Personal data Processing Notice of doValue Greece Pursuant to Regulation (EU) 2016/679 and the Relevant Greek and European Legislation
doValue Greece Loans and Credits Claim Management Société Anonyme headquartered in 27 Kyprou & Archimidous Streets, 18346 Moschato, Greece, GEMI no. 121602601000, with distinctive title “doValue Greece” (hereinafter “doValue Greece”), informs you pursuant to the General Data Protection Regulation (EU) 2016/679 (hereinafter referred to as the “GDPR”), Greek law 4624/2019 for the implementation thereof and the relevant Greek and European legislation on the protection of personal data, under its capacity as controller with regard to the collection and further processing of your personal data and your rights as data subject.
Which entities assign their portfolio management to doValue Greece
Within the context of its activities, doValue Greece performs the servicing of receivables portfolios deriving from loans and credits granted by credit or financial institutions, upon their respective assignment to it, by the following entities:
- Credit or financial institutions supervised by the Bank of Greece which granted the respective loans and credits from which the receivables under servicing derive, or which became beneficiaries of such receivables by virtue of universal or special succession, or, finally, which manage such receivables within the framework of a debt securitization program pursuant to the provisions of article 10 para. 4 of Greek law 3156/2003. In these cases, and as regards the processing of your personal data, the respective credit or financial institution will act as the controller, while doValue Greece will act as processor.
It should be noted though, that, in such cases, doValue Greece will act as a controller solely with respect to the processing of:
- the recorded voice communications record as regards the communications conducted by doValue Greece for the purpose of providing information to debtors for overdue debts, in accordance with the provisions of Greek law 3758/2009, as in force;
- the record relating to debtors’ complaints and requests addressed to doValue Greece, pursuant to the provisions of Bank of Greece Executive Committee Act no. 157/02.04.2019, as in force;
- the data required for the compliance of doValue Greece with the applicable legal and regulatory framework on money laundering and terrorism financing, as in force from time to time (in particular, Greek law 4557/2018, the Bank of Greece Banking and Credit Committee Decision 281/2009, Directive 2005/60/EC, Directive 2015/849/EU, the Financial Action Task Force Guidelines and all other relevant acts, decisions and implementing circulars of any competent authority), in particular for the purposes of the provision of article 24 of Greek law 4557/2018; and
- the data required for the overall compliance of doValue Greece with the obligations imposed by the applicable legal, regulatory and supervisory framework, as well as with the decisions of any competent authorities (governmental, administrative, supervisory etc.) and/or court.
The processing activities carried out by doValue Greece as controller, pursuant to the abovementioned, are governed by the terms of the present Notice.
- Claims acquiring companies pursuant to the provisions of article 1 para. 1 (b) of Greek law 4354/2015, as in force, and special purpose entities engaged in securitization transactions in accordance with the provisions of articles 10 and 14 of Greek law 3156/2003 (SPVs). In these cases, doValue Greece and the aforesaid claims acquiring companies and special purpose entities will be the controllers of your personal data.
More information about the entities and portfolios of receivables under the servicing of doValue Greece is available at the following link. The respective privacy policies of the aforesaid entities are available at www.dovaluegreece/en/personal-data-processing-debt-collection-agencies.
This Notice may be supplemented by more specific notices, depending the case, [indicatively: cases of processing special categories of personal data, cookies, data collected via the website (currently www.dovaluegreece.gr), video recording systems (CCTV), visitors’ book etc.)].
Which entities assign their portfolio management to doValue Greece
1. Details of the controller of your personal data
The controller of your personal data is doValue Greece, a special purpose Société Anonyme for the servicing of receivables deriving from loans and credits pursuant to the provisions of Greek law 4354/2015, duly authorised and supervised by the Bank of Greece (Decision no. 220/2017 of the Credit and Insurance Committee of the Bank of Greece, published in the Government Gazette’s Issue Β’ 880/16.3.2017).
2. Who does this Notice refer to
This Notice refers to natural persons (debtors, co-debtors, co-obligors, guarantors etc.), whose debts are included in the receivables portfolios under the servicing of doValue Greece pursuant to the provisions of Greek law 4354/2015, following the assignment thereof by the aforesaid entities, as well as to any natural person (third parties who have provided guarantee or other collateral in favor of the above persons, family members, legitimate representatives, attorneys at law, process agents (in Greek: antikliti), other authorised persons, employees, associates, legal representatives, shareholders and actual beneficiaries of debtors who are legal persons or entities etc.) affiliated with the above and/or relating to the debts thereof.
It is noted that if the debtor (or co-debtor, co-obligor, guarantor, etc.) is a legal person or entity, this Notice is addressed to its administrators, representatives, partners and members of management whose personal data are processed by doValue Greece for the purposes of servicing said legal person’s debt by doValue Greece.
3. What personal data doValue Greece processes and which sources it collect such data from
A. Categories of personal data processed by doValue Greece.
With the exception of data under points (i) and (ii) below which are absolutely necessary in any relationship with doValue Greece, the categories and number of other collected and processed personal data depends in any case on the data subject’s capacity, as per Section 2 above, as well as on other factors, such as the type of relationship, partnership or transaction with doValue Greece. In view of the above, the personal data that doValue Greece collects and processes may indicatively be the following and not all pf them necessarily concern you.
i) Identification data: name and surname, father’s name, mother’s name, identity card and identity card number or passport and passport number, tax identification number (T.I.N.), competent tax authority, social security number (in Greek A.M.K.A.), date and place of birth, sex, citizenship, signature data etc.
ii) Contact data: postal and e-mail address, fixed and mobile telephone number, etc.
iii) Data concerning your economic, financial and family status: profession and duration of occupation, remuneration, dependent family members, marital status or non/ partnership contract/widowhood, tax declarations (forms E1 and E9 etc.), salary statements, tax clearance certificates and/or insurance clearance certificates, mobile, real estate and other assets, etc.
iv) Data concerning the failure to perform your financial obligations: such as, termination of loan and credit agreements, payment orders, seizures and relevant payment rulings, applications for and decisions on consolidation or bankruptcy or debt settlement in general (indicatively applications under Greek law 3869/2010, Greek law 4469/2017, Greek law 4605/2019 etc.).
v) Data concerning your creditworthiness: such as debts towards credit and/or financial institutions deriving from loans and credits etc.
vi) Credit profiling/ credit scoring data from databases on economic behavior such as the company TIRESIAS S.A.
vii) Data concerning the performance, servicing and management of your loan or credit from which your debt derives, including the relevant contractual documents, the payment history relating to your debt, as well as letters or extrajudicial notices exchanged with regard to your debt.
viii) Data related to recorded communications (such as phone calls, face to face communications, electronic communications) in accordance with the legal requirements (including, indicatively, any complaints and requests submitted by the debtors, as well as any telephone communications made by doValue Greece for the purpose of informing the debtors for overdue debts in accordance with the provisions of Greek law 3758/2009, as applicable and in force).
ix) Special categories of personal data, such as health data concerning you and/or dependent members of your family, which are collected directly from you by virtue and for the purposes of implementing the procedures of the Bank of Greece Code of Conduct (Credit and Insurance Committee Decision with no. 195/1/29.7.2016, as in force), as well as for the purposes of processing and assessing any debt-settlement requests and complaints and/or where you have provided your explicit consent and/or when the processing is necessary for the establishment, exercise or support of legal claims of doValue Greece or the respective receivables entities.
x) Data related to the use of electronic and/or digital services and communications of doValue Greece (such as cookie identifiers, IP addresses, location data or other online identification data), pursuant to the specific terms governing such services.
xi) Image data collected from the video surveillance systems at the premises of doValue Greece, where relevant notification signs have been placed pursuant to the law.
xii) Data deriving from supplementary and supporting documentation you send to or submit to doValue Greece during your contractual relationship with doValue Greece or at a pre-contractual stage.
xiii) Data for the assessment of the risk of money laundering and/or terrorism financing.
xiv) Minors’ data, only when the legal preconditions have met.
B. Sources from which doValue Greece collects your personal data.
doValue Greece collects your aforesaid personal data from the following sources:
i) The credit or financial institution which granted the loan or credit from which your debt derives
ii) The entity which assigned to doValue Greece the servicing of your debt.
iii) Other debt management companies under the provisions or article 1 para. 1 (a) of Greek law 4354/2015, as applicable and in force.
iv) Directly from you.
v) Credit or financial institutions with which you maintain a customer relationship for the purpose of applying due diligence measures pursuant to the applicable legal and regulatory framework on the prevention, detection and mitigation of money laundering and terrorist financing.
vi) Publicly accessible sources (indicatively telephone directories, courts, land registers, cadastral offices, registers, web, open social media profiles, mass media etc.).
vii) From the databases on economic behavior held by the company TIRESIAS S.A. (registered office’s address: 2 Alamanas Str., 151 25 Maroussi, tel. number: +30 210 3676700, website: www.teiresias.gr).
It is noted that the controller of the aforesaid economic behavior data is the company under the trade name “INFORMATION BANKING SYSTEMS SA” and distinctive title “TIRESIAS S.A.” to which you may address any request regarding the exercise of your relevant rights as well as the provision of information in accordance with the law. Such information on the processing of personal data by TIRESIAS S.A. is available at the company’s website at: www.teiresias.gr.
viii) Lawyers, law firms, court bailiffs, notaries.
ix) Third (natural or legal) parties, acting on your behalf or related to you.
x) Electronic devices or application you use or service providers doValue Greece collaborates with.
xi) Public authorities, services and bodies (including the Central Portal of the Public Administration and the tax authorities) in accordance with the legal provisions.
It is noted, that in case you provide doValue Greece with third parties’ personal data, including those of process agents and/or administrators, representatives, partners and management bodies, you must have ensured that you have duly informed such third parties with regard to the transfer of their personal data and the processing thereof by doValue Greece, prior to such transfer (indicatively via reference to this Notice of doValue Greece), and that you have obtained their necessary consent, if required.
4. Why doValue Greece collects your personal data and for which processing purposes
doValue Greece processes your personal data for credit servicing purposes in accordance with articles 1 - 3 of Greek law 4354/2015, as applicable and in force. In particular, doValue Greece processes your personal data for the purposes mentioned below:
A. For the execution of a contract and in order to take pre-contractual measures at your request.
Said processing of your personal data serves, in particular, purposes such as:
i) Your identification, verification of your data and the communication with you during the management of your debt under the original loan or credit agreement or under the relevant debt-settlement agreement and during both the pre-contractual and contractual stage.
ii) The management of your loan or credit agreement, from which your debt under the servicing of doValue Greece derives, and the conclusion, execution, management and, in general, smooth servicing of the agreement concluded for the settlement of your debt and for the fulfillment of the respective obligations arising therefrom.
iii) The monitoring of your debt evolution, the assessment of your application and your requests.
iv) The prevention or mitigation of your potential failure to fulfill your obligations arising from the loan or credit, from which your debt under the servicing of doValue Greece, derives.
v) The pursuit of the collection of any amounts you owe in relation to the loan or credit, under the servicing of doValue Greece.
vi) The communication with you, and the provision of the relevant information to you in view of finding the best solution for your debt.
B. For doValue Greece’s compliance with its legal obligations
doValue Greece will process your personal data to the extent required to comply with the below legal and regulatory obligations to which it is subject and which derive from the provisions of Greek law 4354/2015 and Act no. 118/19.05.2017 of the Bank of Greece Executive Committee, as applicable and in force:
i) the legal and regulatory framework on money laundering and terrorist financing, as in force from time to time (and in particular, Greek law 4557/2018, decision no. 281/5/17.3.2009 of the Bank of Greece Banking and Credit Committee, Directive 2005/60/ΕC, Directive 2015/849/ΕU, the Financial Action Task Force Guidelines, and all other relevant acts, decisions and implementing circulars of any competent authority),
ii) the Bank of Greece Code of Conduct (decision no. 195/1/29.7.2016 of the Bank of Greece Credit and Insurance Committee, as applicable from time to time, Greek law 4224/2013 and in particular articles 1 and 4 thereof, as applicable from time to time, and any other regulatory and implementing act or decision issued in relation to the above),
iii) act no. 157/02.04.2019 the Bank of Greece Executive Committee, as applicable from time to time, which imposes, inter alia, obligations for the provision of information and, in general, requirements on transactions’ transparency, including, in particular, the management of debtors’ requests and complaints,
iv) the submission of regulatory reports to the Bank of Greece and the conduct of audits by the Bank of Greece,
v) article 8 para. 2 of Greek law 3758/2009, as applicable and in force, which imposes the obligation to record the content of the telephone calls conducted by doValue Greece for the purposes of informing the debtors for overdue debts, and
vi) the overall compliance of doValue Greece with the obligations imposed by the applicable legal, regulatory and supervisory framework, as well as with the decisions of any competent authorities (public, supervisory, independent, prosecution etc.) or courts (including arbitrary).
C. For the purpose of the legitimate interests pursued by doValue Greece or by a third party
The processing of your personal data serves purposes relating to the defense of doValue Greece’s or the respective receivables entities’ legal rights and interests, as such entities are specified above, the collection and judicial pursuit of claims under the servicing of doValue Greece, the prevention and deterrence of criminal acts or frauds against doValue Greece, the security and safety of information systems, facilities and assets of doValue Greece as well as the protection of persons who do business with doValue Greece, of the personnel and visitors of doValue Greece’s premises, the handling of your complaints, the compliance of doValue Greece with obligations arising from contracts concluded with the receivables entities, procedures for securitization or sale of receivables from loans and credits within the applicable legal and regulatory framework and the assessment of the level of your satisfaction from the services provided by doValue Greece for the purpose of the improvement thereof and from the transactional relationship between you and doValue Greece, in general. Prior to such processing doValue Greece ensures that your interests or fundamental rights and freedoms requiring the protection of your data are not overridden by doValue Greece’s interests or the interests of the respective receivables entities.
D. With your consent
Where doValue Greece has requested and received your consent, the processing of your personal data is based on such consent. In these cases, you have the right to withdraw your consent at any time. The withdrawal of your consent shall not affect the lawfulness of processing based on your consent provided before its withdrawal.
Ε. Profiling or automated decision-making
doValue Greece does not make decisions based solely on automated processing of personal data.
However, doValue Greece may make decision on the basis of non-solely automated decision-making by applying partially automated methods and procedures including (a) credit profiling based on your financial data, as well as your creditworthiness and credit rating, when this is necessary for the conclusion or execution of a contract between you and doValue Greece as controller and/or where this is permitted by the European or national legal framework to which doValue Greece is subject, (b) profiling for the risk assessment of money laundering and terrorist financing with the use of international acknowledged modes for the combined evaluation of data to ensure doValue Greece’s compliance with its legal obligations. The result of the above processing activities includes the approval or rejection of your debt settlement application.
As regards, the abovementioned processing activities, doValue Greece, undertakes to ensure that the relevant decision is subject to suitable safeguards for the protection of your rights, freedoms and legitimate interests as data subject, at least the right to obtain human intervention, to express his or her point of view, to obtain an explanation of the decision reached after such assessment and to challenge the decision in accordance with the relevant provisions of the GDPR.
5. Who are the recipients of your personal data
Within the context of the processing of your personal data, doValue Greece may transfer such data to the following recipients:
i) To the respective receivables entities, as such entities are specified above (in the preamble of this Notice), i.e.:
- The credit or financial institutions.
- Claims acquiring companies pursuant to the provisions of article 1 para. 1(b) of Greek law 4354/2015, as in force, and special purpose entities engaged in securitization transactions in accordance with the provisions of articles 10 and 14 of Greek law 3156/2003 (SPVs).
Please note that, in particular as regards your identification and communication data (details of your identity card, telephone number, address, etc.) which are collected directly from you or from publicly available sources by doValue Greece (either by doValue Greece itself or through third parties acting on its behalf as processors) for the purposes of management of your debt, the recipients of such data may be all the entities of receivables under the management of doValue Greece.
ii) To the (natural or legal) persons to which doValue Greece delegates the performance of specific tasks on its behalf (processors). In this context, your personal data may be transferred, indicatively, to:
- Debt notification companies under the provisions of Greek law 3758/2009, as applicable and in force, as well as law firms and lawyers in case your debt has become overdue.
- Service providers (affiliated companies and third parties), which perform data processing operations, such as the provision of data storage, filing, management and destruction of files and data services, call centers, or other natural or legal persons that process personal data for the purposes of checking and updating thereof, IT products and/or services providers and/or technical support providers of all kinds of information and electronic systems and networks, including online systems and platforms, providers of printing and sending of the periodic statements and written communications, for the purpose of recording the payments of your debt, as well as providers of other supporting services with respect to doValue Greece's activities in the managing of your debt (collaborating service networks, receiving and processing requests, provision of back-office services, etc.).
- Providers of consulting services with respect to the receivables portfolios under servicing and other professional consultants.
- Providers of accounting/tax services.
- Security companies.
- Post services providers.
iii) Real estate management or investment companies as well as brokers.
iv) Claims acquiring companies of Law 4354/2015 and special purpose entities engaged in securitization transactions of Law 3156/2003, in the framework of assignment of receivables under the management of doValue Greece (including the evaluation process).
v) Law firms, lawyers, court bailiffs, notaries and competent courts, experts.
vi) Certified Auditors.
vii) Other credit servicing companies under the provisions of article 1 para 1 (a) of Greek law 4354/2015, as applicable and in force.
viii) Substitutes of doValue Greece as servicer of securitised receivables within the meaning of article 10 para. 14 of Greek law 3156/2003.
ix) Security trustees in case of servicing of securitised receivables as per articles 10 and 14 of Greek law 3156/2003 as well as noteholders and/or representatives thereof pursuant to the provisions of article 10 para. 22 of Greek law 3156/2003 and the originator.
x) Supervisory authorities [including the Bank of Greece, the European Central Bank (ECB) and the Single Supervisory Mechanism (SSM)], governmental, administrative, independent, judicial, prosecution, police, tax, public, European and/or other authorities or entities or parties entrusted with the monitoring or supervision of the activities of doValue Greece and within the competence thereof and authorised mediators and meditation centers, arbitration tribunals and alternative dispute resolution entities.
xi) Insurance companies and intermediaries in the framework of providing insurance products (indicatively for the insurance of a secured property, in case you are not fulfilling your relevant insurance obligations, for the loan insurance and its repayment in case of death, etc.).
xii) TIRESIAS S.A. as regards the data relating to the records kept by it (termination of loan and credit agreements, loan and credit agreements and the evolution thereof, contracts for the provision of guarantee etc.), for the abovementioned purposes for data processing by TIRESIAS S.A. and for the purposes of the database "Tiresias System of Risk Control" , as described in detail on the website of the aforesaid company (www.tiresias.gr), where the information of the processing of personal data by TIRESIAS S.A. as controller, is available.
xiii) To credit institutions where the deposit account is kept to service your debt as well as to card acquiring service providers.
xiv) The employees of doValue Greece, who are responsible for the processing of your personal data as well as members of doValue Greece’s administration and within the course of their duties.
xvi) Any third parties that submit a request for information to doValue Greece, when the legal conditions have been met.
6. Transfer of your personal data outside the European Economic Area
doValue Greece will not transfer your personal data directly to third countries or international organisations, unless such transfer is required by the applicable regulatory or legal framework.
If applicable, doValue Greece may transfer your personal data to third countries under the following circumstances:
i) Where the European Commission has decided that the third country, a territory or one or more specified sectors within that third country or international organisation ensure an adequate level of protection, or
ii) If appropriate safeguards have been provided from the recipient, in accordance with the national and European legislation.
In the absence of the abovementioned circumstances a transfer may take place if:
i) You have provided your express consent to doValue Greece; or
ii) the transfer is necessary for the performance of a contract between you and doValue Greece, such as for the execution of your orders, or
iii) the transfer is necessary for the establishment or exercise or defense of legal claims and rights of doValue Greece, or
iv) there is a relevant obligation arising from a legal provision or an international convention to which doValue Greece is subject. In order to fulfill such obligation, doValue Greece may transfer your personal data to competent national authorities so that such data are delivered through them to the respective authorities of third countries.
7. How long doValue Greece stores your personal data
Your personal data shall be retained for the entire time period during which your debt remains under the servicing of doValue Greece, in accordance with the relevant assignment contract with the respective receivables entity, and for as long as it is permitted by the applicable legal and regulatory framework. In any case your personal data may be stored until the completion of the general limitation period for the exercise of legal actions, pursuant to the applicable legal provisions, namely twenty (20) years from the – under any condition – termination of your relationship.
In the event of a legal dispute with doValue Greece and/or the respective receivables entity, or relevant administrative dispute, said storage period will be extended until the issuance of an irrevocable court decision.
doValue Greece shall keep a record of all complaints received, including documents relating to each case, for a minimum period of five (5) years in accordance provisions set forth in Act no. 157 / 02.04.2019 of the Bank of Greece Executive Committee.
Finally, doValue Greece shall retain any recorded telephone communication for the purposes of informing the debtors for overdue debts (article 8 para. 2 Greek law 3758/2009, as in force), for one (1) year.
Documents that have your signature and c0ntain your personal data may be stored electronically/digitally after a period of five (5) years.
8. Your rights towards doValue Greece with regard to the protection of your personal data
In accordance with the provisions of GDPR, you have the following rights:
i) Right of access to your personal data that are retained and processed by doValue Greece, as well as to information concerning the processing thereof (origin of the data, purposes of processing, categories of recipients, storage period).
ii) Right to rectification of your personal data, in the event of inaccurate data or for the purposes of completing incomplete personal data by providing any necessary document justifying the need for rectification.
iii) Right to object on grounds relating to your particular situation unless the processing is necessary for the purposes of the legitimate grounds of doValue Greece or a third party.
iv) Right to restriction of processing of your personal data where the accuracy of the personal data is contested by you or the processing is unlawful or doValue Greece no longer needs your personal data for the purposes of processing, or you have objected to the processing and the verification whether the legitimate grounds of doValue Greece override yours, is pending.
v) Right to erasure of your personal data from doValue Greece’s records.
vi) Right to data portability of your personal data and transfer thereof to another controller, provided that the processing is based on your consent or on a contract and is carried out by automated means.
Please note the following with regard to your abovementioned rights:
i) The right of access may not be fully or partially satisfied if the disclosure of the data would jeopardize national defense, national security and public safety as well as if the data cannot be deleted due to legal or regulatory provisions that require their retention or the retention serves exclusively data protection or control purposes, the provision of information would require disproportionate effort and the necessary technical and organizational measures make it impossible to process for other purposes.
ii) Your rights to object, restriction of processing and erasure (points iii, iv and v, above) may not be satisfied, partially or fully, if they are necessary for the performance of your contract and regardless the source thereof.
iii) doValue Greece has in any case the right to reject your request for restriction of processing or erasure of your personal data (points iv and v, above), if the processing or storage thereof is necessary for the establishment, exercise or defense of the rights of doValue Greece or the respective receivables entities or for the fulfillment of the obligations of doValue Greece. In particular, the right to delete your data may not be satisfied if your data is processed without automated means, provided that due to the special nature of the storage it is not possible to delete it or it is possible only with disproportionately large effort, given that your interest in deletion is not considered important or if the deletion is in conflict with the retention periods provided for in the law or terms of contract.
iv) The right to data portability (point vi above) does not include the erasure of the personal data from the records of doValue Greece. The erasure is subject to the conditions of point (iii) above.
v) The exercise of the rights above is valid for the future and does not affect the processing already performed on your personal data.
vi) In cases where doValue Greece manages receivables under assignment by credit or financial institutions, doValue Greece is responsible to respond, as controller, solely to queries relating to: a) recording of telephone communications made by doValue Greece for the purposes of informing debtors with respect to overdue debts, pursuant to the provisions of Greek law 3758/2009, as in force, and b) the record of complaints and requests you address to doValue Greece. For any other issue, you should contact the relevant credit or financial institution, which is the controller of your personal data.
9. How you may exercise your rights towards doValue Greece
For the exercise of your rights, you may address your relevant requests in writing, to the Customer Service and Complaints Management Unit of doValue Greece, 27 Kyprou & Archimidous Streets, 18346 Moschato, Greece or via email at [email protected].
doValue Greece shall use its best endeavors to address your request within thirty (30) days from its submission. The abovementioned period may be extended by two (2) further months, if deemed necessary at reasonable discretion of doValue Greece, taking into account the complexity and number of requests. doValue Greece shall inform you in case of such extension within one month from the receipt of the request.
The abovementioned service is provided by doValue Greece free of charge. However, where requests are manifestly unfounded, excessive or repetitive, doValue Greece may, after informing the person who has submitted the request, either charge a reasonable fee or refuse to act on the request/requests.
10. Data Protection Officer of doValue Greece
You may contact the Data Protection Officer of doValue Greece for any matter regarding the processing of your personal data, in writing at 27 Kyprou & Archimidous Streets, 18346 Moschato, Greece or via email at [email protected].
11. Right to lodge a complaint at the Hellenic Data Protection Authority
You have the right to lodge a complaint before the Hellenic Data Protection Authority for any matter regarding the processing of your personal data. For the respective competence of the Authority and the procedure to be followed for filing a complaint, you may visit the Hellenic Data Protection Authority website (Citizen Rights > Complaint to the Hellenic DPA), where detailed information is available.
12. Security of your personal data
doValue Greece implements appropriate technical and organisational measures to ensure the lawful protection and processing, as well as the effective protection of your personal data from unauthorised access to, disclosure of, processing, loss, alteration, accidental or unlawful destruction or corruption, prohibited transmission by third parties as well as any other form of unlawful processing.
13. Updating and modifying this Notice on the processing of personal data
doValue Greece may in accordance with its applicable policy on the protection of personal data and pursuant to the applicable legal and regulatory framework, modify or amend this Notice, the updated version of which will always be posted on the doValue Greece website at www.dovaluegreece.gr.
Last update: 10/07/21