The Bank Investor Relations
Personal Data Protection (GDPR)

The Bank Investor Relations
Personal Data Protection (GDPR)


PANCRETA BANK S.A. (hereinafter “the Bank”), established in the municipality of Heraklion, Crete, 5 Ikarou Avenue, email address: mail_info@pancretabanκ.gr, 2810338800, website:, as data controller, reassures you that the protection of your personal data is of paramount importance and informs you pursuant to the General Data Protection Regulation (EU) 2016/679 and the respective provisions of the applicable Greek legislation on the protection of personal data, that it or third parties, at its request or on its behalf, shall process your personal data, as shareholders or ex shareholders of the Bank, as stated below:

  • (1). What personal data does the Bank collect and from where?

    a. Your identification data: such as surname, name, father’s name, wife’s name, mother’s name, ID number or other equivalent document, tax registration number, date and place of birth and nationality, profession and other demographic data.

    b. Your contact data: such as postal and e-mail address, telephone number (fixed, mobile), fax number.

    c. Number of shares.

    d. Bank account number.

    e. Data regarding your capacity under which you participate in the General Assembly and the supportive documents.

    f. Data originating from correspondence with you.

    The aforementioned personal data is collected directly from you and/or from persons authorized by you upon submission of your application for registering as a shareholder of the Bank and/or acquiring shares and/ or obtaining documentation with regard to the Bank’s General Assemblies.

  • (2). For what purposes does the Bank process your personal data?

    The Bank collects and processes your aforementioned personal data for the execution of the shares purchase agreement, for the fulfillment of the Bank’s obligation towards you as a shareholder of the Bank, for identification and communication with you, checking the ability to exercise and the legality of exercising your rights in accordance with the law (indicatively, exercising voting rights at the General Assembly, Shareholders Register, keeping the minutes of the General Assembly, participating in corporate actions), complying with the Bank’s legal obligations, fulfilling and supporting the legal rights and legitimate interests of the Bank.

  • (3). Who are the recipients of your personal data?

    The Bank may transfer your personal data to the following persons:

    (a) Management and/or Bank employees who are responsible for handling any requests you have submitted to the Bank, as well as for the execution of your share purchase agreement with the Bank and the fulfillment of the Bank’s obligations towards you arising therefrom.

    (b) Natural persons and legal entities, to which the Bank assigns the execution of certain tasks on its behalf (data processors), such as, inter alia, database management companies, file storage and record-keeping companies, postal services providers, providers of services related to the development, maintenance and customization of IT applications, e-mail services providers, companies providing web hosting services, including cloud services, statutory certified auditors or audit firms, under the condition that they fulfill their confidentiality obligations.

    (c) Lawyers, law firms, court bailiffs, accredited mediators of L. 4640/2019, centers for the provisions of mediation services (e.g. OMA), notaries, judicial and prosecution authorities, supervisory, auditing, tax and independent authorities, public authorities and bodies within the framework of their duties and competencies.

    (d) Other Shareholders, as provided by law.

  • (4). Are your personal data transferred to non-EU countries (third countries) or an international organization?

    The Bank may transfer your personal data to non-EU countries (third countries) or an international organization in the following cases:

    (a) where the European Commission has decided that the third country or the international organization in question ensures an adequate level of protection,

    (b) when you have been specifically informed and gave your express consent to the Bank, provided also that the rest conditions laid down in the legislative framework are met,

    (c) where the transfer is necessary for the execution of contractual obligations,

    (d) where the transfer is necessary for the foundation, exercise or support of legal claims or the defense of the Bank’s legal rights,

    (e) where the transfer is necessary under a statutory provision or a transnational or international convention, or

    (f) for the purposes of the Bank’s compliance with rules relating to automatic exchange of information in the tax area, provided for by the statutory and regulatory framework.

    In order to fulfill the obligations under points (e) or (f) above, the Bank may transfer your personal data to the competent national authorities, in order for them to forward these data to the relevant authorities of third countries.

  • (5). What is the retention period for your personal data kept by the Bank?

    The Bank retains the aforementioned personal data for as long as you remain a shareholder of the Bank until the statutory time limit for the general limitation of the claims, i.e. for a period of twenty (20) years after you cease to be a shareholder, in any way.

    If there are any ongoing legal proceedings with the Bank by the end of the twenty (20) years, which concern you, either directly or indirectly, the said retention period of your personal data shall be extended until the issuance of an irrevocable court judgement.

    In case the law or regulatory acts provide for a smaller or greater retention period, the aforementioned retention period will be reduced or increased accordingly.

  • (6). What rights do you have for the protection of your personal data and how can you exercise them?

    Ι) You have the following rights:

    (a) To know which personal data that concerns you is being processed and retained by the Bank, as well as its source (right of access).

    (b) To request the rectification and/or supplementation of your personal data, so that it is complete and accurate by presenting any necessary documents which prove the need for such rectification or supplementation (right to rectification).

    (c) To request the restriction of the processing of your personal data (right to restriction).

    (d) To refuse and/or object to any additional processing of your personal data kept by the Bank (right to object).

    (e) To request the erasure of your personal data, from the Bank’s records (right to erasure).

    (f) To request for the transfer of your personal data you have provided to the Bank to another controller (right to data portability).

    (g) You have the right to file a complaint with the Hellenic Data Protection Authority (HDPA, which is the competent supervisory authority for the protection of the fundamental rights and freedoms of natural persons, for processing which concerns you, if you believe that your rights are being infringed in any way.

    The Banks notes the following with respect to your aforementioned rights:

    • The fulfillment of your requests under (c), (d) and (e), insofar as they concern data which is necessary for retaining your Bank membership means that you shall cease to be a shareholder of the Bank.
    • The Bank has the right in any case to refuse to fulfill your right to restriction of processing or erasure of your personal data if the processing or retention of your personal data is necessary for the establishment or exercise or support of its legitimate interests, lawful rights or its compliance with legal obligations.
    • The exercise of the subject’s right to data portability (under point f above) does not imply the erasure of the data from the Bank's records, which erasure takes place under the conditions laid down in the immediately preceding paragraph. The exercise of these rights shall have effect for the future and does not concern already performed data processing.
    • The above service is provided by the Bank free of charge. However, if your requests are manifestly unfounded, excessive or repetitive, the Bank may either charge a reasonable fee, informing you thereof or refuse to respond to your request/s.

    ) For the exercise of your rights referenced under (6) you may contact all branches of the Bank, and fill in the Data Subject Rights Form.

    The Bank shall make its best efforts to respond to your request within thirty (30) days from its submission. This deadline may be extended by sixty (60) further days, provided that it is necessary at the Bank’s sole discretion, taking into account the complexity of the request and the number of requests. The Bank shall inform you in any case of the extension of the deadline within thirty (30) days.

  • (7). How are your personal data protected?

    The Bank implements all appropriate technical and organizational measures for the safeguarding of your privacy, the security of the processing of your personal data and its protection from accidental or illegitimate destruction, leak, alteration, prohibited dissemination or unauthorized access, as well as any other illegitimate form of processing.

    The present notice is made for the implementation of the provisions of Greek law and Regulation (EU) 2016/679. It replaces any previous notice on the processing of your personal data pursuant to L. 2472/1997 which may be referenced in any contractual or other documents of the Bank. The Bank may update, supplement and/or amend the present notice, pursuant to the existing regulatory and legal framework. In this case, the updated version will be posted on the Bank’s website ( and shall be available at its branches.

  • Contact Details




    5 Ikarou Ave., 71306 Heraklion Crete


    +30 2810 338800




    5 Ikarou Ave., 71306 Heraklion Crete

    +30 2810 338975