OUR PROJECTS

EN / EL

CONTACT US

Privacy Policy

PRIVACY AND PERSONAL DATA PROTECTION POLICY OF THE COMPANY ACRM S.A.

The société anonyme under the corporate name “ACRM TECHNIKI MELETITIKI KATASKEVASTIKI SOCIETE ANONYME” and the trade name  “ACRM S.A.”, having its registered seat in Marousi, Attica, at 9 Menelaou Street, with Tax Identification Number 998939138, Tax Office: KEFODE Attica, as lawfully represented by the Chairman of its Board of Directors, Chief Executive Officer and legal representative, Maria Gourogiani, hereinafter referred to as the “Company”, attaches great importance to the lawful processing, security and protection of your personal data, in whatever capacity you communicate or cooperate with us, including, indicatively, prospective or existing clients, agents and legal representatives, partners and associates of our clients or prospective clients, visitors to the Company’s website, employees, suppliers and external associates of the Company.

The Company is active in the erection and construction of various buildings or other projects, whether public or private, on a contractual basis, in the preparation of architectural studies and studies of any type of project, construction works for residential and non-residential buildings, and activities of architects, engineers, technical consultants, etc. Communication with the Company is carried out at the email address info@acrm.gr . The Company also maintains a website at the web address www.acrm.gr.

Please read carefully these terms and the relevant Personal Data Security and Protection Policy of the Company. By registering the relevant consent declaration when using our website, you unreservedly accept the practices described herein, the terms of which shall henceforth govern the contractual relationship between us and shall be incorporated into the terms of use of our services.

  1. What your personal data is

Your personal data includes any information, in printed or electronic form, which may lead, either directly or in combination with other information, to your unique identification or to your identification as a natural person. This category includes, as the case may be, information such as full name, identity card number, Tax Identification Number, your physical and electronic addresses, telephone numbers, gender, nationality, IP address, cookies, as well as special categories of personal data, such as image and voice recordings in videos and photographs, and any other information that enables your unique identification in accordance with the provisions of the General Data Protection Regulation (GDPR 2016/679), Law 4624/2019, the Greek and European legislation in force from time to time, as well as the decisions of the Hellenic Data Protection Authority (HDPA).

  1. What is Personal Data Processing?

Any operation or set of operations which is performed, whether or not by automated means, on personal data or on sets of personal data, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or any other form of making available, alignment or combination, restriction, erasure or destruction.

  1. Which personal data we collect from you

We process personal data which you provide to us when you complete applications and expression-of-interest forms for our services, when you contact us with questions regarding the services we provide, when you browse our website, and when you enter into contracts with our Company and use our services, either yourselves or through legal or natural persons whom you lawfully represent.

The data we collect include, indicatively and not restrictively, the following:

  1. a) Basic personal data: Name, surname, father’s name, mother’s name, details and photocopy of identity card, date of birth, gender, nationality, marital status, etc.
  2. b) Contact data: Home address, work address, contact telephone numbers — home, work, mobile — emails, etc.
  3. c) Professional profile: Status, profession, position in a business, economic activity, etc.
  4. d) Financial data: Tax Identification Number, Tax Office, Social Security Number, social security institution, bank account, income, expenses, debts to the Tax Authority, debts to third parties, payments, social security contributions, payroll, invoicing, debts of third parties towards clients.
  5. e) Image data: Audiovisual material, photographs and videos of your properties which are erected by the Company within the framework of its activity and the provision of its services.
  6. f) Health data: Sick leaves of employees of the Company, medical opinions, etc.

We also automatically collect information sent to us by your computer, portable device and the browsers you use in order to access our services through our website here www.acrm.gr (“Automatic Data”). This includes, for example, your IP address, statistics regarding the use of our services, information on the manner in which you access our services, and data collected through Cookies, Pixel Tags and other similar technologies. You may find more information in this respect in the paragraph containing the Cookies Policy statement.

We may also receive information from other sources, such as social networks — Facebook, Instagram, Chatbox, etc. and from websites of other companies.

We process, in accordance with the legislation, and protect your personal data when you contact us and/or purchase / are informed about / directly receive our services by entering into a contract with us, when you call our numbers for the provision to you of information and information services, or when you request online information through our website or through our email address.

  1. Lawful processing

The Company shall use your information for the following lawful and specific processing purposes, as the case may be, pursuant to the relevant articles of the GDPR and of the law, with your explicit consent, which you may freely withdraw at any time, or for the performance of a contract or pre-contractual relationship with you, or for the service of our legitimate interest, or for the protection of your vital interest or of a vital interest of our employees and associates, as well as for the service of the legitimate interests of our Company, namely:

  • As regards our employees and candidates for recruitment:

– for the conclusion and performance of the dependent employment contract, for compliance with labour, social security and tax legislation in general, for compliance with legislation on health and safety in the workplace, for the protection of their vital interests, and, more generally, for the exercise of the Company’s managerial prerogative.

  • As regards clients, prospective clients, their partners and their legal representatives:

– for the preparation and performance of the contract entered into by the Company with its clients and suppliers, and for the provision of its services;

– for the servicing, support and monitoring of your contractual relationships with the Company and the proper performance of the contract between us;

– for the costing of the Company’s services;

– for the Company’s compliance with its tax and social security obligations;

– for the Company’s compliance with the legislative and regulatory framework in force from time to time;

– for the safeguarding of the Company’s legitimate interests;

– for the safeguarding of vital interests of the Company’s employees and of assets;

– for the purpose of executing our projects and providing our services to our clients, for the better servicing and satisfaction of their wishes and preferences;

– for the management of your calls seeking information in relation to our services, with a view to completing your requests and improving our services;

– for communication and information purposes, such as by sending you emails and/or newsletters in relation to the activities and services of our Company which may be of interest to you, provided that you have given us your consent to this effect (opt-in). You may withdraw your consent (opt-out) whenever you wish;

– for the promotion of the Company’s services on social and professional networking pages managed by the Company itself, provided that you have given your explicit consent thereto;

– for our internal operations and analysis, such as internal management, fraud prevention, use by management information systems, invoicing, accounting, billing and audit systems, as well as for compliance with tax regulations.

  • As regards external associates and suppliers:

– for the preparation and performance of the contracts entered into by the Company with them for the purchase of products or for the provision of services or for the execution of projects;

– for compliance with tax legislation;

– for the necessary communication, either at a pre-contractual stage or during the performance of the contract.

  • As regards visitors to the Company’s website:

– for the purposes of electronic communication and servicing through the website, as further analysed in the terms of use of the website, which you may view here www.acrm.gr.

In any case, you may change your preferences at any time by sending an email to the email address info@acrm.gr .

  1. What are the principles of collection and processing

The purpose of this Personal Data Protection Policy is to inform you of the terms of collection, processing and transmission of your personal data, which we may collect as Controllers or Processors. The Company and its personnel apply the ten Principles of Processing of the GDPR 2016/679 — lawfulness, fairness, transparency, purpose limitation, data minimisation, accuracy, storage limitation, integrity, confidentiality and accountability.

The Company protects and safeguards your eight Rights with regard to the use of your Personal Data — information, access, rectification, erasure, restriction of processing, notification, portability, objection and non-automated decision-making based on profiling, as specified in Greek legislation.

The above apply without any discrimination and are applied to all processing activities carried out by us and to all services provided by us.

  1. What are the methods of collecting your personal data

The Company collects your personal data upon acceptance of the terms of use of each of our services, such as:

  • when you call our telephone numbers, when you send us emails, or when you complete an application for the execution of projects by us or for the provision by us of our services, either to you or to your associates or to legal persons of which you are representatives or agents;
  • when you prepare and sign a contract with us for the execution of projects and the provision of our services to you, within the framework of which you voluntarily provide us with your personal data and the personal data of your partners or legal representatives, or of your employees, associates or suppliers;
  • when you communicate with our offices or with our personnel, whether for the provision of services or the execution of projects, or for the expression of your opinion, complaints or comments;
  • when you send us the postal address and the remaining details for the issuance or dispatch of an invoice or receipt for the provision of services;
  • when you voluntarily register in a printed or electronic document in order to receive, in printed form, electronically, by email or by newsletter, informational material or other material regarding the execution of our projects and the provision of our services;
  • when you visit our website, through which we collect, with your explicit consent, by means of cookies, information from your terminal device, such as your Internet Protocol address (IP), the operating system you use, the type and version of your browser, etc.;
  • when we receive documents, requests, orders, pleadings, warrants, etc. from third-party bodies, such as supervisory, prosecutorial, judicial and tax authorities, for the investigation of crimes and for the protection of your relatives and yourself, of our employees and of our Company, for the combatting of every form of criminality and the prevention of infringement of legally protected interests.
  1. Data minimisation, storage and erasure of your data

The Company shall always request from you the minimum personal data required by law in order for us to provide our services to you and in order for you to communicate with us.

Our Company retains your personal data only for as long as required by the contractual terms of each service, in conjunction with the applicable social security, tax, labour and general legislation, on the basis of the respective processing purpose, and thereafter anonymises or destroys them.

The personal data of our employees are retained for at least five (5) years from the end of the year during which the employee left the Company in any manner whatsoever. Upon expiry of the above period, and provided that the relevant legislation so permits — tax legislation, etc. — such personal data shall be destroyed, if kept in printed form, or shall be erased or anonymised, if kept in electronic form.

You may ask us and be informed as to which data we collect about you and you may correct or erase them by completing the relevant application form which we have made available, unless their retention is required by law for tax, social security, evidentiary or judicial purposes and for the prosecution of unlawful acts.

  1. Cookies Policy on our website

In accordance with the European E-Privacy Directive 2009/136/EC, which shall be replaced by the ePrivacy Regulation, and the Guidelines of the Hellenic Data Protection Authority dated 25.2.2020, our website www.acrm.gr accepts the use of “cookies”.

These are online tools for the collection and analysis of information originating from social networking platforms or cooperating websites of third-party bodies, in order to measure traffic, improve the operation, content and overall appearance of our website and adapt it to the needs of our clients.

They are divided into four (4) categories:

  1. Necessary cookies — First party cookies, which are important to be enabled during browsing in order for the website to function properly. These strictly necessary cookies are included in the whitelist and do not require consent under the applicable data protection framework.
  2. Preference cookies, which remember user choices, such as language, currency or colour settings.
  3. Statistics cookies, which originate from third-party services — Third party cookies — such as Google Analytics, and monitor website traffic and statistics.
  4. Marketing cookies, which originate from third-party technology or advertising companies — Third party cookies — for the purpose of displaying advertisements to visitors or collecting personal data from them for future marketing purposes.

When using our website, your personal data may, in principle, be processed by third parties through “third party cookies”, such as social networks and search engines, e.g. Google Analytics, Facebook social plug-ins, Facebook Pixel, etc., without any involvement, influence or control on the part of the Company, and may be transmitted either within or outside the European Economic Area — 27 EU Member States plus Iceland, Liechtenstein and Norway — for which such third parties are exclusively responsible.

If you do not wish third parties, such as Google, Facebook, Instagram, etc., to receive information from your browser when you visit the Company’s websites, you may opt out in accordance with the terms provided in the respective Usage Policy available on the website of each such third party.

Although most browsers automatically accept the use of cookies, you may always change the settings on your computer by choosing not to accept cookies or by requesting to be asked to accept each one of them separately. However, you should be aware that this will limit the range of browsing options available to you on each website and your user experience.

  1. Transmission of your data to third parties

As a rule, our Company does not transmit your personal data to third parties, except only to the extent that this is required in order for us to execute the projects assigned to us and to provide our services to you — e.g. transmission of invoices to MyData — in order to fulfil requests relating to the services provided by us, and where required by the applicable legislative framework.

In particular, access to your personal data and the ability to process them is granted to the personnel of the Company — employees / associates / persons engaged by the Company — where this is absolutely necessary for the fulfilment of the above purpose and provided that they have undertaken confidentiality obligations.

Your personal data may be disclosed and transferred:

  • to the competent Public Authorities due to the Company’s legal obligations — Tax Authority, EFKA, etc. — as independent Controllers of personal data;
  • to engineers, accountants, computerisation specialists, information systems technicians, suppliers and associates, who are either joint Controllers of personal data or Processors of personal data together with the Company, and who are bound by professional secrecy obligations;
  • to the Tax Authority — MyData — within the framework of the performance of the contract between us and the provision of our services, which acts as Controller of personal data;
  • to our clients, upon your instruction, within the framework of the performance of the contract between us and the provision of our services, who are independent Controllers of personal data and are not connected with the Company.

In addition, such independent third parties may include official state and supervisory bodies — e.g. law enforcement and prosecutorial authorities, Cyber Crime Division, Hellenic Data Protection Authority, Hellenic Telecommunications and Post Commission, Hellenic Authority for Communication Security and Privacy, supervisory authorities — when we are called upon to comply with the law and to prevent unlawful acts against us and against you.

Third parties may also include telecommunications companies, cloud providers and audiovisual content providers.

In our Company, we select reliable providers and endeavour to impose contractual restrictions on third parties receiving your personal data, in order to ensure their lawful use. All our associates and employees are bound by a confidentiality agreement and by an obligation of confidentiality and professional secrecy.

In order for us to process your data, it may be necessary for such data to be stored, transferred and processed in other countries, including countries mainly within the European Economic Area (EEA), on the basis of EU adequacy decisions, binding corporate rules, standard contractual clauses and approved codes of conduct.

  1. Security of your personal data

In any case, we take the appropriate technical and organisational measures in order to ensure the confidentiality, integrity and availability of your data. Our aim is to ensure that your personal information is transferred, stored and processed in accordance with appropriate international security standards and procedures.

In our Company, we have trained and responsible personnel, and we recognise the importance of protecting privacy and all your personal information. For this purpose, we maintain appropriate security policies and use appropriate technical and operational tools, such as anonymisation, pseudonymisation, data encryption, use of firewalls, establishment of access levels, authorised employees and associates, personnel training, periodic audits, compliance with international standards of security and business continuity, in order to protect personal data against unauthorised or unlawful processing, accidental destruction, damage or loss.

Any associate of ours who has access to the above information and to your personal data, as Processor, uses them exclusively in order to serve the above purposes. We share the information you provide to us exclusively in the ways described in this Policy and in accordance with your explicit and specific consent per type of processing, which you may freely withdraw at any time by contacting us.

  1. How do we ensure that the Processors of personal data respect your personal data and the personal data of your partners, associates, etc.?

The Processors of personal data on behalf of the Company have agreed in writing and are contractually bound to:

  • maintain confidentiality, and to bind their personnel with corresponding obligations if they are external associates;
  • not transmit personal data to third parties without our written authorisation;
  • take organisational and technical security measures for the protection of the Data;
  • inform us of any incident relating to a breach of your personal data;
  • erase and/or return your personal data to us upon termination of our contract;
  • comply with the legal framework for the protection of personal Data and, in particular, the General Data Protection Regulation (GDPR) and the relevant legislation in general, as well as with the decisions of the Hellenic Data Protection Authority.
  1. Display of targeted advertisements

Only if you have given us your written or electronic consent may we use your personal data together with other information that we have collected, following human intervention by our commercial department, in order to display advertisements relevant to your apparent preferences, on our website or on another website.

However, we do not use automated tools for identifying and assessing your consumer profile and your preferences in general, together with other personal information — such as your email address — in order to display advertisements or send you personalised offers.

Furthermore, we do not share your personal data with third parties so that they may be able to send you corresponding advertisements, unless you have expressly consented thereto in writing.

If you give us the relevant consent, we may send you updates, emails or newsletters. If you wish us to stop sending you updates, emails or newsletters, you may use the unsubscribe link located at the end of each email or newsletter that you may have received from us, or withdraw your consent — opt out — from the recipients’ list for updates, newsletters and emails by sending an email to the address info@acrm.gr .

  1. Links to third-party websites

The website of our Company contains links leading to other websites of third-party independent bodies, which are operated and maintained exclusively by them and which we do not control, as mentioned above.

Consequently, we bear no responsibility whatsoever for the content, actions or policies of such websites. Please read carefully the respective data protection policies on the websites you visit, as they may differ significantly from ours.

  1. Unsolicited commercial communication

The Company does not permit the use of our services or of our website for the transmission of mass or unsolicited commercial email messages — spam. Furthermore, we do not permit the sending of messages from and to our clients which use or contain invalid or falsified headers, invalid or non-existent domain names, techniques for concealing the origin of each message, false or misleading information, or which violate the terms of use of websites.

We do not permit, in any way, the collection of email addresses or general information of our clients through our services or our website. We do not permit and do not authorise any attempt to use our services in a manner that could damage, disable or burden any part of our services or prevent anyone wishing to use our services lawfully from doing so.

In relation to our website www.acrm.gr and our email address info@acrm.gr, if we consider that any unauthorised or inappropriate use of data is taking place in any of our services, we may, without notice and at our absolute discretion, take appropriate measures to block messages from a specific internet domain, an email server or an IP address.

We have the ability to immediately delete any account using our services which, at our absolute discretion, transmits or is connected with the transmission of any messages that violate this Policy.

  1. Rights of data subjects and communication for questions or comments

In accordance with the legislation and the General Data Protection Regulation, you have the following rights:

  • Right to information and access to your data: The right to know whether your data are being processed, how and for what purpose.
  • Right to rectification of your data: The right to request the rectification of your personal data if they are inaccurate or incomplete.
  • Right to erasure of your data — “right to be forgotten”: The right to request the erasure or deletion of your personal data, subject to certain conditions.
  • Right to restriction of processing of your data: The right to request the restriction of the processing of your personal data where certain conditions apply.
  • Right to data portability: Your right to request that your data be transmitted to a third party.

Requests for the exercise of these rights, as well as any questions or comments you may have regarding this Personal Data Security and Protection Policy, or if you consider that we have not followed the principles set out herein, may be submitted electronically to the person responsible for Personal Data Security and Processing, Mr. Nikos Bakoulas, appointed by the Company, at the following email address: info@acrm.gr, with the indication: “to the personal data controller”.

In the event of exercise of any of the above-mentioned rights, the Company shall respond to you within one (1) month from receipt of your request, while this deadline may be extended by two (2) months depending on the complexity of the request and the number of requests.

Finally, you have the right to submit an electronic written complaint to the competent supervisory authority, the Hellenic Data Protection Authority, through its online portal (www.dpa.gr),  if you consider that the processing of your Personal Data violates the applicable national and regulatory legal framework for the protection of personal data.

  1. What is the applicable law for the processing of your Data by us?

The applicable law is Greek law, as shaped in accordance with the General Data Protection Regulation 2016/679/EU, and, in general, the applicable national and European legislative and regulatory framework for the protection of personal data.

The Courts of Athens shall have exclusive jurisdiction over any disputes that may arise in relation to your Personal Data.

  1. Validity of the Personal Data Security and Protection Policy

This Policy was published by the Company on 31/05/2026 and is subject to periodic improvement and revision.

 

I HAVE BEEN INFORMED, I ACCEPT AND I AGREE 

 

………………………………………………………………….

 

I HAVE BEEN INFORMED BUT I DO NOT AGREE          

 

………………………………………………………………….

 

I WISH TO RECEIVE UPDATES, EMAILS AND NEWSLETTERS       

 

………………………………………………………………………………

 

I DO NOT WISH TO RECEIVE UPDATES, EMAILS AND NEWSLETTERS    

 

……………………………………………………………………

We remain at your disposal to discuss your needs, to create a tailor-made proposal for you and to make your project a reality.
CONTACT US