About us
Projects
Services
Case Studies
News
CSR
Contact
TenTec Logo

Quality.
On Time.
On Budget.

PERSONAL DATA PROTECTION POLICY

TenTec S.A.
A Part of Ten Brinke Group

Classification: Public
Version: 1.0
Last Updated: March 2026
Owner: Data Protection Officer

1. Data Controller

The Data Controller within the meaning of Article 4(7) GDPR is:

Tentec S.A.

Legal form – S.A.

Tax ID 801341052 / GEMI 154737701000

Poseidonos 4

15232. Chalandri / Northern Sector of Athens, Greece

Email: info@tentec.gr

TenTec S.A. is part of the Ten Brinke Group. This Policy applies to all processing of personal data carried out through this website.

Processing is carried out in accordance with:

  • Regulation (EU) 2016/679 (GDPR)
  • Law 4624/2019
  • Law 3471/2006
  • EDPB & HDPA Guidelines

2. Data Protection Officer

The company has appointed an external Data Protection Officer (DPO). For any matter concerning the processing of your data, you may contact the Data Protection Officer (DPO) of the Company at the email address: dpo@isaudit.eu

3. Definitions

For the purposes of this Policy, the following terms (as defined in Article 4 GDPR) apply:

  • Personal Data”: any information relating to an identified or identifiable natural person (the “data subject”).
  • Processing”: any operation or set of operations performed on personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment, combination, restriction, erasure or destruction.
  • Data Subject”: an identified or identifiable natural person whose personal data are processed.
  • Processor”: a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
  • Third Party”: a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
  • Consent”: any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

4. Categories of Data

We may process the following categories of personal data:

4.1 Identification Data

First name, surname.

4.2 Contact Data

Email address, telephone number.

4.3 Technical Data

IP address, device type, browser, server logs.

4.4 Consent Data

Consent ID, timestamp, cookie preferences.

4.5 Newsletter Data

Email address, open and click-through statistics.

No collection of special categories of data (Article 9 GDPR) is pursued.

5. Processing Principles

Processing is carried out in accordance with the principles of Article 5 GDPR:

  • Lawfulness, fairness and transparency
  • Purpose limitation
  • Data minimisation
  • Accuracy
  • Storage limitation
  • Integrity and confidentiality
  • Accountability

6. Purposes and Legal Bases

6.1 Website Operation

PurposeEnsuring the secure and technically correct operation of the website.
Data ProcessedTechnical data (IP address, browser type, server logs).
Legal BasisArticle 6(1)(f) GDPR – Legitimate interest.

6.2 Contact Form

PurposeResponding to enquiries submitted via the contact form.
Data ProcessedIdentification and contact data.
Legal BasisArticle 6(1)(b) GDPR (pre-contractual measures) or Article 6(1)(f) GDPR (legitimate interest).

6.3 Newsletter

PurposeSending periodic newsletters and marketing communications.
Data ProcessedEmail address, open and click-through statistics.
Legal BasisArticle 6(1)(a) GDPR – Explicit consent.
WithdrawalYou may withdraw your consent at any time via the unsubscribe link in each email or by contacting us.

6.4 Analytics / Marketing Cookies

PurposeMeasuring website traffic, analysing user behaviour, and serving relevant advertisements.
Data ProcessedTechnical data, consent data.
Legal BasisArticle 6(1)(a) GDPR, in conjunction with Law 3471/2006.

7. Cookies & Consent (Usercentrics)

The website uses a Consent Management Platform (Usercentrics) to manage your cookie preferences.

  • A unique Consent ID is recorded for each visitor.
  • Proof of consent is documented in accordance with Article 7 GDPR.
  • You may modify or withdraw your consent at any time via the privacy settings at the bottom of each page.

8. Processors (Article 28)

The company engages the following processors:

  • Google Ireland Ltd – Analytics
  • CleverReach GmbH – Newsletter
  • Usercentrics GmbH – Consent Management

Data processing agreements have been concluded with each processor in accordance with Article 28 GDPR.

9. Joint Controllers (Article 26)

Where social media plugins or page insight tools are integrated into the website, joint controllership within the meaning of Article 26 GDPR may apply with:

  • Meta Platforms Ireland Ltd
  • LinkedIn Ireland
  • Google Ireland Ltd

In such cases, a joint controller arrangement under Article 26 GDPR defines the respective responsibilities. The essence of this arrangement is made available to data subjects upon request.

10. Transfers to Third Countries

Where personal data are transferred outside the European Economic Area, appropriate safeguards are in place, including:

  • An adequacy decision by the European Commission (e.g. the EU–US Data Privacy Framework, where the recipient is DPF-certified);
  • Standard Contractual Clauses (SCCs) adopted by the European Commission;
  • A Transfer Impact Assessment (TIA) where required;
  • Supplementary technical and organisational measures where necessary.

11. Retention Period

  • Server logs: up to 7 days.
  • Newsletter data: until withdrawal of consent.
  • Consent records: 3 years (for accountability and documentation purposes).

12. Security (Article 32)

Appropriate technical and organisational measures are in place, including:

  • Encryption (TLS/SSL)
  • Firewall protection
  • Access controls and role-based permissions
  • Password management policy
  • Regular backups

13. Data Breach

In the event of a personal data breach:

  • The Hellenic Data Protection Authority (HDPA) will be notified within 72 hours (Article 33 GDPR).
  • Affected data subjects will be informed without undue delay where the breach is likely to result in a high risk to their rights and freedoms (Article 34 GDPR).

14. Data Subject Rights

In accordance with Articles 15–22 GDPR, you have the right to:

  • Access your personal data (Article 15)
  • Rectification of inaccurate data (Article 16)
  • Erasure (“right to be forgotten”) (Article 17)
  • Restriction of processing (Article 18)
  • Data portability (Article 20)
  • Object to processing (Article 21)
  • Withdraw consent at any time (Article 7(3))
  • Not be subject to automated individual decision-making, including profiling (Article 22)

To exercise your rights, please contact: privacy@tentec.gr or the DPO at [dpo@tentec.gr].

We will respond within one (1) month of receipt of your request.

15. Supervisory Authority

Hellenic Data Protection Authority (HDPA)

www.dpa.gr

You have the right to lodge a complaint with the HDPA in accordance with Article 77 GDPR.

16. Judicial Remedy

You have the right to an effective judicial remedy (Article 79 GDPR) and the right to compensation for damage suffered as a result of unlawful processing (Article 82 GDPR).

17. Updates

This Policy may be amended from time to time. Any changes will be published on this page.

Last updated: March 2026.

360° total solutions

Footer Logo

TenTec S.A., founded in 2020, is Ten Brinke Group’s partner in Greece, providing design, construction, project management, and procurement services with a focus on quality, efficiency, and timely delivery.

Get in Touch

Poseidonos 4, 15232,
Chalandri, Athens
2106828200 | 2102241151
info@tentec.gr

 

Follow us

G.E.MI. 122905901000
© 2025-2026 TenTec
Privacy Policy
Legal Notice
Created by Hypertria
Curated by The Design Ambassador