The Bank Investor Relations
Personal Data Protection (GDPR)

The Bank Investor Relations
Personal Data Protection (GDPR)


PANCRETA BANK S.A. (hereinafter “the Bank”), established in the municipality of Heraklion, Crete, 5 Ikarou Avenue, email address: mail_info@pancretabanκ.gr, 2810338800, website:, as data controller, reassures you that the protection of your personal data is of paramount importance and informs you pursuant to the General Data Protection Regulation (EU) 2016/679 and the respective provisions of the applicable Greek legislation on the protection of personal data, that it or third parties, at its request or on its behalf, shall process your personal data, as shareholders of the Bank, as stated below:

Bank, as stated below:

  • (1). What personal data does the Bank collect and from where?

    a. Your identification data: such as surname, name, father’s name, wife’s name, mother’s name, ID number, tax registration number, date and place of birth and nationality, profession.

    b. Your contact data: such as postal address, landline, work e-mail, work phone and fax number.
    c. Number of shares.
    d. Bank account number.
    e. Data regarding your capacity under which you participate in the General Assembly and the supportive documents.

    The aforementioned personal data is collected directly from you and/or from persons authorized by you upon submission of your application for registering as a shareholder of the Bank and/or acquiring shares and/ or obtaining documentation with regard to the Bank’s General Assemblies.

  • (2). For what purposes does the Bank process your personal data?

    The Bank collects and processes your aforementioned personal data for the execution of the shares purchase agreement and for the fulfillment of the Bank’s obligation towards you as a shareholder of the Bank.

  • (3). Who are the recipients of your personal data?

    The Bank may transfer your personal data to the following persons:

    a. Bank employees who are responsible for handling any requests you have submitted to the Bank, as well as for the execution of your share purchase agreement with the Bank and the fulfillment of the Bank’s obligations towards you arising therefrom.
    b. Third parties to whom the Bank assigns the execution of specific tasks on its behalf, such as, IT service maintenance providers, under the condition that they fulfill their confidentiality obligations.
    c. Lawyers, law firms, court bailiffs, accredited mediators of L. 4640/2019, centers for the provisions of mediation services (e.g. OMA), notaries, judicial and prosecution authorities, supervisory, auditing, tax and independent authorities, public authorities and bodies within the framework of their duties and competencies.

  • (4). What is the retention period for your data kept by the Bank?

    The Bank retains the aforementioned personal data for as long as you remain a shareholder of the Bank and for a period of twenty years after you cease to be a shareholder.

    If there are any ongoing legal proceedings with the Bank by the end of the twenty (20) years, which concern you, either directly or indirectly, the said retention period of your personal data shall be extended until the issuance of an irrevocable court judgement.

    In case the law or regulatory acts provide for a smaller or greater retention period, the aforementioned retention period will be reduced or increased accordingly.

  • (5). What rights do you have for the protection of your personal data and how can you exercise them?

    Ι) You have the following rights:

    a. To know which personal data that concerns you is being processed and retained by the Bank, as well as its source (right of access).
    b. To request the rectification and/or supplementation of your personal data, so that it is complete and accurate by presenting any necessary documents which prove the need for such rectification or supplementation (right to rectification).
    c. To request the restriction of the processing of your personal data (right to restriction).
    d. To refuse and/or object to any additional processing of your personal data kept by the Bank (right to object).
    e. To request the erasure of your personal data, from the Bank’s records (right to erasure).
    f. You have the right to file a complaint with the Hellenic Data Protection Authority (HDPA, which is the competent supervisory authority for the protection of the fundamental rights and freedoms of natural persons, for processing which concerns you, if you believe that your rights are being infringed in any way.

    The Banks notes the following with respect to your aforementioned rights:

    • The fulfillment of your requests under (c), (d) and (e), insofar as they concern data which is necessary for retaining your Bank membership means that you shall cease to be a shareholder of the Bank.
    • The Bank has the right in any case to refuse to fulfill your right to restriction of processing or erasure of your personal data if the processing or retention of your personal data is necessary for the establishment or exercise or support of its legitimate interests, lawful rights or its compliance with legal obligations.
    • The above service is provided by the Bank free of charge. However, if your requests are manifestly unfounded, excessive or repetitive, the Bank may either charge a reasonable fee, informing you thereof or refuse to respond to your request/s.

    ΙΙ) For the exercise of your rights referenced under (5.I) you may contact all branches of the Bank, and fill in the Data Subject Rights Form.

    The Bank shall make its best efforts to respond to your request within thirty (30) days from its submission. This deadline may be extended by sixty (60) further days, provided that it is necessary at the Bank’s sole discretion, taking into account the complexity of the request and the number of requests. The Bank shall inform you in any case of the extension of the deadline within thirty (30) days.

  • (6). How are your rights protected?

    The Bank implements all appropriate technical and organizational measures for the safeguarding of your privacy, the security of the processing of your personal data and its protection from accidental or illegitimate destruction, leak, alteration, prohibited dissemination or unauthorized access, as well as any other illegitimate form of processing.

    The present notice is made for the implementation of the provisions of Greek law and Regulation (EU) 2016/679. It replaces any previous notice on the processing of your personal data pursuant to L. 2472/1997 which may be referenced in any contractual or other documents of the Bank. The Bank may update, supplement and/or amend the present notice, pursuant to the existing regulatory and legal framework. In this case, the updated version will be posted on the Bank’s website ( and shall be available at its branches.

  • Contact Details




    5 Ikarou Ave., 71306 Heraklion Crete


    +30 2810 338800




    5 Ikarou Ave., 71306 Heraklion Crete

    +30 2810 338975