PERSONAL DATA PROTECTION POLICYIn ALPHA BANK S.A. (hereinafter “the Bank”) we recognise the importance of the personal data (hereinafter “the Data”) of our websites΄visitors. The protection of your personal data, always in compliance with the applicable regulatory framework on the protection of personal data, constitutes a commitment for us.
This Personal Data Protection Policy applies to the Bank’s websites. It aims to provide information regarding the collection, storing, use and any other form of processing of visitors’ data by the Bank, in its capacity as Data Controller, as well as regarding your rights pursuant to applicable provisions.
1. WHICH ARE THE CATEGORIES OF DATA WE COLLECT FROM YOU
1.1. Data required for the management of the online services (Alpha e-banking), the submission of online comments through the Bank’s or third party websites (e.g. posting a comment in a social media platform), complaints, questions and requests.
- Identification data, e.g. full name, ID card no., Tax ID no, date of birth;
- Contact data, e.g. postal and email address, landline and/or cellphone number, comments, requests, etc.;
- Authentication data, e.g. username and password.
1.2. Cookies and other technologies
As it is described in detail in the Cookies Policy, we collect information using cookies and other similar technologies, such as web beacons and social plugins.
1.3. Device Data
When you visit our websites, we receive the URL address of the website you accessed prior visiting our site, the date and time of your visit, the operation system of the device and the browser used, as well as the IP address of your device.
1.4. Location Data
When you visit our websites, using a computer, tablet or cell phone, we collect data regarding your exact location, based on the setting of your devices. In any case, keep in mind that your consent will be requested before using location and GPS services.
2. INFORMATION WE MAY COLLECT FROM OTHER SOURCES
We collect information that you disclose to us when you visit and/or browse our website, when you use Alpha e-banking services or when you submit an online comment, complaint, question or request. Furthermore, we may collect information from third parties (persons or legal entities), e.g. IT and technology companies and social network platforms.
3. WHY WE USE YOUR INFORMATION
The Bank collects and processes only the data required to pursue the following purposes. In particular:
3.1. We may process your data in the context of the contractual relationship between us:
- For identification purposes in order to communicate with you;
- For the management of your complaint, in relation to one of our banking products or services;
- For the management of a request you submit regarding one of our products or services or for the settlement of your debt;
- For your information regarding our banking products and services, for which you have previously expressed an interest;
- For your information regarding the bonus points you have accumulated from all the Bonus cards and associated loyalty programmes.
3.2. We may process your data in order to pursue our legitimate interests, provided that they do not exceed the rights and freedoms of the visitors of our websites, e.g.:
- For the accurate and more efficient operation and management of our websites;
- In order to investigate and resolve technical issues in the context of the provision of our services (e.g. coding errors);
- To conduct studies and research in order to evaluate and improve our banking products and services or to develop new products and services;
- To contact you to inform you about the utilisation of your banking products or services, their capabilities, their features as well as any new development/application;
- To investigate the degree of satisfaction from the service offered and the services of our Bank and/or your further needs or wishes.
3.3. We may process your data if you have previously expressly given your consent, e.g.:
- To improve our services offered through our website, in order to meet your personal needs and choices;
- To improve and measure the effectiveness and deliverability of our advertisements appearing in third party websites;
- To personalise our services to you by using location data, e.g. to locate the Branch or ATM of our network that is closest to you, show offers and ways to redeem your points;
- To display advertisements related to the Bank’s products, offers and
- To send newsletters, if you are not a Customer of the Bank.
In any case, the Bank may process your data for purposes of compliance with the obligations imposed by the currently applicable legal and regulatory framework and the supervising authorities, as well as with the decisions of competent Authorities or Courts.
4. WHO WE WILL SHARE YOUR INFORMATION WITH
We may disclose your data, in addition to the Employees of the Bank responsible for the processing of requests, the management of comments, complaints and questions you submit through our websites, provided that the currently applicable statutory conditions are met, to the competent employees of companies of our Group in the context of their activities, as well as to third parties (natural persons and legal entities, to whom the Bank assigns from time to time the performance of certain tasks on its behalf), under the condition to maintain at all time professional secrecy and the confidentiality, e.g.:
- advertising and marketing agencies for the products and services of the Bank;
- database and website administration companies;
- providers of innovative solutions for payment technologies and services, providers of postal services, development services, maintenance, customization of IT solutions, email services, hosting as well as cloud services;
- supporting / information companies (call centers);
- market research companies, in order to conduct a research related to the Bank’s products and services.
In any case, the Bank guarantees that it will not transfer, disclose, provide, etc. your data to third parties for any purpose or use, other than those expressly disclosed in this Policy. However, we reserve the right to disclose information related to you, if we are obligated by the law or if said disclosure is required by the competent supervisory, audit, independent, judicial, public and/or other authorities. Furthermore, keep in mind that the Bank may transfer the data it collects from its websites to countries outside the European Union or to an international organization in the following cases: a) if the European Commission has issued an act regarding the sufficient protection of personal data in that specific country or international organisation, b) if you have been specifically informed and you have expressly given your consent to the Bank and the other conditions of the legal framework are met, c) if the transfer is necessary for the performance of a contract, e.g. if the transfer is necessary for the execution of payment orders to a credit institution in a third country or, in case of a transfer for the execution of an order for the conclusion of a financial instrument transaction, d) if the transmission is necessary for the establishment, exercise or defense of legal claims or the defense of the Bank’s rights, e) if there is a relative obligation arising from a statutory provision or a transnational/ international convention, f) in the context of compliance with the rules on automatic exchange of tax information, derived from the regulatory and legislative framework.
5. HOW WE KEEP YOUR INFORMATION SECURE
The Bank implements appropriate technical and organisational measures to ensure confidentiality, integrity and availability of the information on a permanent basis, in order to be protected from incidental or unlawful destruction, loss, alteration, prohibited dissemination or access and any other form of unlawful processing.
The Bank audits, pursuant to the established procedures, the compliance with the Group’s Information Security Framework, conducts specialised security audits (penetration tests and vulnerability assessments), trains and educates its Personnel on security matters and continuously assesses the elevated information security level, taking, further measures to address new threats and the associated risks, as this deems appropriate.
These measures contain but are not limited to, specialised, multilevel, security mechanisms for the protection of the services provided via Internet and the entire infrastructure of the Bank, mechanisms for the prevention of data loss (DLP), recording of access, protection of systems, central management of user access control based on their operational duties, as well as encryption and pseudonymisation of information, when required.
However, it is your responsibility to ensure that the equipment (e.g. personal computer), software, telecommunication equipment that you use is sufficiently secure and protected from malware (e.g. viruses). You should be aware that, by not using sufficient security measures (e.g. secure settings in your browser, updated malware protection software, avoidance of use of software and hardware of dubious provenance, etc.), entails the risk that the data, as well as the passwords you use, can be disclosed to non-authorized third parties.
6. HOW LONG DO WE KEEP YOUR DATA
6.1. We will keep your data as long as you are a Customer of the Bank and for a period of up to twenty (20) years after the expiration of the relevant agreement, when this is required by law.
6.2. If you are not a Customer of the Bank, we may keep the data collected from our websites for a period of up to five (5) years after their collection thereof.
6.3. After the elapse of the retention period, the Bank will ensure the secure destruction and/or deletion of your data.
7. YOUR RIGHTS
You have the following rights regarding the date we keep for you:
- Right of access: You may request to receive information regarding the processing of your data (e.g. the categories of data, the purposes of processing, etc.).
- Right to rectification: You may request us to rectify or supplement your data, if they are incomplete or contain inaccuracies.
- Right to erasure: In some cases you may request the erasure of all or part of your data (e.g. if the data is no longer required for the purposes for which it was collected).
- Right to restrict processing: You may request the restriction of the procession of your data, where specified by law.
- Right to object: You may object, at any time, to the processing of your data performed, in the context of the pursuance of our legitimate interests, as specified above.
- Right to data portability: You may request us to give you or transfer to a third provider some of the information you have provided us, in electronic form.
8. HOW CAN YOU EXERCISE YOUR RIGHTS
If you wish to exercise one of the aforementioned rights, you may contact us:
- in one of the Branches of our Network, by filing in the relevant request form - via our website, by filling in the contact form available here;
- by sending an email to CSO@alpha.gr ;
- at the address “Alpha Bank, Support Operations Department, Special Customer Support Services, 105 Athinon Avenue, 104 47 Athens”, sending the filled-in form for exercising rights, available here.
In case of submission of a request to exercise your rights, the Bank shall respond to your relevant request within one (1) month. Said time limit may be extended by two (2) months, following your prior notification, taking into consideration the complexity of the request and the number or requests being processed.
Keep in mind that our response to your aforementioned request is provided free of charge. However, if your requests is obviously inadmissible, excessive or repeated, we may charge a reasonable fee, after notifying you in advance or refuse to respond to your request.
If you believe that your rights are infringed in any manner whatsoever, you may also submit a complaint to the competent Supervising Authority:
Hellenic Data Protection Authority
Address: 1-3 Kifisias Ave., 115 23, Athens
Call Center: +30-210 647 5600
Fax: +30-210 647 5628
9. MORE DETAILS YOU NEED TO KNOW
9.1. The Bank does not collect or gains access to, in any manner whatsoever, special (“sensitive”) categories of personal data. The visitor has the obligation to refrain from providing such data, related to its person or third parties. Otherwise the data will be deleted as soon as we become aware of it. The Bank shall not be held liable by any visitors or third parties for the provision and/or processing of such data, caused by their acts or omissions in breach of the aforementioned obligation.
9.2. Our website may contain links to other websites that are not controlled by the Bank but by other third parties (e.g. social network websites, Greek and European Supervising Authorities, other services, etc.).
This Policy does not apply to said websites and we recommend visiting them directly in order to be informed about their data protection policies.
9.3. We may amend this Policy from time to time, in order to be always compliant with the statutory requirements and the procedures of our business activities. If we decide to replace this Policy or effect very important changes, we will notify you with a notice in this website. In order to be informed about the most up to date version of this Policy, visit this page regularly.
10. HOW CAN YOU CONTACT US
If you have questions or complaints related to this Policy you may contact us using the following information:
ALPHA BANK S.A.
Address: 40 Stadiou St., 102 52 Athens
Contact number: +30 210 326 0000
DATA PROTECTION OFFICER: