GDPR – General Data Protection Regulation

INFORMATION ON THE PROCESSING OF PERSONAL DATA PURSUANT TO THE REGULATION (EU) 2016/679 AND THE RELEVANT GREEK LEGISLATION

Cerved Property Services Single Member S.A. (hereinafter referred to as the “Company”) informs you, pursuant to the Regulation (EU) 2016/679 and the relevant Greek and European legislation in force with regard to the protection of personal data in its capacity as controller that it processes personal data of clients/potential clients and counterparties to the Company in general. 

1. What personal data does the Company collect and from which source?

The personal data that the Company collects and processes fall primarily within the following categories. It is however explicitly explained that not all the data mentioned below or the information in general provided through this Notice concern you. 

a) Identification data: name, father’s name, Identity Card Number, Tax Identification Number, Social Security Number, date of birth, sex etc. The aforementioned data are collected directly from you.

b) Contact information: postal and e-mail address, fixed and mobile telephone number etc. The data are collected directly from you and/or from third parties acting on your behalf. 

c) Data concerning your economic and financial situation, your profession, remuneration, dependent family members, income tax declarations (E1) and asset declarations (E9), salary statements etc. These data are collected either directly from you/at your request, or from publicly accessible sources, such as land registries etc. 

d) Data related to the operation of your contract(s) with the Company and the use of the provided services.

e) Image data collected from the video recording systems of the premises of the Company, within which informative signs have been placed pursuant to the law. 

The data collection from you encompasses the data collection from a third party acting on your behalf as well as the data collection from a Company’s client or potential client associated with you (natural or legal person).
Moreover, in case you provide us with personal data of third parties you must have ensured their consent and have referred them to this Data Protection Information.

2. Why does the Company collect your data and for which purposes it processes them?

The Company collects and processes your personal data: 

Α. For the execution of a contract and in order to carry our pre-contractual measures upon your request 

The processing of your data as described in Section 1 serves indicatively the following purposes:

a) Your identification and the communication with you during your pre-contractual and contractual relation with the Company, as well as during any other transaction between you and the Company. 

b) The signing of a contract (provision of services etc.) with you, the execution and smooth functioning of said contract and the fulfilment of the Company’s obligations towards you.

c) The communication with you, your information on the best use of the Company’s services (i.e. informative notes for property sales/property lease), their amelioration as well as in order to send you questionnaires regarding your satisfaction with the Company’s services and the customer service provided by the Company.

Said processing (under Section A) serves also the purpose of the Company’s compliance with its legal obligations (see below Section B) as well as the Company’s or a third party’s legal interests (see below Section C). 

Β. For the Company’s compliance with its legal obligations 

The processing of your data as described in Section 1 serves indicatively the following purposes:

a) The prevention and repression of money laundering and terrorist financing, as well as the prevention, detection and repression of frauds against the Company or its clients and of any other illegal act.

b) The Company’s compliance with the obligations imposed by the relevant legal, regulatory and supervisory framework in force, as well as with the decisions of any authority (public, supervisory etc.) or Court.

c) The protection of the Company’s clients, its personnel and their property as well as the Company’s premises and property in general. 

Said processing (under Section B) serves also the Company’s or a third party’s legal interests (see below Section C). 

C. For serving the Company’s or third parties’ legal interests 

The processing of data under Section 1 serves purposes such as the security of the Company’s information systems facilities and assets, the prevention and deterrence of criminal acts or fraud, the protection of the Company’s legal rights and interests, your information and/or participation in promotion activities for new services, provided that your consent was not chosen as a legal basis for these actions. Prior to this processing the Company ensures that your interests or fundamental rights imposing the protection of your data do not override the Bank’s interests.

D. Upon your consent

In cases where the Company has requested and received your consent the processing of your data under Section 1 is based on this consent. In such cases you have the right to withdraw your consent at any time. However, the processing based on your consent prior to your withdrawal remains unaffected.

Ε. Profiling or automated decision-making 

For the fulfilment of the abovementioned purposes especially under point 2.B.a as well as for promotion purposes the Company may create your profile by using your data under Section 1.

In case the Company makes a decision solely based on automated processing, including profiling, which produces legal effects concerning you or affecting you in a similar way it will provide you with specific information and, if necessary, will ask for your consent.

3. Who are the recipients of your data?

During the performance of its contractual and legal/regulatory obligations, of serving its legal interests as well as in cases where the Company is authorized or has received your consent, recipients of your personal data may indicatively be the following:

a) The Company’s employees who are responsible for the evaluation of your requests, the management and performance of the contract(s) with the Company, the fulfillment of the obligations arising from it/them, as well as of the relevant obligations imposed by the Law. 

b) Entities to which the Company delegates the performance of specific tasks on its behalf (Processors), which may indicatively but not exclusively be engineers, qualified valuers, energy efficiency inspectors, lawyers, law firms, notaries, bailiffs, experts, information products and/or services providers, electronic systems and network support providers, including but not limited to online systems and platforms, companies responsible for the storage, retention, filing, management and destruction of files and data, call centers, or other natural or legal persons that process data for the purposes of controlling and updating them (including updating your communication data in case you did not inform the Company of such an amendment), consulting companies (i.e, financial planning, audits), companies responsible for customers satisfaction or market surveys, the promotion of services etc., provided that security conditions and confidentiality have been met.

c) Supervisory, independent, judicial, prosecution, public and/or any other authorities, or bodies. 

4. Is the Company entitled to transfer your data to third countries (outside EU)? 

The Company can transfer your personal data to third countries (outside the EU zone) under the following circumstances:

a) if the Commission decides that the third country, a territory or one or more specified sectors within that third country ensure an adequate level of protection; or 

b) if appropriate safeguards have been provided from the recipient, according to the law.

In the absence of the abovementioned circumstances a transfer may take place if:

a) you have explicitly consented to the transfer; or 

b) the transfer is necessary for the execution of a contract between you and the Company, such as for the execution of your orders; or 

c) the transfer is necessary for the establishment, exercise or defense of legal claims; or 

d) the Company is obliged by law or an international convention to provide the data; or 

e) in the framework of the Company’s compliance with regulations regarding the automatic exchange of data within the tax sector, as derived from the international obligations of Greece. 


In order to fulfil the objectives of points d or e above the Bank may transfer your data to the competent national authorities so that the data are delivered to the respective authorities of third countries.

5. For how long will your personal data be stored?

Your personal data will be stored only for the time necessary for the purposes of their collection and processing and/or the legal and regulatory framework in force. The data are securely erased or anonymized after their processing unless the legal framework in force foresees the continuance of their retention or in case such retention is demanded for the protection of the Company’s legal rights before Courts and/ or other competent authorities.

6. What are your rights regarding the protection of your personal data?

You have the following rights: 

a) To know the categories of your personal data that we store and process, where they come from, the purposes of their processing, the categories of their recipients, the period of storage as well as your relevant rights (right of access). 

b) To demand the rectification or/and to have your incomplete data completed so that they are accurate and complete (right to rectification) by providing supplementary statements that justify the need for rectification or completion. 

c) To ask for a restriction of the processing of your personal data (right to restriction of processing).

d) To object to any further processing of your stored personal data (right to object). 

e) To obtain the erasure of your personal data from the Company’s records (right to erasure). 

f) To request the transfer of your data stored by the Company to another controller (right to data portability). 

Please note the following as regards your rights:

i. Your rights as explained above (points c, d and e) may be partly or fully not satisfied if the data are deemed necessary data for the contract regardless of their source.

ii. The Company has in any case the right to deny your request for restriction of processing or erasure of your data if their processing or storage is necessary for the establishment, exercise or defense of the Company’s rights or the fulfilment of its obligations.

iii. The right to data portability (point f) does not include the erasure of your data. The erasure is regulated under point e.

iv. The exercise of these rights is valid for the future and does not affect previous data processing.

g) To lodge a complaint with the Data Protection Authority (www.dpa.gr) in case you consider that your rights are in any way violated.

7. How can you exercise your rights? 

For the exercise of your rights you may contact in writing Cerved Property Services S.A., 7 Eslin str. & 20 Amaliados str., GR11523, Athens or send an email at CPS.DPO.GR@cerved.com.

The Company shall use its best endeavors to address your request within thirty (30) days of the receipt of this request. The abovementioned period may be prolonged for sixty (60) more days, if deemed necessary, according to the Company’s judgment taking into account the complexity of the issue and the number of the requests. The Company shall inform you within thirty (30) days of the request’s receipt in any case of prolongation of the abovementioned period.

The abovementioned service is provided by the Company free of charge. However, in case the requests manifestly lack of foundation and/or are repeated and excessive, the Company may, after informing you, impose a reasonable fee or refuse to address your request(s). 

8. Contact regarding personal data 

For issues regarding your personal data you may contact 7 Eslin str. & 20 Amaliados str., GR11523, Athens (attn responsible for data protection) or send an email at the email address CPS.DPO.GR@cerved.com.

9. How does the Company protect your personal data?

The Company takes appropriate technical and organizational measures to ensure the security and confidentiality of your personal data, their processing and protection from accidental or unlawful destruction, loss, alteration, prohibited transmission, dissemination or access and any other form of unlawful processing. 

This Data Protection Information replaces from 25.05.2018 (which is the effective date of the Regulation (EU) 2016/679 on personal data protection) any other previous general information regarding the processing of your personal data.

Cerved Property Services, 7 Eslin str. and 20 Amaliados str., GR11523, Athens, GCR No 002296701000.