Personal Data Notice

(This Notice concerns specifically the processing of your personal data collected through the website www.cervedpropertyservices.com)

The societé anonyme under the corporate name “Cerved Property Services Single Member S.A.” (hereinafter referred to as the “Company”) hereby informs you, the visitors/users of the website www.eurobankpropertyservices.net (hereinafter referred to as the “Website”), that your personal data are processed in accordance with the terms below, the relevant provisions of the Regulation (EU) 2016/679 and the relevant Greek and European personal data legislation.

Data Controller  
The data controller is the societé anonyme under the corporate name “Cerved Property Services S.A.”, 7 Eslin str. & 20 Amaliados str., GR11523, Athens, with General Commercial Registration number (GCR) No 002296701000.

What personal data does the Company collect and from which source? 
The personal data collected and processed by the Company fall primarily within the following categories: 

1. Personal data that the Company collects directly from you during the filling and submission of electronic forms available on the Website (indicatively communication forms, expression of interest forms). Said personal data may be: first and last name, fix or mobile phone number, e-mail address and in general data that you are filling in the form’s free text fields. With regard to the free text fields we would like to urge you not to write data that fall within the special data categories, such as racial or ethnic origin, political opinions, religious or philosophical beliefs, information on your physical or mental health, biometric data or genetic data, sexual orientation etc. Furthermore you should ensure that the personal data filled in the forms of the Website are correct and accurate and you shall inform the Company on any amendment or modification of these data. You shall be held solely liable for any damage caused to the Company or any third person because of the wrong, inaccurate or insufficient data/information in the Website forms.

2. Personal data that the Company automatically collects through the Website. When you visit or interact with the Website some data such as the following may be automatically collected: the IP address of your computer, the browser and the software you are using, your connection speed and information regarding the software programs that are installed in your PC, basic connection information with the web server as well as information collected through Cookies. For more information regarding Cookies, please visit the specific notice of our Company for the use of Cookies. 

The personal data collection as described above also includes the data collection from third parties that act on your behalf. Moreover in case you provide us with personal data of third parties you should have their consent and refer them to this Notice. 

Children’s personal data 
The Company fully understands the importance of the protection of children’s personal data. This Website is not addressing and is not designed to address minors. The Company has no intention of collecting and maintaining personal data records of minors who may have access to the Website. If the Company finds out that minors’ data have been collected without the consent of the holders of parental responsibility, where necessary, the data will be immediately erased. 

Why does the Company collect your data and which are their processing purposes?  
The Company collects and processes your personal data:

Α. Upon your consent
Said processing serves indicatively the following purposes:

1. The communication with you provided you have electronically filled the communication form, or expression of interest form, available on the Website.

2. Your information and/or your participation in advertising/promotional activities. 

Β. For the Company’s compliance with its legal obligations 
Said processing indicatively serves the following purposes:

1. The Company’s compliance with the obligations imposed by the relevant legal, regulatory and supervisory framework in force, as well as with the decisions of any authority (public, supervisory etc.) or Court.

2. The protection and securitization of the Company’s information systems, the prevention, deterrence and repression of any illegal act. 

Said processing (B) also serves the purpose mentioned below (C).

C. For the Company’s legal interests
Said processing for the purposes of the Company’s or third parties’ legal interests, serves purposes such as the upgrading of the provided services, the protection of the Company’s legal rights and interests. Prior to this processing the Company ensures that your interests or fundamental rights imposing the protection of your data do not override the Company’s interests. 

For how long will your personal data be stored? 
Your personal data will be stored only for the time necessary for the purposes of their collection and processing. The data are securely erased after their processing unless the legal framework in force foresees the continuance of their retention or in case such retention is demanded for the protection of the Company’s legal rights before Courts and/ or other competent authorities. 

Who are indicatively the recipients of your data? 
For the purposes of fulfilling its contractual and legal/regulatory obligations, of serving its legal interests as well as in cases where the Company is authorized or has received your consent, recipients of your personal data may indicatively be the following:

a) The Company’s authorized employees.

b) Entities to which the Company entrusts the performance of contracts on its behalf (Processors) such as indicatively but not limited to information systems services or products providers and/or electronic systems and network support providers including online systems and platforms, companies responsible for the storage, retention, filing, management and destruction of files and data, consulting companies, customer satisfaction or market research companies in general, companies for the promotion of services, call centers,  lawyers, law firms, notaries, bailiffs, experts etc., provided that security conditions and confidentiality have been met.

c) Supervisory, independent, judicial, prosecution, public and/or other authorities or bodies.

Is the Company entitled to transfer your data to third countries (outside EU)?
The Company can transfer your personal data to third countries (outside the EU zone) under the following circumstances:

a) if the Commission decides that the third country, a territory or one or more specified sectors within that third country ensure an adequate level of protection; or

b) if appropriate safeguards have been provided from the recipient, according to the law.

In the absence of the abovementioned circumstances a transfer may take place if:

a) you have explicitly consented to the transfer; or

b) the transfer is necessary for the execution of a contract between you and the Company, such as the performance of your orders; or

c) the transfer is necessary for the establishment, exercise or defense of the Company’s legal claims; or

d) the Company is obliged by law or an international convention to provide the data; or

e) the Company is obliged to comply with regulations regarding the automatic exchange of data within the tax sector, as derived from the international obligations of Greece.

In order to fulfil the objectives of points (d) or (e) the Company may transfer your data to the competent national authorities so that the data are delivered to the respective authorities of third countries.

Link to third party websites
Any interconnection between this Website and any other third party website via special links (links, hyperlinks or banners) does not mean that the Company accepts any responsibility for the policies applied by those websites regarding the handling and protection of personal data.

Subjects must make sure they are informed about the handling and protection of their data by those websites.

What are your rights regarding the protection of your personal data?
You have the following rights:

a) To know the categories of your personal data that the Company stores and processes, where they come from, the purposes of their processing, the categories of their recipients, the period of storage as well as your relevant rights (right of access).

b) To demand the rectification and/or to have your incomplete data completed so that they are accurate (right to rectification) by providing supplementary statements that justify the need for rectification or completion.

c) To ask for a restriction of the processing of your personal data (right to restriction of processing).

d) To object to any further processing of your stored personal data (right to object).

e) To obtain the erasure of your personal data from the Company’s records (right to erasure).

f) To request the transfer of your data stored by the Company to another controller (right to data portability).

Please note the following as regards your rights:
i. The Company has in any case the right to deny your request for restriction of processing or erasure of your data if their processing or storage is necessary for the establishment, exercise or defense of the Company’s rights or the fulfilment of its obligations.

ii. The right to data portability (point f) does not include the erasure of your data from the Company’s records. The erasure is regulated under point e.

iii. The exercise of these rights is valid for the future and does not affect previous data processing.

g) To lodge a complaint with the Data Protection Authority (www.dpa.gr) in case you consider that your rights are in any way violated.

How can you exercise your rights? 
For the exercise of your rights you may contact in writing Cerved Property Services S.A., 7 Eslin str. & 20 Amaliados str., GR11523, Athens or send an email at EPS-DataProtection@cerved.eurobank.gr. 

The Company shall use its best endeavors to address your request within thirty (30) days of its receipt. The abovementioned period may be prolonged for sixty (60) more days, if deemed necessary, according to the Company’s judgment taking into account the complexity of the issue and the number of the requests. The Company shall inform you within thirty (30) days of the request’s receipt in any case of prolongation of the abovementioned period.

The abovementioned service is provided by the Company free of charge. However, in case the requests manifestly lack of foundation and/or are repeated and excessive, the Company may, after informing you, impose a reasonable fee or refuse to address your request(s).

For issues regarding your personal data you may contact 7 Eslin str. & 20 Amaliados str., GR11523, Athens (attn responsible for data protection issues) or send an email at the email address EPS-DataProtection@cerved.eurobank.gr.