(This Information applies specifically to the processing of personal data of visitor-users of the website www.theegg.gr; Click here for the Information on the processing of personal data of the participants/candidates to the programme egg-enter*grow*go.)
The société anonyme under the name “Eurobank S.A.” (hereinafter “Eurobank”) and the Corallia Unit of the Private Law Legal Person under the name “Athena Research and Innovation Center in Information, Communication and Knowledge Technologies” [Athina – Erevnitiko Kentro Kainotomias stis Texnologies tis Pliroforias, ton Epikoinonion kai tis Gnosis] (hereinafter “Corallia”) inform you, visitors/users of this website www.theegg.gr (hereinafter the “Website”) that the processing of your personal data is governed by the following terms and the relevant provisions of the Regulation (EU) 2016/679 (hereinafter the “GDPR”), L. 4624/2019 as well as by the provisions of the relevant Greek and EU legislation on personal data protection.
1. Data Controllers
Joint data controllers of the Website (pursuant to art. 26 GDPR) are: a. the société anonyme under the name “Eurobank S.A.”, 8 Othonos Street, 10557 Athens, Greece, General Commercial Registry No 154558160000 and b. Corallia Unit of the Private Law Legal Person under the name “Athena Research and Innovation Center in Information, Communication and Knowledge Technologies”, 44 Kifissias Ave., Maroussi with VAT No 999723442 (hereinafter jointly referred to as “Data Controllers”).
2. What personal data do the Data Controllers collect and from which sources?
The personal data that the Data Controllers collect and process fall primarily within the following categories; some of these categories may not concern you to the extent that the type and number of the necessary collected personal data depend in any case on the capacity of the data subject, the kind of interaction with the subject etc.:
- Personal data that we collect directly from you when you electronically fill and submit the forms/requests to receive updates via newsletters, such as your email address. You must ensure that the personal data provided in the newsletters forms are correct and accurate and you are obliged to notify the Data Controllers in case of any amendment or modification of these data. You shall be held solely liable for any damage caused to the Data Controllers or any third party because of wrong, inaccurate or insufficient data/information provided via the Website’s newsletters forms.
- Personal data that you provide us with when you submit a question, request or complaint.
- Personal data that are automatically collected through the Website. When you visit and interact with the Website some data such as the following may be automatically collected: the IP address of your computer, the browser and the software you are using, your connection speed and information regarding the software programs installed in your PC, basic connection information with the web server as well as information collected through Cookies and similar technologies.
For more information regarding the use of cookies and similar technologies by the Data Controllers, please read the Cookies Policy.
The collection of personal data from you, as described above, entails the data collection from a third natural or legal person acting on your behalf. Moreover, in case you provide the Data Controllers with personal data of third parties, you must have in advance properly informed these parties (indicatively, by referring them to this Information) and have ensured, where necessary, their relevant consent.
3. Why do the Data Controllers collect your personal data and which are the legal bases for their processing?
The Data Controllers collect and process your personal data that are in each case necessary:
Α. Upon your consent (article 6 par. 1 a GDPR)
Said processing serves purposes such as the communication with you in case you have requested to receive updates via newsletters. It is clarified that filling the abovementioned newsletters forms with your personal data constitutes a declaration of consent on your behalf and enables the Data Controllers to communicate with you and send you newsletters. In such cases you have the right to withdraw your consent at any time. However, the processing based on your consent prior to its withdrawal remains unaffected (regarding the ways to withdraw your consent you may see section 10 “How you can exercise your rights”. Moreover, in every newsletter there is a link to withdraw your consent/delete your email address from the recipients’ list.). It is explicitly mentioned that the present does not apply to other consents received via special notices such as for the use of cookies.
Β. For the Data Controllers’ compliance with their legal obligations (article 6 par. 1 c GDPR)
Said processing serves purposes such as:
- The Data Controllers’ compliance with obligations imposed by the relevant legal, regulatory and supervisory framework in force, as well as with the decisions of any authority (public, supervisory, prosecution, independent etc.) or courts (ordinary or arbitration courts).
- The protection and security of the information systems, the prevention, deterrence and repression of any illegal act.
Said processing as described in Section B also serves the Data Controllers’ or any third party’s legitimate interests (as described in Section C below).
C. For the Data Controllers’ or ay third party’s legitimate interests (article 6 par. 1 f GDPR)
Said processing also serves purposes such as ensuring the proper and effective function of the Website, upgrading the provided services, resolving any technical issues, the establishment and support of legal claims and the defense of the Data Controllers’ or a third party’s legal rights and legitimate interests, the processing and management of questions requests or complaints.
For further information regarding the use of cookies and similar technologies by the Data Controllers, please read the Cookies Policy.
4. Children’s (Minors’) personal data
The Data Controllers acknowledge the importance of the protection of children’s personal data. This Website is neither addressed nor is it intentionally designed to be addressed to children. The Data Controllers have no intention of knowingly collecting and storing personal data of children who may have access to the Website. In case it is found out that children’s personal data have been collected without the relevant legal conditions having been met, said data will be immediately deleted.
5. For how long will the Data Controllers store your data?
Personal data are stored only for the time necessary for the fulfillment of the purposes they were originally collected and processed, otherwise for the time dictated by the relevant legal and/or regulatory framework, or for the necessary period of time for the exercise of claims or the defense of legal rights and legitimate interests.
More precisely, for the newsletter recipients the relevant data will be stored for as long as they remain subscribed to the newsletter list and are deleted in case of consent withdrawal.
6. Who are indicatively the recipients of your data?
For the purposes of fulfilling of the Data Controllers’ legal and regulatory obligations, serving their legitimate interests as well as in cases the Data Controllers are authorized or have received your consent, recipients of your personal data may for example be the following:
- The competent employees, key persons of the programme egg- enter•grow•go and administration members of the Data Controllers within the framework of their duties;
- Products and/or information services providers and/or information and electronic systems and networks support providers, including online collection systems and platforms;
- Companies responsible for the storage, archiving, management and destruction of records and data;
- Event organization services providers;
- Customer satisfaction or market research companies in general;
- Companies for the promotion of products and/or services – advertising companies;
- Lawyers, law firms, bailiffs, experts etc., consultants in the framework of their duties;
- Supervisory, independent, judicial, prosecution, police, public/administrative and/or other authorities or bodies or parties that have been assigned with the control/audit of the Data Controllers’ activities within the framework of their duties, intermediaries, and intermediary centers, tribunal courts and alternative dispute resolution bodies.
For the terms of the processing of your personal data by those of the aforementioned recipients that act as independent data controllers, we suggest that you read their notices on personal data. Moreover, we suggest that you read the Cookies Policy regarding the recipients of data via cookies.
7. Are the Data Controllers entitled to transfer your data to third countries (outside the EEA)?
The Data Controllers may transfer your personal data to third countries (outside the EEA) under the following circumstances:
a) If the Commission decides that the third country, a territory or one or more specified sectors within that third country ensure an adequate level of protection; or
b) If appropriate safeguards have been provided from the recipient, according to the EU and/or national legislation.
c) In the absence of the abovementioned circumstances, a data transfer may take place in case any of the derogations mentioned by the EU and/or national legislation has been met such as indicatively:
i) you have provided the Data Controllers with your explicit consent to the transfer; or
ii) the transfer is necessary for the establishment or exercise of the Data Controllers’ legal claims or for the defense of their legal rights; or
iii) the transfer is necessary for important reasons of public interest.
8. Link to third parties websites
Any interconnection between this Website and any other third party website via special links (hyperlinks, banners) does not imply that the Data Controllers accept any responsibility for the policies applied by those websites regarding the personal data protection and management. You must ensure that you are informed about the protection and management of your data by the aforementioned websites.
9. What are your rights regarding the protection of your personal data?
You have the following rights:
a) To request to be informed about the categories of your personal data that we store and process, where they come from, the purposes of their processing, the categories of their recipients, the period of their storage as well as about your relevant rights (right of access);
b) To demand the rectification and/or completion of your personal data so that they are complete and accurate (right to rectification) by providing any necessary supplementary documentation that justifies the need for rectification or completion;
c) To ask for a restriction of the processing of your personal data (right to restriction of processing);
d) To object to any further processing of your stored personal data (right to object);
e) To demand the erasure of your personal data from the Data Controllers’ records (right to erasure) under certain circumstances, such as in case these data are no longer necessary or you have withdrawn your consent, or in case the data have been unlawfully processed etc.;
f) To request the transfer of your data from the Data Controllers to any other controller (right to data portability);
g) To withdraw your consent at any time. The withdrawal does not affect the lawfulness of the processing based on your consent prior to your withdrawal and reinstating a withdrawn consent is allowed;
h) Right to Complaint to the Authority: You have the right to lodge a complaint with the Hellenic Data Protection Authority (1-3 Kifissias Ave., 115 23 Athens, tel: +30 2106475600) in case you consider that your rights are in any way violated. For the Authority’s competence as well as the way to lodge a complaint you can find detailed information on its website (www.dpa.gr – Individuals – Complaint to the Hellenic DPA).
Please note the following as regards your aforementioned rights:
i. The Data Controllers preserve in any case the right to deny your request for restriction of processing or erasure of your data, if their processing or storage is necessary for the establishment, exercise or defense of the its legal rights or the fulfilment of its obligations.
ii. The right to data portability (point f above) does not include the erasure of your data from the Data Controllers’ records. The erasure is regulated under point e above.
iii. The exercise of these rights is valid for the future and does not affect any previous data processing.
10. How can you exercise your rights?
For the exercise of your rights you may contact info@egg.gr. In this framework and in order to facilitate the Data Controllers in examining your request, you are kindly asked to specify which of your right(s) you are exercising.
The Data Controllers shall use their best endeavors to address your request within thirty (30) days of its receipt. The abovementioned period may be prolonged for sixty (60) more days, if deemed necessary, according to the Data Controllers’ judgment and taking into account the complexity of the issue and the number of the requests. The Data Controllers shall inform you within thirty (30) days of the request’s receipt in any case of prolongation of the abovementioned period.
The abovementioned service is provided by the Data Controllers free of charge. However, in case the requests manifestly lack of foundation and/or are repeated and excessive, the Data Controllers may, after informing you, impose a reasonable fee or refuse to address your request(s).
11. Data Protection Officers
You may contact Eurobank’s Data Protection Officer for any matter regarding the processing of your personal data at the address 6 Siniosoglou Str. 14234, Nea Ionia or by sending an email to dpo@eurobank.gr.
You may contact Corallia’s Data Protection Officer for any matter regarding the processing of your personal data at the address 44 Kifissias Ave. Marousi or by sending an email to dpo@athena-innovation.gr.
12. How do the Data Controllers protect your personal data?
The Data Controllers implement appropriate technical and organizational measures to ensure the security and confidentiality of your personal data and their processing, their protection from accidental or unlawful destruction, loss, alteration, prohibited transmission, dissemination or access and any other form of unlawful processing.
Even though the Data Controllers shall use their best efforts to protect your personal data, they cannot guarantee the safety of the data transmitted through the Website since data transmission through the Internet is not absolutely secure.
13. Amendments of this Information
The present Information may be periodically amended so that it is always compliant with the legal requirements and the actual data processing taking place. In case there are significant important amendments, you will be notified accordingly by any appropriate means, indicatively by a relevant notification on the website www.theegg.gr. It is recommended that you regularly check the website www.theegg.gr where this notice is available in order to be informed on its most recent / updated version in case there are minor amendments.
This Information was updated on 06.09.2021 and is always available on the Website www.theegg.gr.