Privacy Policy

METKA EGN respects your privacy and is committed to protecting your personal data. This privacy policy will tell you how METKA EGN looks after your personal data when you visit the website (regardless of where you visit it from) and when you interact with us in other ways and tell you about your privacy rights and how the law protects you.

METKA EGN is made up of different legal entities. This policy is issued on behalf of the METKA EGN group so when we mention “METKA EGN” or “the Company” or “we” or “our” or “us” in this policy we are referring to the relevant company in the METKA EGN group responsible for processing your personal data. METKA-EGN Limited (company number 09627590 whose registered office is located at 99 White Lion Street, Islington, London N1 9PF) is the controller and responsible for this website.

1. Purpose of this privacy policy

This privacy policy aims to give you information on how the Company collects and processes your personal data through your interaction with us and use of the Company website, including any data you may provide through the website when you fill out a contact form or submit any information on our Careers pages.

It is important that you read this privacy policy together with any other privacy policy the Company may provide on specific occasions when the Company is collecting or processing personal data about you so that you are fully aware of how and why the Company is using your data.

2. Changes to this privacy policy

The Company keeps its privacy policy under regular review. This privacy policy was last updated in March 2020.

It is important that the personal data the Company holds about you is accurate and current. Please keep the Company informed if your personal data changes during your relationship with the Company.

3. The personal data collected in relation to the Company website

3.1 Categories of personal data

When you visit the Company website, the Company may process (collect, use, store and transfer) different kinds of personal data about you as follows:

  • Identity Data and/or Contact Data – this includes data which relates to your identity (such as first name, last name, title, username or similar identifier) and any data that you have entered for the purpose of contacting us with an enquiry via the website (contact e-mail address and telephone numbers);
  • Technical Data and Usage Data – this includes personal data automatically collected while you browse (internet protocol (IP) address, device type, browser type and version, time zone setting and location, redirection to website, Company web pages that you visited, visit date and time, information about how you use the Company’s website).
  • Professional Data – this includes data you submit when applying for a job at the Company via this website and includes your curriculum vitae which will contain information about your previous experience and education.

The Company may also obtain and use certain aggregated data such as statistical or demographic data (Aggregated Data). Aggregated data may be derived from your personal data but does not directly or indirectly reveal your identity and as such is not considered personal data. For example, the Company may aggregate your Usage Data to calculate the percentage of users accessing a specific feature on this website. However, if the Company combines or connects Aggregated Data with your personal data so that you can be directly or indirectly identified, the Company will treat the combined data as personal data which will be used in accordance with this privacy policy.

3.2 How is your personal data collected?

The Company uses different methods to collect data from and about you including:

  • Direct interactions – you may give us your personal data (such as Identity Data and Contact Data) by filling in the contact form via our website. You may also give us your Professional Data when you apply for a job via the webform on the Company’s Careers pages or when you send the Company these details to the email address specified on our Careers pages.
  • Automated technologies or interactions – as you interact with this website, the Company will automatically collect Technical Data about your equipment, browsing actions and patterns. The Company collects this personal data by using cookies and other similar technologies. Please see below for further details of the Company’s use of cookies.
  • Third parties or publicly available sources – the Company may receive personal data about you from various third parties such as analytics providers (Google Analytics) and publicly available sources such as Companies House.

3.3 How the Company uses your personal data and the purposes for which the Company will use it

We will collect and use information about individuals where the law allows us to. Most commonly the Company will use your personal data in the following circumstances:

  • Where the Company needs to perform the contract we are about to enter into or have entered into with you;
  • Where it is necessary for the Company’s legitimate interests;
  • Where the Company needs to comply with a legal or regulatory obligation.

Generally, the Company will not rely on consent as a legal basis for processing your personal data, although the Company will ask for consent before sending third party direct marketing communications (if applicable) and will ask for consent if you send us any Professional Data (without reference to a current job application or opening) with the request for us to contact you in the event of any future job openings.

Set out below, in a table format, is a description of how the Company will use your personal data when you visit this website, and which of the legal bases the Company relies on to do so. Note that the Company may process your personal data for more than one lawful ground depending on the specific purpose for which the Company is using your data.

Purpose/ActivityType of personal data (see section 3.1 above)Legal basis for data processing

 

In order to manage the Company’s relationship with you and administer the Company’s business and the website, which will include responding to your requests or contacting you when you have so requestedIdentity; Contact(a) Performance of a Contract with you

(b) Necessary for the Company’s legitimate interests (to grow the business and respond to requests/enquiries)

 

Τo administer and protect the Company’s business and this website (including troubleshooting, data analysis, testing, system support, to document a legitimate legal claim or defend a legal claim against an attempt at fraud, cyber-attack or other unlawful activity)Technical; Usage; Identity; Contact(a)  Necessary for the Company’s legitimate interests (for running the Company’s business, provision of administration and IT services, network security, to prevent fraud, to document legitimate claims)

(b)  Necessary to comply with a legal obligation

 

Τo create anonymized statistics on the number of visits and accessibility of the homepage and the individual pages, for the purpose of proceeding with necessary action aimed at improving your browsing experience

 

Technical; Usage(a)  Necessary for the Company’s legitimate interests (to keep this website updated and relevant, to develop the Company’s business)

 

To administer and process your application for employment at Metka EGNIdentity; Contact; Professional

 

(a)  Necessary for the Company’s legitimate interests (to contact you to administer and progress your application and/or enquiry and to assess your suitability for the role)

 

3.4 Sharing of data: data recipients and transfers

The Company may share your personal data with other group companies and third parties. For example:

  • our website may be managed by third-party service providers such as IT or website design companies;
  • we may need to share your data with external third parties such as professional advisers or regulators;
  • we may need to share your data with internal third parties (other parties in the group acting as processors, including Mytilineos S.A.);
  • we may need to share your data with third parties to whom the Company chooses to sell, transfer or merge parts of the Company’s business or assets

In such cases the Company makes sure, via contractual provisions and regular inspections, that should such third parties have access to personal data this is done in accordance with the applicable legislation on data protection.

3.5 Policy on cookies

A cookie is a small text file that a website saves on your computer or mobile device when you visit the site. The term “cookies” is used as a collective term to describe technologies such as cookies, Flash cookies and web beacons.

Cookies are used primarily to ensure that your visit to our site pages is as easy as possible, as well as for advertising purposes during your future visits to other websites. Our Cookie Policy provides further details on the types of cookies we use, the use thereof.

3.6 Personal data of children

The Company and the Company’s website are not intended for children and the Company does not knowingly collect data relating to children. The Company has no liability if children visit this website on their own initiative. If during the data collection process, it becomes evident that the user is a child, the Company will not process the child’s personal data.

3.7 Links to third party websites

The Company website may include links to third party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. The Company does not control these third party websites and we are not responsible for their privacy statements. When you leave the Company’s website please read the privacy policy of every website you visit.

4. The personal data collected in relation to your business relationship with the Company

4.1 Categories of personal data

In the context of a potential or existing business relationship with the Company, the Company may process (collect, use, store and transfer) the following categories of personal data in respect of the employees, representatives or agents of our business customers, suppliers, contractors or business partners:

  • Identity Data and/or Contact Data – this includes data which relates to identity (such as first name, last name, title, username or similar identifier, tax identification number) and any data provided for communication purposes (contact e-mail address, telephone number, mobile phone number, fax number), as provided by our customers, suppliers, contractors or business partners;
  • Transaction Data: this includes data processed in the context of a project or a sale/purchase transaction covering goods or services, or data provided by you as business partner, such as personal data with regard to orders, payments effected, requests and reports in the context of implementation of a project or business cooperation in general;
  • Economic and Financial Data: Information on credit worthiness and integrity (information with respect to litigation or other legal proceedings against business partners) collected from publicly available sources, databases and credit rating agencies;
  • Visual Data: this includes images which are gathered using closed circuit television (CCTV) systems situated at any of our site/project locations;
  • Health Data: this includes personal data which is gathered for health and safety purposes including any accident report or claim;
  • Marketing and Communications Data: Information on your preferences in receiving marketing from us and your communications preferences.

 

4.2 How is your personal data collected?

The Company uses different methods to collect data from and about you including:

  • Direct interactions – you may provide your personal data (such as Identity Data, Contact Data or Transaction Data) when you submit tenders for projects, place an order or enter into a contract for our services on behalf of your organization, during project transactions, when you perform services for us or supply goods to us, when you request information on our services or when you attend any of our site/project locations.
  • Third parties or publicly available sources – the Company may receive personal data (such as Economic and Financial Data) about you from various third parties or publicly available sources such as your company website, company databases and credit rating agencies.

 

4.3 How the Company uses your personal data and the purposes for which the Company will use it

We will collect and use information about individuals purely for our own business purposes and where the law allows us to. Most commonly the Company will use your personal data in the following circumstances:

  • Where the Company needs to perform the contract we are about to enter into, or have entered into, with you;
  • Where it is necessary for the Company’s legitimate interests;
  • Where the Company needs to comply with a legal or regulatory obligation.

Generally, the Company will not rely on consent as a legal basis for processing your personal data, although the Company will ask for consent before sending third party direct marketing communications (if applicable).

Set out below, in a table format, is a description of how the Company will use your personal data when you interact with us, and which of the legal bases the Company relies on to do so. Note that the Company may process your personal data for more than one lawful ground depending on the specific purpose for which the Company is using your data.

PurposesTypes of personal data (see section 4.1 above)Legal basis for data processing
Register you as a new customer and process your orderIdentity; Contact; Transaction; Economic and Financial(a)  Performance of a Contract with you

(b)   Necessary to comply with a legal obligation

 

In order to manage the Company’s contractual relationship with you and administer the Company’s business (such as processing orders, product acceptance, deliveries, provision of services, performance of work, receipt of services and/or goods, collecting and recovering money owed, making or receiving payments, fees and charges accounting audits, contract execution, enforcing terms, support and monitoring, giving instructions to our subcontractors or professional advisers, fulfillment of contractual obligations)

 

Identity; Contact; Transaction; Economic and Financial(a)  Performance of a Contract with you

(b)  Necessary for the Company’s legitimate interests (to enforce any contract including to recover debts owed to us)

 

Conducting customer satisfaction surveys, advertising campaigns, energy analyses and market stratification, or other promotional activities or events

 

 

Marketing and Communications

(a)  Consent – you have given your explicit consent to the processing of your personal data

 

Ensuring Company compliance with legal obligations (tax, social security, customs, accounting and other obligations) in the context of compliance checks of business partners for the prevention of financial crimes and the safeguarding of overriding legitimate interests such as the transmission of data to law firms or competent authorities

 

Identity; Contact; Transaction; Economic and Financial(a)  Necessary to comply with a legal obligation

(b)  Necessary for the Company’s legitimate interests (to enforce or defend any claims)

 

 

In order to monitor the security of any of our site/project locationsVisual(a)  Necessary for the Company’s legitimate interests (to protect goods/property on site, to monitor site security, to enforce or defend any claims or in connection with procuring and maintaining insurance)
In order to administer health and safety matters on our site/project locations and to assist in accident investigations and reporting (including internally or by health and safety inspectorates) and to ensure the Company’s compliance with applicable health and safety legislationIdentity;

Contact; Health

(a)  Necessary to comply with a legal obligation

(b)  Necessary for the Company’s legitimate interests (to enforce or defend any claims)

To sell, make ready for sale or dispose of our business, in whole or in part including to any potential buyer or their advisers, or in relation to any refinancingIdentity; Contact; Transaction; Economic and Financial(a)  Necessary for the Company’s legitimate interests (in order to facilitate any sale of our business or assets and in the context of a business reorganization or group restructuring exercise)

4.4 Sharing of data: data recipients and transfers

The Company may share your personal data with other group companies and third parties. For example, we may need to share your data with:

  • judicial, administrative, taxation, customs and arbitration authorities or other public authorities, regulatory bodies and law enforcement agencies, if necessary, for compliance with legislation and/or for the establishment, exercise or defence of legal rights or to report any potential or actual breach of applicable law or regulation;
  • external professional advisers such as accountants, bankers, insurers, auditors and lawyers;
  • external parties who process information on our behalf, such as credit reference agencies;
  • other external parties who have entered into a contract with us to provide services to us in the course of our business, such as data processing support services, record-keeping services, survey services, health and safety consultancy services, IT services, advertising services;
  • internal third parties (other parties in the group acting as processors, including Mytilineos S.A.) and our shareholders and directors;
  • third parties to whom the Company chooses to sell, transfer or merge parts of the Company’s business or assets;
  • suppliers and subcontractors in connection with the performance of any contract or proposed contract.

In such cases the Company makes sure, via contractual provisions and regular inspections, that should such third parties have access to personal data this is done in accordance with the applicable legislation on data protection.

5. International data transfers

Information that the Company collects may be stored and processed in and transferred between any of the countries in which we operate or to recipients established outside the European Economic Area (EEA). In such cases, the Company takes measures so that adequate and appropriate safeguards are applied for the protection of personal data by other means, mainly by way of the use of the EU standard data protection clauses.

6. Retention of your personal data

The Company will only store your personal data for as long as is reasonably necessary to achieve the purposes we collected it for, unless the applicable legislation stipulates or allows a longer time period. The Company may also retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation with you.

To determine the appropriate data retention period we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure and we apply certain standard criteria and periods, which include the following: (a) retain for as long as the contractual relationship is in effect; (b) retain for as long as is necessary for the Company to be in compliance with a legal obligation it incurs; (c) retain for as long as is necessary having regard to the legal situation the Company finds itself in (such as defending a claim, audits by regulatory authorities, etc.).

7. Data Security

The Company takes appropriate technical and organizational measures to prevent the loss, misuse, unauthorized access of or alteration or disclosure of your personal information. We apply principles such as data minimization and integrate the necessary safeguards into our processes (such as limiting access to your personal data to those employees, agents and contractors who have a business need to know) so as to fulfil the requirements of the applicable legislation.

8. Right to withdraw your consent

If you have given the Company your consent to process specific personal data, you have the right to withdraw your consent at any time. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. In case of such withdrawal, the Company may further process your personal data only in cases where there is some other legal ground for such processing.

9.Your other legal rights

Under the applicable legislation on personal data protection and provided the relevant legal conditions are met, you have the following other rights:

9.1 Right of access

You have the right to be informed as to whether or not the Company processes your data, to have access to such data and obtain supplementary information in connection with such processing (to check that we are lawfully processing it).

9.2 Right to rectification

You have the right to request that your personal data be updated, rectified, corrected or completed.

9.3 Right to erasure

You have the right to submit a request for the erasure of your personal data, and such request shall be granted provided no other legal grounds for processing are in place (such as compliance with a legal obligation to process that personal data).

9.4 Right to restriction of processing

You have the right to request the restriction (suspension) of the processing of your personal data in the following cases: (a) when you contest the accuracy of your personal data, and pending verification of the accuracy of your data; (b) where our use of the personal data is unlawful but you oppose the erasure of it and so you can request the restriction of such use instead; (c) when you need us to hold the personal data even if we no longer require it, as you need it to establish, exercise or defend legal claims, and (d) when you have objected to the processing and pending verification that our legitimate grounds for processing override those for which you object to the processing.

9.5 Right to object to the processing

You have the right to object at any time to the processing of personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, the Company may demonstrate that we have compelling legitimate grounds for the processing which override your rights and freedoms.

9.6 Right to data portability

You have the right to receive, at no cost, your personal data in a structured, commonly used and machine-readable format or to request, if technically feasible, that we transmit such data directly to another controller.

9.7 Right to oppose automated decision making

You have the right to request that you be excluded from decision-making which is based on automated processing, including profiling.

10. Contact details 

If you wish to exercise any of the rights set out in sections 8 and 9 above or if you have any other questions, comments, concerns or complaints relating to this privacy policy or the Company’s privacy practices please contact our Data Protection Manager by email at DPO@mytilineos.gr (please indicate in any email that you send that your query is addressed to the Data Protection Manager, relates to Metka EGN and/or this website www.metka-egn.com) or by post at the following mailing address:

 

METKA-EGN Limited

Attention: Data Protection Manager

99 White Lion Street

Islington, London N1 9PF.

 

We may need to request specific information from you to help us confirm your identity and ensure you can exercise such rights. We try to respond to all legitimate requests within one month. Occasionally it could take the Company longer than a month if your request is particularly complex or you have made multiple requests. In this case, we will notify you and keep you updated.

11. Right to lodge a complaint with the competent authority

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would however appreciate the chance to deal with your concerns first before you approach the ICO so please contact us in the first instance.