Our operating principles

The operation of doValue Greece is governed by Law 5072/2023 and Executive Committee Act 225/1/30.01.2024 of the Bank of Greece, as in effect from time to time.

Law 5072/2023

The operation of doValue Greece is governed by Law 5072/2023 on “Loans: Transparency, competition, protection of the vulnerable - Transposition of Directive (EU) 2021/2167, reintroduction of the HERCULES programme and other urgent provisions’’ and Articles 1-3A of Law 4354/2015 on "Management of non-performing loans", as in effect from time to time.

Executive Committee Act of the Bank of Greece

The operation of doValue Greece is governed by Executive Committee Act 225/30.01.2024 of the Bank of Greece on “Terms and conditions for granting operating licenses to Credit Servicing Companies of Law 5072/2023”, as in effect from time to time.

We implement policies and follow procedures to prevent the use of the financial system to legalise revenues from criminal activities and terrorist financing.

Combating money laundering and terrorist financing

We recognise the risks and the potential consequences from illegal activities, money laundering and terrorist financing.

To this end, we follow the legal and regulatory framework in force, especially:

• Law 4557/2018 on “Prevention and suppression of money laundering and terrorist financing (incorporation of Directive 2015/849/EU) and other provisions”, as in effect from time to time.
• Banking and Credit Committee Decision 281/17.03.2009 on “Prevention of the use of credit and financial institutions under Bank of Greece supervision for money laundering and terrorist financing”, as in effect from time to time.

US Financial Action Task Force (FATF)

We take into account the recommendations of FATF, the US Financial Action Task Force.

“Know your customer” principle

All the procedures for money laundering and terrorist financing prevention are based on the "Know your customer" principle.

As per the provisions of said principle, the Company collects and keeps adequate information for confirming and verifying the identity of its clients and debtors. In addition, it collects the required information to shape the financial/transactional profile of the latter.

We implement policies and follow procedures for consumer protection according to the legal framework in force.

• Law 2251/1994 (only available in Greek) on “Consumer protection”, as in effect from time to time.
• Law 3758/2009 (only available in Greek) on “Companies for debtor notification of debts in arrears”, as in effect from time to time.

doValue complies with the rules and regulations for personal data protection.

doValue Greece pledges to protect your personal data, fully implementing the General Data Protection Regulation (EU) 2016/679, Law 4624/2019 (only available in Greek) and all relevant provisions in the Greek and EU legislation on personal data protection.

Find out more about personal data protection on our website.

The doValue Group Code of Conduct encompasses the entire doValue Group human resources, as well as any other individuals who work with the Group in the context of providing services or carrying out projects. The Group’s Code of Conduct includes the framework of the principles and rules of conduct that the individuals bound by it must follow as part of their professional/transactional relationship with the doValue Group companies. The doValue Group Code of Conduct has been approved by the Board of doValue Greece as well as the Board of doValue Greece RES.

Note that the doValue Greece Professional Conduct and Ethics (the "Code") applies concurrently; this Code has also been adopted and is followed by doValue Greece RES in all its operations. The Code complements and supplements the doValue Group Code of Conduct. It stipulates the principles and values that all Company employees and executives, as well as any third parties working with these individuals (independent contractors, suppliers, organisations, consultants and other associates) must follow without fail.

The Code is approved by the Company’s Board and the Business and Regulatory Compliance Unit, AML/CFT.

All Company employees participate in training programmes, with the aim that they comprehend the principles and rules of conduct stipulated in the Code, as well as how to apply these rules when exercising their duties.

Our Values and Principles

The Code is a set of provisions harmonised with the legal and the regulatory framework for the Company's operation, as well as the international standards of professional ethics, which we follow both at Company and at Group level. When exercising their duties, all the Company employees and executives ought to operate driven by the following values and principles:

- Fairness
- Professionalism
- Transparency
- Honesty
- Correctness
- Effectiveness
- Responsibility
- Cooperation
- Leadership
- Integrity and
- Consistency in terms of following the regulatory framework in force, as well as the policies, procedures, directives, etc. adopted and applied by the Company.

[DIRECTIVE (EU) 2019/1937 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL OF 23  OCTOBER 2019]

1. Introduction – Purpose

doValue Greece Loan and Credit Claims Management Co SA, with registered offices at 27 Kyprou and Archimidous St, Moschato, GR 18346, and doValue Greece Real Estate Services Single-Member SA, with registered offices at 25th Martiou, Teo and Thessalonikis St, Tavros, GR 17778 (hereinafter collectively “doValue”), as the Controller, respecting the European and national laws on the protection of personal data (General Data Protection Regulation EU 2016/679, Law 4624/2019, specific provisions of Law 4990/2022), herewith provides information with respect to the processing of your personal data carried out for the purpose of managing the report you have filed through its internal channels, on Union law breaches, as defined in Directive 2019/1937 of the European Parliament and of the Council of 23 October 2019 (hereinafter the “Report”). 

doValue, by way of derogation from article 5(1)A, articles 12 and 13, article 14(1-4), and article 34 of the GDPR, does not provide relevant notice on the processing of personal data to the Person Concerned or any third party in their capacity as a Data Subject named in the report, or the personal data that was the result of follow up, and specifically in relation to the source from which they originate, in accordance with GDPR article 14(2)(f), in implementation of GDPR article 14(5), in combination with GDPR article 23, to the extent, and as long as, necessary to prevent and address attempts to hinder reporting or to impede, frustrate or slow down follow-up, in particular investigations, or attempts to find out the identity of the reporting persons, and to provide protection against retaliation.

2. Personal scope of application

This Notice applies to any natural person, employee, current, outgoing or candidate, irrespectively of the type of employment contract, members of the Board of Directors, the Executive Committee, associates, suppliers, subcontractors, advisors of any type of doValue, in the context of project contracts, independent services, salaried orders, or employees through third parties/counterparties of doValue, who report, with or without their name, breaches that have been committed or are very likely to be committed at doValue.

3. Definitions

• “Report”: the communication of information on breaches of this policy to the Officer responsible for Receiving and Following Up on Reports of doValue. 
• “Person Concerned”: the natural or legal person who is referred to in the report as a person to whom the breach is attributed or who is associated to the person to whom the breach falling into the scope of this policy is attributed. 
• “Reporting Person”: the natural person who reports information on breaches acquired in the context of their work-related activities. 
• “Breaches”: Any acts or omissions that are unlawful under Union laws or defeat the object or the purpose of the rules of Union law.
• “Officer Responsible for Receiving and Following Up on Reports”: the Officer Responsible for Receiving and Following Up on Reports related to breaches falling within the scope of this policy.

4. Obligation of confidentiality and measures for ensuring it

doValue guarantees the confidentiality of any Report and the information contained therein, as well as the anonymity of the Reporting Person, even in the case when the report turns out to be false or unfounded.

More specifically: 

• Personal data and any other type of information from which the identity of the Reporting Person may be directly or indirectly deduced is not disclosed to anyone other than the authorised members of staff competent to receive or follow up on reports, unless the Reporting Person gives their explicit consent.  To this end, doValue adopts the necessary technical and organisational measures to protect and safeguard personal data and preserve confidentiality in following up on Reports.
• Disclosures pursuant to par. 1 of this chapter are made only if the Reporting Person gives their explicit consent or if the disclosure is required by Union or national laws, and in accordance with the applicable conditions. 
• In derogation from the above, the identity of the Reporting Person and any other information may only be disclosed in those cases when it is required by Union or national laws, in the context of administrative, civil and/or criminal investigations by the competent public authorities or in the context of judicial proceedings, and provided the disclosure is necessary to serve the purposes of the Union or national laws or to ensure the rights of defence of the Person Concerned are protected.

The above, as regards the protection of the identity of Reporting Persons, shall also apply to the protection of the identity of Persons Concerned.

doValue adopts all appropriate technical and organisational measures to ensure the security and confidentiality of Personal Data and their protection from accidental or unlawful destruction, loss, alteration, prohibited transmission, dissemination or access and any other form of unlawful processing. Moreover, it enforces confidentiality clauses and the obligation of secrecy on any person who has access to or process personal data on its behalf. 

Reports are stored in confidence and recovered when required by Union or national laws, and in any case until the conclusion of any investigation or judicial proceedings that has been initiated as a result of the Report.

5. Purpose and legal basis for processing personal data

The personal data described in this Notice is subject to processing by doValue to fulfil the legal obligation to establish reporting channels and adopt the necessary measures for follow up, as defined by the law on the protection of persons who report breaches of Union law, as in force from time to time. Moreover, doValue may process this data to prepare anonymised reports in the context of its legitimate interest in sound and transparent management. 

6. Categories of personal data subject to processing 

doValue will process only the data that is strictly necessary to document the Report and serve the aforementioned purposes of processing personal data, hence the following: 

• Identification data, such as full name, father’s name;
• Work data, such as position, work unit, duties, annual evaluations;
• Contact data, such as landline and mobile number, email address;
• Data relating to the breach incident, such as time and location of the incident, additional information or available evidence, your relationship with the incident and the Person Concerned, or other people you suspect are involved in the incident.

7. Recipients of personal data 

The aforementioned personal data is subject to processing solely by competent and authorised employees and bodies of doValue to manage and document the Report and by the Officer Responsible for Receiving and Following Up on Reports. The data may also be transferred to or be subject to processing by selected and specialised third parties, such as external lawyers or advisors. In the case when the data included in the Reports may also be used as evidence in administrative, civil and criminal cases and investigations, the same will be forwarded to the competent supervisory and investigation authorities.

In case of personal data breach, doValue will not proceed to notify the Data Subject according to its obligation per GDPR article 34(1), since this notice may be detrimental to the purposes of the Report. It will notify the Data Protection Authority, which may request from doValue to disclose the breach to the data subject, if it determines that the conditions for non-disclosure are not met.

8. Transfer of Personal Data outside the EEA 

Personal data included in the Reports shall not be transferred to countries outside the European Economic Area.

9. Period for retaining the Report and personal data

Personal data will be retained solely for the time period necessary to achieve the purpose for which they were collected. Specifically:

• When the Report is deemed unfounded, the data retention period is two (2) months from rejection of the Report.
• When the incident described in the Report is subject to legal proceedings, the personal data is deleted once a final court judgement is handed down.
• When the Report discloses documented evidence against a doValue executive, the personal data is retained for as long as the executive is employed by/has a relationship with doValue and is deleted 20 years after the cooperation ends by any means.
• When the Report discloses documented evidence against a doValue external associate or supplier, the personal data is retained throughout the period of cooperation and is deleted 5 years after the cooperation ends by any means.

10. Personal data protection rights and contact information for exercising those rights

With regard to the personal data subject to the aforementioned processing, Data Subjects (e.g. Reporting Persons, Persons Concerned or third-parties involved) have the following rights:

• The right to information and access to their data and the right to receive additional information on its processing.
• The right to correct, amend, supplement and update the data.
• The right to have their personal data deleted when this right is not subject to restriction according to the applicable laws or other restrictions.
• The right to limit the processing of their personal data, when: (a) the accuracy of the personal data is contested and until it is verified; (b) the processing is unlawful and the data subject requests restriction of data use instead of erasure; (c) the personal data is not required for the purposes of processing but is however necessary in order to establish, exercise and defend legal claims; and (d) the Data Subject objects to the processing and until it is verified there are legitimate grounds related to doValue that override the grounds for objection.
• The right to object processing, only under certain conditions specified by law.
• The right to portability of the personal data, without charge, in a format that allows access, use and processing, and also the right to have the data directly transmitted to another controller, if technically feasible. This right applies to data they have provided and which is processed by automated means, based on their consent.

To exercise the above rights, you may contact in writing the doValue Regulatory Compliance & AML/CFT unit, at 27 Kyprou and Archimidous Streets, GR 18346 Moschato, or via email at [email protected]. 

You may contact the doValue Greece Data Protection Officer on matters relating to the processing of your personal data at the address 27 Kyprou & Archimidous Streets, GR 18346 Moschato, Attica, Greece or the email address:  [email protected] 

Lastly, you have the right to lodge a complaint with the competent Data Protection Authority for matters relating to the processing of your personal data. In relation to the Authorities competencies and procedures for lodging complaints, you may visit the website of the Hellenic Data Protection Authority: www.dpa.gr > Rights of individuals > Complaint to the Hellenic DPA, where detailed instructions are available.

11. Update and amendments to this Notice on personal data processing

Based on its personal data protection policy in force from time to time and in the context of the legislative and regulatory framework in force from time to time, doValue may revise or amend this Notice, and the latest version will always be available on the doValue Greece website www.dovaluegreece.gr

Last update: 30.06.2023

If you have been subject to unethical conduct or misconduct by our people or associates or if you have become aware of such conduct against somebody else, it is important that you let us know.
 

Find out how you can submit your report (whistleblowing), with or without your name:
 

By email

Send an email to: [email protected]
 

By phone

Call on: +302104847620
 

By post

Send a letter to:

doValue Greece, Attention: Head of Regulatory Compliance
27 Kyprou and Archimidous Streets
18346 Moschato, Attica
 

Confidential response

We investigate all the reports submitted to us with no exception. We strive to respond immediately to your concerns with transparency and confidentiality.

Find out how we handle the reports we receive about misconduct and conflict of interest.

We have processes in place to ensure the confidentiality and privacy of the reports and remarks we receive.