Notice regarding the processing of personal data of users of the website under Article 13 of Regulation (EU) 679/2016

This document was produced in accordance with Article 13 of Regulation (EU) 2016/679 (“Regulation”) to inform users of our privacy policy, so that they can understand how their personal data will be processed when they use our site (“Site”) and, if applicable, the cases where they must provide their consent to the processing of their personal data. Personal data provided by users or that are otherwise obtained during the use of services for navigating and accessing restricted areas of the Site (“Services”), will be processed in accordance with the provisions of the Regulation and the confidentiality obligations on which Controller’s business is based.

According to the Regulation’s rules, the processing performed by CPS will be based on principles of legality, fairness, transparency, purpose and storage limitation, data minimisation, accuracy, integrity and confidentiality, and the principle of accountability under Article 5 of the Regulation.

1. The data controller and the data protection officer (“DPO”)

Cerved Property Services Single Member S.A., with registered office at 7 Eslin and 20 Amaliados Str, 11523, Ambelokipoi, Athens (“CPS” or the “Controller”) commits itself to protecting the on-line privacy of its users at all times. We thus ask that you, before you transmit any personal data to the Controller, read this privacy notice carefully because it contains important information about protection of personal data.

The Data Protection Officer (“DPO”) under Article 37 et seq. of the Regulation, who is based at our offices, can be contacted at the address CPS.DPO.GR@cerved.com

2. Personal data being processed

The personal data being processed may be:

I. Data provided by the user

a. Identifying data. That term means personal data such as first and last name, email, telephone number or fax, online identifiers or one or more characteristic aspects that identify the data subject or make him or her identifiable

b. Free text fields. With regard to the free text field we would like to urge you not to write data that fall within the special categories, such as racial or ethnic origin, political opinions, religious or philosophical beliefs, information on your physical or mental health, biometric data or genetic data, sexual orientation etc.

Furthermore, you should ensure that the personal data filled in the forms of the Site are correct and accurate and you shall inform CPS on any amendment or modification of these data. You will be held solely liable for any damage caused to the Controller or any third party because of the wrong, inaccurate or insufficient data/information in the Site forms.

II. Navigation data

During their normal operation, the IT systems and the software procedures used to make the Site functional automatically obtain certain information about web navigation, the transmission of which is implicit in the use of internet communication protocols. This information is not collected to be associated with identified data subjects but, by their nature, via associations and processing with data held by third parties, could allow identification of users or surfers. This category includes information about IP addresses, domain names of the computers used by users who connect to the Site, addresses in URI (“Uniform Resource Identifier”) notation of the resources requested, time of the request, method used to submit the request to the web server, size of the file obtained in response, numeric code indicating the status of the response given by the web server (successful, error, etc.) and other parameters relating to the user’s operating system and computer environment. These data are used solely to obtain anonymous statistical data about the use of the Site and to make sure they are functioning properly, and to identify anomalies and/or abuses, and are deleted immediately after they are processed. The data could be used to determine liability in the event of hypothetical computer crimes that harm the Site or third parties.

III. Data collected using cookies

Our website use cookies. For more information on the cookies that we use and the data that we collect through cookies, please refer to our detailed Cookie Policy .

3. Children’s personal data

CPS fully understands the importance of the protection of children’s personal data. This Site is not addressing and is not designed to address minors. CPS has no intention of collecting and maintaining personal data records of minors who may have access to the Site. If CPS finds out that minors’ data have been collected without the consent of the holders of parental responsibility, where necessary, the data will be immediately erased.

4. Purposes of the processing

Users’ personal data will be processed for the following purposes:

4.1 allowing navigation on the Site and providing the services made available on the Site by the Controller, including managing the Site’s security;

4.2 complying with any obligations imposed by current laws, regulations or EU laws, or complying with requests from the authorities;

4.3 upgrading the provided services and the protection of the Controller’s legal rights and interests;

4.4 responding to the requests of the data subjects using the online form provided for this purpose.

Specific security measures are deployed to prevent the loss of data, unlawful or improper use and unauthorised access.

5. Legal basis and whether the processing is mandatory or optional

The legal basis for the personal data processing for the purposes under Section 4.1 is the provision of the services to the users. Providing the personal data for these purposes is optional, but failure to do so would make it impossible to activate the services requested.

However, the legal basis for the personal data processing for the purposes under Section 4.2 is the compliance with a legal obligation to which CPS is subject. Providing the personal data for these purposes is optional, but failure to do so would make it impossible to activate the services requested.

Specifically, concerning purpose 4.3, the legal basis for the processing is Controller’s overriding legitimate interest, which is our need to protect the security of our IT systems and in this way to protect confidential information and personal data from unauthorized access or use.

The legal basis for processing your personal data for the purposes under Section 4.4 is our overriding legitimate interest to properly handle messages, requests, information or queries submitted by the users.

6. Recipients of the personal data

The personal data so collected may be shared, for the purposes set forth in Section 4 of this privacy notice, with:

6.1. persons that provide services to CPS and typically act as processors including persons entrusted with performing technical maintenance and hosting; and

6.2. persons, bodies or authorities to which the personal data are required to be sent in accordance with laws or orders from authorities.

7. Transfer of personal data

CPS does not currently transfer personal data collected through the Site outside the European Economic Area. If CPS proceeds in the future with such transfers, , CPS represents that the processing will be performed using one of the methods permitted by current law, such as the adoption of Standard Clauses approved by the European Commission, or selecting persons that adhere to international programmes for the free movement of data (e.g., the EU-USA Privacy Shield) or that operate in countries considered secure by the European Commission. Additional information can be obtained by a request to the Controller at the contacts provided above.

8. Storage of the personal data

CPS retains the users’ personal data only for the period required to serve the purposes for which the personal data are collected. Personal information that the users have provided when they contact CPS through the Site for submitting a message, request, information or query will be stored in our files until CPS can properly handle the relevant matter and be able to examine and respond to the request, message, information or query. In case CPS processes personal data for compliance with a legal obligation, CPS will retain such data for the period stipulated in the law.

Additional information about the duration of the data storage and the criteria used to determine that duration can be requested by sending a written request to the Controller at the addresses listed in the “Contacts” section of this notice.

9. Data subjects’ rights

Under the Regulation, the user of the Site has the right at any time to ask CPS for access to his or her personal data, to rectify or delete them or to object to their processing, or, in some cases, request that the processing be restricted and to receive the personal data concerning him or her in a structured, commonly used and machine-readable format.

Requests must be sent in writing to the Controller or to the DPO at the addresses listed in the “Contacts” section of this document.

In any event, the user of the Site always has the right to lodge a complaint with the competent Supervisory Authority (the Hellenic Data Protection Authority), if he or she believes that the processing of his or her personal data is in violation of current law.

10. Contacts

To exercise your rights above or for any other request, you may write to the Controller at the physical address indicated above or at the dedicated contact CPS.DataControler.GR@cerved.com

and, to contact the DPO directly, CPS.DPO.GR@cerved.com, with the request that you put “Request to exercise privacy rights” in the message’s subject line.

11. Amendments

The Controller reserves the right to amend or merely update the contents of this document in whole or in part, including due to changes in applicable law. The Controller thus requests that its users periodically consult this privacy notice to see the most recent and updated version of its privacy notice so that they will always be up to date about the data being collected and how CPS uses them.