The Bank of Greece (hereinafter ‘the Bank’) processes your personal data solely in the context of fulfilling its tasks and does not disclose them for marketing purposes.
All personal information is processed in accordance with the provisions of the General Data Protection Regulation (EU) 2016/679 (hereinafter the ‘GDPR’), Greek Law 4624/2019 on Personal Data Protection, as currently in force, and the Bank’s IT security and confidentiality rules.
Who is responsible for your personal data?
The Bank is the data controller, within the meaning of the GDPR. Only the Bank’s dedicated staff will have access to your personal data. Personal data are not disclosed to third parties without the data subjects’ consent, unless required by law.
What information does the Bank collect?
As a central bank and member of the Eurosystem, the Bank collects personal data of data subjects including:
- legal representatives, staff, share and/or bond holders and customers of financial and credit institutions and insurance undertakings under its supervision, in the context of its tasks relating to supervision, financial stability, bank resolution and monetary policy conduct;
- members of the public entering into cash transactions with the Bank
- authorised representatives of central and general government entities, in the context of the Bank’s role as fiscal agent of the Greek state;
- legal representatives and staff of credit institutions, in the context of the Bank’s operation and oversight of payment and settlement systems;
- natural persons for purposes of statistical analyses and research studies.
In the conduct of its operations, the Bank collects and processes personal data of the following additional categories of data subjects:
- active personnel under a dependent employment contract, a remunerated mandate contract or otherwise employed by the Bank; the Bank’s retired employees, as well as candidates for recruitment;
- suppliers, contractors and other associates, in the context of procurement contracts for the provision of goods, works and services;
- visitors entering the Bank’s premises;
- participants in events held by the Bank.
The personal data are processed only for as long as necessary for the purpose of the processing. The retention time of personal data is only as long as specified in the Bank’s Records Retention Schedule and is made known to the data subjects.
Cookies are small text files that are stored by the browser you use (Chrome, Mozilla, Firefox, etc.) on your computer or device in order to offer you a better browsing experience.
The Bank’s website uses ‘functionality’ cookies only. These cookies do not collect any information about its website visitors that could be used for marketing purposes or to track user browsing history.
The Bank does not ask its website visitors for any personal information during their browsing sessions. The use of any contact form on this website requires the provision of contact details, which the Bank will only use to contact you directly. Such information will not be disclosed to third parties or used for any purpose other than the one for which it was provided.
Legal basis of the processing of personal data
Personal data are collected and processed by the Bank based on your consent or subject to the requirements for lawful processing as specified in Article 6(1) of the GDPR.
More specifically, in order for any processing of personal data to be lawful, at least one of the following legal bases must apply:
- consent of the data subject;
- contractual relationship;
- compliance with a legal obligation;
- protection of vital interests of any natural person;
- task carried out in the public interest or in the exercise of official vested authority in the data controller;
- legitimate interests.
You can withdraw your consent at any time. Once you have withdrawn your consent, your personal data will no longer be processed, but prior processing will remain lawful.
Rights of the data subjects
You have the right to access and rectify your personal data, to restrict the processing of your data or object to any processing and, under certain conditions, to ask for your data to be deleted. You have also the right to request the Bank to transmit your personal data to another controller.
Furthermore, you have the right to lodge a complaint with the Hellenic Data Protection Authority if you feel that the Bank has processed your personal data in violation of the GDPR.
If you have any further questions about the processing of personal data concerning you, or if you wish to exercise your rights, you can contact the Bank’s Data Protection Officer by email to: firstname.lastname@example.org or by letter to the following address:
BANK OF GREECE
21, E. Venizelos Avenue
To the attention of the Data Protection Officer (DPO)
To exercise your rights, please fill out the Data Subject Request Form.
As data subject, you have the following rights:
- Right to object
You have the right to object to processing by the Bank of personal data concerning you and the Bank will no longer process your personal data, unless it demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
How does the Bank protect your rights?
The Bank abides by the principles governing the processing of personal data under the GDPR and takes appropriate organisational and technical measures to ensure the security and confidentiality of your personal data and to protect them against any accidental or unlawful destruction, accidental loss, alteration, unauthorised disclosure or access, as well as any other form of unlawful processing.