EOS PERSONNEL SOLUTIONS (hereinafter the “Company”), with registered address at 54 Michalakopoulou Avenue, Athens, 11528, Greece, telephone +30 210 7256 734, and email hire@eoswf.com, is committed to protecting personal data and ensuring that such data is processed lawfully, fairly, and securely.
This Policy applies to all employees, partners, consultants, external associates, suppliers, and any other persons acting on behalf of the Company who have access to personal data. Its purpose is to define the general framework of principles, obligations, and responsibilities governing the processing of personal data by the Company.
This Policy is established and implemented in accordance with:
Personal Data: any information relating to an identified or identifiable natural person.
Special Categories of Personal Data: data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, as well as genetic data, biometric data, data concerning health, or data concerning a person’s sex life or sexual orientation.
Data relating to criminal convictions and offences: personal data relating to criminal proceedings, convictions, or security measures.
Profiling: any form of automated processing of personal data consisting of the use of such data to evaluate certain personal aspects relating to a natural person.
Data Subject: the natural person to whom the personal data relates.
Processing: any operation or set of operations performed on personal data, such as collection, recording, organisation, structuring, storage, use, disclosure, transmission, restriction, erasure, or destruction.
Filing System: any structured set of personal data accessible according to specific criteria.
Transfer: any disclosure of or granting access to personal data to a third party.
Data Protection Impact Assessment (DPIA): a process for identifying, assessing, and documenting risks to the rights and freedoms of data subjects.
Controller: the natural or legal person that determines the purposes and means of processing personal data.
Processor: the natural or legal person that processes personal data on behalf of the Controller.
Any person processing personal data on behalf of the Company must comply with the following principles:
Personal data shall be processed lawfully, fairly, and in a transparent manner.
Personal data shall be collected for specified, explicit, and legitimate purposes and not further processed in a manner incompatible with those purposes.
Personal data must be adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed.
The Company takes reasonable steps to ensure that personal data is accurate and, where necessary, kept up to date.
Personal data shall be retained only for as long as necessary for the purposes of processing or as required by applicable law.
Personal data shall be processed in a manner that ensures appropriate security, including protection against unauthorised or unlawful processing and against accidental loss, destruction, or damage.
The Company is responsible for, and must be able to demonstrate, compliance with the above principles.
The Company processes personal data only where at least one of the legal bases provided by the GDPR applies, including, for example:
Where processing is based on consent, such consent must be freely given, specific, informed, and unambiguous, and may be withdrawn at any time.
The Company informs data subjects, at the time of collection or within the legally required timeframe, at least about:
In the context of its activities, the Company may process personal data of employees, job applicants, clients, partners, suppliers, and other natural persons only to the extent necessary for:
Personnel files and related information are treated as confidential.
The Company takes technical and organisational measures to ensure that personal data is accurate, complete, and, where necessary, up to date. Inaccurate or incomplete data is corrected or deleted without undue delay.
Where a processing activity is likely to result in a high risk to the rights and freedoms of natural persons, the Company shall carry out, prior to the processing, a Data Protection Impact Assessment (DPIA), in accordance with Article 35 GDPR.
Personal data shall be disclosed to third parties only where such disclosure is necessary and lawful, and provided that appropriate safeguards are in place.
Where a third party acts as a processor on behalf of the Company, the relationship shall be governed by a written data processing agreement in accordance with Article 28 GDPR.
Transfers of personal data to countries outside the European Economic Area shall only take place where the conditions of the GDPR are met and an adequate level of protection is ensured, such as through an adequacy decision, standard contractual clauses, or another appropriate safeguard.
The Company implements appropriate technical and organisational measures to protect personal data, including, indicatively:
Personal data shall be retained only for as long as necessary for the purpose of processing and/or as required by applicable law. Once the relevant retention period expires, the data shall be securely deleted or anonymised, unless further retention is required for the establishment, exercise, or defence of legal claims.
Each data subject has, subject to the conditions of applicable law, the following rights:
To exercise their rights, data subjects may contact the Company at:
EOS PERSONNEL SOLUTIONS
54 Michalakopoulou Avenue, Athens, 11528, Greece
Tel.: +30 210 7256 734
Email: hire@eoswf.com
Data subjects also have the right to lodge a complaint with the Hellenic Data Protection Authority.
Any incident involving a personal data breach must be reported immediately to the appropriate persons within the Company so that it can be assessed and addressed without undue delay.
The Company maintains a record of breaches and takes the necessary corrective and preventive measures. Where required under the GDPR, the Company shall notify the competent supervisory authority within 72 hours of becoming aware of the breach and, where necessary, inform the affected data subjects.
The Company maintains, where required, records of processing activities, including at least:
The Company takes data protection into account when designing new services, systems, and processes, applying the principles of data protection by design and data protection by default, in accordance with Article 25 GDPR.
The Company ensures that its staff and associates receive appropriate information and training on personal data protection and information security, depending on their role and responsibilities.
EOS PERSONNEL SOLUTIONS acts as Controller for the processing activities it determines and is responsible for compliance with applicable data protection law.
Third-party partners processing personal data on behalf of the Company must act only on documented instructions from the Company and must be contractually bound to protect such data.
Where the Company has appointed a Data Protection Officer (DPO), the DPO monitors compliance, provides advice, and acts as a contact point for the supervisory authority and data subjects on data protection matters.
The Company’s management is responsible for ensuring the implementation of this Policy and for providing the necessary resources. All staff members are required to comply with the requirements of this Policy.
Failure to comply with this Policy may result in disciplinary, civil, administrative, and/or criminal consequences, in accordance with applicable law and the Company’s internal procedures.
Last Updated: 6 April 2026
EOS Workforce specializes in sourcing talent from third-country nationals outside the EU.
We were founded to help bridge Greece’s labor market gaps through ethical, transparent, and results-oriented recruitment solutions.
