INFORMATION ON THE PROCESSING OF PERSONAL DATA
Saderat Bank Iran (Athens Branch) with respect to your personal data adopts all efficient measures in order to ensure and protect your privacy.
Α. INFORMATION FOR THE DATA SUBJECT
The following information is made pursuant to the Regulation (EU) 2016/679 of the European Parliament and Coucil on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR) and the respective laws of Greece. This information supplements and amends, where applicable, any other documents of the Bank. For further details you may reach the webpage of the Hellenic Data Protection Authority (www.dpa.gr).
This information refers to the processing of personal data collected by the Bank on the basis of its contractual relationship with its clients regarding the provision of a product or service to them.
What are the Personal Data and how does the Bank process these Data?
Personal Data means any information relating to a specific natural person which can be identified, directly or indirectly (e.g. name, id number, home address etc).
The processing of your personal data means the collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, transmission, restriction or deletion of your data, which have been notified to the Bank, in order to serve our contractual relationship and to enable the Bank to offer you its products/services.
Ι. What personal data do we collect?
- a) Identification data such as: name, father’s name, sex, identity or passport number, Tax Identification Number, date and place of birth, nationality.
- b) Contact information such as postal and e-mail address, fixed and mobile telephone number.
- c) Data concerning your financial situation and assets as well as your family situation, such as profession, salary statements, dependent family members, tax residence, tax return, competent tax office, other tax information (such as income and asset tax declarations, E1, E9)
- d) Data on your financial obligations and economic behavior, which concern your relationship with third parties, such as, bounced cheques, termination of loan and credit agreements, payment orders, seizures, and other relevant orders, applications and decisions on consolidation or bankruptcy etc., confiscations against the Bank as garnishee, pledges by third parties on the client’s claims against the Bank, freezing orders by tax or national investigating authorities, or independent authorities as well as decisions and orders by judicial, prosecution and investigation authorities or other competent authorities including independent authorities.
- e) Data on your transactional behavior.
- f) Data relating to the execution of the contractual documents (applications and agreements) and your contractual relationship with the Bank in general as well as to the use of the products provided by the Bank.
- g) Data from audio recordings (e.g. recordings of telephone conversations) after you have been previously informed according to the requirements set out by the law.
- h) Data concerning the conduct of payments and the provision of payment services.
- i) Specimen signature.
- j) Recording of images collected from the video recording systems installed in the Bank’s offices, where the respective warning marks are placed according to the law.
ΙΙ. Where do we collect your data from?
The personal data stated above are collected, on case by case basis, from the following sources:
- a) The identification, signature and contact data ((para. I, a,b, g, and i above) from you.
- b) Data concerning your financial situation, assets and family situation from you.
- c) Data concerning your financial obligations and conduct which relate to your relationship with third parties (para. 1, d above) from databases on economic behavior such as the company TIRESIAS S.A. (address: 2 Alamanas Str., 15121, Marousi, tel: +30 210 3676700, webpage: teiresias.gr) or from publicly accessible sources such as judicial authorities or orders received by third parties (e.g. tax authorities, your creditors etc.)
- d) Data on your transactional behavior and those concerning the execution of contractual documents and your contractual relationship with the Bank, from the use of the Bank’s products and services.
- e) Data on the conduct of payments from you or from payment service providers following your instructions.
- f) Data concerning audio and video recordings from the respective records, for which you have been duly informed.
IΙΙ. Why do we collect your data and how do we process them?
The personal data which are collected pursuant to the above, either at the beginning of the contractual relationship or later, are processed by us for the following purposes:
- a) Your identification and our communication with you during your pre-contractual or contractual relationship with the Bank as well as for the execution of the contractual or/and legal obligations of the Bank.
- b) The signing of a contract with you, the execution and functioning of the contract and the fulfillment of the Bank’s obligations towards you as well as your obligations towards the Bank (e.g. conduct of payments on your instructions, monitoring the progress of the debt, pursuing the collection of any debt towards the Bank arising from the functioning of the contract).
- c) The documentation and assessment of any applications you submit to the Bank.
- d) The prevention and repression οf Money Laundering and Terrorist Financing and the prevention of fraud against the Bank and any of its Clients as well as of any other illegal action.
- e) The Bank’s compliance with the obligations imposed by the applicable legislative and regulatory context and the supervisory requirements, as well as with the decisions and orders of public or judicial authorities.
- f) The protection of the Bank’s rights and legal interests as well as the protection of the clients, such as the security of the Bank’s premises, the prevention of crime, the detection and collection of evidence on criminal behavior, the assessment of the credit risk that the Bank shall undertake or has already undertaken.
- g) Our communication with you during the execution of the contract and φορ your updating on the use of the products or services offered by the Bank, the opportunities, characteristics and evolution of such products and services, as well as for the assessment of your satisfaction with the Bank’s customer service or/and your further wishes or requirements; Also our communication with you for servicing the Bank’s legal interests.
- h) For sending you messages in paper or in electronic form for reasons of advertising under the condition that you have provided your specific consent to the Bank. When the processing of personal data is based on your consent the Bank complies with the respective legal procedures regarding your information on the ways for providing your consent and the possibility to withdraw your consent at any time.
- Who are the recipients of your data?
- a) The employees of the Bank who are responsible for the management and functioning of the contract you will sign with the Bank, for the fulfillment of the obligations arising from the contract as well as of any other legal obligations; said employees are obliged to comply with the applicable legislative and regulatory context, including professional secrecy.
- b) Natural persons and legal entities to which the Bank may from time to time assign the execution of specific tasks on its behalf such as lawyers, law firms, notaries and bailiffs, experts, archives’ management companies, third providers offering system maintenance and configuration services, e-mail service providers, under the condition that professional and general secrecy requirements are always met.
- c) Supervisory, independent, judicial, public and other authorities in the context of their legal competencies, duties and powers, as well as other third parties to which the Bank is obliged to provide information on the grounds of its legal obligations and the orders it receives.
- d) Credit institutions, payment service providers or entities that obligatorily act as intermediators to the execution of our contract with you or to transactions that you have requested or activated.
The Bank has ensured that all entities processing personal data of the Bank’s clients on its behalf fulfill the respective legal requirements and provide sufficient guarantees to implement technical and organisational measures, so that the rights of the Bank’s clients on their personal data are protected.
- Are your data transmitted to countries outside the E.U (third countries) or to an international organization?
The Bank may transmit your personal data to countries outside the E.U. (third countries) in the following cases:
- a) if the European Commission has issued a decision that the third country or the international organization ensures on an adequate level the protection of personal data; or
- b) if the recipient has provided appropriate safeguards on the processing of the data pursuant to the GDPR.
If both the requirements above are absent the Bank may transmit your personal data to third countries, outside the E.U., in any of the following cases:
- a) if you have been especially informed and provided your explicit consent to the Bank regarding the transmission and the rest legal conditions are satisfied;
- b) if the transmission is necessary for the execution of a contract that has been concluded to your benefit, such as when the transmission is necessary for the execution of payment orders to a bank account of a third country credit institution;
- c) if the transmission is necessary for the grounding, exercise or support of legal claims or the defense of the Bank’s legal interests;
- d) if the Bank is obliged by law or an international contract; or
- e) in the context of the Bank’s compliance with the rules regarding the automatic exchange of data within the tax sector, as such rules derive by the applicable regulatory context.
For complying with its obligations stated in points (d) or (e) above the Bank may proceed to the transmission of your personal data to the competent national authorities so that the data are delivered to the respective third country authorities.
- For how long shall we retain your personal data?
If you sign a contract with the Bank your personal data will be retained throughout the life of our contractual relationship. After the end of such relationship your data will be retained for five (5) to twenty (20) years, depending on the laws on limitation of the applicable legal and fiscal framework.
If you are involved in an extra-judicial or legal dispute with the Bank, your personal data will be retained for a longer time than that mentioned above, and in any case until an irrevocable court decision is issued.
The image data collected from the video recording archives of the video recording systems placed in the Bank’s premises, will be retained for fifteen (15) days starting on the day of each recording. If the Bank investigates a specific incident the retention period may be prolonged up to thirty (30) days.
If you do not sign a contract with the Bank your personal data will be retained for a time period of five (5) years staring on the day you submitted the respective application to the Bank.
VII. What are your rights with regard to the protection of your personal data?
You have the following rights with regard to the personal data we process:
- a) To know which of your personal data the Bank stores or processes, their sources, the purposes for their processing, their recipients or the categories of their recipients and the period of their storage (right of access).
- b) To ask the rectification or/and supplementation of your data so that they are complete and accurate, by providing any necessary document through which the need to rectify and supplement is documented (right to rectification). This is at the same time your obligation.
- c) To ask for restriction of the processing of your personal data (right to restriction of processing).
- d) To deny and/or object to any further processing of your personal data stored by the Bank (right to object).
- e) To demand erasure of your personal data from the Bank’s records (right to erasure).
- f) To ask the Bank to transfer the data you have provided to it to any other personal data controller (right to data portability).
Please note that satisfaction of your rights stated in points g, d and e above, if it pertains to data which are necessary for the conclusion or the execution and function of the contract, may make it impossible for the Bank to conclude or continue its transactional relationship with you or to assess a request you submitted, regardless of whether the respective data were provided to the Bank directly by you or through the Bank’s access to any public source.
Moreover, the Bank has in any case the right to deny your request for restriction or erasure of your data, if the processing or storage of the data is necessary for the establishment, exercise or defense of the Bank’s legal interests or right, or the Bank’s compliance with its legal obligations. Exercising your right to data portability (stated in point f above) does not lead to the erasure of your data from the Bank’s records. The erasure is regulated under point e above. The exercise of the above rights is valid for the future and does not affect previous data processing.
If you consider that you data are in any way violated you have the right to submit a complaint to the Data Protection Authority (www.dpa.gr) , which is the competent supervisory authority for the protection of the rights and freedoms of natural persons against the protection of their personal data.
VIII. How can you exercise the rights stated in paragraph VII above?
For the exercise of the rights stated in paragraph VII above you may contact the Bank’s competent employee for the personal data processing in any of the following ways:
- By e-mail to: firstname.lastname@example.org
- By fax to 210 – 32 51 154
- In writing to the Bank’s Offices (Address: Bank Saderat Iran – Athens Branch, El. Venizelou (Panepistimiou) Str. 25-29, 105 64 Athens). You may print and fill in the form “Request to exercise rights” which is published on the webpage of the Bank (https://saderat.gr/home-el/) and submit it to the Bank in any of the ways mentioned above. The Bank will use its best endeavors to address your request within thirty (30) days following its submission. The Bank may extent the above deadline for sixty (60) more days, if such extension is deemed required to the Bank’s discretion, after taking into consideration the complexity and the number of your requests. The Bank shall inform you within thirty (30) days following receipt of your request in any case of extension of the above-mentioned deadline. If the Bank does not address your request it will inform you without delay and in any case within thirty (30) days following receipt of your request, about the reasons for which the Bank did not answer and about your right to lodge a complaint. The above service is offered by the Bank free of charge. However, in case the requests are manifestly unfounded, or are excessive or repeated the Bank may impose a reasonable fee to the client, after informing the client respectively, or deny to address the respective requests.
The Bank may amend this information according to its applicable policy on the protection of personal data. The updated version shall at any time be published on the Bank’s webpage (https://saderat.gr/home-en).