We handle your data with care
Thank you for visiting our website. We take the protection of your privacy very seriously and want you to feel protected during your visit.
Thank you for visiting our website. We take the protection of your privacy very seriously and want you to feel protected during your visit.
Information for the Processing of Personal Data
The Data Controller of your data is the company "EOS MATRIX GREECE SINGLE-MEMBER LOAN AND CREDIT CLAIMS MANAGEMENT SOCIÉTÉ ANONYME”, with the distinctive title "EOS MATRIX RECEIVABLES MANAGEMENT GREECE S.A.", Vouliagmenis Avenue No. 423B, Ilioupoli, Attica, P.C. 16346 No. GEMI 143618701000, tel: 2109792990 e-mail: [email protected]
The Data Protection Officer for the company can be contacted at the above address (please include the line “ATTENTION: Data Protection Officer”) or by email at: [email protected]
Thank you for visiting our website. We take the protection of your personal data very seriously and want you to feel safe when visiting us.
1. Name and contact details of Data Controller and Data Protection Officer
The Data Controller of your data is the company "EOS MATRIX RECEIVABLES MANAGEMENT FROM LOANS AND CREDITS GREECE SOCIETE ANONYME", 423Β Vouliagmenis Avenue. P.C. 163 46, Illioupoli, Attica, Greece, No. GEMI 143618701000, legally licensed and supervised by the Bank of Greece (Decision No 505/26/28.06.2024 decision of the Credit and Insurance Committee of the Bank of Greece (Government Gazette Β’ 3745/01.07.2024) Tel: +30 210 9792-900, e-mail: [email protected] (“EOS Matrix Greece”).
You may contact the Data Protection Officer of EOS Matrix Greece at the above address (please include the line “ATTENTION: Data Protection Officer”) or by email at: [email protected]
2. Scope
This privacy notification concerns the processing of personal data of natural persons who visit/use this website (the “Website”). If your visit to the Website or your request submitted via the Website concerns other EOS Group companies (“EOS Group”), we may need to pass on your data to the other companies in the EOS Group (see below under 7).
3. Privacy policies of the other companies of EOS Group
You can view the Privacy Policies of other EOS Group companies in the “Personal Data” section of the Website.
4. Basic Principles of data processing
We process your data in a legal and transparent way, in accordance with the European (General Data Protection Regulation 679/2016 EU) and national legislation (Law 4624/2019 etc). We collect and process your data only for explicit, legitimate and defined purposes and only the data necessary for the purposes we process it.
We retain the data for as long as necessary, in accordance with the applicable legislation, the processing purposes and the relevant EOS Matrix Greece/ EOS Group policies and procedures, and we make sure that your personal data is as accurate, secure and updated as possible.
5. Sources of personal data
We collect your personal data:
Moreover, we collect your personal data automatically through relevant systems which are used in connection with your website consultation (e.g., cookies, log data). For instance, we may collect your personal data from the device through which you access the Website. Finally, we use tracking technology to collect data about you. You can find more information on how we use cookies and other similar tracking technologies in paragraph 8 of this notification.
6. Collection of personal data, purpose and legal basis for their processing
When you retrieve the Website, the browser used on your device automatically sends information to our website’s server. This information is temporarily saved in a log file. The following information is collected without your intervention and saved until it is automatically deleted after three (3) days:
The aforementioned data are processed by us for the following purposes:
The legal basis for the processing of your data is our legitimate interest in ensuring the security of our networks, information and services from accidental events or illegal actions, as well as our legal obligation to provide as secure an environment as possible for the processing of your personal data (Article 6 par. 1 (f) and (c) of the GDPR). The Data will not be transferred or used in any other way. However, we reserve the right to check server log files if specific indications of illegal use are found.
When you contact us via email or contact form
In the context of communication between us through the contact form or e-mail, we collect your name and e-mail as well as any other information you may provide to us during our communication. This data is stored and used solely to respond to your request. The legal basis for the processing of this personal data is your consent and our legitimate interest in responding to your request, which are applicable to Article 6 par. 1 (a) and (f) of the GDPR. Your data will be deleted after the final processing of our communication. This will be the case if it can be inferred from the circumstances that the communication has been completed, provided there are no legitimate reasons for storing such data.
If you contact us for the purpose of concluding a contract, the additional legal basis for the processing of your data is Article 6 par. 1 (b) of the GDPR.
7. Transmission of data
We may disclose personal data in the situations described below:
With the exception of the above, the Data will not be shared with third parties, natural or legal persons, and will not be disseminated.
8. Cookies
Like most websites, we use cookies and similar technologies when you access and browse the Website, in order to make your visit comfortable and efficient as possible. These are small files that your browser automatically creates and that are stored on your device (laptop, tablet, smartphone, or similar) when you visit the Website. Cookies do not harm your device and do not contain any viruses, Trojan horses, or other malicious software. Information yielded in connection with the specific device used is stored in the cookie. However, this does not mean that we directly receive knowledge of your identity through this.
Use of cookies serves, for one thing, to make use of our offering more pleasant for you. For example, we use so-called Session cookies to recognize that you have already visited specific pages on the Website. These are automatically deleted after you leave the Website. Likewise, to optimize the user-friendliness, we also use temporary cookies, which are saved on your device for a specific defined period of time. If you visit the Website again to use our services, it will automatically be recognized that you already visited us and the entries and settings you made will automatically be recognized so that you do not have to enter them again.
Cookies are divided up into the four categories of “Necessary,” “Statistics,” “Comfort,” and “Marketing.”
The necessary cookies are required for the operation and the basic functions of the Website. In particular, they enable the security-relevant functioning of the Website.
The statistical cookies are used for improving our services, for ensuring a needs-based design and the continuous optimization of the Website. For this, we collect anonymized data for statistics and analytics, for example, to determine site traffic, page view statistics, and user behavior and to adapt and improve our content and the website experience.
The preference cookies are used for facilitating the use of our website. If you visit the Website again to use our service, it will automatically be recognized that you were on the Website and the entries and settings you made will automatically be recognized so that you do not have to enter them again. For example, through this, you will not have to reenter your user data every time, but rather you can access the data already entered when you visit the Website again.
We use marketing cookies so that we can provide you with relevant and interest-based content when you visit the Website.
The data processed through necessary cookies are necessary for the stated purposes for safeguarding our legitimate interests as well as those of third parties pursuant to Article 6 para. 1 lit. f of the GDPR, mainly for the safe use of the Website.
The data process through statistic, preference and marketing cookies is relying on your consent, pursuant to Article 6t para.1 lit. a of the GDPR, for the purposes of offering optimum user experience, statistical purposes as well as marketing purposes. You may change your settings/withdraw your consent at any time by clicking on “Cookies Settings” at the bottom of the Website.
Managing Cookies
Most browsers automatically accept cookies. However, you can configure your browser so that no cookies are stored on your computer or a notification message always appears before a new cookie is placed. Each browser differs depending on how it manages cookie settings. This is described in the Help menu of each browser, which explains how to change your cookie settings. Follow the links below depending on the browser you are using:
Complete deactivation of cookies, however, may lead to you not being able to use all the features of the Website.
9. Social media and YouTube
We use Shariff buttons from social networks Facebook, Twitter, Google+, LinkedIn, Xing, on the Website. The buttons are simple HTML links. The procedure we use is within the framework of the Shariff solution. With the Shariff solution a script retrieves the number of times, e.g., the share button on a page has been clicked on: for this the script contacts the social network via the programming interfaces and retrieves the numbers. None of your personal data are transmitted in the process. Rather than your IP address, only our server address is transmitted to Facebook, Google and Twitter. You only become directly connected to Facebook, Google or Twitter if you perform an action. Before that the social networks cannot collect any data about you. As long as you do not click on a link to share content, you remain invisible to the networks. If you click on a link, the obligation to provide information about data collection and processing no longer rests with us, but rather with the operator of the social network.
YouTube Videos
The Website contains links to videos from YouTube LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. If you visit a website on the Website that contains such a video, a direct connection is established between your browser and the YouTube server after you have activated the video. YouTube receives the information that you have visited the Website with your IP address. If you click on the link to the video, your IP address will be forwarded to YouTube. We would like to point out that, as the provider of the Website, we have no knowledge of the content of the transmitted data or of its use by YouTube. For more information, please see YouTube's privacy policy (https://www.youtube.com/)
10. Data security
We make every effort to ensure that your data is secure and protected from illegal processing, accidental or fraudulent loss and destruction, and unauthorized access. We have implemented a detailed information security program and implement security policies and controls taking into account the best practices of modern technology and the cost of their implementation, as well as we have trained our executives and staff to adhere to data confidentiality and confidentiality rules. Our staff and third-party partners are committed in writing to respecting the confidentiality of the data to which they have access.
The Website uses the Secure Sockets Layer (SSL) protocol, which applies methods of encrypting data exchanged between two devices by establishing a secure connection between them over the internet, which results in the protection of your personal data and other sensitive data. You can recognize that you are on a protected connection by seeing the characters https:// the lock symbol that appears in your browser's address bar. Generally, this encryption is at 256-bit. If your browser doesn't support 256-bit encryption, we choose to reduce it to 128-bit v3 technology.
11. Transfers to Third Countries or Organisations
We have taken care that, in most cases, your data is processed within the European Union (or the European Economic Area). In the case of data processing in a third country outside the European Economic Area this will only be done if this third country has an adequacy decision by the European Commission or if other appropriate data protection guarantees are available (in particular standard EU contractual clauses or binding internal company data protection rules).
12. Minor’s data
The Website is not directed to minors (under 18 years of age), nor does EOS Matrix Greece, in principle, process their data. If we need to process minor’s data (under 18 years of age), the processing will only be done with the written and expressed consent of the persons who have parental responsibility for the minor.
13. Will your personal data be used for automated decision-making?
As a rule, we do not use fully automated decision-making (i.e., a purely automated process that would produce legal effects concerning you or significantly affecting you) during your access to the Website or when you make use of a contact form so as to reach out to us. If such a decision-making process is used in isolated cases, you will be separately informed, to the extent your notification is required by law.
14. Do you have an obligation to provide personal data?
For the purpose of using the Website, you will need to provide us with personal data that is required for its use and in particular for technical or IT security reasons. If you do not provide this data, you will not be able to use the Website.
For the purpose of reaching out to us through the relevant form, you are only required to provide us the personal data without which your inquiry cannot be processed by us.
15. Data subject rights
You may contact the Data Protection Officer of EOS Matrix Greece at the postal and e-mail address referred to in paragraph 1 hereof at any time, in order to exercise your rights in accordance with Articles 15-22 of the GDPR i.e. the rights of access, correction, deletion (where permitted), restriction of processing or even opposition to processing, You have in particular the right to:
Finally, in accordance with Article 77 of the GDPR, you have the right to lodge a complaint to the competent Hellenic Data Protection Authority, Kifisias 1-3, P.C. 115 23, Athens, Call Centre: +30-210 6475600, website: http://www.dpa.gr/, or to the supervisory authority of your usual place of residence.
16. Update and amendment of this notification
This notification is currently valid and was last updated in September 2025 and may be amended at any time by EOS Matrix Greece. Significant changes will be posted on the Website before they take effect. You may print this notification or request a copy by post or phone.
EOS MATRIX GREECE Claims Management S.A. collects and processes data of natural persons (debtors, guarantors, related persons such as family members, legal representatives, representatives, beneficial owners, etc.) whose debts are included in the portfolios of claims managed in accordance with L. 5072/2023, upon their award by the entity/company acquiring claims or special purposes such as EOS Finance Gmbh and EOS Securisation Gmbh. Both EOS MATRIX GREECE Claims Management S.A. and the entities that assigned the management of the Receivables have the status of Data Controller.
Personal data of debtors, guarantors, representatives and beneficial owners, including identification and communication data of such persons, details of debts and contracts from which these debts arise as well as telephone records, were transmitted to the Manager "EOS MATRIX RECEIVABLES MANAGEMENT FROM LOANS AND CREDITS GREECE SOCIETE ANONYME”" by: (i) the entity that entrusted EOS MATRIX GREECE S.A. with the management of your debt, such as EOS Finance Gmbh and EOS Securisation Gmbh; (ii) directly from you; (iii) publicly accessible sources (indicatively, telephone directories, courts, mortgages, land offices, etc.); (iv) from the financial conduct data records kept by TEIRESIAS S.A. (headquarter address: 2 Alamanas Street, 151 25 Maroussi, tel: 210 3676700, information on the processing of personal data by TEIRESIAS S.A. is posted on its website: www.tiresias.gr) and (v) lawyers, law firms, bailiffs, notaries.
Your personal data is processed: (a) for the purpose of managing and collecting your debts and supporting the legal interests of EOS MATRIX and third parties, in accordance with Article 6 par. 1 f of the GDPR, including the control and selection of appropriate recovery measures in accordance with the relevant data; (b) for the purpose of refinancing your loan and drawing up with you, the performance and operation of a contract for the general settlement of your debt and other obligations, in accordance with Article 6 PAR. 1 b of the GDPR (c) to comply with legal and supervisory obligations arising from Law 5072/2023 and Act No. 225/30.01.2024 of the Executive Board of the Bank of Greece, as applicable, in accordance with Article 6,par. 1 c of the GDPR.
Recipients of your personal data may be: Judicial and competent Public Authorities (such as Mortgages, Debtor Information Register, Personal Data Protection Authority, etc.), Lawyers, Judicial Curators, Debtor Information Companies and TEIRESIAS S.A.
Your personal data is retained for as long as necessary for the purpose for which it was transmitted to or collected by our company. After the collection of the debt, they will be kept for a further five years in the archives of our company, unless it is required to keep them for a longer period at the request or decision of the competent authorities, or because there is a case of further retention, in accordance with the applicable legal periods of data retention, in accordance with paragraph 3 of Article 34 of Law 4624/2019.
Data subjects, provided the legal requirements are met, may exercise their rights in accordance with Articles 15 to 22 of the GDPR and the relevant provisions of Law 4624/2019, such as the right to information, access, correction, deletion, restriction of processing, data portability and objection to processing, addressed to the Data Protection Officer of the Data Controller EOS MATRIX RECEIVABLES MANAGEMENT FROM LOANS AND CREDITS GREECE SOCIETE ANONYME to the above postal address (Attention of the Data Protection Officer) or to the e-mail address : [email protected]. Please note that you have the right, in accordance with Article 77 of the GDPR, to address your concerns to the competent Data Protection Authority, by submitting any request or complaint concerning the processing of your personal data. The Greek Data Protection Authority is located in Athens, on Kifisias Avenue No.1-3. You can also visit the website of the Independent Privacy Authority (www.dpa.gr), where you will find detailed information.
Notice on the Processing of personal data by EOS Matrix Greece pursuant to Regulation (EU) 2016/679 and the relevant Greek and European legislation
The company under the name “EOS MATRIX GREECE SINGLE-MEMBER LOAN AND CREDIT CLAIMS MANAGEMENT SOCIÉTÉ ANONYME”, with registered offices in the Municipality of Ilioupoli, Attica (423B Vouliagmenis Avenue, PC 16346, GEMI No. 143618701000) (hereinafter “EOS Matrix Greece”), informs you pursuant to the General Data Protection Regulation (EU) 2016/679 (hereinafter referred to as the "GDPR"), Greek law 4624/2019 for the implementation thereof and the relevant Greek and European legislation on the protection of personal data, under its capacity as controller with regard to the collection and further processing of your personal data and your rights as data subject.
This Notice provides information regarding any processing of personal data carried out by EOS Matrix Greece in its capacity as controller.
Where EOS Matrix Greece acts as a processor, the relevant controller’s privacy notices shall apply. However, even in such cases, EOS Matrix Greece acts as a controller solely with respect to the following:
The processing activities carried out by EOS Matrix Greece as controller, pursuant to the abovementioned (1-4), are governed by the terms of the present Notice. This Notice may be supplemented by specific notices where applicable (e.g., in cases of processing special categories of data, cookies, data collected via the website, CCTV systems, visitor logs, etc.).
1. Details of the Data Controller
The controller of your personal data is “EOS MATRIX GREECE SINGLE-MEMBER LOAN AND CREDIT CLAIMS MANAGEMENT SOCIÉTÉ ANONYME”, with registered offices in the Municipality of Ilioupoli, Attica (423B Vouliagmenis Avenue, PC 16346, GEMI No. 143618701000), a special purpose Société Anonyme licensed and supervised by the Bank of Greece for the management of loan and credit claims pursuant to Law 5072/2023, in conjunction with Article 1 of Law 4354/2015, as in force (Decision No. 505/26/28.06.2024 of the Credit and Insurance Committee of the Bank of Greece, published in Government Gazette B’ 3745/28.06.2024).
2. Scope of this Notice
This Notice applies to natural persons (debtors, co-debtors, guarantors, etc.) whose debts are included in receivables portfolios managed by EOS Matrix Greece, following their assignment by the relevant entities, as well as to any natural persons connected to such individuals and/or their debts (e.g., guarantors, family members, heirs, legal representatives, attorneys, proxies, other authorized persons, employees, associates, legal representatives, shareholders and beneficial owners of debtors that are legal entities, etc.).
It is noted that if the debtor (or co-debtor, joint borrower, guarantor, etc.) is a legal entity, this Notice applies to its directors, representatives, partners, beneficial owners, and officers, whose personal data EOS Matrix Greece processes in connection with the debt of that legal entity.
3. What Personal Data EOS Matrix Greece processes and which sources it collects data from
A. Categories of personal data processed by EOS Matrix Greece
With the exception of data under points (i) and (ii) below which are absolutely necessary in any relationship with EOS Matrix Greece, the categories and number of other collected and processed personal data depends in any case on the data subject’s capacity, as per Section 2 above, as well as on other factors, such as the type of relationship, partnership or transaction with EOS Matrix Greece.
In view of the above, the personal data that EOS Matrix Greece collects and processes may indicatively be the following and not all of them necessarily concern you:
B. Sources from which EOS Matric Greece collects your personal data
EOS Matrix Greece collects data from the following sources:
It is noted, that in case you provide EOS Matrix Greece with third parties’ personal data, including those of process agents and/or administrators, representatives, partners and management bodies, you must have ensured that you have duly informed such third parties with regard to the transfer of their personal data and the processing thereof by EOS Matrix Greece, prior to such transfer (indicatively via reference to this Notice of EOS Matrix Greece), and that you have obtained their necessary consent, if required.
4. Why EOS Matrix Greece collects and processes your personal data and for which processing purposes
EOS Matrix Greece processes your personal data for credit servicing purposes in accordance with Greek law 5072/2023, as applicable and in force. In particular, EOS Matrix Greece processes your personal data for the purposes mentioned below:
A. For the execution of a contract and in order to take pre-contractual measures at your request.
Said processing of your personal data serves, in particular, purposes such as:
B. For EOS Matrix Greece’s compliance with its legal obligations
EOS Matrix Greece will process your personal data to the extent required to comply with the below legal and regulatory obligations to which it is subject and which derive from the provisions of Greek law 5072/2023 and the relevant Acts of the Bank of Greece Executive Committee, as applicable and in force:
C. For the purpose of the legitimate interests pursued by EOS Matrix Greece or by a third party
The processing of your personal data serves purposes relating to:
D. With your consent
Where EOS Matrix Greece has requested and received your consent, the processing of your personal data is based on such consent.
In these cases, you have the right to withdraw your consent at any time. The withdrawal of your consent shall not affect the lawfulness of processing based on your consent provided before its withdrawal.
For more information you may access the Consent Statement for the processing of your personal data of special categories which is available to the EOS Matrix Greece’s website.
Ε. Profiling or automated decision-making
EOS Matrix Greece does not make decisions based solely on automated processing of personal data.
However, EOS Matrix Greece may make decision on the basis of non-solely automated decision-making by applying partially automated methods and procedures including:
The result of the above processing activities includes the approval or rejection of your debt settlement application.
5. Who are the recipients of your personal data
Within the context of the processing of your personal data, EOS Matrix Greece may transfer such data to the following recipients:
6. Transfer of your personal data outside the European Economic Area
EOS Matrix Greece will not transfer your personal data directly to third countries or international organisations, unless such transfer is required by the applicable regulatory or legal framework.
If applicable, EOS Matrix Greece may transfer your personal data to third countries under the following circumstances:
In the absence of the above-mentioned circumstances a transfer may take place if:
7. How long your personal data is stored
Your personal data shall be retained for the entire time period during which your debt remains under the servicing of EOS Matrix Greece, in accordance with the relevant assignment contract with the respective receivables entity, and for as long as it is permitted by the applicable legal and regulatory framework. In any case your personal data may be stored until the completion of the general limitation period for the exercise of legal actions, pursuant to the applicable legal provisions, namely twenty (20) years from the – under any condition – termination of your relationship.
In the event of a legal dispute with EOS Matrix Greece and/or the respective receivables entity, or relevant administrative dispute, said storage period will be extended until the issuance of an irrevocable court decision.
EOS Matrix Greece shall keep a record of all complaints received, including documents relating to each case, for a minimum period of five (5) years in accordance provisions set forth in Act no. 157 / 02.04.2019 of the Bank of Greece Executive Committee.
Finally, EOS Matrix Greece shall retain any recorded telephone communication for the purposes of informing the debtors for overdue debts (article 8 para. 2 Greek law 3758/2009, as in force), for one (1) year.
8. Your rights towards EOS Matrix Greece regarding the protection of your personal data
In accordance with the provisions of GDPR, you have the following rights:
Please note the following with regard to your abovementioned rights:
9. How you may exercise your rights towards EOS Matrix Greece
For the exercise of your rights, you may address your relevant requests in writing, to the Customer Service and Complaints Management Unit of EOS Matrix Greece (423B Vouliagmenis Avenue, PC 16346) or via email at [email protected]. EOS Matrix Greece shall use its best endeavors to address your request within thirty (30) days from its submission. The abovementioned period may be extended by two (2) further months, if deemed necessary at reasonable discretion of EOS Matrix Greece, taking into account the complexity and number of requests. EOS Matrix Greece shall inform you in case of such extension within one month from the receipt of the request. The abovementioned service is provided by EOS Matrix Greece free of charge. However, where requests are manifestly unfounded, excessive or repetitive, EOS Matrix Greece may, after informing the person who has submitted the request, either charge a reasonable fee or refuse to act on the request/requests.
10. Data Protection Officer of EOS Matrix Greece
You may contact the Data Protection Officer of EOS Matrix Greece for any matter regarding the processing of your personal data, in writing at 423B Vouliagmenis Avenue, PC 16346, or via email at [email protected].
11. Rights to lodge a complaint at the Hellenic Data Protection Authority
You have the right to lodge a complaint before the Hellenic Data Protection Authority for any matter regarding the processing of your personal data (www.dpa.gr).
EOS MATRIX GREECE Claims Management S.A. collects and processes data of natural persons (debtors, guarantors, related persons such as family members, legal representatives, representatives, beneficial owners, etc.) whose debts are included in the portfolios of claims managed in accordance with L. 5072/2023, upon their award by the entity/company acquiring claims or special purposes such as EOS Finance Gmbh and EOS Securisation Gmbh. Both EOS MATRIX GREECE Claims Management S.A. and the entities that assigned the management of the Receivables have the status of Data Controller.
Personal data of debtors, guarantors, representatives and beneficial owners, including identification and communication data of such persons, details of debts and contracts from which these debts arise as well as telephone records, were transmitted to the Manager "EOS MATRIX RECEIVABLES MANAGEMENT FROM LOANS AND CREDITS GREECE SOCIETE ANONYME”" by: (i) the entity that entrusted EOS MATRIX GREECE S.A. with the management of your debt, such as EOS Finance Gmbh and EOS Securisation Gmbh; (ii) directly from you; (iii) publicly accessible sources (indicatively, telephone directories, courts, mortgages, land offices, etc.); (iv) from the financial conduct data records kept by TEIRESIAS S.A. (headquarter address: 2 Alamanas Street, 151 25 Maroussi, tel: 210 3676700, information on the processing of personal data by TEIRESIAS S.A. is posted on its website: www.tiresias.gr) and (v) lawyers, law firms, bailiffs, notaries.
Your personal data is processed: (a) for the purpose of managing and collecting your debts and supporting the legal interests of EOS MATRIX and third parties, in accordance with Article 6 par. 1 f of the GDPR, including the control and selection of appropriate recovery measures in accordance with the relevant data; (b) for the purpose of refinancing your loan and drawing up with you, the performance and operation of a contract for the general settlement of your debt and other obligations, in accordance with Article 6 PAR. 1 b of the GDPR (c) to comply with legal and supervisory obligations arising from Law 5072/2023 and Act No. 225/30.01.2024 of the Executive Board of the Bank of Greece, as applicable, in accordance with Article 6,par. 1 c of the GDPR.
Recipients of your personal data may be: Judicial and competent Public Authorities (such as Mortgages, Debtor Information Register, Personal Data Protection Authority, etc.), Lawyers, Judicial Curators, Debtor Information Companies and TEIRESIAS S.A.
Your personal data is retained for as long as necessary for the purpose for which it was transmitted to or collected by our company. After the collection of the debt, they will be kept for a further five years in the archives of our company, unless it is required to keep them for a longer period at the request or decision of the competent authorities, or because there is a case of further retention, in accordance with the applicable legal periods of data retention, in accordance with paragraph 3 of Article 34 of Law 4624/2019.
Data subjects, provided the legal requirements are met, may exercise their rights in accordance with Articles 15 to 22 of the GDPR and the relevant provisions of Law 4624/2019, such as the right to information, access, correction, deletion, restriction of processing, data portability and objection to processing, addressed to the Data Protection Officer of the Data Controller EOS MATRIX RECEIVABLES MANAGEMENT FROM LOANS AND CREDITS GREECE SOCIETE ANONYME to the above postal address (Attention of the Data Protection Officer) or to the e-mail address : [email protected]. Please note that you have the right, in accordance with Article 77 of the GDPR, to address your concerns to the competent Data Protection Authority, by submitting any request or complaint concerning the processing of your personal data. The Greek Data Protection Authority is located in Athens, on Kifisias Avenue No.1-3. You can also visit the website of the Independent Privacy Authority (www.dpa.gr), where you will find detailed information.
1. Introduction & General Terms
“EOS MATRIX RECEIVABLES MANAGEMENT FROM LOANS AND CREDIT GREECE S.A.” (423Β Vouliagmenis Avenue. P.C. 163 46, Illioupoli, Attica) ("EOS") collects, stores and processes Personal Data (as defined below) in accordance with the General Data Protection Regulation (ΕΕ) 2016/679 (the “GDPR”) and local data protection legislation (jointly “Data Protection Legislation”). This Notification of EOS to its counterparties according to Articles 13 and 14 of the GDPR (the “Notification”) describes the way in which EOS collects, uses and processes Personal Data relating to its counterparties (if they are natural persons) or their legal representatives, the directors, the beneficial owners and/or the contact persons of their counterparties if the counterparties are legal entities (“You”). EOS is the controller of your Personal Data.
2. Types of Personal Data collected - Sources
For the purposes of this Notification, Personal Data means any information which relates to an identified or an identifiable person, or which may be used to identify a person (“Personal Data”). The types of Personal Data that EOS may process include, as the case may be:
Your Personal Data are in principle collected from you or from EOS’s counterparty which transferred to EOS your data in the context of their agreement or for the purpose of concluding an agreement. Moreover, we may obtain your Personal Data from other sources such as publicly available sources, creditworthiness assessment companies, etc.
3. Personal Data of Third Parties
If you provide EOS with Personal Data of third parties (e.g. legal representatives, employees), you must notify these persons that EOS will process their Personal Data and inform them of their respective rights (for example by disclosing this Notification).
Moreover, if required by law, you must obtain the consent of these persons to transfer their data to EOS and allow EOS to process their data. If you provide Personal Data of third parties, EOS assumes that you have notified them accordingly and obtained their consent.
4. Why does EOS collect, use, disclose and store Personal Data?
EOS collects, uses, discloses and stores Personal Data for the following purposes: (1) to selecta counterparty, (2) to conclude an agreement with the counterparty (3) to implement the agreement with the counterparty, including managing the relevant payment fees under this agreement, (4) to assess the cooperation with the counterparty, (5) to safeguard its rights under the applicable law, (6) to fulfil its obligations required by law, (7) internal control (e.g. productivity, maintaining financial integrity), (8) to ensure compliance with EOS’s internal policies and procedures (9) to conduct research (market research, satisfaction survey, etc.) and (10) to pursue direct marketing.
5. Legal Basis of the processing of your Personal Data
The legal basis for the collection, use, and processing of your Personal Data is defined in Article 6, para. 1 b), c) and f) of the GDPR. This means that EOS is processing your data: (i) to execute the agreement you have entered into with EOS or to take action to reach this agreement, (ii) to comply with its legal obligations, (iii) for the legitimate interests of EOS or any third party, unless your rights and freedoms prevail over these interests (e.g. to safeguard EOS’s legitimate interests, prevention of fraud, internal investigation). If the legal basis for processing your personal data is your consent, EOS will obtain this separately.
6. Recipients of your Personal Data
EOS may from time to time disclose your Personal Data to third parties for any of the aforementioned purposes. Examples of third parties to whom EOS may transfer your Personal Data include:
7. Overseas transfers of Personal Data
Due to the nature of our work, we may disclose your Personal Data to third parties established outside the European Economic Area (EEA). In these cases, except where the relevant country has been determined by the European Commission to provide an adequate level of protection (currently Andorra, Argentina, Canada, Switzerland, Faroe Islands, Guernsey, Israel, Isle of Man, Jersey, New Zealand and Uruguay, Japan, Republic of Korea, United Kingdom and the United States under the EU-US Data Privacy Framework), we require such recipients to comply with appropriate measures designed to protect the Personal Data.
8. Retention period of your Personal Data
We will retain your Personal Data for as long as we consider it to be necessary in order to fulfil the purpose for which they were collected or to comply with legal, regulatory, accounting, auditory requirements or requirements provided in our internal policies/ proceedings. In order to define the adequate retention period of your Personal Data we take into consideration the applicable legislation, as well as the quantity, the nature and the sensitivity of the Personal Data, the prospective risk of damage caused due to an unauthorized use or disclosure of your Personal Data, the purposes for which we collected your Personal Data and whether we can fulfil the purposes through other means.
9. Your rights and obligations
(a) Your obligation to notify us of any change
It is important your Personal Data that we store are up-to-date and accurate. Please notify us if there is a change in the Personal Data that you have provided us with.
(b) Your rights in relation to your Personal Data
In certain circumstances, you have the right by law to:
If you want to exercise your rights in accordance with the above, or you have any question relating to this Notification, please contact us at [email protected]. Finally, you have the right to lodge a complaint with the competent Data Protection Authority (for Greece: www.dpa.gr).
10. Changes to this Notification
We reserve the right to update this Notification at any time, and we will notify you by updating this Notification on our website at: https://gr.eos-solutions.com. Any changes to this Notification are applicable by the time of its update on our website, unless otherwise provided.
Your data shall be processed for the purpose of debt management in accordance with Article 6 par. 1 (f) of the GDPR. Our legitimate interest is to purchase receivables, manage them and entrust the collection of such receivables to receivables management companies. Personal data shall also be processed for the purpose of complying with applicable legal and regulatory obligations, e.g. applicable tax legislation, in accordance with Article 6 par. 1 (c) of the GDPR.
We process the following categories of data: Identification data, contact data, Contract and financial claims data, payments data, as appropriate. This data was transmitted to us by the original creditor, lawyers and debt management companies, as well as publicly accessible sources (Mortgages, public registers).
As part of the debt recovery process, we have forwarded and/or will transmit your data, if necessary, to the following categories of recipients: credit providers, service providers, third-party debtors, courts, bailiffs, lawyers, receivables management companies and debtors’ information companies.
After three years of full repayment of the outstanding claim or termination of the recovery process, we will check whether there is a legal obligation to further retain your data, or part of it, otherwise we will delete it.
If the legal requirements are met, you have the following rights under Articles 15 to 22 of the GDPR: the right to information, access, correction, deletion, restriction of processing and right to data portability. In addition, in accordance with Article 21 of the GDPR, you have the right to object to the processing, provided that it is based on the legitimate interest of our own or third parties, Article 6 par. 1 (f) of the GDPR. Finally, in accordance with Article 77 of the GDPR, you also have the right to lodge a complaint with a competent Data Protection Supervisory Authority, even with the Authority located in your place of residence. The Supervisory Authority responsible for our company is: Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit, Kurt-Schumacher-Allee 4, 20097 Hamburg, Germany.
Pursuant to the application of the General Data Protection Regulation (EU) 2016/679 (“GDPR”), “EOS MATRIX RECEIVABLES MANAGEMENT FROM LOANS AND CREDIT GREECE S.A.” (423Β Vouliagmenis Avenue. P.C. 163 46, Illioupoli, Attica) ("EOS") would like to inform you of the following:
In addition to the personal data processed by EOS in the context of its contractual relationship with the complainant, EOS may also process, inter alia: (a) identification details of the complainant (e.g., surname, first name, father’s name, mother’s name, contact telephone (landline/mobile), email address) and (b) personal data that may be contained in the complaint form/letter submitted by the complainant and which will be subject to evaluation by EOS. The disclosure of data specified in subparagraph (a) above is a requirement for the evaluation/investigation of the submitted complaint by EOS. Information on how to submit complaints to EOS can be found at: https://gr.eos-solutions.com.
Your data shall be processed for the purpose of debt management in accordance with Article 6 par. 1 (f) of the GDPR. Our legitimate interest is to purchase receivables, manage them and entrust the collection of such receivables to receivables management companies. Personal data shall also be processed for the purpose of complying with applicable legal and regulatory obligations, e.g. applicable tax legislation, in accordance with Article 6 par. 1 (c) of the GDPR.
We process the following categories of data: Identification data, contact data, Contract and financial claims data, payments data, as appropriate. This data was transmitted to us by the original creditor, lawyers and debt management companies, as well as publicly accessible sources (Mortgages, public registers).
As part of the debt recovery process, we have forwarded and/or will transmit your data, if necessary, to the following categories of recipients: credit providers, service providers, third-party debtors, courts, bailiffs, lawyers, receivables management companies and debtors’ information companies.
After three years of full repayment of the outstanding claim or termination of the recovery process, we will check whether there is a legal obligation to further retain your data, or part of it, otherwise we will delete it.
If the legal requirements are met, you have the following rights under Articles 15 to 22 of the GDPR: the right to information, access, correction, deletion, restriction of processing and right to data portability. In addition, in accordance with Article 21 of the GDPR, you have the right to object to the processing, provided that it is based on the legitimate interest of our own or third parties, Article 6 par. 1 (f) of the GDPR. Finally, in accordance with Article 77 of the GDPR, you also have the right to lodge a complaint with a competent Data Protection Supervisory Authority, even with the Authority located in your place of residence. The Supervisory Authority responsible for our company is: Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit, Kurt-Schumacher-Allee 4, 20097 Hamburg, Germany.
1. Introduction & General Terms
The company under the name “EOS Matrix Receivables Management from Loans and Credit Greece S.A.”, with registered offices in the Municipality of Ilioupoli, Attica (423B Vouliagmenis Avenue, PC 16346, GEMI No. 143618701000) (hereinafter “EOS”), collects, stores and processes Personal Data (as defined below) in accordance with the General Data Protection Regulation (ΕΕ) 2016/679 (the “GDPR”) and local data protection legislation (jointly “Data Protection Legislation”).
This Notification describes how EOS collects, uses and processes your Personal Data. This Notification covers Personal Data that is held electronically and also applies to paper-based filing systems. EOS is the data controller of your Personal Data.
2. What is Personal Data?
Personal Data means any information which relates to an identified or identifiable individual, or which could be used to identify an individual (“Personal Data”). The types of Personal Data that EOS may collect from or about you include, on a case-by-case basis:
(a) Personal and family information: first name, surname, father’s name, mother’s name, spouse’s full name (if applicable), residence details (address and telephone number), date and place of birth, gender, residence and work permits, nationality, fulfillment of military obligations (excluding reasons for discharge due to incapacity or deferment of service), Social Security Number (AMKA), identity card number, date of issue and issuing authority, passport number and date of issue/expiry, mobile phone number, email address, tax identification number and tax office, bank account details and other financial information, details of business activities outside EOS and participation in Boards of Directors (where such information is relevant to employment), marital status and details of dependents.
(b) Information relating to your education and work experience: details of previous employers and references, other information related to your previous employment, i.e. job title and/or position and description of responsibilities/duties, type of employment (fixed-term/indefinite), working hours and shifts, location, length of service, contact details of previous employment (telephone, address, fax, and email address), start and end date (as applicable) of employment, name and contact details of supervisor, manager, or team leader, information on benefits and related details, salary information, information regarding participation in training programs and related recommendations, academic background and education, professional training, licenses and certifications, foreign languages, activities and research, information relating to complaints and grievances, and the reason for any dismissal.
(c) Any other information included in your CV or otherwise provided to us, even if not requested.
3. Why does EOS process your Personal Data?
EOS processes your Personal Data for the following purposes: (1) evaluating your application to determine if you should be hired; (2) safeguarding EOS’s interests; and (3) complying with the provisions of applicable legislation.
4. Legal basis for processing Personal Data
The legal basis for the collection, processing and use of your Personal Data is established in article 6 para 1 letters a), b), c) and f) of GDPR. This means that we processes your data: (i) on the basis of your consent, which is expressed by the clear affirmative action of sending your CV to us; (ii) in order to make steps at your request, prior to entering into a contract with you; (iii) in order to be able to comply with our legal obligations as your employer; and (iv) for the prevailing legitimate interests pursued by EOS or by a third party, except where such interests are overridden by the interests or the fundamental rights and freedoms of the Applicant.
5. Does EOS share or transfer your Personal Data?
EOS may from time to time disclose your Personal Data to third parties for any of the purposes listed above. Examples of relevant third parties to whom EOS may disclose Personal Data include governmental agencies, courts, as well as third parties who provide services in connection with (among other things) the evaluation of Applicants.
When we disclose your Personal Data to third parties who provide services on our behalf (e.g. IT companies), we ensure that such service providers agree to use Personal Data only in accordance with our instructions and in accordance with the terms laid down in the relevant agreement which has been concluded between them and EOS.
EOS may also disclose Personal Data to third parties:
6. International Transfers of Personal Data
Personal data shall not be transmitted outside the European Economic Area.
7. Third-party Personal Data
Where you provide third-party Personal Data to EOS (i.e.. data from a spouse and/ or family members or third-party personal data for the purpose of obtaining recommendations), you are required to inform these persons about their rights in connection with the processing of their Personal Data (for example, by presenting the present Notification to them). Moreover, it is your responsibility to obtain the consent of these persons. At the time you provide the third-party Personal Data, EOS considers that the third-party consent as granted, to the extent required by law.
8. Data retention
EOS retains your Personal Data for the time period permitted or required by the applicable data protection/ regulation, which, in case that you are not being employed by us, may not exceed the period of 6 months, unless you have given your consent for its retention.
9. Consequences in case of failure to provide Personal Data
If an Applicant does not wish to disclose the requested minimum necessary Personal Data for the evaluation of his application, then EOS will review whether, in view of the circumstances, such evaluation can be made.
10. Applicant’s Rights
You have the following rights under the data protection legislation:
If you would like to discuss or exercise any of these rights, please use the contact details in section 13 below.
Finally, you have the right to lodge a complaint to the Hellenic Data Protection Authority (www.dpa.gr).
11. Origin of Personal Data
In principle any data relating to you is collected from you personally. EOS may also obtain your Personal Data from sources such as the following:
12. Updates
EOS may update this Notification from time to time due to changes in laws and regulations or its internal procedures and systems and will notify the Applicants accordingly (e.g. via its website). All changes are effective from the date of publication, unless provided otherwise.
13. Contact Us
If you have any questions or concerns about this Notification, or would like to exercise any of your rights, please contact our Data Protection Officer at [email protected].
The company under the name “EOS MATRIX RECEIVABLES MANAGEMENT FROM LOANS AND CREDIT GREECE S.A.” (423B Vouliagmenis Avenue, PC 16346, Ilioupoli, Attica) ("EOS") notifies you of the following regarding the closed-circuit television (CCTV) systems that operate at its premises:
INFORMATION NOTE TO THE DATA SUBJECTS
The company under the name “EOS Matrix Receivables Management from Loans and Credit Greece S.A.”, with registered offices in the Municipality of Ilioupoli, Attica (423B Vouliagmenis Avenue, PC 16346, GEMI No. 143618701000) (hereinafter “EOS Matrix Greece”), informs you pursuant to the General Data Protection Regulation (EU) 2016/679 (hereinafter referred to as the “GDPR”), Greek law 4624/2019 for the implementation thereof and the relevant Greek and European legislation on the protection of personal data, under its capacity as controller with regard to the collection and further processing of your personal data belonging on special categories as data subject:
1. What personal data of special categories EOS Matrix Greece processes and from which sources it collects them from
EOS Matrix Greece collects directly from you or through your legal representatives or your authorized persons, personal data of special categories related to your health (such as physical and mental condition, disabilities, medical history, other health data) and/or your dependent family members.
2. For which purposes and on what legal basis EOS Matrix Greece processes the above personal data of special categories
EOS Matrix Greece collects and processes the above personal data of special categories within the framework and for the purposes of application of the procedures of the Bank of Greece Code of Ethics (Decision no. 392/1/31.5.2021 of the Bank of Greece Credit and Insurance Committee, as applicable and in force), processing and evaluation of requests submitted by you for settlement of debts and addressing complaints, as well as in the context of examination and regulation of the frequency of your telephone calls to inform you about your debt.
EOS Matrix Greece processes this personal data of yours after you have previously given your explicit consent to the intended processing, by signing the Consent Statement that follows the present Notice.
We note that, in any case, you have the right to withdraw your consent at any time, without, however, affecting the lawfulness of processing based on your consent provided before its withdrawal.
3. Who are the recipients of your data
Recipients of all or part of the above personal data of special categories may be in addition to you and/or your legal representatives and the persons authorized by you, as the case may be, the following:
4. How long does EOS Matrix Greece store your above personal data
EOS Matrix Greece keeps the above personal data, including the present Information and Consent Notice for the Processing of Personal Data of Special Categories, for five (5) years after the end of your relationship with EOS Matrix Greece, unless otherwise provided by the applicable legal and regulatory framework for the observance of the legal obligations or for the establishment, exercise or support of legal claims of EOS Matrix Greece and/or the receivables entity.
Especially in case of legal dispute with EOS Matrix Greece and/or the respective receivables entity or administrative dispute, the aforesaid retention period will be extended until the issuance of an irrevocable court decision.
5. Which are your rights and how you can exercise them
According to the provisions of GPDR, you have the following rights:
Please note the following in relation to your above rights:
To exercise your rights, you can contact the Customer Service and Complaints Management Unit of EOS Matrix Greece, 423B Vouliagmenis Avenue, PC 163462, Municipality of Ilioupoli, Attica or by e-mail at [email protected].
7. Right to lodge a complaint with the Hellenic Data Protection Authority
You have the right to lodge a complaint before the Hellenic Data Protection Authority for any matter regarding the processing of your personal data. For the respective competence of the Authority and the procedure to be followed for filing a complaint, you may visit the Hellenic Data Protection Authority (www.dpa.gr> My Rights > Lodge a complaint), where detailed information is available.
In any case, you may refer to the Information Notice of EOS Matrix Greece, which is posted on its website at: https://gr.eos-solutions.com, where you will find all information regarding the full range of processing activities carried out by EOS Matrix Greece.
1. Introduction
This Privacy Notice applies to all natural persons who submit, either with their name or anonymously, a report within the whistleblowing system on violations of Union law that has been implemented (the “Report”), regarding violations that have been committed or are very likely to be committed.
THIS NOTICE SUPPLEMENTS ANY OTHER INFORMATION WE HAVE ALREADY PROVIDED TO YOU AND FORMS AN INTEGRAL PART OF THE WHISTLEBLOWING POLICY ON VIOLATIONS OF UNION LAW.
In this Notice, the terms “we” and/or “Company” refer to “EOS MATRIX GREECE SINGLE-MEMBER LOAN AND CREDIT CLAIMS MANAGEMENT SOCIÉTÉ ANONYME”, with registered offices in the Municipality of Ilioupoli, Attica (423B Vouliagmenis Avenue, PC 16346), GEMI No. 143618701000, which is the data controller.
The Company does not provide a relevant data protection notice to the Reported Person or to Witnesses, as defined in Section 2 below, for as long as required and whenever deemed necessary for the purpose of preventing and addressing attempts to obstruct, hinder, frustrate or delay follow-up measures, especially investigations, or attempts to identify the Whistleblower, as defined in Section 2 below, as well as for protecting them against retaliation.
2. Types of personal data and categories of natural persons
During the reporting process, the Company, as controller, may collect personal data of the following persons (collectively the “data subjects” and/or “you”):
The types of personal data that the Company may collect during this process include: (a) your personal information (such as that collected through the system for the purpose of submitting the Report, e.g. full name, date of birth, telephone number (landline/mobile), and email address), (b) work-related data (such as job title, business unit, duties, annual evaluations), and (c) any information included in the Report concerning the reported violation, such as the location and time of the incident, additional information or available evidence, the way you are connected to the incident and the person against whom it is submitted, any other persons you suspect may be involved in the incident, which may relate either to the Whistleblower or to any other natural person mentioned above, as well as the content of the Report itself (e.g. information relating to accounting matters, internal audits or audit procedures, crimes in the banking or financial sector, and bribery cases connected with the reported incidents). The disclosure of the data mentioned under points (a) to (c) above constitutes a prerequisite for initiating an investigation after submission of the Report, in order to establish whether the alleged act or incident is substantiated.
When using the system, you are strongly advised that any personal data included in the Report concerning yourself or other persons be strictly limited to what is necessary for the purpose of the Report, and strictly and objectively required in order for us to verify the reported acts.
3. Source of personal data
The Company collects personal data directly from the above-mentioned data subjects.
4. Legal basis for processing personal data
The legal basis for the collection, processing, and use of personal data in the context of the whistleblowing procedure is determined by Article 6(1)(c) and (f) of the GDPR. This means that we process your data either to comply with a legal obligation to which we are subject, or for purposes of legitimate interests pursued by the Company, unless those interests are overridden by the interests or fundamental rights and freedoms of the data subjects.
5. Purposes of processing personal data
During the process through the reporting system, the Company collects, uses, and generally processes the personal data of data subjects, as applicable, for the following purposes: (1) To manage the internal whistleblowing system and ensure the security of the processing operations carried out through the system, (2) To ensure compliance with internal policies and reduce instances of misconduct, (3) To safeguard the application of appropriate corporate governance principles in daily operations, (4) To comply with any applicable laws and regulations on whistleblowing (e.g. requirements for prior disclosure or notification, where applicable, to national authorities), (5) To conduct investigative procedures regarding the relevance of the reported facts, (6) To use in the context of any legal or regulatory proceedings (including future proceedings) and for obtaining legal advice or for the establishment, exercise, or defense of legal claims, and (7) To impose sanctions in cases of abuse of the reporting system by the perpetrator.
6. Recipients of personal data
Personal data is processed solely by authorized employees and bodies of the Company responsible for handling reports and contractually bound by confidentiality obligations, including the Officer for the Receipt and Monitoring of Reports. Data may also be transferred to cooperating companies contracted by the Company to process data on its behalf (e.g. providers of whistleblowing system management services or investigative services), within the scope of their responsibilities and under obligations of confidentiality, secrecy, and compliance with data protection legislation.
Furthermore, data may be shared with affiliated companies within the EOS Group to the extent such disclosure is considered necessary, provided that the same safeguards are met with respect to report management. Data may also be transferred or processed by selected third-party specialists, such as external lawyers or consultants.
Finally, the Company may disclose personal data to third parties when required by law (e.g. mandatory notifications to competent authorities), in the context of or in connection with legal proceedings in which it is involved, to support, exercise, or defend its rights, to law enforcement authorities submitting a valid disclosure request, or when it considers disclosure necessary in the course of any investigation relating to suspected or actual unlawful activity. Since data included in Reports may be used as evidence in administrative, civil, and criminal investigations and proceedings, such data will also be provided to the competent supervisory and investigative authorities.
The Company guarantees the confidentiality of any Report and the information contained therein, as well as the anonymity of the Reporting Person, even if the Report turns is later found to be false or unfounded. In particular:
The above protections for Whistleblowers’ identity also apply to the identity of Reported Persons.
Reports are stored confidentially and retrieved when required by Union or national law, and in any case until completion of each investigation or legal proceeding initiated as a result of the Report.
7. Overseas transfers
Personal data in Reports will not be transferred to countries outside the European Economic Area.
8. Your rights in connection with personal data
Under certain circumstances and subject to applicable law, you have the right to:
request the transfer of your personal data to you or to another party (also known as “data portability”).
Certain rights are not absolute under the applicable legislation (as sometimes there may be overriding interests that require the processing to continue, for example)
In addition, the Company may choose not to satisfy the above rights when exercised by Reported Persons or Witnesses, or when they arise from monitoring measures of the Report.
If you wish to obtain further information or be informed about the processing of your personal data, or to exercise any of your above rights, you must send an email to the Company’s Data Protection Officer exclusively at the following email address: [email protected], or send a letter to the address mentioned above.
Finally, you have the right to lodge a complaint with the supervisory authority in the jurisdiction where you live or work, or in the place where you think an issue in relation to your personal data has arisen (for Greece: www.dpa.gr).
9. Retention of personal data
The retention period of the above data is the time required or permitted by the applicable legislation/ regulatory framework, also taking into account the applicable prescription period, which may extend up to 20 years. Specifically: (a) when the Report is deemed unfounded, data will be retained for two (2) months from its rejection, (b) when legal or disciplinary proceedings are initiated against the Reported Person or the Whistleblower, data will be retained until completion of such proceedings and expiry of the deadline for lodging appeals, in accordance with applicable law, (c) when the Report reveals substantiated findings against a Company executive, data will be retained for as long as their employment/ relationship with the Company lasts and will be deleted twenty (20) years after the termination of the relationship by any means, and (d) when the Report reveals substantiated findings against an external partner or supplier of the Company, data will be retained for the entire duration of the cooperation and will be deleted five (5) years after termination of the cooperation by any means.
10. How to contact us
If you wish to exercise any of your rights in connection with your personal data or to receive further information on the retention periods of your personal data, please contact the Company at [email protected].
11. Updates
The Company may update this Notice periodically due to changes in legislation, regulations, or internal processes and systems, and will inform you of any significant changes through the appropriate communication channels. All changes take effect from the date of publication, unless otherwise specified.