Who we are
Our website address is: https://forotek.gr.
Whose information we receive
If you are an employee, contractor, customer, supplier, or family member of one of our clients, we might receive and process your personal data as part of our engagement with that client. That personal data may include your name, contact information, financial information such as salary or payments, and other information held by our client. We will only process your data in order to provide our accounting, tax, audit or other services to our client. Our legal basis for this processing is our legitimate interest in fulfilling our professional and contractual obligations to our clients. We retain this data for a period of 10 years because we believe we have a legal responsibility to retain it for this period.
Transfers of data outside the European Economic Area
On occasion we may transfer data to a service provider located outside the EEA. The safeguard we have put in place for this transfer is to enter into European Commission approved standard contractual clauses with the provider.
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
For people who contact us through our website
We use the personal data you have provided to us to respond to your queries when you contact us. Our legal basis for this processing is our legitimate interest in the administration and operation of our firm. If you become a client, your personal date will become part of your file with us. If you do not become a client, we will delete your personal data 12 months after your last contact with us.
You have the following rights under the GDPR, in certain circumstances and subject to certain exclusions, in relation to your personal data:
• Right to access – you have the right to request a copy of the personal data that we hold about you, together with other information about our processing of that personal data.
• Right to rectification- you have the right to request that any inaccurate data that is held about you is corrected, or if we have incomplete information you may request that we update the information such that it is complete.
• Right to erasure – you have the right to request us to delete personal data that we hold about you. This is sometimes referred to as the right to be forgotten.
• Right to restrict or object to processing – you have the right to request that we no longer process your personal data for particular purposes, or to object to our processing of your personal data for particular purposes.
• Right to data portability – you have the right to request us to provide you, or a third party, with a copy of your personal data in a structured, commonly used machine readable format.
•Right to withdraw consent – if we are processing personal data based on your consent, you may withdraw that consent at any time.
Cookies are small basic files of code with tags that are sent by a web server and stored on your computer’s browser directory. Cookies can be used to enable web servers to follow a web user as they visit different pages on a particular website and identify users returning to that website.
Cookies On This Site
If your selected browser allows, you will have the option to decline cookies from our site. Some browsers have the option to indicate when a cookie is being sent. To stop your information being collected, you can also completely erase cookies from your computer at your discretion.
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
1. Accountant Online’s GDPR Policies
Six Core Principles
The firm shall at all times comply with its data protection obligations under the GDPR, in keeping with the six core principles of GDPR that personal data shall be:
1. Processed lawfully, fairly and in a transparent manner (Lawfulness, Fairness and Transparency)
2. Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purpose (Purpose Limitation)
3. Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (Data Minimisation)
4. Accurate and where necessary kept up to date (Accuracy)
5. Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed (Storage Limitation)
6. Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical and organisational measures (Integrity and Confidentiality).
Based on these principles, for each piece or type of personal data we hold, the firm is able to demonstrate on demand (i.e. accountability):
• Why we are holding it;
• How we obtained it;
• The purpose/s we use it for;
• How long we will retain it;
• How secure it is in terms of its accessibility and data security; and
• On what basis we share it with any third parties.
Further points: In addition to the 6 core principles, the firm shall ensure that:
Training & Education
There are sufficient levels of awareness of data protection in our organisation; Our staff are aware of their data protection responsibilities – including the need for confidentiality; and Data protection is included as part of the training programme for our staff and this training is regularly refreshed.
Co-ordination and Compliance
It has been determined that a DPO is not required, and we have appointed CEO George Agaliotis as Head of Privacy
- All staff are aware of their role in data protection compliance.
- Mechanisms are in place for formal review by Head of Privacy within our organisation.
- We have an overall framework in place that demonstrates how we comply with GDPR.
- There is regular monitoring and auditing of our data protection framework for GDPR compliance.
2. Responsibilities and Reporting Lines
The firm has appointed Larissa Feeney as Head of Privacy. G.A. is responsible for compliance with GDPR and all personal data processing and data security within the firm. G.A. reports to the Board of Directors who exercises oversight in this regard.
Consideration of whether the firm needs to appoint a Data Protection Officer (DPO):
The GDPR specifies that a Data Protection Office (DPO) must be appointed when:
- the core activities of the firm consist of regular and systematic monitoring of data subjects on a ‘large’ scale; or
- the firm processes special category data or criminal offences, again if on a ‘large’ scale.
In view of these criteria and the firm’s activities, the firm has considered whether it is required to appoint a DPO and has decided not to appoint a DPO.
3. Data Processing
Handling of client data
Based on our Data Map, the following are the main types of data, data subjects, types of data processing, and our status as Controller or Processor.
Personal data processed by this firm:
The firm process two different types of personal data: client data and firm data.
- ‘Client data’ is personal data received from clients in relation to professional engagements and practice; and
- ‘Firm data’ is personal data held by a firm in relation to its own management, employees and affairs generally, including marketing databases.