Information on the processing of personal data on the Website www.eurobankam.gr

(This Information applies specifically to the processing of personal data of visitors/users of the website www.eurobankam.gr; for the EUROBANK ASSET MANAGEMENT MUTUAL FUND MANAGEMENT COMPANY SINGLE MEMBER SOCIETE ANONYME’s general Information on the processing of personal data of customers, traders, contractors, suppliers, beneficial owners of legal persons or entities etc. click here.)

The societe anonyme under the name “Eurobank Asset Management M.F.M.C.” informs you, visitors/users of this website (hereinafter the Website) that the processing of your personal data is governed by the following terms and the relevant provisions of the Regulation (EU) 2016/679 as well as by the provisions of the relevant Greek and EU legislation on personal data protection.

Data Controller

The data controller is the societe anonyme under the name “Eurobank Asset Management M.F.M.C.” (hereinafter the Company), 10 Stadiou Street, 10564 Athens, Greece, General Commercial Registry No 002292401000.

Data Protection Officer

You may contact the data protection officer for issues regarding the processing of your personal data at the address 10 Stadiou Street, 10564 Athens, Greece or by sending an email at dpo-am@eurobank.gr.

What personal data does the Company collect and from which sources?

The personal data that the Company collects and processes fall primarily within the following categories, some of which may not concern you:

  1. Personal data that we collect directly from you when you electronically fill and submit the form that is available on the Website. Such personal data may indicatively be: first and last name, father’s name, fix or mobile phone number, e-mail address, customer relationship with the Company, capacity (private client – corporate client) and in general data that you are filling in the free text fields. With regard to the free text fields in particular, we would like to urge you to avoid writing data that fall within the special data categories, such as your racial or ethnic origin, political opinions, religious or philosophical beliefs, information on your physical or mental health, biometric data or genetic data, your sexual orientation etc.. Furthermore, you should ensure that the personal data provided via the form of the Website are correct and accurate and you are obliged to notify the Company in case of any amendment or modification of these data. You shall be held solely liable for any damage caused to the Company or any third party as a result of the wrong, inaccurate or insufficient data/information provided via the Website form.
  2. Personal data that are automatically collected through the Website. When you visit and interact with the Website some data such as the following may be automatically collected: the IP address of your computer, the browser and the software you are using, your connection speed and information regarding the software programs installed in your PC, basic connection information with the web server as well as information collected through Cookies.

For more information regarding the use of cookies by the Company, please read the Cookies Policy.

The collection of personal data from you, as described above, includes the data collection from a third natural or legal person acting on your behalf. Moreover, in case you provide the Company with personal data of third parties, you must have in advance properly informed them (indicatively, by referring them to this Information) and have ensured, where necessary, their relevant consent.

Why does the Company collect your data and which are the legal bases of their processing?

The Company collects and processes personal data of yours that are necessary in each particular case:

Α. Upon your consent

Said processing serves purposes such as the communication with you provided you have electronically filled the form that is available on the Website. It is clarified that filling the abovementioned Website form with your personal data constitutes a declaration of consent on your behalf and enables the Company to communicate with you. In such a case you have the right to withdraw your consent at any time. However, the processing based on your consent prior to your withdrawal remains unaffected (regarding the ways to withdraw your consent you may see the relevant section “How you can exercise your rights” below; we may also inform you on other ways to withdraw your consent depending on the way you provided us with it.

Β. For the Company’s compliance with its legal obligations

Said processing serves purposes such as:

  1. The Company’s compliance with obligations imposed by the relevant legal, regulatory and supervisory framework in force, as well as with the decisions of any authority (public, supervisory, prosecution, independent etc.) or court (ordinary or arbitration).
  2. The protection and security of the information systems, the prevention, deterrence and repression of any illegal act.

Said processing as described in Section B also serves the Company’s or any third party’s legitimate interests (as described in Section C below).

C. For the Company’s or any third party’s legitimate interests

Said processing also serves purposes such as the upgrading of the provided services and the defense of the Company’s or a third party’s legal rights and legitimate interests. Prior to this processing it has been assessed that said processing does not affect your fundamental rights and freedoms to such an extent that they are overriding the Company’s or a third party’s legitimate interests, making thus the processing under this basis forbidden.

Children’s personal data

The Company fully understands the importance of the protection of children’s personal data. This Website is neither addressed nor is it intentionally designed to be addressed to children. The Company has no intention of knowingly collecting and keeping personal data of children who may have access to its Website.

If the Company finds out that children’s personal data have been collected without the relevant legal conditions having been met, said data will be immediately deleted.

For how long will the Company store your personal data?

Personal data will be stored only for the time necessary for the fulfillment of the purposes they were originally collected and processed, otherwise for the time dictated by the relevant legal and/or regulatory framework, or for the necessary period of time for the exercise of claims or the defense of legal rights and legitimate interests.

Who are indicatively the recipients of your data?

For the purposes of fulfilling its legal and regulatory obligations, serving its legitimate interests as well as in cases the Company is authorized or has received your consent, recipients of your personal data may for example be the following:

  1. The Company’s authorized employees and administration members and, provided that the relevant legal conditions have been met, authorized employees of other related companies with registered offices in Greece or in other EU countries within the framework of their activities and duties;
  2. Products and/or information services providers and/or information and electronic systems support providers including online collection systems and platforms;
  3. Companies responsible for the storage, archiving, management and destruction of records and data;
  4. Call centers;
  5. Customer satisfaction or market research companies in general;
  6. Lawyers, law firms, bailiffs, experts etc., consultants in the framework of their duties;
  7. Supervisory, independent, judicial, prosecution, police, public and/or other authorities or bodies or parties that have been assigned with the control/audit of the Company’s activities within the framework of their duties, intermediaries, and intermediary centers, tribunal courts and alternative dispute resolution bodies.

Is the Company entitled to transfer your data to third countries (outside the EEA)?

The Company may transfer your personal data to third countries (outside the EEA) under the following circumstances:

a) If the Commission decides that the third country, a territory or one or more specified sectors within that third country ensure an adequate level of protection; or

b) If appropriate safeguards have been provided from the recipient, according to the EU and/or national legislation.

In the absence of the abovementioned circumstances a transfer may take place in case any of the derogations mentioned by the EU and/or national legislation has been met such as indicatively:

a) You have provided the Company with your explicit consent to the transfer; or

b) The transfer is necessary for the establishment or exercise of the Company’s legal claims or defense of its legal rights; or

c) The Company is obliged by law or an international convention to provide the data.

Link to third party websites

Any interconnection between this Website and any other third party website via special links (links, hyperlinks or banners) does not mean that the Company accepts any responsibility for the policies applied by those websites regarding the protection and management of personal data.

You must ensure that you are informed about the protection and management of your data by the aforementioned websites.

What are your rights regarding the protection of your personal data?

You have the following rights:

a) To request to be informed about the categories of your personal data that we store and process, where they come from, the purposes of their processing, the categories of their recipients, the period of their storage as well as about your relevant rights (right of access);

b) To demand the rectification and/or completion of your personal data so that they are complete and accurate (right to rectification) by providing any necessary supplementary documentation that justifies the need for rectification or completion;

c) To ask for a restriction of the processing of your personal data (right to restriction of processing);

d) To object to any further processing of your stored personal data (right to object);

e) To demand the erasure of your personal data from the Company’s records (right to erasure) under certain circumstances, such as in case these data are no longer necessary or you have withdrawn your consent, or in case the data have been unlawfully processed etc.;

f) To request the transfer of your data from the Company to any other controller (right to data portability);

g) To withdraw your consent at any time. The withdrawal does not affect the lawfulness of the processing based on your consent prior to your withdrawal and reinstating a withdrawn consent is allowed;

h) Right to Complain to the Authority: You have the right to lodge a complaint with the Data Protection Authority in case you consider that your rights are in any way violated. For the Authority’ competence as well as for detailed information on how to lodge a complaint with it you may visit its website (www.dpa.gr – Citizen Rights – Complaint to the Hellenic DPA).

Please note the following as regards your aforementioned rights:

i. You rights under points c, d and e may not be satisfied, fully or partially, in case they concern data that are necessary for the establishment and/or continuance of a contract, regardless of their collection source.

ii. The Company preserves in any case the right to deny your request for restriction of processing or erasure of your data, if their processing or storage is necessary for the establishment, exercise or defense of the its legal rights or the fulfilment of its obligations.

iii. The right to data portability (point f above) does not include the erasure of your data from the Company’s records. The erasure is regulated under point e above.

iv. The exercise of these rights is valid for the future and does not affect previous data processing.

How can you exercise your rights?

For the exercise your rights you may contact the Group Client Relations Office in writing at 10 Stadiou Street, 10564 Athens, Greece or by sending an email at am@eurobank.gr.

The Company shall use its best endeavors to address your request within thirty (30) days of its receipt. The abovementioned period may be prolonged for sixty (60) more days, if deemed necessary, according to the Company’s judgment taking into account the complexity of the issue and the number of the requests. The Company shall inform you within thirty (30) days of the request’s receipt in any case of prolongation of the abovementioned period.

The abovementioned service is provided by the Company free of charge. However, in case the requests manifestly lack of foundation and/or are repeated and excessive, the Company may, after informing you, impose a reasonable fee or refuse to address your request(s).

How does the Company protect your personal data?

The Company implements appropriate technical and organizational measures to ensure the security and confidentiality of your personal data and their processing, their protection from accidental or unlawful destruction, loss, alteration, prohibited transmission, dissemination or access and any other form of unlawful processing.

Even though the Company shall use its best efforts to protect your personal data, it cannot guarantee the safety of the data transmitted through its Website since data transmission through the Internet is not absolutely secure.