For the purposes of this Information former employees shall be considered the persons who have been employed, in any form, by any of the Group companies and whose employment has ended or been terminated for any reason.
The personal data collected and processed by the Group companies fall primarily within the following categories. It is explicitly clarified, however, that you may not be concerned by all the data mentioned below and all information in general provided herein.
a) Identification data: name and surname, father’s name, Social Security Number, Identity Card Number, Tax Identification Number, date and place of birth, photograph, etc.
b) Contact information: postal address, email, telephone number (landline and mobile), etc.
c) Family status and dependent family members’ data, which were collected for the fulfillment of the Group companies’ legal obligations or in the context of your individual employment contract or a collective bargaining agreement or in the context of unilateral voluntary benefits.
d) Data included in your applications for a job position in any Group company as well as information collected during the process of your placement in the Group: education certificates, military service certificates, information on your previous professional experience and background, information regarding family relationships between you and other employees of the Group, etc.
e) Data deriving from your employment by the Group companies: evaluations, salary data, training courses, etc.
f) Health and medical data, as provided for by the law.
g) Data collected in the framework of your financial behavior evaluation (including but not limited to uncovered cheques, termination of loan contracts, seizures) for the deterrence of frauds and the protection of the Group’s reputation.
h) Data concerning your criminal record, as provided for by the applicable legislation.
i) Data concerning your participation in trade unions for the exercise of your or the Group companies’ rights and the fulfillment of your or the Group companies’ obligations.
j) Data related to the access to the premises, systems and records of the Group companies.
k) Data collected from closed circuit television (CCTV) from the Group companies’ premises for the protection and security of persons, of important areas, facilities and in general the Group companies’ property, as provided for by the law.
l) Data from the use of information systems and communication media in the workplace or related to work, such as telephone, e-mail , Internet, pursuant to the Group companies’ regulations and policies and as provided for by the law.
a) The Group companies have obtained your personal data either directly from you or from third parties (natural or legal) authorized by you for this purpose, including employment agencies acting on your behalf. The Group companies are not liable in case of unlawful processing of your personal data by said agencies and in general by third parties as mentioned above.
b) The Group companies may have also obtained your personal data from communication media and information systems or access and image recording systems they possess.
The Group companies retain your personal data mentioned above for:
a) Their compliance with their legal obligations.
b) The purposes of legitimate interests pursued by them or by third parties which override your interests, fundamental rights or freedoms requiring the protection of your personal data and especially for the establishment, exercise or defense of the Group companies’ legal claims and the exercise of their rights, mostly in the framework of labor and social security law.
c) The exercise of the Group companies’ rights and fulfillment of their obligations stemming from voluntary redundancy agreements.
The Group companies retain special categories of personal data, as those are defined in article 9 of the GDPR, pursuant to the latter and the relevant legislation.
Your personal data are accessible by the Group companies’ management and/or their authorized employees, in case this is required for the purposes described in Section 4 of the present Information. The Group companies have taken additional measures to ensure the security of your data related to your health, any criminal convictions and data collected from CCTV and the use of media in the workplace.
The transfer of personal data to recipients other than the Group companies may take place only in the following cases:
a)For the Group companies’ compliance with their legal obligations; or
b) For the Group companies’ or a third party’s overriding legitimate interests; or
c) Upon your consent.
In the aforementioned cases recipients of your personal data may indicatively be:
i. Social security institutions and any other public entity.
ii. Entities cooperating with the Group companies, which process your personal data on their behalf: Lawyers, law firms, bailiffs, notaries, companies for the installation, operation and support of computer applications, providers of IT products and/or services and/or support services for any type of IT and electronic systems and networks, including online systems and platforms, companies providing services regarding data and records storage, filing, management and destruction, etc.
iii. Supervisory, audit, independent, judicial, prosecution, public and/or other authorities or entities within their competences, duties and powers.
iv. Cooperating companies to which the Group companies may transfer former employees’ personal data for the provision of services set out in voluntary redundancy agreements.
The Group companies can transfer your personal data outside the EU under the following circumstances:
a) If the European Commission decides that the recipient ensures an adequate level of protection; or
b) If appropriate safeguards with regard to the processing have been provided from the recipient according to the law.
In the absence of the abovementioned circumstances a transfer may take place if:
i. You have explicitly consented to the transfer; or
ii. The transfer is necessary for the establishment or exercise of legal claims or for the defense of the Group companies’ legal rights; or
iii. The Group companies are obliged by law or by an international convention to provide the data; or
iv. The Group companies are obliged to comply with regulations regarding the automatic exchange of data within the tax sector as derived from Greece’s international obligations.
In order to fulfil the obligations under points iii or iv the Group companies may transfer your data to the competent national authorities so that the data are delivered to the respective third countries’ authorities.
You have the following rights:
a) To know the personal data categories stored and processed by the Group companies, their origin, the purposes of their processing, the categories of their recipients, the period of their storage and your relevant rights (right of access).
b) To demand the rectification and/or to have your incomplete data completed so that they are accurate (right to rectification) by providing supplementary statements that justify the need for rectification.
c) To ask for a restriction of the processing of your personal data (right to restriction of processing).
d) To object to any further processing of your stored personal data (right to object).
e) To demand the erasure of your personal data from the Group’s records (right to erasure).
f) To ask the transfer of your data stored by the Group Companies to another controller (right to data portability).
However, please note the following as regards your rights mentioned above:
i. The Group companies may not satisfy your rights described in points (c), (d) and (e) above (partly or fully) if the data are deemed necessary for the signing of and/or continuance of the employment contract or your employment relationship.
ii. The Group companies have in any case the right to deny your request for restriction of processing or erasure of your data if their processing or storage is necessary for the establishment, exercise or defense of their rights or the fulfilment of their obligations.
iii. The right to data portability (point f) does not include the erasure of your data from the Group companies’ records in case the data are necessary for the establishment, exercise or defense of the Group Companies’ rights or the fulfillment of their obligations.
iv. The exercise of these rights is valid for the future and does not affect previous data processing.
g) To lodge a complaint with the Data Protection Authority (www.dpa.gr) in case you consider that your rights are in any way violated.
For the exercise of your rights you may contact in writing the Sub-directorate HR4U (7 Santaroza str. 10564, Athens) or send an email to HR4U@Eurobank.gr.
The Group companies shall use their best endeavors to address your request within thirty (30) days of its receipt. The abovementioned period may be prolonged for sixty (60) more days, if deemed necessary, taking into account the complexity of the issue and the number of the requests. You shall be informed within thirty (30) days after receipt of your request in any case of prolongation of the abovementioned period. The abovementioned service is provided free of charge. However, in case the requests manifestly lack of foundation and/or are repeated and/or excessive, a reasonable fee may be imposed after you have been informed or your requests may not be addressed.
The following Entities of the Group process your personal data under their capacity as controllers:
- Eurobank SA based in Athens, 8 Othonos str., 10557, GCR No 154558160000.
- Eurobank Equities Investment Firm S.A. based in Athens, 10 Filellinon str., 10557, GCR No 003214701000.
- doValue Greece S.A., based in Moschato, 27 Kyprou & Archimidous str., 18346, GCR No 121602601000.
- Eurobank Asset Management M.F.M.C., based in Athens, 10 Stadiou str., 10564, GCR No 2292401000.
- Eurobank Ergasias Leasing S.A., based in Athens, 7-13 Eslin & 20 Amaliados str., 11523, GCR No 001063001000.
- Be Business Exchanges S.A., based in Nea Ionia, Al. Panagouli & Siniosoglou str., 14234, GCR No 004316901000.
- Eurobank Factors S.A., based in Athens, 16 Laodikeias & 1-3 Nymfaiou str., 11528, GCR No 3572901000.
For any matter regarding the processing of your personal data you may contact:
- For Eurobank SA at 6 Siniosoglou str., 14234 Nea Ionia (attn. of the responsible for personal data) or at dpo@eurobank.gr.
- For Eurobank Equities Investment Firm S.A. at 10 Filellinon & 13 Xenofontos str., 10557 Athens (attn. of the responsible for personal data) or at dpo@eurobankequities.gr.
- For doValue Greece S.A. at 27 Kyprou & Archimidous str., 18346 Moschato (attn. of the responsible for personal data) or at dpo@dovaluegreece.gr.
- For Eurobank Asset Management M.F.M.C. at 10 Stadiou str., 10564 Athens (attn. of the responsible for personal data) or at dpo-am@eurobank.gr.
- For Eurobank Ergasias Leasing S.A. at 7-13 Eslin & 20 Amaliados str., 11523 Athens (attn. of the responsible for personal data) or at dpo_leasing@eurobank.gr.
- For Be Business Exchanges S.A. at Al. Panagouli & Siniosoglou str., 14234 Nea Ionia (attn. of the responsible for personal data) or at dpo@be24.gr.
- For Eurobank Factors S.A. at 16 Laodikeias & 1-3 Nymfaiou str., 11528 Athens (attn. of the responsible for personal data) or at dpo@eurobankfactors.gr.
The Group takes all the appropriate organisational and technical measures to ensure the security of your personal data, the confidentiality of their processing, and their protection from accidental or unlawful destruction, loss, alteration, prohibited transmission, dissemination or access and any other form of unlawful processing.