Eurobank informs you, the participants and those who have expressed interest in participating in the "Acceleration" platform of the egg business accelerator (hereinafter the "egg Accelerator"), organised and implemented by same, of the following information regarding the processing of your personal data, in accordance with Regulation (EU) 2016/679 (hereinafter the "GDPR"), Law. 4624/2019 and the other provisions of the relevant Greek and EU legislation on the protection of personal data [by reference to article 8. of the relevant call for expressions of interest for participation in the egg Accelerator, which is permanently posted on the egg website (www.theegg.gr)]. This notice may be supplemented with more specific updates on a case-by-case basis [indicatively in cases of data processing through cookies, data collected through the egg website (www.theegg.gr), etc.].
1. Data Controller
The Data Controller is the public limited company (société anonyme) under the name "Eurobank SA", located in Athens, at 8 Othonos Str., with General Electronic Commercial Registry (GEMI) No. 154558160000 (hereinafter "Eurobank" or the "Data Controller").
2. What personal data does the Data Controller collect and process and from what source?
The personal data the Data Controller collects and processes indicatively may include the following and may not all apply to you, insofar as the type and amount of the necessary personal data collected in each case depends on the nature of the data subject, i.e. whether the data subject is a participant or merely expressing an interest in participating in the egg Accelerator (and whose application expressing an interest was not ultimately approved for participation in the egg Accelerator):
a. The information contained in your application for participation in the egg Accelerator/application for registration on the egg website (www.theegg.gr) and in the data included on the accompanying solemn declaration, the information contained in your attached business plan, as well as other supporting documents, questionnaires you fill out, etc.
b. Data obtained during the stage of your assessment to join the egg Accelerator, as well as those submitted by you or obtained in connection with your participation in the egg Accelerator throughout its duration, during the implementation and promotion of the egg Accelerator, in particular when receiving egg Accelerator services, data of your communication with the Data Controller, the institutions and other officers of the egg Accelerator, etc.
c. Data resulting from the taking of photographs, videos, recordings, the creation of printed or electronic placements/articles by the Data Controller or third parties as part of preparing, implementing and promoting the egg Accelerator.
d. Data on responses that you provide to surveys of the Data Controller insofar as they are not anonymous data.
e. Data automatically collected during your use of the egg website (www.theegg.gr) (e.g. IP address, cookie identifiers, etc.) as indicated in specific relevant updates provided on the aforementioned website.
The collection of data from you as described above includes the collection by a third natural or legal person acting on your behalf and the collection through egg Accelerator partners or egg partners in general to whom you have provided your personal data for transmission to the Data Controller in view of and in the context of your participation in the egg Accelerator.
Additionally, when providing us with personal data pertaining to third parties, you must inform them appropriately beforehand (indicatively by reference to this notice) and obtain their consent, where required.
According to the GDPR, personal data must be updated and accurate. Consequently, you are required to provide the Data Controller with accurate and up-to-date personal data and to inform the DC of any changes as soon as possible.
3. Why does the Data Controller collect your data and what is the legal basis for processing them?
The Data Controller collects and processes your personal data whenever necessary for each instance:
Α. For the performance of a contract and to take steps at your request prior to entering into a contract (Article 6(1)(b) GDPR).
The processing of personal data under 2. serves purposes such as:
- Identification and communication with you, particularly for the purpose of your participation in the evaluation process provided for by the relevant call for expressions of interest for participation in the egg Accelerator and carrying out your evaluation in accordance with said call.
- Your participation in the egg Accelerator, and particularly your receiving of the services provided as part of the egg Accelerator, provided your application expressing an interest (and your accompanying business plan) is approved for participation in the programme, in accordance with the terms of the relevant call for expressions of interest.
Β. For compliance with legal obligations the Data Controller is subject to (Article 6(1)(c) GDPR).
The processing of the personal data under 2. also serves purposes such as the Data Controller’s compliance with obligations imposed by the applicable legal, regulatory and supervisory framework, as well as the decisions, requests by any authorities (public/administrative, supervisory, independent, prosecutorial, etc.) or by the courts (ordinary or arbitration).
C. For the purposes of the legitimate interests of the Data Controller or a third party (Article 6(1)(f) GDPR).
The processing of personal data listed under 2. serves additional purposes, including but not limited to the security of the IT systems, facilities and assets of the Data Controller, the defence of the legitimate rights and interests of the Data Controller or a third party, the handling of your queries or complaints, conducting surveys, analyses, statistical analyses, upgrading/improving the services/benefits of the egg Accelerator, sending or submitting questionnaires to you to determine your level of satisfaction with egg Accelerator and egg in general, the promotion and advertising of the egg Accelerator and egg in general, and particularly through photographs, videos, recordings, your statements, articles, placements, etc. in the media, on the internet (including but not limited to posting on egg's website, but also on the Data Controller’s website, on social media, in newsletters, blogs, in all promotional/advertising material relating to the egg Accelerator and the Data Controller, etc.), maintaining historical records on the activities and course of the Data Processor and the Eurobank Group in general, etc.
D. With your consent (Article 6(1)(a) of the GDPR).
Where the processing cannot be based on any of the legal grounds mentioned above under 3.A.-3.C., the Data Controller will ask for your consent for such processing (as in the case of data transfer outside the European Economic Area (EEA) mentioned below under 5.c.i.). It is expressly stated that this notice does not apply to other consents obtained through special notifications, e.g. cookies, etc. In such cases, you have the right to withdraw your consent at any time (for how to withdraw your consent, see the information under 8.; where applicable, you will be informed of more specific steps of withdrawal depending on how you provided your consent), without, however, affecting the lawfulness of the processing performed based on your consent and up until its withdrawal.
4. Recipients of your data
In fulfilling the Data Controller's contractual, legal and regulatory obligations, in serving its legitimate interests, and in cases where the Data Controller is authorised or has obtained your consent, recipients of your data may include:
a. The institutions, officers and other stakeholders of the egg Accelerator and egg in general (evaluators, members of the Steering Committee, members of the Advisory Committee, Egg Manager, Egg Operations Manager, Mentors etc.), in accordance with the relevant call for expressions of interest, and in general the competent employees and members of the Data Controller's management within the framework of their duties.
b. Bodies cooperating with Eurobank within the framework of the egg Accelerator and egg in general, for the purpose of providing services to you as part of the egg Accelerator, in accordance with the terms of the relevant call for expressions of interest.
c. Providers of event planning and public relations services.
d. Providers of IT products and/or services and/or support for any type of IT and electronic systems and networks, including online systems and platforms, providers of electronic communication services and information society services (for example, providers of telecommunication services, email, web hosting, messaging applications), as well as providers of postal services.
e. Companies providing storage, archiving, management and destruction of files and data.
f. Customer satisfaction or market research companies in general.
g. Companies promoting products and/or services - advertising companies.
h. Promotional media, such as news media (radio, television, print, electronic), social media, blogs, including the egg and the Data Controller's websites, as well as the audience for the promotional activities.
i. Travel agencies.
j. Lawyers, law firms, bailiffs, experts, surveyors, consultancy service providers in the framework of their competences.
k. Supervisory, independent, judicial, prosecutorial, police, public/administrative authorities, other authorities or bodies or parties entrusted with the control/monitoring of the Data Controller's activities within the scope of its responsibilities, accredited mediators and mediation service centres, arbitration courts and alternative dispute resolution bodies.
l. Security companies.
m. Other members of your business team.
For the terms and conditions of processing of your personal data by those recipients acting as independent data controllers, we recommend that you refer to their respective privacy notices.
5. Can the Data Controller transfer your data to third countries (outside the EEA)?
The Data Controller does not in principle intend to transfer your personal data to third countries outside the European Economic Area (EEA). If there is a reason for the transfer (in particular in the context of social media), the transfer will take place with the appropriate or suitable safeguards set out in the applicable legislation (usually, where necessary, using standard data protection clauses issued by the European Commission).
6. How long will the Data Controller retain your data?
Your personal data are retained for the period of time necessary to fulfil the purposes of their collection and processing, or for the period of time required by the applicable legal and/or regulatory framework or to establish, exercise and support legal claims or defend rights and legitimate interests, taking into account, in addition to and inter alia, the nature, sensitivity and volume of the personal data, the potential risk of harm from a personal data breach, the purposes for which the Data Controller collects your personal data and whether these purposes can be achieved in another way.
In particular and indicatively, the Data Controller will retain the personal data of participants in the egg Accelerator for as long as the egg Accelerator and egg in general exists and operates. It is expressly stated that where law or regulatory acts stipulate a longer period of data retention, the above retention period will be increased accordingly. The aforementioned retention period may be increased accordingly if needed in order to establish, exercise and support legal claims or defend rights and legitimate interests or for reasons of maintaining a historical record of the activities and course of the Data Controller and the Eurobank Group in general (for the entire duration of this record’s existence).
Furthermore, the Data Controller will retain the personal data of those expressing interest in participating in the egg Accelerator (i.e. whose application was not approved for participation in the egg Accelerator) for a period of six (6) months from the completion of the evaluation process, in accordance with the specific provisions of the relevant call for expressions of interest. The above retention period may be increased where needed to establish, exercise and support legal claims or defend the rights and legitimate interests of the Data Controller.
7. What are your rights regarding the protection of your data?
You have the right to:
a. Request to be informed about the categories of your personal data that are processed, their origin, the purposes of their processing, the categories of recipients, the length of time they are retained and your rights in this regard (right of access).
b. Request the rectification of and/or supplement to your personal data so they are complete and accurate, by providing any necessary document demonstrating the need for completion or rectification (right to rectification).
c. Request the restriction of the processing of your data (right of restriction).
d. Object to any further processing of your personal data (right to object).
e. Request the erasure of your personal data from the records retained by the Data Controller (right to be forgotten) under certain conditions, such as when the data is no longer necessary, the data has been unlawfully processed, etc.
f. Request the transfer of your data from the Data Controller to any other controller (right to data portability).
g. Withdraw your consent at any time. The withdrawal of consent does not affect the lawfulness of the processing based on consent prior to its withdrawal and the re-granting of withdrawn consent is permitted.
h. To appeal to the Hellenic Data Protection Authority (1-3 Kifissias Ave., GR-115 23, Athens, tel. +30 2106475600) if you believe your rights have been infringed in any way (right of recourse to the Authority). To learn about the competence of the Authority and how to submit a complaint, visit its website (www.dpa.gr - Individuals - Complaint to the Hellenic DPA), where detailed information is available.
Please note the following in relation to the above rights:
i. Your rights under c., d. and e. may not be upheld, in whole or in part, if they concern data that are necessary to the processing purposes for which they were collected or processed, such as to implement the egg Accelerator, regardless of their source.
ii. The Data Controller retains the right to refuse your request for restriction of processing or erasure of your personal data if the processing or retention of the data is necessary to establish, exercise or support its legitimate rights or to fulfil its obligations.
iii. The exercise of the right to portability (as above, under f.) does not imply the deletion of your data from the Data Controller's records, as the deletion is subject to the conditions of the immediately preceding paragraph and the law.
iv. The exercise of the above rights is prospective and does not apply to data processing already performed.
h. Right to Complaint to the Authority: You have the right to lodge a complaint with the Hellenic Data Protection Authority (1-3 Kifissias Ave., 115 23 Athens, tel: +30 2106475600) in case you consider that your rights are in any way violated. For the Authority’s competence as well as the way to lodge a complaint you can find detailed information on its website (www.dpa.gr – Individuals – Complaint to the Hellenic DPA).
8. How can you exercise your rights?
To exercise your rights, you can contact us in writing at the following address: 75 Thessalonikis Str., Moschato, Attica GR-183 45, or online at the email address info@theegg.gr; for requests regarding the historical record of the activities and course of the Data Controller and the Eurobank Group in general, you may write to: 10 Filellinon and 13 Xenofontos streets, (2nd floor), GR-105 57 Athens or at the email address historicalarchives@eurobank.gr. As part of your requests to exercise your rights and to facilitate the Data Controller's examination and response to them, please specify which right(s) you are exercising. The Data Controller will make every effort to respond to your request within one (1) month of receiving it. This deadline may be extended by two (2) additional months, if deemed necessary at the sole discretion of the Processing Manager, taking into account the complexity of the request and the number of requests. In all cases, the Data Controller will inform you of any extension of the deadline within one (1) month of receiving the request. This service is provided by the Data Controller free of charge. However, if your requests are manifestly unfounded, excessive or repetitive, the Data Controller may either impose a reasonable fee, informing you accordingly, or refuse to respond to your request(s).
9. Data Protection Officer
You can contact Eurobank's Data Protection Officer for issues relating to the processing of your personal data at 6 Siniosoglou Str., GR-142 34 Nea Ionia or at the email address dpo@eurobank.gr.
10. Amendments of this Information
This notice may be amended from time to time to keep it in line with legal requirements and the reality of the processing being performed. If there are significant changes to this notice, you will be informed by any suitable means, such as the posting of a notice on the Website www.theegg.gr. To keep up with the latest/updated version of this document, in case of minor changes or improvements, it is recommended that you regularly check the Website www.theegg.gr, where this notice is permanently posted.
This notice was updated on 02/07/2025 and is permanently posted on www.theegg.gr.