Information on the processing of personal data on the website eobm.test
The société anonyme under the name “Eurobank S.A.” (hereinafter “Eurobank”) inform you, visitors/registered users of the website eobm.test (hereinafter “the Website”) that the processing of your personal data is governed by the following terms and the relevant provisions of the Regulation (EU) 2016/679 (hereinafter “the GDPR”), Greek law 4624/2019, as well as by the provisions of the relevant Greek and EU legislation on personal data protection.
Data Controllers
Data controller of the Website is the société anonyme under the name “Eurobank S.A.”, 8 Othonos Street, 10557 Athens, Greece, registered at the General Commercial Registry No 154558160000 (hereinafter referred to as “Data Controller”).
What personal data do the Data Controller collect and from which sources?
The personal data that the Data Controller collect and process fall primarily within the following categories; some of these categories may not concern you to the extent that the type and number of the necessary collected personal data depend in any case on the capacity of the data subject, the kind of interaction with the subject etc.:
1.
Personal data that we collect directly from you when you electronically fill and submit the registration forms of the Website, i.e. your username, password, first name, last name and email address. You must ensure that the personal data provided in such forms are correct and accurate and you are obliged to notify the Data Controller in case of any amendment or modification of these data. You shall be held solely liable for any damage caused to the Data Controller or any third party because of wrong, inaccurate or insufficient data/information provided via the Website’s registration forms
Personal data that you provide us with when you contact us at the address: group_corporate_communications@eurobank.gr, if you suspect unauthorized use of your account or if you want to delete your account.
2.
Personal data that are automatically collected through the Website. When you visit and interact with the Website some data, such as the following, may be automatically collected: the IP address of your computer, the browser and the software you are using, your connection speed and information regarding the software programs installed in your PC, basic connection information with the web server, as well as information collected through Cookies and similar technologies.
For more information regarding the use of cookies and similar technologies by the Data Controller, please read the Cookies Policy.
Why do the Data Controller collect your personal data and which are the legal bases for their processing?
The Data Controller collects and process your personal data that are in each case necessary:
Α. Upon your consent (article 6 par. 1 a GDPR)
Said processing serves purposes such as registering to the Website in order for you to obtain full access to certain contents of the Website. It is clarified that filling the abovementioned registration forms with your personal data constitutes a declaration of consent on your behalf and enables the Data Controller to validate your qualification to register and obtain access to the content of the Website. In such cases you have the right to withdraw your consent at any time. It goes without saying that withdrawal of your consent will deprive you of access to the Website as a registered user for the future, however, the processing based on your consent prior to its withdrawal remains unaffected (regarding the ways to withdraw your consent you may see section 10 “How you can exercise your rights”). It is explicitly mentioned that the present does not apply to other consents received via special notices such as for the use of cookies.
B. For the Data Controller’s compliance with its legal obligations (article 6 par. 1 c GDPR)
Said processing serves purposes such as:
1.
The Data Controller’s compliance with obligations imposed by the relevant legal, regulatory and supervisory framework in force, as well as with the decisions of any authority (public, supervisory, prosecution, independent etc.) or courts (ordinary or arbitration courts).
2.
The protection and security of the information systems, the prevention, deterrence and repression of any illegal act.
Said processing as described in Section B also serves the Data Controller’s or any third party’s legitimate interests (as described in Section C below).
C. For the Data Controller’s or any third party’s legitimate interests (article 6 par. 1 f GDPR)
Said processing also serves purposes such as ensuring the proper and effective function of the Website, upgrading the provided services, resolving any technical issues, the establishment and support of legal claims and the defense of the Data Controller’s or a third party’s legal rights and legitimate interests, the processing and management of questions requests or complaints.
For further information regarding the use of cookies and similar technologies by the Data Controllers, please read the Cookies Policy.
Children’s (Minors’) personal data
The Data Controller acknowledges the importance of the protection of children’s personal data. This Website is neither addressed nor is it intentionally designed to be addressed to children. The Data Controller have no intention of knowingly collecting and storing personal data of children who may have access to the Website. In case it is found out that children’s personal data have been collected without the relevant legal conditions having been met, said data will be immediately deleted.
For how long will the Data Controller store your data?
Personal data are stored only for the time necessary for the fulfillment of the purposes they were originally collected and processed, otherwise for the time dictated by the relevant legal and/or regulatory framework or for the necessary period of time for the exercise of claims or the defense of legal rights and legitimate interests.
Regarding registered users’ data, submitted when filing the registration form, such data will be stored for as long as their account remains active and will be deleted in case they submit a request for deletion of their account at group_corporate_communications@eurobank.gr.
Who are indicatively the recipients of your data?
For the purposes of fulfilling of the Data Controller’s legal and regulatory obligations, serving their legitimate interests as well as in cases the Data Controller is authorized or has received your consent, recipients of your personal data may for example be the following:
1.
The competent employees and administration members of the Data Controller within the framework of their duties;
2.
Products and/or information services providers and/or information and electronic systems and networks support providers, including online collection systems and platforms;
3.
Companies responsible for the storage, archiving, management and destruction of records and data;
4.
Lawyers, law firms, bailiffs, experts etc., consultants in the framework of their duties;
5.
Supervisory, independent, judicial, prosecution, police, public/administrative and/or other authorities or bodies or parties that have been assigned with the control/audit of the Data Controller’s activities within the framework of their duties, intermediaries and intermediary centers, tribunal courts and alternative dispute resolution bodies.
For the terms of the processing of your personal data by those of the aforementioned recipients that act as independent data controllers, we suggest that you read their notices on personal data. Moreover, we suggest that you read the Cookies Policy regarding the recipients of data via cookies.
Are the Data Controller entitled to transfer your data to third countries (outside the EEA)?
The Data Controller may transfer your personal data to third countries (outside the EEA) under the following circumstances:
a) If the Commission decides that the third country, a territory or one or more specified sectors within that third country ensure an adequate level of protection; or
b) If appropriate safeguards have been provided from the recipient, according to the EU and/or national legislation.
In the absence of the abovementioned circumstances, a data transfer may take place in case any of the derogations mentioned by the EU and/or national legislation has been met such as indicatively:
i) you have provided the Data Controller with your explicit consent to the transfer; or
ii) the transfer is necessary for the establishment or exercise of the Data Controllers’ legal claims or for the defense of their legal rights; or
iii) the transfer is necessary for important reasons of public interest.
Link to third parties websites
Any interconnection between this Website and any other third party website via special links (hyperlinks, banners) does not imply that the Data Controller accept any responsibility for the policies applied by those websites regarding the personal data protection and management. You must ensure that you are informed about the protection and management of your data by the aforementioned websites.
What are your rights regarding the protection of your personal data?
You have the following rights:
a) to request to be informed about the categories of your personal data that we store and process, where they come from, the purposes of their processing, the categories of their recipients, the period of their storage as well as about your relevant rights (right of access);
b) to demand the rectification and/or completion of your personal data so that they are complete and accurate (right to rectification) by providing any necessary supplementary documentation that justifies the need for rectification or completion;
c) to ask for a restriction of the processing of your personal data (right to restriction of processing);
d) to object to any further processing of your stored personal data (right to object);
e) to demand the erasure of your personal data from the Data Controller’s records (right to erasure) under certain circumstances, such as in case these data are no longer necessary or you have withdrawn your consent or in case the data have been unlawfully processed etc.;
f) to request the transfer of your data from the Data Controller to any other controller (right to data portability);
g) to withdraw your consent at any time. The withdrawal does not affect the lawfulness of the processing based on your consent prior to your withdrawal and reinstating a withdrawn consent is allowed. It goes without saying that withdrawal of your consent will deprive you of access to the Website as a registered user;
h) to Complaint to the Authority: You have the right to lodge a complaint with the Hellenic Data Protection Authority (1-3 Kifissias Ave., 115 23 Athens, tel: +30 2106475600) in case you consider that your rights are in any way violated. For the Authority’s competence as well as the way to lodge a complaint you can find detailed information on its website (www.dpa.gr – Individuals – Complaint to the Hellenic DPA).
Please note the following as regards your aforementioned rights:
i. The Data Controller preserves in any case the right to deny your request for restriction of processing or erasure of your data, if their processing or storage is necessary for the establishment, exercise or defense of its legal rights or the fulfilment of its obligations.
ii. The right to data portability (point f above) does not include the erasure of your data from the Data Controller’s records. The erasure is regulated under point e above.
iii. The exercise of these rights is valid for the future and does not affect any previous data processing.
How can you exercise your rights?
For the exercise of your rights you may contact group_corporate_communications@eurobank.gr. In this framework and in order to facilitate the Data Controller in examining your request, you are kindly asked to specify which of your right(s) you are exercising.
The Data Controller shall use its best endeavors to address your request within thirty (30) days of its receipt. The abovementioned period may be prolonged for sixty (60) more days, if deemed necessary, according to the Data Controller’s judgment and taking into account the complexity of the issue and the number of the requests. The Data Controller shall inform you within thirty (30) days of the request’s receipt in any case of prolongation of the abovementioned period.
The abovementioned service is provided by the Data Controller free of charge. However, in case the requests manifestly lack of foundation and/or are repeated and excessive, the Data Controller may, after informing you, impose a reasonable fee or refuse to address your request(s).
Data Protection Officer
You may contact Eurobank’s Data Protection Officer for any matter regarding the processing of your personal data at the address 6 Siniosoglou Str. 14234, Nea Ionia or by sending an email to dpo@eurobank.gr.
How do the Data Controller protect your personal data?
The Data Controller implements appropriate technical and organizational measures to ensure the security and confidentiality of your personal data and their processing, their protection from accidental or unlawful destruction, loss, alteration, prohibited transmission, dissemination or access and any other form of unlawful processing.
Even though the Data Controller shall use its best efforts to protect your personal data, Eurobank cannot guarantee the safety of the data transmitted through the Website, since data transmission through the Internet is not absolutely secure.
Amendments of this Information
The present Information may be periodically amended so that it is always compliant with the legal requirements and the actual data processing taking place. In case there are significant important amendments, you will be notified accordingly by any appropriate means, indicatively by a relevant notification on the Website. It is recommended that you regularly check the Website where this notice is available in order to be informed on its most recent/updated version in case there are minor amendments.
This information was uploaded on 26.09.2022 and is always available on the Website (Eurobank Online Brand Manual).