With the exception of data under points (a) and (b) below which are absolutely necessary in any relationship with the Bank, the categories and number of other collected and processed personal data depends in any case on the data subject’s capacity as well as on other factors, such as the type of transaction/contract/ partnership/relationship, the product or service that has been, is or will be provided and their provision is necessary for the commencement or the continuation of the transaction/contract/ partnership/relationship with you and the provision of a product or service. In view of the above, the personal data that the Bank collects and processes may indicatively be the following and not all of them necessarily concern you:
a) Identification data: name and surname, father’s name, mother’s name, identity card or passport, Tax Identification Number, Social Security Number, date and place of birth, sex, citizenship, signature data etc.. The aforementioned data are provided directly by you and are updated with your assistance.
b) Contact data: postal and e-mail address, fixed and mobile telephone number etc.. The data are received directly by you and are verified/updated with your assistance and/or are collected/verified/updated from debtor notification companies (Law 3758/2009) (it is hereby clarified that in the framework of this Information any reference to a certain legislative instrument is understood as it is in force or has been replaced) or debt management companies (Law 4354/2015), lawyers, bailiffs and natural or legal persons in general that undertake on behalf of the Bank the update of your contact data in case you have omitted notifying the Bank for any such amendment.
c) Data concerning your economic and financial situation: profession and duration of occupation, remuneration, dependent family members, marital status or non/partnership contract/widowhood, tax declarations (E1 and E9), salary statements, tax clearance certificates, insurance certificates, documentation regarding acquisition or transfer of immovable or movable property. Said data are collected/verified/updated either directly from or from other sources, such as land registries, cadaster offices, courts, tax authorities, where allowed records of TIRESIAS S.A. (Risk consolidation system regarding consumer credit, see below) etc..
d) Data concerning the failure to perform your financial obligations: bounced cheques, termination of loan and credit agreements, payment orders, seizures and other relevant orders, applications for and decisions on consolidation or bankruptcy or debt settlement in general (indicatively Laws 3869/2010, 4469/2015, 4605/2019 etc.) collected from the Bank within the framework of your relationships, or from pleadings, applications, measures etc. communicated to the Bank or from databases on economic behavior, such as the company TIRESIAS S.A. (see below).
e) Data concerning your creditworthiness: debts towards credit and/or financial institutions arising from loans, credits, letters of guarantee, and/or credit guarantees etc. collected from the Bank in the framework of your transactional relationships with it and/or other credit and/or financial institutions, where allowed (i.e. in cases of point u of Section 3 below), and/or from databases on economic behavior such as the company TIRESIAS S.A. (see below).
f) Credit profiling/credit scoring data, produced from the relevant systems of the Bank and/or other credit and/or financial institutions, where allowed (i.e. in cases of point. u of Section 3 below), and/or from databases on economic behavior, such as the company TIRESIAS S.A. (see below)
g) Data related to acquiring contracts which have been terminated by the credit institutions or the companies issuing and managing cards due to breaches of particular terms of the abovementioned contracts (i.e. acquiring of cards reported lost, fictitious transactions, self-financing etc.), collected by the Bank and/or the company TIRESIAS S.A. (see below).
For the aforementioned data under points c-g collected from the databases of the company under the name INFORMATION BANKING SYSTEMS SA and the distinctive title TIRESIAS S.A. (registered office: 2 Alamanas Str., 151 25 Marousi Attikis, tel. number: +30 210 3676700, website: www.teiresias.gr), which is a controller of economic behavior data, as well as for the exercise of your relevant rights, you may be informed by contacting the abovementioned phone number or by visiting the abovementioned website.
h) Data deriving from supplementary and supporting documentation you provide the Bank with, questionnaires that you fill during your contractual or relationship or transaction or partnership or at a pre-contractual stage.
i) Data deriving from the performance of your contract(s) (including execution of orders) with the Bank where you participate as counter party or under any other capacity, the performance of transactions (including the nature/type of transaction, date and place of the transaction) your transactional behavior and operation of partnerships as well as the use of products or services at a pre-contractual stage.
j) Data related to recorded communications provided you have been previously informed pursuant to the legal preconditions and your communication data with the Bank.
k) Data related to your electronic identification and connection with electronic banking services (i.e. e-banking, mobile banking, europhone banking, v-banking) and applications, data for the execution of transactions (including the nature/type, date and place of the transaction) and the transactional behavior, your service and in general the provision of electronic banking services (i.e. e-banking, mobile banking, europhone banking, v-banking) and the use of the Bank’s electronic and/or digital products services and applications (i.e. cookies, IP addresses or other online identification data, location data i.e. within a certain geographical scope). These data are collected either directly from you, from portable devices or applications you are using or from services providers the Bank collaborates with.
l) Image data collected from the video recording systems of the Bank’s premises, where signs have been placed pursuant to the law.
m) Data on payments from or towards you pursuant to the legislation in force for the provision of payment services and the framework agreement for the provision of payment services as in force and available on the Bank’s website (www.eurobank.gr/-/media/eurobank/footer/pdf/psd-ka2437-eng.pdf?la=en). Indicatively, data for the transfer from/towards a payment account, wire transfer, direct debit mandates, transactions with payment means etc.. These data may include, apart from you own data, third party data when the third party is related to the payment order under the capacity of the payer or the beneficiary. These data are collected either by you or by a third person on your mandate (i.e. payment execution with card, payment order of your financial obligation towards a third party when the order originates from the beneficiary or the service provider you have chosen or a third originator
n) Data related to or arising from the execution of investment transactions and/or obtaining of investment products as well as the provision of investment services to you. Additionally, data on your assets and financial instruments obtained by the Bank and/or those kept by the Bank, pursuant to the relevant legislation.
o) Data concerning your knowledge and experience in the investment sector with regard to a specific type of product or service, your financial situation, including your ability to bear losses, your tolerance level towards risk and your investment objectives and needs. The abovementioned data are received directly by you, depending on the investment service or the relevant investment product you apply for.
p) Data relating to the provision of insurance products via the Bank’s mediation. For insurance products offered by the Bank under its capacity as insurance mediator data that are necessary for the signing of the insurance contract depending on its subject and the relevant risks as well as data required by the legal and regulatory framework will be collected. These data are collected directly from you.
q) Data deriving from securities and assurances (including insurances) in the Bank’s name and to its benefit
r) Data for the assessment of the risk of money laundering and/or terrorism financing that are collected directly from you, your executed transactions, TEIRESIAS S.A., authorities and bodies that are in charge of the prevention and repression of the aforementioned offences.
s) Data regarding the exchange or provision of financial information determined in accordance with the legislation or international agreements (such as FATCA, CRS etc.).
t) Data on transactions in financial instruments which are mentioned in the framework of compliance with the legal and regulatory provisions (such as Regulation (EU) 648/2012 (EMPIR), Regulation (EU) 600/2014 (MIFIR) and their executive measures etc.).
u) Data on beneficiaries of legal persons or entities that are active, candidate or former clients of the Bank or contracting parties in general.
v) The Bank collects and processes special categories of personal data after applying appropriate security and safety measures and only as long as the necessary legal conditions have been met, especially with your explicit consent or when the processing is necessary for the establishment or support of legal claims etc.. Pursuant to the above, the Bank may indicatively collect health data of you and or dependent family members that you provide yourselves as well as biometric data when you sign electronically.
w) The Bank collects and processes minors’ data only when the legal preconditions have been met.
x) Data from your answers on the Bank’s surveys, your reaction to advertising campaigns when these are not anonymized.
y) Data for conducting (organization, monitoring the validity of participations, communicating with the winners, awarding etc.) and data for your participation to drawings, competitions, reward programs by the Bank, that we collect directly form you or the performance of your contract(s) with the Bank, your transactions and the use of products or services you have been or are provided with.
The abovementioned data may be collected/verified/updated by the Bank, where this is allowed and appropriate, and via publicly available sources such as indicatively land registries. cadastral offices, courts, registers, web, open social media profiles, mass media, etc.. Additionally, data are also collected from bodies that assign to the Bank the management of loans and credits portfolios according to 2.A.g. below or from third parties acting on behalf of these bodies. The data collection directly from you, as described above, includes the data collection from a third party, natural or legal person, acting on your behalf or related to you as well as the data collection from the Bank’s partners that act on its mandate and behalf (such as intermediaries etc.) to which you have provided your personal data with in order for them to transfer these data to the Bank. In case you provide us with personal data of third persons you must have in advance properly informed them (indicatively by referring them to this Information) and ensured their consent, where required.
The Bank collects and processes your personal data that are each time necessary:
A. For the execution of a contract and in order to carry out pre-contractual measures at your request
The processing of your data as described in Section 1 above serves purposes such as:
a) Your identification, verification of your data and the communication with you during the pre-contractual and contractual stage, as well as during any other transaction between you and the Bank.
b) The evaluation of your applications and requests in general, the formation of a contact with you, its execution and smooth operation, the debt evolution arising from the contract, the fulfillment of each counterparty’s obligations and the defense of interests and exercise of the Bank’s rights.
c) The service, support execution and monitoring of your transactions including the ones via electronic banking (indicatively e-banking, mobile banking, europhone banking, v-banking).
d) Your characterization as private or professional client pursuant to the relevant legislation (indicatively Directive 2014/65/EU (MIFID II) that was incorporated to the Greek law with Law 4514/2018 and its executive measures etc.), the evaluation of your suitability and compatibility for the provision of investment or associated services or insurance services, your information on such services, monitoring for services and your admission, if possible, to the defined target-market of these products.
e) In case of granting any loan or credit your (including cases of provision of securities etc.) for:
i. the assessment of the credit risk the Bank will be or has already been exposed to;
ii. the monitoring of the evolution of the contract and liabilities;
iii. the prevention or mitigation of the possibility of a failure by your part to fulfill your obligations arising from the contract you will enter into with the Bank;
iv. the pursuing of the collection of any possible debts to the Bank due to the performance of your contract you will sign.
f) The communication with you, your information on the best use of the Bank’s products and/or services (i.e. new features or functionalities of these products or new opportunities to use products/services to your benefit, your information about or participation in bonus and loyalty rewards programs, lots, contests etc.).
g) Loan and Credit Portfolios management upon their assignment to the Bank by special purpose companies within the framework of debt securitization pursuant to articles 10 and 14 Law 3156/2003. Information on the entities and portfolios handled by the Bank are available on its website https://www.eurobank.gr/el/gdpr-enimerosi-foreon-apaitiseon where there is also a reference to the personal data processing notices of the special purpose companies as data controllers.
h) Debenture holders’ representation pursuant to article 4 Law 3156/2003.
Said processing (under Section A) serves also the Bank’s compliance with its legal obligations (see below Section B) as well as the Bank’s or a third party’s legitimate interests (see below Section C).
B. For the Bank’s compliance with its legal obligations
The processing of your data as described in Section 1 above also serves purposes such as:
a) The Bank’s compliance with obligations imposed by the relevant legal, regulatory and supervisory framework in force, as well as with authorities’ decisions (public, supervisory, independent, prosecution etc.) or courts (regular or arbitrary).
b) The prevention and repression of money laundering and terrorism financing, as well as the prevention, detection and repression of frauds against the Bank or its clients, as well as of any other illegal act.
c) The protection of the Bank’s clients, personnel and visitors and their property as well as the Bank’s facilities and property in general.
d) The Bank’s compliance with obligations imposed by legislation or international agreements regarding the exchange or provision of financial information (FATCA, CRS etc.) and/or the submission of reports (such as EMIR, MIFIR, etc.).
Said processing (under B) serves also the Bank’s or a third party’s legitimate interests (see below under C).
C. For serving the Bank’s or third parties’ legitimate interests
The processing of data under Section 1 serves, additionally, purposes such as indicatively the security and safety of the Bank’s information systems, facilities and assets, the prevention and deterrence of criminal acts or frauds against the Bank or a third party, the defense of the Bank’s or third parties’ legal rights and interests (third parties being indicatively Eurobank Group Companies, cooperating with the Bank companies, corporate social security etc.) the management of your complaints, the Bank’s compliance with obligations arising from contacts with co-financing or guarantee institutions/organizations or third parties in general, the retention of historical record, the transfer of the Bank’s claims from loan and/or credit agreements pursuant to the relevant legal provisions (indicatively Law 3156/2003, Law 4354/2015 etc.), sending you or submitting of questionnaires in order for the Bank to establish your satisfaction level from its products and services, and your transactional relationship in general as well as for purposes of implementing due diligence measures according to the relevant legal and regulatory framework on preventing and repressing money laundering and terrorism financing activities on behalf of third liable persons.
D. Upon your consent
In cases where we have received your consent, especially when the processing cannot be based on any of the abovementioned (2.A. – 2.C.) legal bases the processing of your data under Section 1 is based on this consent (see in particular the below mentioned cases of product and services promotion under 2.E. first subparagraph, automated decision-making under 2.F.iii, transfer of data outside EEA under 4.c.i. as well as in cases where you fill out printed or electronic application forms to receive information on products and services, actions of the Bank or other cooperating companies). In such cases you have the right to withdraw your consent at any time (regarding consent withdrawal please see below under 7 and according to the specifics of each case you will also be informed on specific ways to withdraw your consent depending on the way you provided it). However, the processing based on your consent prior to its withdrawal remains unaffected.
E. Promotion of products and services
In case you have provided us with your consent, the Bank may process your data within the framework of your information about/participation in promotion activities for new products and/or services, other than the ones that you have in each case received, from the Bank, its Group companies or cooperating companies that fit your habits and interests. Promotion activities to legal persons are governed by the relevant legal provisions on unsolicited communication, given the fact that legal persons are not covered by the present Information.
F. Profiling - Automated decision-making
a) For purposes of promotion activities, the Bank may carry out you profiling by using combined data, mentioned above under 1 (indicatively your commercial behavior analysis, response level to the Bank’s promotion activities, answers to surveys etc.). Said processing within the framework of your information and/or participation to promotion activities for new products and or services, other the ones you have already received from the Bank, its Group companies or cooperating companies is based on your consent. Additionally, the Bank may carry out your profiling using combined data under 1 for information purposes that does not constitute promotion. In this case, processing serves the execution of your contract with the Bank as well as its or a third party’s legitimate interests.
b) For your characterization as private or professional client pursuant to the relevant legislation (indicatively Directive 2014/65/EU (MIFID II) that was incorporated to the Greek law with Law 4514/2018 and its executive measures etc.) and the evaluation of your suitability and compatibility for the provision of investment or associated services/products as well as for the provision of insurance services/products and the formation and performance of the relevant contracts the Bank compiles your profile by using combined data mentioned above under Section 1 (i.e. under points 1c, n, o p). This processing is carried out in compliance with the Bank’s legal obligations
c) For the risk assessment of money laundering and terrorism financing the Bank compiles your profile using internationally acknowledged models for the combined evaluation of data described under Section 1 above (i.e. point r). Said processing is carried out for the Bank’s compliance with its legal obligations.
The Bank may carry out solely automated individual decision-making, including profiling, in cases where: (i) this is deemed necessary for the signing and execution of your contract with the Bank, (ii) this is allowed from the EU or national law, (iii) you have provided us with your explicit consent for said processing, especially in cases where automated decision-making cannot be based on any of the above-mentioned under i and ii legal bases. The Bank conducts said processing because it considers that automated individual decision-making, including profiling, leads to fair, impartial and responsible decisions. The Bank ensures by such a process fairness and transparency by applying appropriate statistical and mathematical methods for profiling, appropriate technical and organizational measures to correct any factors that could lead to inaccuracies on personal data, to minimize errors and secure the data. In cases of solely automated individual decision making you have all the rights described in detail under 6.f. below.
The purposes for which the Bank may take a decision based solely on automated individual decision-making is the credit risk assessment for providing loans or credits in the fields of consumer credit, before the signing but also during such contracts in case the necessity of evaluation of your credit rating arises (i.e. in cases of increase in the credit limit, debt restructuring etc.). In such cases, the Bank carries out solely automated individual decision-making that includes the combined evaluation of your financial data (under 1.c above) your economic /transactional behavior (under 1.d,e,f,g,h and i above) that results to the approval or rejection of your application for loan or credit, increase of your credit limit, debt restructuring etc.. Solely automated individual decision-making in this case is necessary for the signing or execution of the contract with the Bank.
In order for the Bank to fulfill its contractual, legal and regulatory obligations, serve its or third parties’ legitimate interests (such as Eurobank Group companies, cooperating with the Bank companies, corporate social responsibility etc.) as well as in cases where the Bank is authorized or has received your consent, recipients of the necessary, according to the processing purpose, personal data may for example the following:
a) The Banks competent employees and members of the administration within the framework of their duties.
b) Eurobank Group companies, meaning the banking Group and the Group of the Bank’s parent company Eurobank Ergasias Services and Holdings S.A. for the total risk assessment, their compliance with their supervisory obligations and the consolidated and centralized respond towards Eurobank Group’s clients.
c) Debtor notification companies (Law 3758/2009) as described on Eurobank’s website www.eurobank.gr/-/media/eurobank/footer/pdf/sumpliromatiki-enimerosi-eng.pdf
d) Debt management companies (Law 4354/2015) as described on Eurobank’s website www.eurobank.gr/-/media/eurobank/footer/pdf/sumpliromatiki-enimerosi-eng.pdf
e) Call centers.
f) Companies conducting customer satisfaction surveys or market surveys in general.
g) Companies for the promotion of products and/or services - advertising companies.
h) Companies responsible for storage, filing, management and destruction of files, records and data.
i) Natural or legal persons processing data in order to update them (including the update of your contact data in case you have omitted to notify the Bank of said amendment).
j) Credit risk reassessment companies, contracts’ and liabilities categorization companies and companies processing settlement propositions.
k) Lawyers, law firms, notaries, bailiffs, experts, engineers, valuers, chartered accountants and auditors, consulting providers (such as financial consultants etc.) within the framework of their duties.
l) Information products and/or services providers (including cloud services providers) and/or information and electronic systems and network support providers of any kind, including but not limited to online systems and platforms. Electronic communication and information society services providers (indicatively telecommunication providers, e-mail, web hosting, messaging applications).
m) Security companies.
n) Insurance companies and intermediaries in the framework of providing insurance products (indicatively for the insurance of a secured property, in case you are not fulfilling your relevant insurance obligations, for the loan insurance and its repayment in case of death, the provision of insurance services and products from the Bank under its capacity as insurance intermediary, for the Bank’s insurance etc.).
o) Companies participating to reward or loyalty programs of the Bank’s clients for the provision of benefits.
p) Post services providers.
q) Commercial agents, products and services suppliers, intermediaries acting on your or our behalf, your legal consultants or representatives.
r) Joint owners of shared accounts, payment beneficiaries, account/asset managers or will executors, as well as guarantors or providers of other types of securities to the Bank for debts owed by you.
s) Special purpose companies or bodies as defined in Law 3156/2003 on debt securitization, the delegatees of the Bank as securitization manager pursuant to article 10 par. 14 Law 3156/2003, debt acquisition companies pursuant to Law 4354/2015.
t) Credit and/or financial institutions, electronic money institutions, service payment providers or providers that are involved for the execution of contracts with you or transactions that you asked for or activated such as SWIFT SEPA VISA MASRTERCARD DIAS, etc.
u) In case of pre-insolvency, insolvency and rehabilitation procedures or debt settlement procedures in general (indicatively Law 3869/2010, Law 4469/2015, Law 4605/2019), the Bank informs the involved credit and financial institutions and other Eurobank Group Companies that may have claims against the applicant, granting and deposit data of the applicant client and provided that the Bank has a claim against that person for any reason, it may also be provided with the relevant data from the above mentioned institutions and companies.
v) Supervisory, independent, judicial, prosecution, police, tax, public or/and any other authorities, entities or parties that are responsible for the supervision/monitoring of the Bank’s activities within their competence, authorized mediators and mediation centers, arbitration tribunals and alternative dispute resolution entities.
w) TIRESIAS S.A. for data concerning the records it keeps and specifically data regarding bounced cheques, unpaid bills of exchange and promissory notes, termination of loans, credit or approval of cards as means of payment contracts, loan or credit contracts as well as guarantee contracts etc. for the abovementioned purposes of data processing by TIRESIAS S.A. and for the purposes of the database “Tiresias System of Risk Control” as well as for data concerning contract termination with acquiring companies as described in detail on the website of the aforementioned company (www.teiresias.gr).
x) Funding, co-funding or guarantee fund bodies, if applicable, such as: the Greek State, the Hellenic Development Bank, the European Investment Fund, the European Investment Bank, the Export Credit Insurance Organization etc.
y) Regarding data related to or deriving from investment transactions and the provision of investment services, partly or wholly, credit institutions investment companies, collective investments managing companies etc., from which you indicatively obtain investment products through the Bank, third market intermediaries, depositories operators such as the Athens Stock Exchange, Securities Depositories, such as the Dematerialized Security System, systematic internalizes, operators of clearing and settlement systems of capital market instruments as well as other systems and/or mechanisms for the completion of such transactions, investor compensation schemes (ΤΕΚΕ) reporting services providers and in general any institution or body involved in providing information for this specific category of transactions and their completion, or involved in the transaction’s completion or provision of investment services.
z) The Hellenic Deposit and Investment Guarantee Fund (TEKE) for the deposition or investment accounts balances in the framework of guarantee purposes.
aa) The International Finance Corporation and the European Bank for Reconstruction and Development and other competent entities for the Bank’s and yours environmental and social obligations.
bb) Real estate management or investment companies
cc) Companies responsible for the issuance of digital certificates and digital signatures.
dd) Potential or current buyers of part or the whole of the Bank’s activities and assets (including its rights) and/or parties that are entitled to an encumbrance on the Bank’s assets (including its rights).
ee) doValue Greece Societe Anonyme or third parties (indicatively Eurobank Group companies) on whose behalf the Bank implements due diligence measures for common clients and beneficial owners pursuant to the legislation on the prevention and repression on money laundering and terrorism financing.
ff) Any third parties that submit a request for information to the Bank, when the legal conditions have been met.
gg) Debenture holders’ and bond issuers’ representatives.
For the personal data processing of the abovementioned recipients that act as controllers we advise you to consult their personal data notices.
The Bank can transfer your personal data to third countries or international organizations outside the European Economic Area (EEA) under the following circumstances:
a) if the Commission decides that the third country, territory or one or more specified sectors within that third country or an international organization ensures an adequate level of protection; or
b) if appropriate safeguards for data processing have been provided, according to EU and national legislation.
c) In the absence of the abovementioned circumstances a transfer may take place if a derogation described by the relevant EU and national legislation is met, including indicatively the following:
i. You have explicitly consented to the transfer;
ii. The transfer is necessary for the execution of a contract between you and the Bank, such as for the execution of orders (i.e. execution of an order for transfer to a bank account of a third country) in which case the necessary data will be transferred to the necessarily involved operational bodies, (i.e. SWIFT, SEPA, correspondent banks etc.) or for the implementation of pre-contractual measures pursuant to your request or for the signing or execution of a contract that was made for your benefit;
iii. The transfer is necessary for the establishment, exercise or defense of legal claims; or
iv. Within the framework of the Bank’s compliance with obligations imposed by the legislation or international agreements such as the exchange or provision of financial information (FATCA, CRS etc.) and to the extent that the transfer is necessary for important reasons of public interest.
Personal data will be kept for the time necessary for the fulfillment of their processing purpose, otherwise for the time required by the relevant the legal and/or regulatory framework or the time necessary for the exercise of claims or defense of rights and legitimate interests.
More precisely and indicatively:
- In case you enter into a contract with the Bank, your personal data will be stored for as long as the contract stands. In case of contract expiration or termination the Bank may store your data until the expiration of the limitation period for legal actions, as defined by law, and more precisely for up to twenty (20) years after the termination or expiration of the contract. If during said period legal actions have been taken with the Bank or any other affiliated company and you are directly or indirectly involved, the abovementioned storage period will be prolonged until an irreversible judicial decision has been issued. In case you do not sign a contract with the Bank your data will be stored for up to five (5) years of your application rejection. In case legal actions are pending by the end of that period with the Bank or any other affiliated company is and you are directly or indirectly involved, the data will be preserved until the issuance of an irreversible judicial decision.
- In case data processing is imposed by law personal data will be stored for the period provided by the relevant legal or regulatory provisions and in any case for the time necessary for the exercise of claims or defense of rights and legitimate interests.
Documents that have your signature and contain your personal data may be stored electronically/digitally after a period of five (5) years.
You have the following rights:
a) Ta demand to know the categories of your personal data that we store and process, where they come from, the purposes of their processing, the categories of their recipients, the period of storage as well as your relevant rights (right of access).
b) To demand the rectification or/and amendment to your data completed so that they are complete and accurate (right to rectification) by providing any necessary document justifying the need for rectification.
c) To ask for a restriction of the processing of your personal data (right to restriction of processing).
d) To object to any further processing of your stored personal data (right to object).
e) To obtain the erasure of your personal data from the records we keep (right to erasure).
f) To ask for the transfer of your data kept by the Bank to any other controller (right to data portability).
g) In case of solely automated individual decision making, including profiling which produces legal effects concerning you or significantly affecting you in a similar way, the Bank implements suitable measures and safeguards for the protection of your rights, freedom and legitimate interests and offers you meaningful intervention carried out by humans, the right to express your opinion and ask for a justification οf the decision based within this framework as well as the right to contest such a decision. These rights can be exercised within a limit of thirty (30) days from the day such decision was made known.
h) To withdraw your consent at any time. The legality of the processing based on your consent before its withdrawal remains unaffected and you can consent again to the processing.
i) Right to complain to the Data Protection Authority: You have the right to lodge a complaint with the Hellenic Data Protection authority in case you consider that your rights are in any way violated. For the Authority’s competence as well as the way to lodge a complaint you can find detailed information on its website (www.dpa.gr – Citizen rights – Complaint to the Hellenic DPA).
Please note the following as regards your abovementioned rights:
i. Your rights as explained under points c, d and e above may be not satisfied partly or fully if these data are deemed necessary for the contract formation and continuation, regardless of their source.
ii. The Bank has in any case the right to deny your request for restriction of data processing or data erasure if their processing or storage is necessary for the establishment, exercise or defense of the Bank’s legitimate rights or the fulfilment of its obligations.
iii. The right to data portability (point f) does not entail the erasure of your data. The erasure is regulated under point ii above.
iv. The exercise of these rights is valid for the future and does not affect any previous data processing.