Privacy policy
Privacy policy

Privacy statement

The Bank of Greece (hereinafter ‘the Bank’) processes your personal data solely in the context of fulfilling its tasks and does not disclose them for marketing purposes.

All personal information is processed in accordance with the provisions of the General Data Protection Regulation (EU) 2016/679 (hereinafter the ‘GDPR’), Greek Law 4624/2019 on Personal Data Protection, as currently in force, and the Bank’s IT security and confidentiality rules.

Who is responsible for your personal data?

The Bank is the data controller, within the meaning of the GDPR. Only the Bank’s dedicated staff will have access to your personal data. Personal data are not disclosed to third parties without the data subjects’ consent, unless required by law.

What information does the Bank collect?

As a central bank and member of the Eurosystem, the Bank collects personal data of data subjects including:

  • legal representatives, staff, share and/or bond holders and customers of financial and credit institutions and insurance undertakings under its supervision, in the context of its tasks relating to supervision, financial stability, bank resolution and monetary policy conduct;
  • members of the public entering into cash transactions with the Bank
  • authorised representatives of central and general government entities, in the context of the Bank’s role as fiscal agent of the Greek state;
  • legal representatives and staff of credit institutions, in the context of the Bank’s operation and oversight of payment and settlement systems;
  • natural persons for purposes of statistical analyses and research studies.

In the conduct of its operations, the Bank collects and processes personal data of the following additional categories of data subjects:

  •  active personnel under a dependent employment contract, a remunerated mandate contract or otherwise employed by the Bank; the Bank’s retired employees, as well as candidates for recruitment;
  • suppliers, contractors and other associates, in the context of procurement contracts for the provision of goods, works and services;
  • visitors entering the Bank’s premises;
  • participants in events held by the Bank.

The personal data are processed only for as long as necessary for the purpose of the processing. The retention time of personal data is only as long as specified in the Bank’s Records Retention Schedule and is made known to the data subjects.

Use of cookies

The Bank uses cookies for the sole purpose of enhancing its website performance.

Cookies are small text files that are stored by the browser you use (Chrome, Mozilla, Firefox, etc.) on your computer or device in order to offer you a better browsing experience.

The Bank’s website uses ‘functionality’ cookies only. These cookies do not collect any information about its website visitors that could be used for marketing purposes or to track user browsing history.

Users are given the option to accept or refuse our use of cookies. If you refuse cookies, some content on our website may not display properly, especially in third-party features over which the Bank has no control.

The Bank does not ask its website visitors for any personal information during their browsing sessions. The use of any contact form on this website requires the provision of contact details, which the Bank will only use to contact you directly. Such information will not be disclosed to third parties or used for any purpose other than the one for which it was provided.

Legal basis of the processing of personal data

Personal data are collected and processed by the Bank based on your consent or subject to the requirements for lawful processing as specified in Article 6(1) of the GDPR.

More specifically, in order for any processing of personal data to be lawful, at least one of the following legal bases must apply:

  • consent of the data subject;
  • contractual relationship;
  • compliance with a legal obligation;
  • protection of vital interests of any natural person;
  • task carried out in the public interest or in the exercise of official vested authority in the data controller;
  • legitimate interests.

You can withdraw your consent at any time. Once you have withdrawn your consent, your personal data will no longer be processed, but prior processing will remain lawful.

Rights of the data subjects

You have the right to access and rectify your personal data, to restrict the processing of your data or object to any processing and, under certain conditions, to ask for your data to be deleted. You have also the right to request the Bank to transmit your personal data to another controller.

Furthermore, you have the right to lodge a complaint with the Hellenic Data Protection Authority if you feel that the Bank has processed your personal data in violation of the GDPR.

If you have any further questions about the processing of personal data concerning you, or if you wish to exercise your rights, you can contact the Bank’s Data Protection Officer by email to: or by letter to the following address:

21, E. Venizelos Avenue
Athens GR-10250

To the attention of the Data Protection Officer (DPO)


To exercise your rights, please fill out the Data Subject Request Form.

As data subject, you have the following rights:


  • Right of access

You have the right to obtain from the Bank confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, to access such data and the information specified in the GDPR (Article 15(1)) and to obtain a copy of such data.


  • Right to rectification

You have the right to request from the Bank the rectification of inaccurate personal data concerning you, or to have incomplete personal data completed.


  • Right to erasure (‘right to be forgotten’)

You have the right to obtain from the Bank the erasure of personal data concerning you, and the Bank has the obligation to examine your request, in accordance with the provisions of Article 17 of the GDPR.


  • Right to restriction of processing

You have the right to obtain from the Bank restriction of processing where one of the conditions of Article 18(1) of the GDPR applies.


  • Right to data portability

You have the right to receive the personal data concerning you and to transmit those data to another controller in accordance with the terms and conditions of Article 20 of the GDPR.


  • Right to object

You have the right to object to processing by the Bank of personal data concerning you and the Bank will no longer process your personal data, unless it demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.


  • Right to withdraw your consent to processing

You have the right to withdraw at any time your consent to processing of your personal data by the Bank.

How does the Bank protect your rights?

The Bank abides by the principles governing the processing of personal data under the GDPR and takes appropriate organisational and technical measures to ensure the security and confidentiality of your personal data and to protect them against any accidental or unlawful destruction, accidental loss, alteration, unauthorised disclosure or access, as well as any other form of unlawful processing.