(Α.1) Data required for our online services management (e.g. PANCRETA ONLINE), submission of comments, complaints, questions or requests through the Bank’s websites (Contact Form) or through Third Parties websites (e.g. posting a question/comment in a social media platform).

• Identification data, such as: Full name, ID Card, Tax ID, date of birth, Profession.
• User Authentication data, such as: Username and password.
• Contact data, such as: Postal and Email address, landline, and/or cellphone number, comments, requests etc.

(Α.2) Devices’ data: When you visit our websites, we collect the URL address of the website you accessed prior visiting our website, the date/time of your visit, the operating system, the browser and the IP address of the device used.

(Α.3) Cookies and other similar technologies: As it is described in the Cookies Policy, we collect data, using cookies and/or other similar technologies.

(Α.4) Location data: When you visit our websites through the device (desktop PC, tablet, mobile device) you used we collect data regarding your exact location, based on the settings of your devices and after your consent.

We collect information that you disclose to us when you login and/or browse our websites, when you use our online services (e.g. PANCRETA ON-LINE) or when you submit a comment, complaint, question or request, online. Additionally, we may collect information from Third Parties (natural or legal entities), e.g. IT and technology companies and social network platforms.

The Bank collects and processes only the data required to pursue the following purposes:

(C.1) We may process your data in the context of the contractual relationship between You and the Bank:

• For identification and communication with you,
• For the management of your complaint, request or question, in relation to one of our banking products or services or for your information about our banking products/services, for which you have previously expressed an interest.

(C.2) We may process your data in order to pursue our legitimate interests, provided that they do not exceed the rights and freedoms of the visitors of our websites, like:

• For the accurate and efficient operation and management of our websites.
• For the investigation and resolution of technical issues (e.g. code developing errors).
• For information security purposes or for the investigation possible fraud or violation of, the terms of use of our websites and current policy.
• For the communication with you in order to inform you about the utilization of our banking products/services, their capabilities, features and any other new developments; for investigation of the satisfaction degree from our services and/or any further wishes, you may have.
• to conduct studies and research in order to evaluate and improve our banking products/services and/or to develop new products/services.

(C.3) We may process your data if you have previously expressly given your consent:

• To understand how you (as a user), use and interact with the content of our websites, through the use of cookies and related technologies.
• To personalize our services to you by using location data, e.g. to locate the Branch or ATM of our network that is closest to you.
• To display advertisements - to improve and measure the effectiveness and deliverability of them - appearing in Third Parties websites,
• To improve and measure the effectiveness of our services, in order to meet your personal needs.

In any case, the Bank may process your data for purposes of compliance and obligations imposed by the currently applicable legal and regulatory framework and the supervising authorities, as well as with the decisions of competent Authorities or Courts.

We may disclose your data, in addition to the appropriate Bank employees, responsible for the processing of requests, comments, complaints and questions you submit through our websites, provided that the currently applicable statutory conditions are met, as well as to Third Parties (natural persons and legal entities, to whom the Bank assigns from time to time the performance of certain tasks on its behalf), under the condition to maintain at all time professional secrecy, confidentiality and information security, like:

• supporting and information companies (call centers),
• advertising and marketing agencies for products/services,
• database and website administration companies,
• providers of innovative solutions for payment technologies and services, postal services providers, coding development services, maintenance, customization of IT services, email and website hosting services, περιλαμβανομένων των υπηρεσιών υπολογιστικού νέφους (cloud services),
• market research companies, for the conduction of a research related to our products/services.

In any case, the Bank guarantees that it will not transfer, disclose, etc. your data to Third Parties for any purpose, other than those expressly disclosed in this policy. However, we reserve the right to disclose information related to you, if we are obligated by the law or if said disclosure is required by the competent supervisory, audit, independent, judicial, public and/or other authorities.

Additionally, we inform you that the Bank may transfer the data it collects from its websites to countries outside the European Union or to an international organization in the following cases:

• If the European Commission has decided that the third country or international organization where the data will be transmitted, ensures an adequate level of protection for the data.
• If you have been specifically informed and granted your explicit consent to the Bank for the transfer of your data and other conditions of the legal framework are met.
• If the transfer is required for the performance of a contract or the execution of your orders, e.g. transfer orders for remittance to a bank account of a financial institution in a third country, or in the event of transmission for the execution of an order for the execution of transactions with financial instruments.
• If the transfer is necessary for the establishment, exercise or defense of legal claims of the Bank.
• If the Bank has a relevant obligation arising from a legal provision, an intergovernmental or international agreement or to be in line with the Bank’s compliance obligations with the rules on the exchange of information in the field of taxation which arise from legal provisions.

The Bank implements all appropriate technical and organizational measures for the safeguarding of your privacy, the security (confidentiality, integrity and availability) of the processing of your data and its protection from accidental or illegitimate destruction, leak, alteration, prohibited dissemination or unauthorized access, as well as any other illegitimate form of processing.

The Bank audits, pursuant to the established procedures, the compliance with the Bank’s Information Security Framework, conducts specialized information security audits (penetration tests & vulnerability assessments), educates, raises awareness of its Personnel on information security matters and continuously assesses the elevated information security level, taking, further measures to address new threats and the associated risks, as this deems appropriate.

However, it is your responsibility to ensure that the equipment (e.g. desktop computer), software, telecommunication equipment that you use is sufficiently secure and protected from malware (e.g. viruses). You should be aware that, by not using sufficient information security measures (e.g. secure settings in your browser, updated malware protection software, use of software from trusted sources, etc.), entails the risk that the data, as well as the user credentials you use, can be disclosed to non-authorized Third Parties. The Bank will never ask you, by any means (by phone or via email/sms) your security codes. They are personal and you must not disclose them to anyone. Misleading e-mail messages (phishing emails) or/and sms aim to intercept your data. These messages are supposedly sent by PANCRETA BANK and urge you to follow a link to a website page in order to enter your data (e.g. username, password, additional password).

(F.1) If you are not a customer of the Bank, we may keep the data collected from our websites for a period of up to 5 years after their collection thereof.

(F.2) As long as you remain customer of the Bank, we will keep your data for a period of up to 20 years after the expiration of the relevant agreementι.

(F.3) After the lapse of the retention period, the Bank will ensure the secure destruction and/or deletion of your data.

You have the following rights for your data we keep:

(G.1) To know which data that concerns you is being processed and retained by the Bank, as well as its source (right of access).

(G.2) To request the rectification and/or supplementation of your data, so that it is complete and accurate by presenting any necessary documents which prove the need for such rectification or supplementation (right to rectification).

(G.3) To request the restriction of the processing of your data (right to restriction), where specified by Law.

(G.4) To refuse and/or object to any processing of your data kept by the Bank (right to object).

(G.5) To request the erasure, in certain cases, all or part of your data (right to erasure).

(G.6) To request from the Bank to deliver to you or to transmit the data you have submitted thereto to any other data controller, in electronic form (right to data portability).

(G.7) You have the right to file a complaint with the Hellenic Data Protection Authority (HDPA www.dpa.gr), which is the competent supervisory authority for the protection of the fundamental rights and freedoms of natural persons, for processing which concerns you, if you believe that your rights are being infringed in any way.

For the exercise of your rights referenced under (G) you may contact all Branches of the Bank and fill in the Data Subject Rights Form.

The Bank shall make its best efforts to respond to your request within thirty (30) days from its submission. This deadline may be extended by sixty (60) further days, provided that it is necessary at the Bank’s sole discretion, taking into account the complexity of the request and the number of requests. The Bank shall inform you in any case of the extension of the deadline within thirty (30) days.

The above service is provided by the Bank free of charge. However, if your requests are manifestly unfounded, excessive or repetitive, the Bank may either charge a reasonable fee, informing you thereof or refuse to respond to your request/s.

(I.1) Our websites may contain links to other websites that are not controlled by the Bank but by other Third Parties (e.g. social network platforms, Greek and European Supervising Authorities, other services, etc.). The current policy does not apply to the said before websites and we recommend visiting them directly in order to be informed about their data protection policies.

(I.2) The Bank does not collect or gains access to, in any manner whatsoever, special (“sensitive data”) categories of data. You have the obligation to refrain from providing such data, related to you or Third Parties. Otherwise, the data will be deleted as soon as we become aware of it. The Bank shall not be held liable by any visitors or Third Parties for the provision and/or processing of such data, caused by their acts or omissions in breach of the aforementioned obligation.

(I.3) We may amend this policy from time to time, in order to be always compliant with the legal/statutory requirements and our business activities. If we decide to replace this policy or effect very important changes, we will notify you with a notice in this website. In order to be informed about the most up to date version of this policy, visit this page regularly.

If you have questions related to this policy, you may contact at: