DYSART FINANCE
DESIGNATED ACTIVITY COMPANY

Privacy Notice

DYSART FINANCE DESIGNATED ACTIVITY COMPANY – Privacy Notice
DYSART FINANCE DESIGNATED ACTIVITY COMPANY – Privacy Notice

This privacy notice informs you about the processing of your personal data (i.e. data by which you may be directly or indirectly identified) as well as of your rights in accordance with applicable data protection law (the "Privacy Notice"). It applies to Corporate Borrowers and individuals related to the Corporate Borrowers (such as employees, beneficial owners, shareholders, representatives, contact persons, guarantors, security providers etc.) (the "Individual", "you", "your"). Corporate Borrowers are defined as individuals, corporates or enterprises borrowers which are part of a portfolio of loans secured primarily on real property and other ancillary security with the Company (as defined below).

1. Data controller

The data controller is DYSART FINANCE I DESIGNATED ACTIVITY COMPANY a designated activity company incorporated under the laws of Ireland with registered number 764665, whose registered office is at Unit 10 & 11, Cahir Road, Cashel, Tipperary, Ireland (the “Company”,“we”, us”,“our”).

By virtue of a servicing agreement dated 31.01.2025, the Company has appointed the company under the name DOVALUE GREECE LOANS AND CREDITS CLAIM MANAGEMENT SOCIETE ANONYME, a Greek law 5072/2023 credit servicing company incorporated and registered under the laws of the Hellenic Republic, registered with the Greek General Commercial Registry under no. 121602601000 (the “Servicer”) to service and manage the receivables of the Corporate Borrowers owned by the Company.

If you have any questions or comments or want to exercise your rights, in relation to the use of your Personal Data or would like to submit a request with respect to your rights listed below, please contact us, by email, atdovaluegreece@dovaluegreece.gr specifying in the email Subject line “DYSART FINANCE I DESIGNATED ACTIVITY COMPANY - Data Protection Request”, or by letter addressed to DYSART FINANCE I DESIGNATED ACTIVITY COMPANY, Data Protection Requests, c/o DOVALUE GREECE LOANS AND CREDITS CLAIM MANAGEMENT SOCIETE ANONYME Data Protection Office, 27 Kyprou and Archimedous Str., Moschato, Attica, Greece.7XX.

In addition, other entities involved in the management of loans secured primarily on real property and other ancillary security may process Personal Data in their capacity as independent data controllers (for instance the Servicer who manages the relationship with you on a daily basis). These processing activities are done under the sole responsibility of these independent data controllers and are governed by separate privacy notices.

2. Personal data being processed

Information provided to us include indicatively the following:

  1. Identification data such as first name, last name, business telephone, e-mail address;
  2. Personal characteristics such as nationality, date and place of birth and information on identification documents;
  3. Government issued identifiers such as passport, identification card, tax identification number, national insurance number;
  4. Financial information such as bank details;
  5. Tax information such as tax domicile and other tax-related documents and information;
  6. Information on the origin of funds and assets and securities; and
  7. Financial situation information, including past history of their shared equity loan or commercial real estate loan, creditworthiness and solvency data.
    (the "Personal Data").

3. Purposes for which Personal Data is being processed

To process your Personal Data we need to rely on a lawful basis. For each lawful basis listed below, we describe the purposes of our processes as well as the categories of Personal Data used.

 

  1. If you are an Individual, for the purposes of entering into or performing a contract with you or a Corporate Borrower.

    Why and how we process your personal data:

    We process your data:

    • for the purpose of the provision of borrower-related services,
    • for administering and managing the loan, including where necessary to take steps to recover the debts;
    • to establish with you the necessary communications for the management of recovery actions.

    Categories of personal data used

    • Identification data
    • Personal Characteristics
    • Government issued identifiers
    • Financial information
    • Information on the origin of funds and assets and securities
    • Financial situation information

  2. For compliance with legal and regulatory obligations.

    Why and how we process your personal data:

    We process your data for compliance with:

    • the applicable legislation on Know-Your-Customer (KYC);
    • Anti-Money Laundering and Combating the Financing of Terrorism (AML/CFT);
    • accounting obligations;
    • requests from, and requirements of, local or foreign regulatory or law enforcement authorities, tax identification and, as the case may be, reporting, notably, the automatic exchange of financial account information, commonly referred to as the Common Reporting Standard (CRS), as implemented in Greece through Law 4428/2016, which ratified the Multilateral Competent Authority Agreement on Automatic Exchange of Financial Account Information, as well as Law 4378/2016, incorporating EU Directive 2014/107/EU (DAC2) on mandatory exchange of tax information. Furthermore, the Agreement between the Hellenic Republic and the Government of the United States of America to Improve International Tax Compliance and to Implement FATCA, signed on January 19, 2017, and ratified by Law 4493/2017, ensures compliance with the Foreign Account Tax Compliance Act (FATCA), facilitating the exchange of financial account information between Greek financial institutions and the U.S. Internal Revenue Service (IRS). Additionally, Greece adheres to any other Automatic Exchange of Information (AEI) regimes in accordance with international and European tax transparency standards to combat tax evasion and enhance financial reporting obligations. to which we may be subject from time to time.
    • Greek Law 5072/2023, requiring us to appoint a servicer.

    Categories of personal data used

    • Identification data
    • Personal Characteristics
    • Government issued identifiers
    • Financial information
    • Tax information

  3. Based on consent:

    Why and how we process your personal data:

    We process your data:

    • for the purpose of receiving marketing materials (about products and services of the group of companies to which the Company belongs or those of its commercial partners);

    Categories of personal data used

    • Identification data
    • Personal Characteristics
       

We may also process your Personal Data for the Company's legitimate interests, which are further specified below:

  1. Why and how we process your personal data:

    • We may share your personal data with others including law enforcement authorities and the servicer involved in the management of loans and to respond to legal requests.
      We may also notice and/or report any illegal behaviour.

    Legitimate interests relied on:

    • It is in our interest to prevent and address fraud or any illegal activity and to manage our risks.

    Categories of personal data used:

    • Identification data
    • Personal Characteristics
    • Financial information
    • Information on the origin of funds and assets and securities
    • Financial situation information

  2. Why and how we process your personal data:

    • For the evaluation of the Corporate Borrower's financial needs and the monitoring of the Corporate Borrower's financial situation including assessing its creditworthiness and solvency.

    Legitimate interests relied on:

    • It is in our interest and in the interest of the Corporate Borrower to provide personalised / tailored services.

    Categories of personal data used:

    • Identification data
    • Financial information
    • Information on the origin of funds and assets and securities
    • Financial situation information

  3. Why and how we process your personal data:

    • To manage litigation and to the extent required for the exercise or defence of legal claims or for the protection of the rights of another natural or legal person.

    Legitimate interests relied on:

    • It is in our interest to prevent and address fraud or any illegal activity.
      It is in our interest to seek legal advice and to protect ourselves including as part of investigations, litigation or other disputes.

    Categories of personal data used:

    • Identification data
    • Personal Characteristics
    • Government issued identifiers
    • Financial information
    • Information on the origin of funds and assets and securities
    • Financial situation information

  4. Why and how we process your personal data:

    • If Personal Data was provided to the Company by a Corporate Borrower the Company may also process Personal Data relating to an Individual in its legitimate interest for the purpose of the provision of borrower-related services including mortgage administration, purpose of management and claim of payment of debts, as well as to establish with you the necessary communications for the management of recovery actions of the same, by any means.

    Legitimate interests relied on:

    • It is in our interest and in the interest of Corporate Borrowers to provide the requested services and improve them.

    Categories of personal data used:

    • Identification data
    • Personal Characteristics
    • Financial information
    • Information on the origin of funds and assets and securities
    • Financial situation information

  5. Why and how we process your personal data:

    • In the context of corporate reorganisation, transfer, divestment, merger or acquisition.

    Legitimate interests relied on:

    • It is in our interest to manage transactions related to any corporate reorganisation.

    Categories of personal data used:

    • Identification data
    • Personal Characteristics
    • Government issued identifiers
    • Financial information
    • Information on the origin of funds and assets and securities
    • Financial situation information

4. Obligation to provide the Personal Data

The Personal Data that is required for the performance of the contract with the Corporate Borrowers and that is required for the Company to comply with legal obligations is mandatory information to be provided by the Corporate Borrowers or the Individual. Without the provision of this Personal Data, the Company will not be able to enter into or continue the execution of the contract with the Corporate Borrower.

5. Data Recipients

Personal Data may be shared with selected third parties as set out above.

In some circumstances, the Company may also disclose Personal Data to the recipients such as:

  1. any third parties as may be required or authorized by law (including but not limited to public administrative bodies and local or foreign public and judicial authorities, including any competent regulators). In this regard we may share the following data: Identification data, Personal characteristics, Government issued identifiers, Financial information, Tax information, Information on the origin of funds and assets and securities, and Financial situation information;
  2. any third parties acting on the Company’s behalf (such as servicers, including their respective advisers, auditors, delegates, agents and service providers and any other subsidiary or affiliated companies (the Service Providers) or on the basis of a prior authorization provided by the Corporate Borrowers or the Individual.  In this regard we may share the following data Identification data, Personal characteristics, Government issued identifiers, Financial information, Tax information, Information on the origin of funds and assets and securities, and Financial situation information;
  3. any of the Company’s respective shareholders, representatives, employees, advisers, agents, delegates, auditors, service providers, any subsidiary or affiliate of the Company (and their respective representatives, employees, advisers, agents, delegates). In this regard we may share the following data: Identification data, Personal characteristics, Government issued identifiers, Financial information, Tax information, Information on the origin of funds and assets and securities, and Financial situation information.;
  4. persons acting on behalf of the Corporate Borrowers, (such as beneficiaries, intermediaries, banks) or the Individual; In this regard we may share the following data: Identification data, Personal characteristics, Government issued identifiers, Financial information, Tax information, Information on the origin of funds and assets and securities, and Financial situation information; and
  5. other third parties and their advisors, auditors, delegates, agents, and service providers, in each case, in connection with the Company’s transfer of the Corporate Borrower’s loan to another entity or in connection with any business reorganization, transfer, disposal, merger or acquisition on the level of the Company in connection with any business reorganization, transfer, disposal, merger or acquisition on the level of the Company or group of companies to which the Company belongs including to credit institutions, special purpose entities and credit purchasers within the meaning of Greek Law 5072/2023, as applicable from time to time and in force, as well as to related investors for the purposes of the relevant procedures taking place in the context of the sale and transfer of loan receivables owned by the Company. In this regard we may share the following data Identification data, Personal characteristics, Government issued identifiers, Financial information, Tax information, Information on the origin of funds and assets and securities, and Financial situation information.

6. Transfer of Personal Data

For the purposes listed above, Personal Data will be transferred to any of the aforementioned recipients and Service Providers which are located within or outside of the European Economic Area (the EEA).

Personal Data will be transferred to the following countries outside the EEA: the United States of America and the United Kingdom. 

Certain jurisdictions in which recipients (including data processors) are located and to which Personal Data are transferred do not have the same level of protection as that afforded in your home country. Where that is the case Personal Data will be transferred to such countries subject to appropriate safeguards.

We rely on the following safeguards:

- standard contractual clauses approved by the European Commission;
- adequacy decision for transfers to UK.  

You may obtain a copy of such safeguards by contacting us at the above contact details. 

7. Individual's rights

The following rights apply to the Individual whose Personal Data has been provided to the Company by a Corporate Borrower:

  1. the right to access Personal Data, free of charge, within reasonable intervals and in a timely manner, as well as all information on the origin of such Personal Data;
  2. the right to have inaccurate or redundant data rectified or erased;
  3. the right to request the erasure of Personal Data without undue delay when the use or other processing of such data is no longer necessary for the purposes described above, and notably when consent relating to a specific processing has been withdrawn or where the processing is not or no longer lawful for other reasons;
  4. in cases where the accuracy of the data is contested, the processing is unlawful, or where the Individual has objected to the processing of their Personal Data, they may ask for the restriction of the processing of such Personal Data. This means that Personal Data will, with the exception of storage, only be processed with or for the establishment, exercise or defence of legal claims of the Company, for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or of a Member State. In cases where processing is restricted, the Individual will be informed before the restriction of processing is lifted;
  5. the right to data portability where the processing is based on the execution of a contract or consent, is performed by automated means and where the data has been provided by the Individual or the Corporate Borrowers.
  6. The right to withdraw consent, at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

Should you consider that the processing of your Personal Data by us or our service providers infringes the provisions of the General Data Protection Regulation and/ or applicable local law rules, you may lodge a complaint with a supervisory authority in the EU Member State of your habitual residence, place of work, or in the place where an alleged infringement occurred. In Greece, you may contact the Hellenic Data Protection Authority (1-3 Kifissias avenue, 115 23, Athens Greece) (www.dpa.gr). You may contact us in the first assistance should you have a query or complaint (in the contact details under section 2 above).

8. Data retention period

The Company is subject to various data retention obligations including those arising out of legal obligations or the requirement to keep data for the exercise or defence of legal claims. Statutory retention periods vary depending on the type of data (for example, anti-money laundering laws require the Company to retain certain KYC information and the retention periods provided by those laws vary. Our retention periods are reviewed and updated from time to time in line with legal requirements and best practices. For further information concerning the retention of your data, you can contact us using the information in Section 1 above.

9. Amendment of this Privacy Notice

This Privacy Notice may be amended from time to time to ensure that full information about all processing activities is provided. Changes to the Privacy Notice will be notified by appropriate means.