request of the data subject prior to entering into a contract for the successful candidate.
- Art. 6 par. 1 (f) – processing is necessary for the purposes of the legitimate interests pursued by the controller (i.e. the successful staffing of the company) for the other candidates.
Purpose of Processing: Interview
Personal Data: Personal details, CV data (work experience, studies, interests, military obligations), contact details, recommendations, any further information included in the CV or voluntarily provided by the data Subject
Legal Basis of Processing:
- Art. 6 par. 1 (b) – processing is necessary in order to take steps at the request of the data subject prior to entering into a contract for the successful candidate.
- Art. 6 par. 1 (f) – processing is necessary for the purposes of the legitimate interests pursued by the controller (i.e. the successful staffing of the company)
Purpose of Processing: Assessment of candidates
Personal Data:Personal details, CV data (work experience, studies, interests, military obligations), contact details, recommendations, any further information included in the CV or voluntarily provided by the data Subject, replies that the candidate will provide through the digital platform
Legal Basis of Processing:
- Art. 6 par. 1 (f) – processing is necessary for the purposes of the legitimate interests pursued by the controller (i.e. the successful staffing of the company)
4. Disclosure to third parties and categories of recipients
Your personal data as described above may be disclosed to the internal competent departments of the Company and other Group companies and, where applicable, to third parties, either public or private bodies, in accordance with the applicable legislation, when this is necessary for compliance with a legal obligation of the Company or is necessary for the purposes of the legitimate interests pursued by the Company. In particular, the Company may disclose your personal data necessary at any time:
- To external HR Services providers (e.g. headhunters);
- To professional websites (e.g. Linkedin) and
- To the provider of the collaborating digital platform for the assessment.
In any case, the Company complies with the requirements of the GDPR (art.28) for the compliance of its third parties/processors, which it binds to the protection of the personal data it discloses to them, as defined by the GDPR and its respective policies and procedures.
5. Personal Data of Third Parties
In case you provide Personal Data of third parties to the Company (i.e. data of previous employers etc.), you must inform these persons about the processing of their Personal Data by the Company and their rights in this regard (for example, by presenting this Notice). In addition, if required by law, you should obtain the consent of such persons. If you provide the Personal Data of third parties, the Company assumes that the relevant consent of such third parties has been obtained.
6. Security
The Company shall process your personal data in a manner that ensures its protection by taking all appropriate organizational and technical measures for data security and its protection against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access and any other form of illicit processing.
7. Subjects’ rights
This section sets out your rights in relation to your personal data. These rights are subject to certain exceptions, reservations or limitations. Please submit your requests responsibly. The Company will respond to you as soon as possible and in any event within one (1) month of receipt of the request. If the processing of your request is going to require more time, you will be informed accordingly. To exercise your rights, you may contact us on the following email-addresses: dpo@entersoftone.gr .
The Company ensures the exercise of your rights:
7.1 The right to information
You have the right to request and receive clear, transparent and easily understandable information about how we process your personal data in accordance with the Company’s policies and procedures.
7.2 The right to access
You have the right to access your personal data free of charge, in accordance with the relevant policies and procedures of the Company, with the exception of the following cases where there may be a reasonable charge to cover the administrative expenses of the Company:
- manifestly unreasonable or excessive / repeated requests, or
- additional copies of the same information.
7.3 The right to rectification
You have the right to ask for your personal data to be corrected if it is inaccurate or incomplete, in accordance with the relevant policies and procedures of the Company.
7.4 The right to erasure («to be forgotten»)
You have the right to request the deletion or removal of your personal data when it is no longer necessary for the purposes collected or there is no legitimate reason to continue processing it in accordance with the Company’s policies and procedures. The right of deletion is not absolute, to the extent that there is a particular legal obligation or other legitimate reason for the retention of your personal data by the Company.
7.5 The right to restriction of processing
In some cases, you have the right, in accordance with the relevant policies and procedures of the Company, to restrict or remove further processing of your personal data. In cases where processing has been restricted, your personal data remains stored, without further processing.
7.6 The right to data portability
You have the right to request your personal data, which you have provided us with in a structured, commonly used and machine-readable format, and to transfer that data to another controller in accordance with the relevant policies and procedures of the Company.
7.7 The right to object
You have the right to oppose, at any time and for reasons related to your particular situation, to the processing of your personal data based on Article 6 (1) (f) of the GDPR (processing for reasons of lawful interest of the Company), on the basis of that provision. In such a case, the Company as controller will no longer submit the personal data unless it demonstrates imperative and legitimate reasons for processing that override the interests, rights and freedoms of the subject, or the filing, exercise or support legal claims.
7.8 Rights on automated decision-making mechanisms
The Company does not make automated individual decision-making, including profiling.
8. Retention period of personal data
For each category of personal data, the Company determines the retention period in accordance with the provisions of the law and its policies and procedures.
9. Data Protection Officer for personal data issues
For any issue related to the processing of personal data and this notice, please contact the Data Protection Officer appointed by the Company: Data Protection Officer, Dimitrios Kampourmalis, Phone +30 6943 102372, e-mail: dpo@entersoftone.gr
10. Contact of the Data Protection Authority
For further information and advice on your rights or to submit a complaint, you may contact the Hellenic Data Protection Authority at 1-3, Kifissias str., P.C. 115 23, Athens, Greece, Tel: +30 210 6475600, Fax: +30 210 6475628, email: contact@dpa.gr .
11. Amendments of the present Notice
We aim to review and keep up to date the present Notice in order to comply with privacy laws and new developments. Any updates to this Notice will be communicated to you immediately.