On May 25, 2018, the General Regulation on the Protection of Personal Data (hereinafter the ” Regulation “) came into force for the protection of individuals against the processing of personal data and for the free circulation of such data.

The purpose of this Privacy Policy is to inform you about how we care about the processing of your personal data in accordance with the terms of the Regulation as well as your rights regarding your personal data.

  • The Bank undertakes to take all necessary measures arising from the new Regulation on the protection and security of your personal data. With a sense of responsibility, with safe and transparent procedures, we protect, process, use and store your personal data.

The Regulation protects you by stipulating that the Bank may only process your personal data if this is necessary:

  • To perform a contract we have entered into with you
  • Because we have an obligation by law to process them
  • Because you have agreed to this processing
  • Because we have a legitimate interest in processing them (in this case, we will let you know what our legal interest is, and the processing is not allowed to harm your own interests too much).

The table below describes the purposes for which the Bank processes your data with reference to the reasons that justify this processing:

Processing purposes

Your service as a customer of the Bank

The Bank processes your personal data that is necessary for the provision of banking or other services to you, such as insurance, and for the development and promotion of new products and services of the Bank, any other companies of the Group or third parties cooperating with the Bank. companies as well as conducting research and / or analysis with automated means, including profile training, in order to better meet your needs.

The management of the operations and the management of the Bank


The Bank processes your personal data that is necessary for it to operate in the most efficient way and in accordance with the rules of proper operation of banking institutions. These include in particular:

  1. a) The actions taken by the Bank to defend its rights before judicial and other authorities in any judicial or extrajudicial proceedings, including, in particular, the collection and management or disposal of the Bank’s claims.
  2. b) Actions for the identification and evaluation of its customers and potential customers, in particular in the context of its legal obligations to prevent and suppress money laundering and terrorist financing, the assessment of the creditworthiness of customers and potential customers for purposes related mainly to grants, for the purpose of preventing fraud and for the general protection of the interests of the Bank.
  3. c) The compliance of the Bank with legal obligations imposed on it by the current institutional framework.

Reasons / Legal basis of processing

  • The execution of a contract we have concluded with you
  • Our obligation under the law
  • Your consent
  • Our legal interest, which consists mainly in being able to provide the Bank with its services with efficiency and security.
  • The execution of a contract we have concluded with you
  • Our obligation under the law
  • Our legitimate interest, which is to enable the Bank to function properly and to serve its objectives

Your personal data processed by the Bank falls into the following categories:

  1. Identification data, such as name, surname, date of birth, citizenship, police ID card or valid passport, VAT number, driver’s license, license, foreign legal residence card
  2. Contact details, such as home address, home phone number, work address, work phone number, email address, mobile phone, fax number, name and contact phone number
  3. Data on your financial situation, transaction data and data on the breach of your financial obligations, such as bank account number, credit or debit card details as well as transaction details performed with these cards, occupation, remuneration, copies of settlement notes, tax returns , forms E9, E1, E2, data of registered and uncovered checks, check bodies, complaints of loan agreements, due amounts, applications for loans and other credits, details included in the interbank banking system of Tiresias SA, control of real estate securities, payment orders, seizures, applications and decisions of consolidation or bankruptcy and any other information related to your transaction with our Bank
  4. Contact details, such as recorded contact calls with bank employees, letters addressed to or notified to the Bank, other documents sent on your own initiative to the Bank
  5. Data on financial / transactional behavior, such as the way in which you use the Bank’s products and services, data on the transactions and payments you make (frequency, amounts, locations, recipients)
  6. Data concerning your creditworthiness and credit rating data which are either produced by the Bank in the context of our contractual relationship or are collected from independent databases maintained by Tiresias SA. or other companies operating legally in Greece or in another Member State of the European Union
  7. Your internet browsing data (eg cookies) after your relevant information and the provision of relevant consent for the cases in which it is required, as well as data identifiers of your electronic identity (eg IP address)
  8. Data of members of the management, shareholders and real beneficiaries of the clients-legal entities or associations of persons or companies, as they result from corporate documents or publicly accessible sources (eg GEMI)


In principle, the Bank does not collect or process sensitive personal data about its customers. This may, however, be the case, if this is necessary for the fulfillment of a specific legal purpose or obligation of the Bank or if you provide this data to us of your own free will by any appropriate means within our transactional relationship. In these cases, the Bank shall take all reasonable measures to manage them in accordance with the Regulation.


  1. The Bank collects the personal data that you notify us potentially:
  • Your requests to the Bank and / or the documents and supporting documents that accompany it
  • The Contracts and Annexes you have signed with us
  • Any communication with you or your representatives with us, either oral (such as phone calls recorded / recorded), or written (by letter or email)
  • Participate in research on the degree of satisfaction of our customers or your participation in promotional activities of the Bank
  1. The Bank may collect your personal data when you use its services. This mainly applies to data related to the transactions and payments you make (frequency, amounts, locations, recipients).
  2. The Bank may also collect your personal data from third parties such as:
  • Public sources,
  • The company “TIRESIAS SA” and other interbank systems
  • Tax and other public authorities
  • Third parties in the context of the performance of the Bank’s obligations.

As a rule, the Bank keeps your data for twenty (20) years after the expiration of the contract we have signed with you and for five (5) years if there is no contract. We do this:


So that we can answer any questions or complaints proving that the processing we did was legal, legitimate and transparent.

To comply with our regulatory, tax and other obligations

So that we can defend ourselves in case of a dispute. If a lawsuit is pending, the Bank retains the data for a longer period of time, until the matter is settled and the dispute resolved.

Especially for recorded calls with representatives of the Bank, the Bank keeps them for one (1) year from their realization, unless you or the General Secretariat for Consumer Affairs ask us to keep them or their maintenance is necessary so that we can defend ourselves. in the event of a dispute, in which case the above information shall be maintained for a maximum of five (5) years.


In the context of serving the processing purposes of the Bank as well as in the context of its institutional operation, the Bank may, as the case may be, transmit your personal data to third parties and cooperating companies acting on behalf of the Bank:

  • In companies providing issuance of notification documents (statements) to you, for the issuance of credit card accounts and your loans and the rest of them
  • To debtors’ information companies for overdue receivables, which have been established and are legally operating in accordance with the provisions of Law 3758/2009, as in force today, in case of your arrears of more than ten (10) days, according to the law.
  • In cooperating Law Firms and individual Lawyers, for any judicial or extrajudicial proceedings, including, in particular, the collection and management of the Bank’s claims.
  • In cooperating companies providing customer service services for the best and most complete information and information about the execution of the contract you have concluded with us (indicatively providing information on the amount of the current debt, the number of installments, the balance of the loan, etc. .
  • To Lawyers, Notaries and Bailiffs (and their associates), within the framework of their legal responsibilities
  • In public services and authorities, in supervisory, administrative, judicial, prosecutorial and investigative authorities, in municipal and customs authorities or in third parties if the transmission or disclosure of data is required by law or court decision.
  • In the company “DIAS”, in other credit institutions and / or in payment service providers to fulfill the provision of the Bank’s services to you, such as for example the execution of your orders for payment by charging an account that you keep in another credit institution
  • In the societe anonyme with the name “BANKING INFORMATION SYSTEMS SA” and the distinctive title “TIRESIAS SA”, for the maintenance of an interbank file of economic behavior data for the protection of trade credit and the consolidation of financial transactions. You can visit the website of the company “TIRESIAS SA”, where there is a relevant posted detailed information with its policy for the protection of personal data at www.tiresias.gr
  • To companies that securely store physical / digital files and / or digitize the Bank’s contracts as well as to other companies to which the Bank assigns the execution of projects on its behalf, such as IT services companies.
  • To persons who cooperate with the Bank for the fulfillment of its obligations or for its proper operation, such as accountants, certified auditors, courier companies, Greek post offices, etc.
  • To supervisory authorities and other bodies, such as the Bank of Greece, the European Central Bank, the Deposit and Investment Guarantee Fund (TEKE), judicial, prosecutorial and tax authorities in the context of their duties
  • In any companies connected to the Bank
  • To any cooperating companies for the promotion of products or services of the Bank or for conducting research and / or analysis.

You have the right to access your personal data processed by the Bank: You may request confirmation of whether or not your data is being processed and, if so, ask us for information regarding the purpose of the processing, the relevant categories of personal data, their recipients, the time of storage, the right to file a complaint with the supervisory authority, the origin of the data, the logic of any automated processing, if any.

You have the right to correct your data: If you consider that your personal data processed by the Bank is inaccurate or incomplete, you can ask us to complete or correct it. The Bank has the right to challenge your claim that your data is inaccurate, but is obliged to verify your claim.

You have the right to portable your data: You can request a copy of your data, which you have provided to us, in a structured, commonly used and recognizable format by digital machines (“digital file”) and you can transfer the data you receive to third parties. , if their processing is carried out by the Bank with automated means.

You have the right to withdraw your consent at any time: If the processing of your data by the Bank is based on your consent, you have the right at any time to object to this processing by revoking your consent. In this case, you may no longer be able to receive some of the Bank’s services. If this happens, we will let you know. In any case, your recall will only apply to the future.

You have the right to ask the Bank to stop processing your personal data: If you wish the Bank to stop using and processing your personal data, you have the following options:

(a) Respond to the use of your personal data, at any time, for the purpose of processing for direct commercial purposes, and in any other case of processing based on the legal interest of the Bank, unless the Bank demonstrates that there are more urgent and lawful reasons. ,


  1. b) Request the deletion of your data from the Bank’s files, as long as their processing is not necessary in pursuit of the purposes for which they have been collected and there is no legal reason to maintain them.
  2. c) Ask the Bank to limit the use of your data in case of questioning their accuracy, or if their processing is illegal but you do not wish to delete them, or if the data is no longer needed for processing purposes but you wish to keep it for use them to exercise legal claims, or if you have objected to their use and wait for the Bank to verify whether your own legitimate interests prevail over the Bank.