Privacy Policy & Rights

Download the General Privacy Policy (PDF)

Last date of update: 28/11/2023

Data Controller

The company "Banking Information Systems S.A." with the distinctive title "Tiresias S.A." (hereinafter referred to as the Company), having its registered office in Maroussi, Attica, at 2, Alamanas Str., 151 25, tel. 210 36 76 700, e-mail cust_support@tiresias.gr processes personal data of its partners - suppliers - customers and website visitors.

This policy sets out the principles governing the collection, storage and use of your personal information by the Company when you visit, sign up or use the online TSEK platform (tsek.teiresias.gr).

tsek.teiresias.gr is the website of the Company's TSEK platform (Tiresias Risk Checking System), and the Company acts as Controller and owns the website.

When do we collect your personal data

1. When you navigate the above website
2. When you sign up as a user to our services (creating a user account) (A la carte Service)
3. When you purchase a subscription package to access the TSEK file as well as when you access it.
4. When you submit a contact form
5. When you provide us with your consent to contact you for advertising and sales promotion/ marketing purposes

Categories of personal data we collect

A) When you visit and navigate our website, we collect your data using cookies. To learn about the type of data we collect using cookies and the lawfulness of such processing, please visit our Cookies Policy.

B) When you sign up as a user to the TSEK platform, a customer tab (user account) is created in which you enter, and then we store, the following information about you:

1. Full Name or Company Name and Distinctive Title
2. Country, Business Activity & Company Legal Form
3. VAT No., General Electronic Commercial Registry (GEMI) No. & Tax Office
4. full address of headquarters, invoice and mailing address (Address, Number, City, Zip code, company and accounting dept. telephone number),
5. details of the Company’s legal representative (First Name, Last Name, Company e-mail) and the WebOfficer of the TSEK platform service, if other than the legal representative. (First Name, Last Name, ID card no., business telephone and mobile phone number, e-mail/ password and possibly job title).

C) When you purchase a subscription package (access to the TSEK file), or purchase individual services (A la carte Service) and when we provide services to you, we collect data concerning transactions between us (purchases, invoice data, payment information, dues) as well as data regarding communication between us in the context of the provision of such service (customer service, subscription package change requests, troubleshooting requests), as well as data concerning your access to the TSEK file.

D) During the process of first activation of the user account, it is mandatory to declare a mobile phone number at your possession that we will use it to send you an One-time code via SMS in order to identify you as a user (it is not obligatory to provide your personal mobile phone number). The mobile phone number is stored for future multiple identification process by sending an One-time code, when retrieving / changing the user's password. However, in the above cases, the user has the option to use his email address instead of his mobile phone number.

E) When you submit a contact request using the contact form of the TSEK platform, you enter, and consequently we store until the end of such communication, your following data: Full Name, E-mail, Telephone, Company

F) In order to contact you by telephone, sms, viber, e-mail, social media for advertising and marketing purposes (sending newsletters/information material about our news and services, promotional activities, questionnaires), we collect your e-mail address and/or your mobile phone number as appropriate in each case- unless you have initially objected to contacting you. If you are a visitor to the TSEK platform, we will ask for your explicit consent before contacting you for advertising and marketing purposes.

Purpose of processing your personal data

We collect your Data as above specifically for:

A) acceptance of the connection terms and/or conclusion and performance of the service agreement between us and/or the TSEK file data agreement (access to the TSEK file, provision of services to you via the TSEK platform, communication and provision of information to you regarding the platform and services provided, payment and management of your dues to the company, renewal, extension or any cancellation of a purchase, etc.),

B) identifying the users via a method of strong authentication in order to access our services effortlessly, swiftly, remotely and securely.

C) our compliance with the obligations imposed by the legislation in force each time, e.g. issuance of legal tax documents,

D) the protection of the company’s legitimate interests (safeguarding legitimate claims),

E) Contacting you for advertising and marketing purposes related to the TSEK platform and including market & customer satisfaction surveys, information and promotional material for the company's products and services, as well as newsletters.

Legal bases of processing

Your data will be processed under the following legal bases:

1. by virtue of the agreement for the provision of TSEK file data and/or the acceptance of the connection terms when you sign up to the TSEK platform and/or other services (conclusion, performance, termination) to which you are a party [for data categories under B,C, D and F];
2. by virtue of the company's legal obligations (tax legislation) [for data categories under B and C];
3. by virtue of the provisions of the e-privacy legislation (art. 11 par. 3 of Law 3471/2006) [regarding the conduct of market & customer satisfaction surveys under E and F]; and
4. by virtue of your prior consent [for other data categories under A, E and F], except if you are already a customer of ours and you had not initially expressed your disagreement. In any case, you can state that you wish us to stop contacting you and/or that you wish to stop receiving communications from Tiresias (TSEK Platform) and generally communications for marketing purposes, using the unsubscribe option in any message you receive or the relevant option in your TSEK platform profile.

Data collected using cookies are necessary for the provision of our services. Please visit our Cookies Policy for more information.

Who we share your personal data with – where it is stored

Recipients of the Data include staff of the Company with a need to know, which is bound by confidentiality agreements, and our partner companies that process your Data as Processors on our behalf and per our instructions, such as advertising companies, public relations companies, automated e-mail distribution companies, market research companies, etc. We may share or disclose your Data when you have explicitly requested it or when required by law.

We do not send your Data outside the European Union. Your Personal Data are only stored and processed within the European Union.

Processing principles and protection measures

Our Company, inter alia:

• processes only your personal data that is necessary for the above purposes and only for those purposes;
• takes appropriate technical and organizational measures for the security of personal data (ensuring confidentiality, integrity and availability) by design and by default;
• has and applies procedures and systems to ensure the confidentiality of personal data processing, as well as its protection against accidental or unlawful destruction, accidental loss, alteration, unauthorised dissemination or access and any other form of unlawful processing (e.g. use of tools for access controls and data loss prevention);
• has informed the data subjects (citizens and employees), in accordance with Regulation (EU) 2016/679 (GDPR);
• complies with the principle of personal data minimization;
• ensures that data subjects’ rights are exercised and fulfilled;
• has prepared documents, policies and procedures demonstrating its compliance in accordance with the principle of accountability (privacy policy, cookies policy, recording the type, categories and flows of personal data, compilation of processing records, impact assessment, etc.) as referred to in the GDPR;
• has appointed a Data Protection Officer and set up a personal data protection team;
• provides training and awareness-raising to employees regarding personal data protection;
• has amended its partnership agreements with data processors, in accordance with the provisions of Article 28 GDPR for the purpose of full compliance of the latter ones.

For how long we keep your personal information

We delete your Personal Data (personal data that you have entered in your user account, as well as any additional data we process for the conclusion and performance of the agreement between us), in accordance with the following:

• regarding our approved clients: 20 years from expiry of the agreement;
• regarding the history of the Alarm service: 5 years from expiry of the subscription;
• regarding Alarm files sent to us: 5 years from expiry of the subscription

Our updates regarding the processing of your clients' personal data when accessing the TSEK file are kept by you, as data processor, for 5 years from expiry of your agreement with said client.

In relation to communication for marketing purposes (newsletters and promotional material, market or customer satisfaction surveys, etc. via email, SMS, Viber, social media and telephone communication), we delete your email and/or your mobile phone from our list of recipients as soon as you state your disagreement, by selecting the relevant link that appears in each e-communication for service promotion sent to you, or using the relevant option in your TSEK profile, or following a communication with a representative of the TSEK team or in any other appropriate way (with the contact form, via email, etc.).

Data collected via Cookies is deleted in accordance with our Cookies Policy.

Is your Data safe?

We are committed to safeguarding your Personal Data. We have taken appropriate organizational and technical measures to secure and protect your Data from any form of accidental or unlawful processing.

We use an Electronic Security Certificate (SSL - Secure Socket Layer) to ensure the secure data exchange between the website and your browser.

The TSEK platform has been designed to provide a high level of security. In summary, the security measures applied to the functioning of the TSEK service are summarized below:

1. Use of Secure Network Infrastructure
   The TSEK platform is protected by the most advanced network security infrastructure designed to detect and prevent malicious attacks as well as to fully control incoming and outgoing data.
2. Encrypted Data Transfer
   For data transfers from the Tiresias S.A. systems to users we apply appropriate protocols so such data and the whole communication in general remains encrypted until received by the user. Thus, the service is offered through a secure connection (https://tsek.teiresias.gr in the Browser).
3. Keeping a Data File
   The TSEK file is a file of Tiresias S.A. kept separately form the Default File and the Mortgages and Prenotations File. These two systems are interconnected exclusively within the internal network of Tiresias S.A. using specialized protocols, without intervention of any external communication line or third party provider.
4. Controlled Access
   Access to the platform’s services is granted only after review and validation of the legalisation documents required by Tiresias S.A. Users can only access the platform by entering their Username & Password. Tiresias S.A. will never ask you for your password. Only you know the credentials you have entered and the answers to the security questions, and only you can change your password.
5. Security Policies
   Tiresias S.A. adheres to very strict security procedures and policies, which are part of the ISO 9001:2015 quality assurance standard, according to which the company has been certified; compliance with the standard is constantly monitored both internally and via regular external audits.
6. Secure Payments
   Payments are made automatically and transparently, either by credit card, or by wire transfer using DIAS Credit Transfer (DCT) or IRIS Online Payments. Tiresias S.A. does not in any way keep a record of credit or debit cards used to purchase subscription packages or individual services (A la carte Service).

The above measures are reviewed and amended when deemed necessary.

What are your rights and how can you exercise them?

You have the following rights:

a. To know what personal data we keep and process, their origin, the purposes of processing, as well as the retention period (right of access).

b. To request that your personal data is rectified and/or completed so that it is complete and accurate (right of rectification). You should provide any required document evidencing the need for rectification or completion.

c. To request the restriction of processing of your data (right to restriction of processing).

d. To refuse and/or object to any further processing of your personal data that we keep (right to object) or withdraw your consent at any time if the processing is based on such consent (withdrawal of consent).

e. To request that we transfer your personal data that we keep to any other controller of your choice (right to data portability).

f. To request the erasure of your personal data from the records we keep (right to be forgotten).

In relation exercising your above rights, note the following:

• The Company has in any case the right to refuse to meet your request for restriction of processing or erasure of your personal data or your objection to processing, if the processing or retention of the data is necessary for the establishment, exercise or support of its legal rights or the fulfilment of its obligations.
• The exercise of the right to portability does not imply the erasure of your data from our files, which is subject to the terms of the preceding paragraph and the conditions of the Regulation.
• Exercising the above rights applies to the future and does not affect data processing that has already taken place.

g. To lodge a complaint to the Hellenic Data Protection Authority (www.dpa.gr), if you feel that your rights are infringed in any way (right to lodge a complaint with the Authority).

To exercise the above rights, you may send a letter to the Company's address (2, Alamanas str., Maroussi 151 25), or an e-mail to the e-mail address cust_support@teiresias.gr or via the Company's website www.tiresias.gr or the website tsek.teiresias.gr,indicating "Exercise of the right of access/ rectification/ erasure/ restriction/ objection", or call 210 3676700, and in any case you may also contact the Company's Data Protection Officer at dpo@tiresias.gr.

When do we respond to your Requests?

We respond to your Requests free of charge as soon as possible, and in any case not later than one (1) month of receiving your request. However, if your Request is complex or there are many pending Requests, we will inform you within the one-month deadline if we need an extension of another two (2) months to respond.

If your Requests are manifestly unfounded or excessive, in particular due to their repetitive nature, the company may charge a reasonable fee, considering the administrative costs for providing the information or performing the requested action, or refuse to follow up on the Request.

Do we use automated decision making/ including profiling when processing your Data?

We do not make decisions or make profiling based on automated processing of your Data.

What is the applicable law when we process your Data?

We process your Data in accordance with the General Data Protection Regulation 2016/679/EU, and in general the applicable national and European legislative and regulatory framework on the protection of personal data (Law 4624/2019, Law 3471/2006).

Data Protection Officer (DPO)

The Company has appointed a Data Protection Officer in accordance with art. 37 of the General Data Protection Regulation (Tel. 210 36 76 700, dpo@tiresias.gr, 2, Alamanas Str., 151 25 Maroussi, Athens, Greece).

Newsletter Service Personal Data Protection Policy

Data Controller

The company styled "Banking Information Systems SA" with the distinctive title "Tiresias SA" (hereinafter referred to as the Company”), having its registered office in Maroussi, Attica, 2 Alamanas Street, PC 15125, tel.: 2103676700, e-mail: tiresias@tiresias.gr processes the personal data of users who subscribe to TEIRESIAS newsletter service.

This policy, hereinafter referred to as the "Policy", concerns the conditions for the collection, storage and use of your personal information by the Company, after and during your subscription to the service through tiresias.gr, teiresias.gr and business.tiresias.gr as may be changed/updated from time to time.

Subscription to the service is governed by the Terms of Use.

General Principles of Processing

The collection of the user’s personal data is carried out in a fair and lawful manner, where his/her consent/approval is required for a specific, clear, and lawful purpose with fair and lawful processing. Within the framework of each purpose, the data collected are relevant to the processing purpose, appropriate, and not more than what is necessary for the respective processing purpose. The user’s data is checked for accuracy and is regularly updated and revised, in accordance with the procedures established for this purpose, and is maintained in a form that allows the identification of their identity for the required period, within the framework of fulfilling the purpose of processing.

In addition, adequate security measures are applied to protect your data and to prevent risks such as loss, unauthorized access, destruction, unlawful use, or disclosure.

When do we collect your personal data

Your data is collected when you subscribe to the Newsletter service on one or all our websites.

What categories of personal data we collect

We use your email address in order to send you Newsletters from the respective websites where you have registered for that specific service.

Once you register for the corresponding Newsletter – unless you are already our customer and had not initially expressed your objection – you will receive a confirmation message, and thereafter you will continue to receive the electronic newsletters until you unsubscribe.

To send a Newsletter, we collect your date and time of subscription in addition to your email address.

Purpose of processing your personal data

We process your personal data for the purpose of sending Newsletters providing news and information about the Company, its activities, updates on the new services of business.tiresias.gr as well as the online application CHECK, current promotional actions, various news about the services offered through the CHECK platform, or news of general economic or business content, and other related topics.

Legal bases of processing

We process the above personal data on the basis of your prior consent, except in cases where you are already our customer and had not initially expressed your objection.

Registration for the service and the granting of the required consent take place after reviewing the relevant Terms of Use of the service and this Policy in the “Newsletter Registration” field of the respective website, where you are given the option to enter your email in order to receive an informational newsletter from the Company.

Specifically:

I. Regarding your registration for the Newsletter service of the websites tiresias.gr and teiresias.gr , you enter your email in the corresponding field while also clicking on the link “I consent to receiving Newsletters from Tiresias S.A. in accordance with the relevant Terms of Use and the Privacy Policy,” which includes links to the Terms of Use and the Policy.

You subsequently receive an email, in which you are asked to confirm that you consent to receive Newsletters from the Company and wish to subscribe to the relevant service. Once you accept, you are added to the list of registered Newsletter subscribers, which is automatically stored in the relevant system.

ΙΙ. Regarding your registration for the Newsletter service of the website business.tiresias.gr, you enter your email in the corresponding field while also clicking on the link “I consent to receiving Newsletters from Tiresias S.A. in accordance with the relevant Terms of Use and the Privacy Policy,” which includes links to the Terms of Use and the Policy.

You may at any time inform us that you wish to stop receiving Newsletters from TIRESIAS by using the unsubscribe option included in every newsletter you receive.

Additionally, via email correspondence at the address: Tiresias@tiresias.gr (regarding the newsletter of thetiresias.gr,  teiresias.gr)  websites) and at the email: tsekinfo@tiresias.gr (regarding the newsletter of the website business.tiresias.gr) or by any other appropriate means.

You maintain the option to re-subscribe at any time.

To whom we disclose your personal data

Recipients of the Data are the absolutely necessary personnel of the Company, who are bound by confidentiality, as well as the businesses cooperating with us, which process your Data as Processors on our behalf and in accordance with our instructions, such as companies providing automated electronic mail distribution services, etc. It is noted that in cases where TIRESIAS assigns the processing of personal data to third parties acting under its instructions and on its behalf, they are required to fully comply with TIRESIAS’s directives. Such compliance is ensured through specific provisions in the relevant outsourcing contractual texts and the observance of corresponding procedures.

We may share or disclose your Data when required by law. Recipients of your data may include Supervisory, Judicial, Independent, and other Authorities at the national and European level, for the fulfillment of TIRESIAS’s obligations under law, regulatory provision, or court decision.

We do not transfer your Data outside the European Economic Area (EEA).

Processing principles and protection measures

TIRESIAS, indicatively and not exhaustively:

• processes only your personal data that are necessary for the aforementioned purposes, and solely for those purposes;
• implements appropriate technical and organizational measures for the security of personal data (ensuring confidentiality, integrity, and availability) by design and by default;
• establishes and implements procedures and systems for the confidentiality of personal data processing, as well as for their protection against accidental or unlawful destruction, accidental loss, alteration, unauthorized disclosure or access, and any other form of unlawful processing (e.g., use of tools for access controls and data loss prevention);
• has informed the data subjects (citizens and employees), in accordance with Regulation (EU) 2016/679 (GDPR).
• observes the principle of personal data minimization;
• ensures the exercise and fulfilment of the rights of the data subjects;
• has prepared the documents, policies, and procedures that demonstrate its compliance, in accordance with the principle of accountability (Privacy Policy, Cookies Policy, recording of the type, categories, and flows of personal data, drafting of processing records, impact assessment, etc.) as specified in the GDPR;
• has appointed a Data Protection Officer and set up a personal data protection team;
• provides training and awareness programs for employees regarding the protection of personal data;
• concludes cooperation agreements with processors acting on its behalf, in accordance with Article 28 of the GDPR, with the aim of ensuring their full compliance as well.

How long do we keep your personal information

We keep your personal data for as long as you remain subscribed to our recipient list, and we delete it if you withdraw your consent or, if you are our customer, when you express your objection.

What are your rights and how can you exercise them?

You have the following rights:

1. Right to Information

TIRESIAS is obliged to inform you about the processing of your personal data, such as, indicatively, which data it processes, for what purpose, for how long it retains them, in a transparent, comprehensible, and easily accessible form, using clear and simple wording.

2. Right of Access

You have the right to obtain from TIRESIAS confirmation as to whether or not personal data concerning you are being processed and, if so, you have the right to access those data.

3. Right to Rectification

You have the right to request the rectification of any inaccurate personal data and the completion of any incomplete data, by providing all necessary supporting documentation.

4. Right to erasure

You have the right to request the erasure of personal data, by providing all necessary supporting documentation, provided that specific conditions are met.

5. Right to Restriction of Processing

You have the right to obtain restriction of processing, provided that specific conditions are met.

6. Right to Object

You have the right to object, at any time, to the processing of personal data concerning you.

7. Withdrawal of consent

You have the right to withdraw your consent at any time, provided that the processing being carried out is based on that consent. In this case, TIRESIAS will cease the processing.

8. Right to Data Portability

You have the right to request that we transfer your personal data, which we maintain, to any other controller of your choice, provided that specific conditions are met. The exercise of the right to data portability does not entail the erasure of your data from the records of TIRESIAS.

TIRESIAS, in any case, has the right to refuse the satisfaction of your request for restriction of processing, erasure of your personal data, or your objection to processing, if the processing or retention of the data is necessary for the establishment, exercise, or defence of its legal rights or for the fulfilment of its obligations.

The exercise of the above rights applies for the future and does not concern data processing already carried out.

9. Right to Lodge a Complaint with the Authority

You have the right to lodge a complaint with the Hellenic Data Protection Authority (www.dpa.gr), if you consider that your rights are being infringed in any way.

For the exercise of the above rights, you may contact TIRESIAS in writing at its address (Alamanas 1 Street, Marousi 151 25) or electronically at the email address tiresias@tiresias.gr ,  or by telephone on working days from 09:00 to 16:00 at +30 210 3676700, and in any case you may also contact the Data Protection Officer of TIRESIAS at dpo@tiresias.gr. Additionally, a Customer Service Office operates at the Company on working days from 08:30 to 14:00 (Alamanas 1 Street, 151 25 Maroussi). 

When do we respond to your Requests?

We respond to your requests free of charge, without delay, and in any case within one (1) month from the time we receive your request. If, however, your Request cannot be answered in time, we will inform you accordingly within the month, should we need to obtain an extension of another two (2) months, within which we will provide you with our response.

If your Requests are manifestly unfounded or excessive, particularly due to their repetitive nature, TIRESIAS may impose the payment of a reasonable fee, taking into account the administrative costs of providing the information or carrying out the requested action, or may refuse to act on the Request.

If your Requests, in whole or in part, cannot be satisfied by TIRESIAS, we are obliged to inform you, within the prescribed time limit, in detail, clearly, and with justification of the precise reasons for the rejection or for the non-performance of action on your request.

What is the applicable law when we process your Data?

We process your Data in accordance with the General Data Protection Regulation 2016/679/EU and, in general, the applicable national and European legislative and regulatory framework for the protection of personal data (Law 4624/2019, Law 3471/2006).

Data Protection Officer (DPO)

TIRESIAS has appointed a Data Protection Officer in accordance with Article 37 of the General Data Protection Regulation (tel. +30 210 36.76.700, dpo@tiresias.gr, Alamanas 2 Street, 151 25 Maroussi).

This Policy may be amended at any time without prior individual notification. The current version is always available at https://www.tiresias.gr/en/personal-data-processing/.

Last date of update: 09/2021

Controller

The company under the corporate name "Banking Information Systems SA" and the distinctive title "TIRESIAS SA" (hereinafter the Company), which has its registered office in Maroussi, Attica, 2, Alamanas Street, 151 25, P.C. 210 63.82.200 processes its partners’ - suppliers’ - customers’ personal data.

This policy sets out the principles applied by the Company during the processing of the aforementioned data (categories, legal basis, purpose, protection measures, rights, etc.) and aims to inform the data subjects about the processing. It is posted on our Company websites (http://www.tiresias.gr/PersonalDataProcessing.html & https://tsek.teiresias.gr/el/Home/PrivacyPolicy and when necessary it is modified or updated.

We assure you that all information we collect about you is confidential, used only for the legitimate purposes and protected by high level security systems.

When we collect your personal data?

1. During your participation in procurement procedures conducted by our Company.
2. When signing a contract with our Company and during its life cycle and its execution, when the contractual terms change and at the end of the contract.
3. When you contact us in writing on a contract related matter (in writing or electronically) or to submit an application.
4. During your presence at the Company's premises that are monitored by CCTV camera surveillance system.

What categories of personal data do we collect?

We process the following categories of personal data (in whole or in part, depending on the type of cooperation / contract and the physical presence or not of data at our Company's premises) of our partners-suppliers-customers:

• in the case of single-membered companies / traders: Basic identification data (name, father's name, address, telephone numbers, e-mail addresses, VAT number, Tax Office, ID number), distinctive title / type of business, registered office address, bank accounts,
• basic identification data of legal representatives, representatives, project managers, board members, etc. (name, father's name, address, telephone numbers, e-mail addresses), tax and social security clearance),
• financial data (e.g. payments, invoices, etc.),
• οικονομικά στοιχεία (π.χ. πληρωμές, τιμολόγια κλπ).
• your image as well as your movement to the extent that you move in areas of the Company where video recording (CCTV) takes place in accordance with the relevant procedure for reasons of protection of persons and goods (http://www.tiresias.gr/docs/NotificationAboutPersonalDataProcessingThroughACCTV.pdf).

When you enter the premises of our offices and for the purpose of protecting people and goods, incoming data is recorded in a relevant book kept by the private security company.

Measures to prevent the spread of the pandemic due to Covid 19 and protect employees

In the context of prevention and protection, every incoming person undergoes a temperature measurement (http://www.tiresias.gr/docs/NotificationAboutBodyTemperatureMeasurement.pdf, while at the same time there is a case-by-case obligation to conduct a self-test, in accordance with the relevant procedure of the Company

Purposes for which we process your personal data

We process your personal data for the purpose of participating in procurement procedures, the preparation, execution, operation and termination of the contract between us and in general the management of the business relationship between us (contracts, invoices, payments, etc.), but also for Company’s compliance with its legal obligations and for establishment of our legal claims or defence against claims brought before the Courts, Authorities etc. Personal data relating to your image and movement to the extent that you move to the Company's premises where video recording takes place for reasons of protection of persons and goods, is collected to protect persons and goods of the Company.

Legal Grounds for Processing Data

Legal grounds for processing data are, depending on the case: (a) The legitimate interest we pursue (the operation of our company as well as the protection of persons and goods in relation to the CCTV surveillance system) (b) Our compliance with obligations arising from the law, (c) The execution (drafting, operation, termination) of the contract between us), (d) your consent.

To whom we disclose your personal data and where data is stored

The Company does not disclose your personal data to third parties but is processed only by the Company’s authorized staff under strict confidentiality. Exceptionally, your personal data may be shared:

(a) with Public authorities for the purposes of the Company's compliance with its legal obligations,
(b) with third parties who provide services to the Company, such as human resources companies, lawyers/law firms (in case of extrajudicial or judicial actions regarding legal claims of the Company or against it). These persons, who act as processors on behalf of our Company, are bound by the applicable legislation (European and National) on personal data, and
(c) before the courts for the exercise and defence of the Company's rights. Your data is kept within Greece under conditions of organizational and technical security measures.

Principles of processing and protection measures

Our Company, indicatively and not restrictively:

• processes only your personal data that is necessary for the above purposes and only for these purposes,
• implements appropriate technical and organizational measures for the security of personal data (ensuring confidentiality, integrity and availability) by design and by default,
• implements procedures and systems for the confidentiality of the processing of personal data, as well as for their protection from accidental or unlawful destruction, accidental loss, alteration, prohibited dissemination or access and any other form of unlawful processing (e.g. use of tools for access controls and data loss prevention),
• informs the data subjects (citizens and employees), in accordance with the Regulation (EU) 2016/679 (GDPR),
• respects the principle of personal data minimisation,
• ensures the exercise and satisfaction of the rights of the subjects,
• has drawn up documents, policies and procedures that prove its compliance with the principle of accountability (privacy policy, cookies policy, recording of the type, categories and flows of personal data, compilation of processing records, impact assessment, etc.) as they are mentioned in the GDPR;
• has appointed a Data Protection Officer and set up a group for the protection of personal data;
• has appointed a Data Protection Officer and set up a group for the protection of personal data;
• amends its cooperation agreements with processors on its behalf, in accordance with Article 28 of the GDPR, ensuring that processors are fully GDPR compliant as well.

How long we keep your personal data

We keep your personal data in line with the requirements set by law for a period during which Tax Authorities, National Social Security Fund and other Authorities, have the right to audit our Company. If there is no shorter period of time set by law, the above data is kept for twenty (20) years, i.e. equal to the general limitation period. In the event that there is a relevant pending trial, we will keep your data for five (5) years from the issuance of an irrevocable court decision. Insurance and tax clearance certificates are destroyed one (1) year after their receipt, unless they are incorporated in tax documents, in which case they are destroyed along with them.

When the processing of your personal data is no longer necessary, your data will be destroyed in a secure and proven manner. Video surveillance data is stored for a period of 14 days.

Is your Data safe?

We are committed to safeguarding your Personal Data. We have taken appropriate organizational and technical measures for the security and protection of your Data from any form of accidental or unlawful processing.

Tiresias S.A. follows strict procedures and safety policies, which are part of the ISO 9001:2015 quality assurance standard, according to which the company has been certified, while its compliance is constantly regularly both by internal and by external inspections.

Those measures shall be reviewed and amended when necessary.

What are your rights? How to you exercise them?

You have the following rights:

1. Be informed when we collect and process your personal data, data sources, the purposes of processing it, its retention period and request a copy of any personal data we hold that concerns you (right of access).
2. Request the correction and/or completion of your personal data in order to be complete and accurate (right of rectification). You should provide us with any necessary document substantiating the need to rectify the inaccurate or incomplete data.
3. Request the restriction of processing your personal data (right to restrict processing).
4. Refuse and/or object to the processing of your personal data that we keep (right to object).
5. Request the transfer of your personal data that we keep to any other controller of your choice in a safe and secure way, without affecting its usability (right to data portability).
6. Request the deletion of your personal data from the files we keep for example when your data is no longer necessary or unlawfully processed or no longer meets one of the abovementioned lawful grounds (right to be forgotten).
   

   With regards to the exercise of your above rights, please note that:

   • The Company has in any case the right to refuse the satisfaction of your request to limit the processing or erasure of your personal data or your objection to the processing, if the processing or retention of the data is necessary for the establishment, exercise or defence of its legal rights or the fulfilment of its obligations.

   • The exercise of the right to portability does not imply the deletion of your data from our records, which is subject to the terms of the immediately preceding paragraph and the conditions of the Rules of Procedure.

   • The results from the exercise of these rights have effect for the future and does not concern data processing already carried out.
7. Lodge a complaint with the Hellenic Data Protection Authority www.dpa.gr if you consider that your rights are being violated in any way (right to complain to the Authority).

For the exercise of the above rights you may address in writing to the Company's address (Alamanas 2 Maroussi 151 25), or electronically to the e-mail address apanopoul@tiresias.gr or by phone at 210 63 82 252, and in any case you can also contact the Company's Data Protection Officer at dpo@tiresias.gr address.

When do we respond to your Requests?

We respond to your Requests free of charge without any delay, and in any case within one (1) month from the time we receive your request. However, if your Request is complex or there is a large number of your Requests, we will inform you within the month if we need to receive an extension of another two (2) months within which we will respond to you.

If your Requests are manifestly unfounded or excessive, in particular due to their repetitive nature, the company may impose a reasonable fee, taking into account the administrative costs for the provision of the information or the execution of the requested action, or refuse to act on the Request.

Who can you contact for the progress of your Requests?

For more information you can call during working days and hours at +302103676700 (Customer Service Phone Line).

Do we make use of automated decision-making, including profiling when processing your Data?

We do not make decisions or profiling based on automated processing of your Data.

What is the applicable law we processing your Data?

We process your Data in accordance with the General Regulation on the Protection of Personal Data 2016/679/EU, and in general, with the applicable national and European legislative and regulatory framework for the protection of personal data (Law 4624/2019, Law 3471/2006).

Data Protection Officer (DPO)

The Company has appointed a Data Protection Officer in accordance with Art. 37 of the General Data Protection Regulation (tel. +30 210 36.76.700, dpo@tiresias.gr, Alamanas 2 151-25 Amarousion)

Right of Access and Objection

In accordance with Article 12 of L. 2472/97 any individual can have access to Tiresias's Database in order to be informed of any kind of personal data stored in the system. Legal persons enjoy the same access right as well.

Also any entity (individual or legal person) who does not wish its data (stored in the Default Financial Obligations System (DFO) & Mortgages and Prenotations to Mortgages System (MPS)) to appear, can submit an application to Tiresias. After the request has been fulfilled the indication “does not wish the transmission of its data” is displayed. This information is evaluated at will, taking into account all possible consequences. Exceptionally, company data from the Government Gazette and the General Electronic Commercial Registry will still be transmitted. Revocation of this request can be submitted at any time, exclusively to Tiresias.

Cookie policy