The societe anonyme under the corporate name “Eurobank SA” (hereinafter referred to as the “Company”) would like to inform the persons to whom the personal data refer (hereinafter referred to as “Subjects”), visitors or users of this website (hereinafter referred to as the “Website”), that personal data will be processed in accordance with the terms below, the relevant provisions of Greek, European and International law on personal data, as each time in force, as well as the decisions, guidelines and regulatory acts of the Hellenic Data Protection Authority.

Data Controller  
The data controller is the societe anonyme under the corporate name “Eurobank SA”, Othonos 8 St., 10557 Athens, GCR 154558160000.

Personal data that the Company collects and processes 
The Company ensures that personal data are collected and processed fairly and lawfully. Personal data means information which directly or indirectly identifies the Subject, in particular by reference to an identifier such as name, e-mail address. By filling in and submitting  the electronic communication form or the expression of interest form, which are both available on the Website, the Subjects provide to the Company their name, their e-mail address and their phone number. The aforementioned data collected by the Company are absolutely necessary for it in order to respond to the Subjects’ requests/provide the services which the Subjects have requested.  (Please see below “Purpose of data processing”). The Subjects must ensure that the personal data they provide are correct and accurate and they commit to inform the Company about any changes to them. The Subjects are exclusively liable for any loss or damage of the Company or of any other third party arising out of or in connection with the submission from the Subjects’ part incorrect, inaccurate or incomplete information/personal data. In the aforementioned electronic communication form and in the expression of interest form there are free text fields. The Subjects must not record in these free text fields any confidential or sensitive information/data revealing their racial or ethnic origin, their political opinions, their religious or philosophical beliefs, their genetic characteristics, their sexual orientation, information about their criminal record, their social security number or ID etc. In case the Subjects provide/submit sensitive data in the aforementioned way, they shall be solely liable for any dangers arising out of or in connection with such submission. 

Purpose of data processing 
The Company or/and processors acting on its instructions and behalf collect, process and use the Subjects’ personal data in accordance with the legal provisions in force and the terms of the present notice. The purpose of the collection and processing of personal data is the communication of the Company with the Subjects in order to respond to the requests the Subjects filled in the communication form or in the expression of interest form. The Company collects and processes personal data solely and exclusively for the purposes mentioned above and only to the necessary extent to effectively achieve those purposes. The data are adequate, relevant and not excessive in relation to the purposes for which they are processed at any given time, accurate and, where necessary, kept up to date.

Data retention period
The data are only retained for the time period required to achieve the purposes/objectives for which they were collected and processed. Once the aforementioned period is lapsed, data are securely deleted, unless the relevant legislation requires that we continue to maintain them.
Data Security 
The Company processes personal data in a way that safeguards its confidentiality. The Company has taken all appropriate organisational and technical steps to ensure data security and that data is safeguarded against any accidental or unlawful destruction, accidental loss, alteration, prohibited disclosure or access, or any other form of unlawful processing. Although concerted efforts are made to safeguard personal data, the Company cannot guarantee the security of data transmitted to its Website simply because transmitting information/data via the internet is not completely safe. 

Data recipients 
The data recipients include the Company and the data processors on behalf of the Company (For more details concerning the data processors please see below the relevant part of the present notice) . The Company guarantees that it shall not transfer, disclose, make available the Subjects’ personal data to third parties for whatever purpose or use. The Company reserves the right to disclose the Subjects’ personal data, if that is required by law or by government/state agencies, public authorities or law enforcement agencies.  

Data processors on behalf of the Company 
The Company cooperates with its parent company, Eurobank SA, which acting as processor in the name and on behalf and according to the instructions of the Company for the purposes set out above  stores the personal data provided by the Subjects in the electronic communication forms and in the expression of interest forms. 

The Company, in order to ensure that its Website operates properly, sometimes places small data files, so-called “cookies” on the Subject’s computer. For more information regarding the above, Subjects are requested to read the Company’s Cookies Policy. 

Links to third party websites
Any interconnection between this Website and any other third party website via special links (links, hyperlinks or banners) does not mean that the Company accepts any responsibility for the policies applied by those websites regarding the handling and protection of personal data. Subjects must make sure they are informed about the handling and protection of their data by those websites.

Right to access and right to object
Subjects are entitled to know whether their personal data are or have been processed (right of access, article 12 2472/1997 Law). Subjects are also entitled to submit written objections at any time about the processing of their personal data (right to object, article 13 2472/1997 Law).  Subjects may exercise the aforementioned rights by sending an e-mail to the following e-mail address: dpo@eurobank.gr, from the e-mail address which the Subjects submitted/filled  in the electronic communication form or in the expression of interest form, so that the Subjects can be identified by the Company. Alternatively the Subjects may address these issues to the Data Protection Officer at 6 Siniosoglou St., 14234 Nea Ionia. The Company reserves the right to ask the Subjects to verify their identity before it can respond to and process their request. 

Contacting the Hellenic Data Protection Authority
In case Subjects consider that the protection of their personal data has been prejudiced in any way, they can lodge a complaint with the Hellenic Data Protection Authority:
Hellenic Data Protection Authority
1-3 Kifissias Avenue, 11523 Athens, Greece
Phone: +302106475628
email: contact@dpa.gr
Since the present notice and the terms contained herein may be amended, Subjects must regularly check the content of this notice for any changes.