Personal Data Protection Policy
Collection and Processing of Personal Data
We keep and process any personal data that we collect, in accordance with the EU General Data Protection Regulation (2016/679) and applicable domestic legislation, among others L5099/2024, EC 2022/2065, L4624/2019, L. 3471/2006, International Treaties and Conventions and several pieces of secondary regulation, as they stand amended from time to time, issued by the Greek Personal Data Protection Authority, an Independent Authority seated at 1-3, Kifissias Ave 1 1 5 23, Athens Greece, Telephone +30-210 6475600, Fax +30-210 6475628 E-mail: contact@dpa.gr. Inquiries or complaints in regard with the collection and processing of personal data may be addressed to the above Authority. Due to frequent changes in the legal environment pertaining to the protection of personal data, we may amend our policy from time to time.
FINARTIX Fintech Solutions S.A. (hereinafter “FINARTIX”), as controller or processor (as defined in the GDPR), commits to protect personal data and apply the GDPR as well as national legislation to protect personal data. This policy concerns physical or legal entities, which provide us with personal data, with the aim of receiving personalized information regarding the products and services provided by our company, and specifically so that we can respond to and address any questions or requests you may submit via our email address or by phone, with the aim of providing all the information you request. It also concerns physical entities who visit for any reason the facilities of FINARTIX (hereinafter “Data Subjects”).
Our Privacy Policy provides the manner in which we collect and handle personal data in the course of our practice as well as information about a persons’ s rights under data protection legal environment applicable from time to time. Our legal activities may involve our receiving and processing personal data relating to identifiable individuals. The primary source of the personal data, which we receive, is our clients or prospective clients expressing interest for our products and services. Our clients or prospective clients — if individuals, supply us with their own personal data or — if legal entities, with personal data of their managers and other personnel, c/o their managers, under their own responsibility.
In several occasions, personal data supplied to us is included in documents, which in turn are either supplied to us by our clients or by their counter — parties in the course of their transactions or is collected by us in the form of submissions or other documentary exhibits, in the course of transactions, in which we participate; moreover we may collect personal data from public records or third-party sources, such as a credit reporting agencies under contract.
Apart from the aforesaid private data, several suppliers of products or services provide us with personal data, for the purpose of transacting with us.
We also obtain private data through the exchange of business cards on several occasions, such as business meetings, interaction with administration officials, conferences and similar professional functions and activities.
Of course, we also keep personal data of our employees and other business associates, for the purposes of our professional relations. We do not hold or use any sensitive personal data which relate to racial or ethnic or political or religious or philosophical matters genetic data/biometric data to identify a person, data concerning someone’s health or a person’s sex life or orientation, unless we have the individual’s explicit consent to do so. Occasionally, we receive unsolicited resumes of persons wishing to be employed by our firm. The latter are deleted immediately; in the event that we would consider keeping a resume for a maximum of one year, we advise the individual accordingly, in which case such individuals may request their personal data to be forgotten earlier.
We do not treat the persons who have supplied us with their personal data (as above explained) as “subscribers”, in any manner. Our policy does not include the direct mailing of newsletters or other marketing or promotional material to persons who have supplied us with their personal data. We do not use telecommunications technologies or social media tools for data mining or targeted, individualized marketing, advertising or promotional purposes.
Anyone, following proper independent identification, may place an inquiry with us, to find if we keep their personal data and may request to be stricken off our records, unless they are a party to an on-going dispute resolution process, in which we act as instructed counsel. We may be contacted for these matters, using the link under “contacts” below.
If you wish to facilitate our communication with you, or hear from us from time to time, please give us your consent by completing and sending us the following form.
#####
Information on the personal data we keep
We have and operate a secure database, which holds contact data. This may include a variety of any of the following data: Name(s) and/or Address(es) and/or telephone number(s) and/or fax number(s), and/or email addresses and/or tax registration numbers and/or identity card or passport numbers and/or firm, company or organisation with or without business Address(es) and/or telephone number(s) and/or fax number(s), and/or email addresses and/or tax registration numbers and or company registry numbers. Access to our database is restricted to specific users and both the database server access and the access to the records are separately restricted. For reasons of our professional security, this database is kept for an indefinite period of time, in order to allow us to trace persons who have — or claim to have transacted with our firm at any time. We do not share the details held on this database with any third parties.
We have and operate a secure database, which holds Economic, financial and property data which is publicly accessible or furnished to us by entities relevant to our business.
We have and operate a secure database of Image data, recorded by the video surveillance system installed on our premises, which pictures individuals who visit our facilities.
We have and operate a secure database, for the purposes of billing our clients. This database is restricted to specific users and both the database server access, and the records access are separately restricted. The records in this database are kept for a minimum of 5 years, which constitutes the statute of limitation for tax purposes. We do not share the information held on this database with any third parties, other than the records concerning a specific customer, with such customer himself.
We have and operate a files server system, in which files and records relating to our clients’ business with us, are stored. Several documents concerning our clients are stored in electronic form. Several files in our database are individually password protected for unauthorised reading and/or copying and/or printing etc. This database is restricted to specific users and both the database server access and the files access are restricted. Many records in this database are kept for a minimum of 20 years, which constitutes the statute of limitation for most legal purposes. We do not share the information held on this database with any third parties, other than records concerning a specific customer, with such customer himself or persons expressly authorised by such customer. We maintain a physically protected physical file, in which physical documents, relating to our clients’ business with us are stored for a minimum of 10 years and thereafter moved to a third-party secure warehouse, in which they are kept for a further period of 10 years, thus covering in many cases, a 20 year period in total, which constitutes the statute of limitation for most legal purposes. The criteria we use for determining data retention periods are based on various legislative requirements, including by way of an example, tax or accounting purposes, a continued legitimate need to hold personal data for our professional functions, secondary regulation or guidance issued by relevant regulatory authorities a.o. Upon lapse of the aforesaid period, save few exceptions, our electronic files are securely deleted, and our physical files are destroyed by means of a secure pulping process, performed and certified by our secure warehousing provider.
Data Security
We protect our data using hardware and software that protects against intrusion, ransomware viruses and malware, however we disclaim any liability, given the fact that despite our continuing investment and efforts, we cannot guarantee security.
Disclosures
We may disclose personal data to third parties to companies and/or organisations who are our service providers under contract, who may from time to time include, tax and accounting professionals, lawyers, IT suppliers, data hosting providers, banks and/or other payment processing providers, indicatively under the following circumstances: (a) permission of the individual or (b) compliance with legal obligations or (c) within dispute resolution processes, (d) in the course of transactions with individuals through the banking or other payment services system, who’s personal data we lawfully possess.
Rights of the individuals in relation to their personal data
Subject to independent verification of their identity, individuals have the following rights:
(a) The right to learn about their personal data that we hold; the purposes for which we hold such data and if and under which circumstances such data may be disclosed to third parties. (b) The right to request that their personal data is updated (c) The right to request that their personal data is forgotten (d) The right to request that any transfer of their personal data shall require their express consent, provided however that this request shall not be observed where it runs contrary to our legal obligations, including our duties in the course of dispute resolution proceedings.
PROFILING or AUTOMATED DECISION-MAKING
FINARTIX does not make decisions solely on the basis of automated processing, including the profiling. If such processing which produces legal effects that affect you or significantly affect you in a similar manner becomes necessary, the company will provide you with more specific information and, where required, request your consent.
RECIPIENTS OF PERSONAL DATA DISCLOSURE
For the proper execution and fulfilment of the contractual, legal and regulatory obligations of FINARTIX, the employees of the company’s business and operating units have access to your personal data, within the framework of their responsibilities, who are bound by a confidentiality obligation to respect protection of data in accordance with national data protection legislation and the GDPR.
In addition, your personal data may be transmitted to service providers (processors) who have been appointed by us to process personal data and are bound by a contract to maintain confidentiality and data protection in accordance with national data protection legislation and the GDPR, as well as tax and supervisory authorities or where designated by legal or regulatory provisions.
For the purposes of your debt management, the following may be indicative of the following data:
- FINARTIX employees who are responsible for the evaluation of your requests, the fulfillment of the obligations arising therefrom, as well as the relevant obligations imposed by law;
- archiving, storage and file management companies;
- systems for support, processing and storage in the computing cloud “cloud”;
- insurance companies;
- web design and support companies;
- other recipients to whom the transmission or notification is required by the applicable regulatory, legislative and generally regulatory framework or court decision (eg supervisory or judicial authorities, tax authorities, supervisory bodies, intermediaries) It is noted that the FINARTIX will also provide more specific information to the data subjects regarding any transfer of your data to the above recipients, provided that it is provided by the current legislation.
Recipients of the image data recorded by the video surveillance system of the company are, in principle, the authorized employees of FINARTIX, in the context of performing their duties. They may also be police and judicial authorities, in the event of an incident that falls within their remit, as well as a third party with a relevant legal interest (e.g. victim of an illegal act).
PERIOD OF RETENTION OF PERSONAL DATA
The personal data processed by FINARTIX must be retained throughout the duration of the purpose for which they are processed and / or the current legal and regulatory framework and in any case for a period of twenty (20) years from last calendar day of the year ending the respective transaction relationship with FINARTIX or the principal of the receivables. In case of a legal dispute, the data are kept for a longer period of time, until the irrevocable completion of the judicial process. FINARTIX may retain personal data for less than the abovementioned period provided that this is provided for in the management contract of a particular portfolio(s).
Telephone calls in particular are kept for a shorter period, as the law stipulates (today: one year).
Also, the image data from the security cameras are kept for fifteen (15) days, after which they are safely deleted. In the event that an incident is detected during this period, the specific data are isolated and kept for up to one (1) month, in order to investigate the incident and the possible initiation of legal proceedings to defend the legal interests of the company. In case the incident concerns a third party, these data are kept for up to three (3) more months.
It is noted that FINARTIX may retain the data even after the expiration of the processing purpose, if it is not allowed to delete them for legal or regulatory reasons.
TRANSMISSION OF PERSONAL DATA OUTSIDE THE EEA (EUROPEAN ECONOMIC AREA)
Personal data is not initially transmitted to third countries (i.e. to countries outside the European Economic Area). In case this becomes necessary, FINARTIX will forward the personal data in compliance with the relevant provisions of the regulatory framework.
SECURITY OF PERSONAL DATA
FINARTIX implements appropriate organizational and technical measures (such as anonymization, pseudonymization, data encryption, firewalls, privacy by design and by default, strict procedures and policies, continuous training of staff, etc.) for the security of your data, ensuring its confidentiality, processing and protection against accidental or unlawful destruction, accidental loss, alteration, prohibited dissemination or access and any other form of unlawful processing in order to ensure the application of the law.
YOUR RIGHTS WITH REGARD TO YOUR PERSONAL DATA
After verifying your identity, as Data Subjects you have the following rights:
- Right to information: FINARTIX must inform you of the processing to which it submits your data, including but not limited to what data it processes, for what purpose, for what period of time it will retain it, in a transparent, comprehensible and easily accessible form, using clear and simple wording.
- Right of access: You have the right to receive a confirmation from FINARTIX as to whether or not your personal data is processed and, if so, you have the right to access that data.
- Right to correction: You have the right to require from FINARTIX the correction of any inaccurate personal data and the completion of any incomplete data.
- Right of deletion: You have the right to request from FINARTIX the deletion of personal data, subject to the obligations and legal rights of FINARTIX for their retention based on the applicable legal and regulatory provisions.
- Right to restrict processing: You have the right to be provided by FINARTIX with the restriction of processing, provided that certain conditions are met.
- Right of objection: You have the right to object, at any time, to the processing of personal data concerning you. FINARTIX in this case should stop processing, unless it demonstrates compelling and legitimate reasons that prevail over your interests, rights and freedoms as a data subject or for the establishment, exercise or support of legal claims.
- Portability: You have the right to request from FINARTIX to obtain your personal data, which you have provided in a structured, commonly used and machine-readable format, or to forward it to another controller by FINARTIX.
- Right to withdraw consent: You have the right to withdraw your consent at any time for the processing of your personal data, provided that such processing is based on your consent.
Regarding the above rights, FINARTIX ensures the development of internal procedures in order to respond in a timely and efficient manner to your relevant requests.
To exercise any of your rights or if you have any other questions regarding the use of our personal data by us, you may contact FINARTIX, or fill out the form on the FINARTIX website. You can also contact the Data Protection Officer of FINARTIX at: dpo@finartix.com.
Postal address
FINARTIX Fintech Solutions S.A.
Data Protection Officer,
112a Vasilissis Sofias Ave.,11527, Athens, Greece,
or in person at the company’s headquarters at the address above.
Finally, if you consider that your personal data protection is affected in any way or if you have exercised any or all of your rights to protect your data and still feel that your concerns about how we use your personal data has not been satisfactorily addressed by us, you can, if you wish, also appeal to the Personal Data Protection Authority, with the following contact details:
Website: www.dpa.gr
Postal Address: 1-3 Kifissias Avenue, PC 115 23, Athens
Call Center: +30 210 6475600
Fax: +30 210 6475628
Email: contact@dpa.gr
INFORMATION ON ANY AMENDMENTS TO THIS POLICY
FINARTIX will update this policy whenever necessary. If there are significant changes to the policy or the way it uses your personal data, it will post a notice in a prominent place on its website before the changes take effect. In any case, the Data Subjects are encouraged to read this Policy periodically to know how their personal data is protected.
Last update: February 2024
Web Privacy Policy
Introduction
This Privacy Policy specifically covers the conditions for the collection and processing of personal data of guests/users (hereinafter: the users) of the website www.finartix.com. Please read this Privacy Policy carefully so that you know all the information relevant to the processing of personal data collected through our website.
The controller is FINARTIX Fintech Solutions S.A. (hereinafter FINARTIX), with headquarters in Athens, 112a Vasilissis Sofias Ave., 11527.
Users Personal Data Protection
In FINARTIX we recognize the importance of keeping this information safe, as well as informing you about how we intend to use it. That is why we will process this information in strict compliance with all the requirements laid down in the provisions of Greek and European Law, including the General Regulation on Data Protection (EU) 2016/679 (GDPR) and N. 4624/2019.
Which personal data we collect
The term “personal data”, as used in this Policy, refers to information such as your name, email address, phone number, IP address (internet protocol), or any other information that can be used as your ID.
How we collect personal data through our website
We may collect your personal data in the following situations:
- When you contact us by email: In this case, you will make available to FINARTIX on your website, your name, telephone number and e-mail address, as well as any other information provided by you, as part of expressing interest in working with our company or by submitting a job application to FINARTIX on sending a curriculum vitae.
- Using automated data collection media when you visit our website: In addition to the information, you will provide us voluntarily, some information is automatically collected when you visit our website through data-detection technologies that we use from time to time, such as cookies. Cookies, each time you visit our website, collect information from your computer, including technical information, such as your IP address, your operating system, the type and version of your browser, your referral website, and information about your activity on our website. You may choose not to receive cookies, either in total or on a case-by-case basis. In order to know all the information about the use of cookies and the data we collect while you navigate through our website, please visit our Cookies Policy.
How we use personal data collected through the website
First of all, in FINARTIX we trust that all personal data you provide through the website is accurate, complete and true, and that, if necessary, you are bound to notify us of any amendment to it. In addition, we believe that, should you provide us with personal data from third parties, you have already obtained prior information and consent to provide us with this data and that they will be processed in accordance with our Data Protection Policy.
In FINARTIX we will use personal data to provide you with personalized information about your loan and the services provided in connection with it by our company, in particular to be able to answer and respond to any question or request that you submit via our email address or by telephone in order to provide all the information you request. We also use the curriculum vitae you submit through our website to assess you for a career opportunity in our company. The recipients of your personal data are only authorized employees of FINARTIX who process them only to the extent necessary.
How long personal data collected through the website is retained
Personal data submitted by you shall be retained only for as long as you receive the communication requested. The CVs are kept in our company until the end of the month following the end of each recruitment procedure and are then safely destroyed.
Secure your personal data
We recognize the importance of protecting your personal data and use appropriate technical and organizational measures to protect it. However, an online data transmission can never be described as 100% secure. Therefore, although we are making reasonable efforts to protect your personal information, we cannot ensure, nor guarantee, the protection of the data you provide through the website. In order to protect the information stored in our system, we have put in place appropriate security measures, including data encryption technology and firewalls, so that unauthorized people cannot access your personal data. In any event, the User shall be encouraged to report to the Personal Data Protection Officer of FINARTIX and by any means, through the contact details provided on the website, in writing or orally, a possible breach of his personal data or any illegal and non-verbal behavior identified by FINARTIX, another user or a third party. FINARTIX commits to doing its utmost to resolve the problem in cooperation with the relevant regulatory authorities, if necessary.
Connecting to third party websites
Our company cannot take responsibility for how to protect and process personal data on behalf of third parties, whose websites our website interconnects. Therefore, Users should be informed in advance by these websites.
Your rights related with your personal data
As a Data Subject (within the meaning of the GDPR) you have the following rights: right of access and information, right to rectification, right to be deleted, right to restrict processing, right to object, right of portability and right to withdraw consent. For more information on these rights please refer to the FINARTIX Data Protection Policy that can be found here. In order to exercise your rights, you can contact FINARTIX Personal Data Protection Officer Tel. communication: 2107472200, e-mail: dpo@finartix.com . Also, if you consider your rights to be infringed, you have the right to appeal to the Personal Data Protection Authority via its website www.dpa.gr>My Rights>Lodge a complaint.
This Privacy Policy was reviewed and published by FINARTIX on 27/05/2020. We may review the Privacy Policy at any time (each version comes into force once published), so please check it periodically. Changes to the Privacy Policy will apply to the information collected, from the date the revised version is published, as well as to the existing information that we have. Using the Web page after publishing changes means that you accept these changes.