Information on the Processing of Personal Data in the framework of the Programme egg – enter*grow*go

We provide you, participants and candidate participants of the programme egg – enter*grow*go (hereinafter “the Programme”), that is co-organised by Eurobank and Corallia, with the below mentioned information regarding the processing of your personal data pursuant to Regulation (EU) 2016/679, the L. 4624/2019 and the relevant Greek and EU legislation on personal data protection (by reference to article 7 of the relevant Notices of the Programme). This Information may be supplemented by more specific notices, depending the case (indicatively in cases of data processing via cookies, cases of processing data collected via the website (currently, data collected via the electronic learning and communication game for the purpose of discovering entrepreneurial skills (soft skills) etc.). It is hereby explicitly clarified that the present applies to the participants and candidate participants of both platforms of the Programme, i.e. “egg Start Up” and “egg Scale Up”.

1. Data Controllers

Joint data controllers (according to article 26 GDPR) are:

  1. the société anonyme under the name “Eurobank S.A.” (hereinafter “Eurobank”), having its registered offices in Athens, 8 Othonos Street, registered at the General Commercial Registry with No 154558160000 and
  2. Corallia unit of the Private Law Legal Person under the name “Athena Research and Innovation Center in Information, Communication and Knowledge Technologies” [Athina – Erevnitiko Kentro Kainotomias stis Texnologies tis Pliroforias, ton Epikoinonion kai tis Gnosis], having its registered offices in Maroussi, 44 Kifissias Ave. with VAT No 999723442.
    (hereinafter jointly referred to as “Data Controllers”). 

2. What personal data do the Data Controllers collect and process and from which sources?

The personal data that the Data Controllers collect and process fall primarily within the following categories; some of these categories may not concern you to the extent that the type and number of the necessary collected personal data depends in any case on the capacity of the data subject, i.e. if the subject is a participant or simply a candidate participant whose further participation to the programme and qualification for the “grow” phase has not been accepted:

a. The data included in your application to participate in the Programme and the application form for your registration on the Programme’s website ( and data entailed in your solemn declaration as well as data from your submitted business plan and other supportive documentations, questionnaires you fill in etc..

Data deriving during your evaluation in order to be accepted to the Programme as well as data deriving from or submitted by you during the implementation and promotion of the Programme, especially when you receive the benefits of the Programme. 

Data deriving from photographs, videos and recordings either from the Data Controllers or third parties acting on their behalf in the framework of the preparation, implementation and promotion of the Programme.

Data from the answers you provide Data Controllers with during surveys in case these are not anonymous data. 

Data that are automatically collected when using the Programme’s website ( (such as the IP address, cookies ID etc.) in accordance with the relevant information provided in the aforementioned website.

Data collected via your participation to the electronic game of learning and communication (serious game) for discovering your entrepreneurial skills (soft skills) pursuant to the Notice of the Programme and the specific personal data notice.

The collection of personal data from you, as described above, includes the data collection from a third natural or legal person acting on your behalf and the data collection from Programme partners whom you provide your personal data with in order for them to transfer said data to the Data Controllers for your participation to the Programme. 

Moreover, in case you provide us with personal data of third parties, you must have in advance properly informed these parties (indicatively, by referring them to this Information) and have ensured, where necessary, their relevant consent. 

According to the GDPR your personal data must be updated and accurate. You are therefore obliged to provide the Data Controllers with accurate and updated data and inform them on any amendments of these data as soon as possible.

3. Why do the Data Controllers collect your personal data and which are the legal bases for their processing? 

The Data Controllers collect and process your personal data that are necessary in each particular case:

Α. For the execution of the contract and in order to carry out pre-contractual measures upon your request before entering into the contract (article 6 par. 1 b GDPR)

The processing of the data as described in Section 2 serves purposes such as: 

- Your identification and the communication with you especially regarding your participation to the evaluation procedure and your evaluation as described by the relevant Programme’s notices.

- Your participation to the Programme, especially as regards the receipt of the Programme’s benefits, provided 

Β. For the Data Controllers’ compliance with their legal obligations (article 6 par. 1 c GDPR).

The processing of the data as described in Section 2 serves additionally purposes such as the  Data Controllers’ compliance with their obligations as imposed by the relevant legal, regulatory and supervisory framework in force as well as by the decisions of any authorities (public, supervisory, independent, prosecution etc.) or courts (ordinary or arbitration courts). 

C. For serving the Data Controllers’ or third parties’ legitimate interests (article 6 par. 1 f GDPR)

The processing of the data as described in Section 2 serves also purposes such as indicatively the security of the Data Controllers’ information systems facilities and assets, the defense of the Data Controllers’ or third parties’ legal rights and interests, the management of your queries or complaints, carrying out surveys, analyses, statistics, the upgrading/amelioration of the services/provisions of the Programme, the promotion and advertising of the Programme especially via photographs, videos, recordings, your statements on media, the web (including indicatively posts on the Programme’s website as well as on the Data Controllers’ websites, on social media, news programmes, blogs on any promotional/advertising materials of the Programme and of the Data Controllers etc. ), record keeping etc.

D. Upon your consent (article 6 par. 1a GDPR)

When the processing of your personal data cannot be attributed to any of the abovementioned legal bases (3.A. – 3.C.), the Data Controllers will ask for your consent  for said processing (such as in the below mentioned case under 5.c.i. on data transfer outside the EEA). It is explicitly mentioned that the present does not apply to other consents received via special notices such as for the use of cookies. In such cases you have the right to withdraw your consent at any time. However, the processing based on your consent prior to its withdrawal remains unaffected (regarding the ways to withdraw your consent you may see section 8 and you will be also informed on specific ways to withdraw your consent depending on the way you gave your consent.).

4. Recipients of your data

During the fulfillment of the Data Controllers’ contractual, legal and regulatory obligations, of serving their legitimate interests as well as in cases where the Data Controllers are authorized or have received your consent, recipients of your personal data may indicatively be the following:

a. Key persons of the Programme (evaluation members, members of the Coordinating Committee, members of the Advisory Committee, Responsible for the Programme’s management, Responsible for the Infrastructure Management, Mentors, etc. ), pursuant to its Notices and in general the competent employees of the data Controllers within the framework of their duties. 

b. Cooperating bodies for the purpose of services provision to you in the framework of the Programme, pursuant to the terms of the relevant Programme Notices.

c. Providers of events services.

d. Information products and/or services providers and/or information and electronic systems and network support providers of any kind, including but not limited to online systems and platforms. 

e. Companies responsible for storage, filing, management and destruction of files, records and data.

f. Companies conducting customer satisfaction surveys or market surveys in general.

g. Companies for the promotion of products and/or services - advertising companies.

h. Media.

i. Travel agencies.

j. Lawyers, law firms, bailiffs, experts, consulting providers within the framework of their duties.

k. Supervisory, independent, judicial, prosecution, police,  public and/or other authorities, entities or parties that are responsible for the supervision/monitoring the Data Controllers’ activities within their competence, authorized mediators and mediation centers, arbitration tribunals and alternative dispute resolution entities.

l. Security companies.

m. Other members of your business team.

For the personal data processing of the abovementioned recipients that act as data controllers we advise you to consult their personal data notices.

5. In which cases are the Data Controllers entitled to transfer your personal data to third countries (outside the EEA)?

The Data Controllers may transfer your personal data to third countries (outside the EEA) under the following circumstances:

a) If the Commission decides that the third country, a territory or one or more specified sectors within that third country ensure an adequate level of protection; or

If appropriate safeguards have been provided from the recipient, according to the EU and/or national legislation.

In the absence of the abovementioned circumstances, a data transfer may take place in case any of the derogations mentioned by the EU and/or national legislation has been met such as indicatively:

i) you have provided the Data Controllers with your explicit consent to the transfer; or

ii) the transfer is necessary for the execution of the contract (participation to the Programme, especially the receipt for the Programme’s benefits) or for the implementation of pre-contractual measures that are taken upon your request; or

iii) the transfer is necessary for the establishment, exercise or defense of the Data Controllers’’ legal; or

iv) the transfer is necessary for important reasons of public interest.

6. For how long will the Data Controllers store your data?

Personal data are stored for the period necessary for the fulfillment of the purposes they were originally collected and processed, otherwise for the time dictated by the relevant legal and/or regulatory framework, or for the necessary period of time for the exercise of claims or the defense of legal rights and legitimate interests. 

More precisely and indicatively the Data Controllers will be storing your data throughout the Programme and in case new tendering procedures are launching. It is explicitly clarified that in case a longer or shorter period of data storage is foreseen by law or a regulatory act the storage period will be accordingly amended. Moreover, the abovementioned storage period may be prolonged in case deemed necessary in view of the Data Controllers’ exercise of claims or the defense of their legal rights and legitimate interests or for reasons of record keeping of the data Controllers. 

Moreover, the data Controllers will store personal data of candidate participants, whose further participation has not been accepted and have not proceed to “grow” phase for a period of six (6) months from the completion of the “enter” phase of the Programme. The aforementioned period may be prolonged in case necessary for reasons of establishment exercise of legal claims and support of legal rights and legitimate interests of the Data Controllers. 

7. What are your rights regarding the protection of your personal data?

You have the following rights:

a) To be informed on whether we process your personal data and in that case to request information about the categories of your personal data that we process, where they come from, the purposes of their processing, the categories of their recipients, the period of their storage etc. (right of access);

b) To demand the rectification and/or completion of your personal data so that they are complete and accurate by providing any necessary supplementary documentation that justifies the need for rectification or completion (right to rectification);

c) To ask for a restriction of the processing of your personal data (right to restriction of processing);

d) To object to any further processing of personal data that concern you and takes place for the Data Controllers legitimate interests (right to object);

e) To demand the erasure of your personal data from our records (right to erasure) under certain circumstances, such as  in case these data are no longer necessary or you have  withdrawn your consent, or in case the data have been unlawfully processed etc.;

f) To request the transfer of your data from the Data Controllers to any other controller (right to data portability);

g) To withdraw your consent at any time. The withdrawal does not affect the lawfulness of the processing based on your consent prior to said withdrawal;

Please note the following as regards your aforementioned rights:

i. Your rights as explained above (points c, d and e) may remain partly or fully not satisfied to the extent they concern data deemed necessary for the processing purposes they were collected for or otherwise submitted to processing such as the implementation of the Programme regardless of their collection source.

ii. The Data Controllers preserve in any case the right to deny your request for restriction of processing or erasure of your personal data, if their processing or storage is necessary for the establishment, exercise or defense of the its legal rights or the fulfilment of its obligations.

iii. The right to data portability (point f above) does not include the erasure of your data from the Data Controllers’ records. The erasure is regulated under point e above.

iv. The exercise of the abovementioned rights is valid for the future and does not affect any previous data processing.

h. Right to Complaint to the Authority: You have the right to lodge a complaint with the Hellenic Data Protection Authority (1-3 Kifissias Ave., 115 23 Athens, tel: +30 2106475600) in case you consider that your rights are in any way violated. For the Authority’s competence as well as the way to lodge a complaint you can find detailed information on its website ( – Individuals – Complaint to the Hellenic DPA).

8. How can you exercise your rights?

For the exercise of your rights you may contact in writing 190 Syggrou Ave, Kallithea, 176 71 or send an email to In this framework and in order to facilitate the Data Controllers in examining your request, you are kindly asked to specify which of your right(s) you are exercising. The Data Controllers shall use their best endeavors to address your request within thirty (30) days of its receipt. The abovementioned period may be prolonged for sixty (60) more days, if deemed necessary, according to the data Controllers’ judgment taking into account the complexity of the issue and the number of the requests. The Data Controllers shall inform you within thirty (30) days in any case of prolongation of the abovementioned period. The abovementioned service is provided by the Data Controllers free of charge. However, in case the requests manifestly lack of foundation and/or are repeated and excessive, the data Controllers may impose a reasonable fee or, after informing you, refuse to address your request(s).

9. Data Protection Officers

You may contact Eurobank’s Data Protection Officer for any matter regarding the processing of your personal data at the address 6 Siniosoglou Str. 14234, Nea Ionia or by sending an email to
You may contact Corallia’s Data Protection Officer for any matter regarding the processing of your personal data at the address 44 Kifissias Ave. Marousi or by sending an email to

10. How do the data Controllers protect your personal data?

The Data Controllers implement appropriate technical and organizational measures to ensure the security and confidentiality of your personal data and their processing, their protection from accidental or unlawful destruction, loss, alteration, prohibited transmission, dissemination or access and any other form of unlawful processing.

11. Amendments of this Information

The present Information may be periodically amended so that it is always compliant with the legal requirements and the actual data processing taking place. In case there are significant important amendments, you will be notified accordingly by any appropriate means, indicatively by a relevant notification on the website It is recommended that you regularly check the website where this notice is available in order to be informed on its most recent / updated version in case there are minor amendments. 

This Information was updated on 06.09.2021 and is always available on the Website