1. Purpose and Policy Description

Pepper Greece Α.Ε.Δ.Α.Δ.Π. (hereinafter Pepper Greece, “we” “us”, “our”) may process your personal data in our capacity as data controllers. We are committed to respecting your privacy and protecting your personal data. This Recruitment Privacy Policy (“Privacy Policy”) describes how we handle and protect your personal data in connection with Pepper Greece’s recruiting processes and programs.

This Privacy Policy only applies to the personal data of job applicants and potential candidates for employment or partnership. Pepper Greece may also collect and process your personal data should we engage in due diligence related to a potential corporate acquisition of your current employer (e.g., if you are part of the senior leadership team of a target company). This Privacy Notice does not apply to our employees, contractors or clients, or other personal data that Pepper Greece collects for other purposes.

2. Personal data we collect

The types of personal data that we request from you and the ways that we process it are determined by the requirements of the country in which the position is located, i.e. Greece, and not the country in which you reside.

The personal data collected by the job applicants are limited to what is required by the nature of the job's requirements.We collect personal data directly from you when you apply for a job with us, such as:

  • Title, name, contact details, home address, date of birth
  • Contact Information (address, telephone number, email address)
  • Gender, marital status (not mandatory only if volunteered by the applicant)
  • Academic record, educational history, achievements
  • Photograph (optional, depending on the vacancy)
  • Qqualification and skills and all records of qualifications
  • Previous employment experience and references
  • Any information contained in or forming part of your curriculum vitae or accompanying application documentation


We collect similar personal data about you from third parties, such as professional recruiting firms, your references, prior employers. We may also collect personal data about you online to the extent that you have made this information publicly available on your professional social media websites (such as LinkedIn) to the extent this is permitted by applicable law.

In addition, with regards to Social Media Tools, in the event that the job announcement took place in the social media and the application process allows you to pull relevant information from social media websites (such as LinkedIn,) into your application form, you need to be aware that, if you choose to feed any personal data from such social media tools, it will be used in accordance with this Recruitment Policy.

We do not seek to obtain and will not collect special categories of data about a candidate unless permitted to do so by applicable laws. In the extraordinary circumstances that such data, such as health data or criminal records data, may be requested, this data will be processed only to the extent that this is absolutely necessary to assess the suitability of the applicant for a specific job position or duties.

3. Purpose of processing/Use of your personal data

We collect and use your personal data for human resources and business management reasons such as:

  • Identifying and evaluating candidates for potential employment, as well as for future roles that may become available
  • Process your job/candidate application, including to contact you in relation to interviews and/or offer you a job after the interview stage
  • Recordkeeping in relation to recruiting and hiring
  • Ensuring compliance with legal requirements, including diversity and inclusion requirements and practices
  • We may also use your aggregated/pseudonymized data to improve our recruitment and hiring process and our ability to attract successful candidates

4. Legal basis

The legal basis for processing your personal data for the purposes mentioned above is based:

  • On our need to perform contractual and precontractual measures in respect of our relationship with you
  • In specific instances, to comply with the law, when certain information is necessary to satisfy our legal or regulatory obligations.

5. Data recipients and international data transfers

Personal Data may be disclosed for the purposes described above to entities affiliated with the Company ("Pepper Group Entities "), our third party service providers and in some circumstances, our clients. These Recipients may include:

  • Pepper Hellas Employees acting within their job duties ( for instance the HR personnel who will conduct the candidate’s interview)
  • Pepper Hellas Employees performing administrative functions and IT personnel may also have a limited access to your personal data to perform their jobs
  • Our professional and legal advisers, auditors and regulators
  • Rrecruitment providers and agencies
  • Ffacilities providers ( e.g. property management companies)
  • Qoutsourced business continuity consultants
  • Pprofessional reference providers (such as our clients)
  • IT system and network providers

In addition, we may disclose or transfer your personal data in the event of a re-organization, merger, sale, joint venture, assignment, or other transfer or disposition of all or any portion of our business.

6. Security

We have implemented generally accepted and appropriate standards of technical and operational measures to protect personal data rom against accidental or unlawful destruction, loss, alteration, unlawful disclosure or access to them and any unlawful processing, as well as to ensure the possibility of restoring availability and access to them. Only authorized personnel of Pepper Greece and of our third party service providers are provided access to personal data, and these employees and third party service providers are legally bound to treat this information as confidential and to implement appropriate technical and organisational measures to ensure, as much as possible, the most appropriate protection of personal data. These measures also serve so as to demonstrate that processing is performed in accordance with GDPR, obviously taking into account the nature, scope, context and purposes of processing as well as the risks of varying likelihood and severity for the rights and freedoms of natural persons, while applying appropriate procedures for the regular testing, evaluation and evaluation of the effectiveness of the techniques and organisational measures.

7. Data retention

If you accept an offer of employment by us, any relevant personal data collected during your pre-employment period will become part of your personnel records and will be retained in accordance with specific country requirements. If we do not employ you, we shall inform you of such decision and we shall continue to retain and use your personal data for a period of one (1 ) year time, to consider you for potential future positions, and to perform research. After the predetermined time period the relevant data will be safely destroyed. However, we retain a minimal amount of your personal data to record your recruiting activity with us to enable us to understand whether you have previously applied for a role (or roles) at Pepper Greece.

8. Your rights

In accordance with GDPR and the applicable national law, you have:

  • A right to request a copy of the personal data we hold about you and details of how we use that information
  • A right to amend or rectify your personal data if any of the information held about you is incorrect or out of date
  • A right of portability of your personal data
  • A right to erase your personal data, to demand that we cease the processing of your personal data, to restrict the processing of your personal data, and/or to withdraw your consent to the processing of your personal data. This may not apply if there are other legal justifications to continue processing and we may need to retain certain personal data where required or permitted under applicable law.

In addition, you have the right to lodge a complaint with the Hellenic Data Protection Authority (HDPA) vie email: complaints@dpa.gr, through the website: DPA.GR, via mail or at the Data Protection Authority Offices at Kifissias 1-3, 115 23 Athens, Greece or by fax at +30 210 6475628

If you would like to make a request to access, review, correct, delete or portability request the personal data we have collected about you, or to discuss how we process your personal data, please contact us at dpo@pepperhellas.gr

To help protect your privacy and security, we will take reasonable steps to verify your identity before granting you access to your personal data. We will take all possible measures to satisfy your request within a reasonable period, no later than one (1) month after the submission of the request and proper proof of your identity. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests. Please note that the absolutely necessary user data may be retained, in order to safeguard the legal interests of the Company. Please note that depending upon the circumstances and the request, we may not be permitted to provide access to personal data or otherwise fully comply with your request; for example, where producing your information may reveal the identity of someone else. We reserve the right to charge an appropriate fee for complying with your request where allowed by applicable law, and/or to deny your requests where, in the Firm’s discretion, they may be unfounded, excessive, or otherwise unacceptable under applicable law.


The company may change this policy. Please check the effective date at the top of the policy to see when it was last revised. Every revision will be implemented as soon as we publish the revised policy.