Personal Data Protection Policy
The new Regulation on the protection of your personal data
On 25 May 2018 came into force and effect the General Data Protection Regulation (the “Regulation”) on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.
The purpose of this Data Protection Policy is to inform you on how we ensure that the processing of your personal data is consistent with the provisions of the Regulation and on the rights you have in respect of your personal data.
Praxia Bank is committed to take all necessary steps deriving from the new Regulation for the protection and safety of your personal data. We protect, process, use and store your personal data with a sense of responsibility and with safe and transparent procedures.
Who we are
Praxia Bank is the former Credicom Consumer Finance Bank S.A. and is based on 24B Kifissias Avenue, 15125 Maroussi, Attica.
If you would like to get in touch with us on any matter relating to the Data Protection Policy of the Bank, you may contact us at email@example.com or send a letter to the following post address:
Praxia Bank, Data Protection Officer, 24B Kifissias Avenue, 15125 Maroussi.
For which objectives and purposes has the Bank the right to process your personal data?
The Regulation protects you in providing that the Bank can process your personal data only if this is necessary:
- for the performance of a contract that you have concluded with Us
- because we have a statutory obligation to process them
- because you have given your consent to such processing
- because we have a legitimate interests to process them (in this case we will notify you of our legitimate interest and the processing is not allowed to infringe on your overriding interests, fundamental rights or freedoms).
The table below features a description of the purposes for which the Bank processes your personal data with reference to the legal grounds justifying such processing:
Servicing you as clients of the Bank.
The Bank processes your personal data which is necessary for:
- the provision to you of banking or other services such as insurance;
- the development and promotion of new products and services of the Bank, any other group companies or third party companies cooperating with the Bank; and
- the conduct of research and/or analyses with automated means, including profiling, with a view to better satisfying your needs.
Reasons / Legal grounds for processing
- the performance of a contract which you have concluded with Us
- a statutory obligation of the Bank
- your consent
- our legitimate interests, which primarily consist in the provision of our services with efficiency and safety.
Managing the operations and administration of the Bank.
The Bank processes your personal data which are necessary for the Bank to operate in the most efficient manner and in accordance with the rules of good operations applicable to credit institutions. The above include in particular:
- the steps that the Bank takes to defend its rights before judicial and other authorities in the context of any court or out-of-court proceedings, including the collection and servicing or disposal of the Bank’s receivables;
- the steps required for the identification and assessment of its clients and prospective clients, in particular in the context of its lawful obligations for the prevention and suppression of money laundering and terrorism financing, the assessment of the creditworthiness of its clients and prospective clients for purposes relating primarily to the granting of loans, the prevention of fraud and the general protection of the Bank’s interests; and
- Bank’s compliance with legal obligations imposed on it by the existing institutional framework.
Reasons / Legal grounds for processing
- the performance of a contract which you have concluded with Us
- a statutory obligation of the Bank
- our legitimate interests, which consist of the proper functioning of the Bank and the achievement of its objectives.
Which personal data does the Bank process?
Your personal data that the Bank processes fall within the following categories:
- identification data, such as first name, family name, date of birth, citizenship, ID card or valid passport, VAT number, driver’s license, circulation permit, lawful residence certificate of alien;
- contact details, such as home address, home telephone number, business address, business telephone number, email address, mobile phone number, fax number, name and phone number of contact person;
- professional details, such as profession, employer certificate, pay slip copy, years of employment, insurance provider certificate;
- financial data of any kind and transaction data, such as number and balance of bank account, credit or debit card details and data relating to transactions executed with these cards, copies of tax statements, tax returns, forms E9, E1 and E2, details of registered and bad checks, physical bank checks, loan agreements, outstanding amounts, requests for the granting of loans or other credit, information included in the Tiresias S.A. interbank system, review of real estate titles, utilities bills and any other information relating to your transactional relationship with our Bank;
- communication data, such as recorded conversations with Bank employees, letters addressed to or notified to the Bank, other documents addressed to the Bank on your initiative; and
- financial behavior data, such as the way you use products and services of the Bank, data relating to transactions and payments you make (frequency, amounts, locations, recipients).
Does the Bank process your sensitive personal data?
In principle, the Bank does not collect or process sensitive personal data relating to its clients. However, this can be the case by way of exception if necessary for the achievement of a specific legitimate purpose or obligation of the Bank or if you have given us such data on your own will in any appropriate means in the context of our trade relationship. In such cases, the Bank will take all reasonable steps to process your personal data in accordance with the Regulation.
Where does the Bank collect your personal data from?
A. The Bank collects the personal data which you notify to us by virtue of:
- your applications to the Bank and/or the supplemental documents and material
- the contracts you have concluded with Us together with their schedules
- any communication of you or your representatives with Us, either oral (such as recorded phone calls) or written (via post or email)
- your participation in client satisfaction surveys or any promotional activities conducted by the Bank
B. The Bank may collect your personal data when you are making use of its services. This concerns primarily data relating to your transactions and payments (frequency, amounts, location, recipients).
- publicly available sources
- Tiresias S.A. and other inter-banking systems
- tax and other public authorities
- third parties in the context of implementation of the Bank’s obligations
How long does the Bank keep your personal data for?
As a general rule, the Bank will keep your personal data for twenty (20) years after the end of the term of the agreement that We have concluded with you and for five (5) years in case there is no agreement. We do this:
- to be able to respond to any queries or complaints by justifying that processing has been lawful, appropriate and transparent
- to comply with a our regulatory, tax and other obligations
- to be able to defend in case of a dispute. If there is a pending judicial dispute, the Bank keeps the personal data for a longer period o time, until the matter is settled and the dispute is resolved.
Specifically with respect to recorded phone calls with Bank’s representatives, the Bank keeps the data for one (1) year from any such phone call, unless you or the General Secretariat for Consumer Affaires request that the data be stored or if their storage is necessary for our defence in the event of controversy, in which case the above data will be kept for a maximum of five (5) years.
Who are we entitled to send your personal data to?
In the context of serving the processing purposes of the Bank as well as in the context of its institutional operation, the Bank may, as the case may be, transmit your personal data to third parties and cooperating companies acting for the account of the Bank:
- to companies issuing written statements to you, for the issue of your credit cards and loan statements, and the relevant balances
- to debtor reporting companies in relation to due and payable receivables, which companies have been established and operate lawfully in accordance with the provisions of law 3758/2007, as currently in force, in the event of default by you of more than ten (10) days in accordance with the provisions of the law
- to cooperating law firms and solo legal practitioners for the conduct of any judicial or extra-judicial proceedings, including in particular the collection and servicing of the Bank’s receivables
- to cooperating companies providing client services for the purposes of giving you the most adequate and complete information regarding the performance of the contract that you have concluded with Us (indicatively, giving of information on the amount of the current debt balance, the number of installments, the balance of the loan, etc)
- to lawyers, notaries, and court bailiffs (and their associates) in the context of their legal duties
- to public services and authorities, supervisory, administrative, judicial, prosecutorial and investigative authorities, municipal land customs authorities and/or third parties, provided that the transmission or notification of data is required by law or court judgment
- to "DIAS" company, other credit institutions and/or payment service providers for the fulfillment of the Bank's services to you, including execution of your payment orders through a bank account held by you with a third party credit institution
- to “BANKING INFORMATION SYSTEMS S.A.” company having the distinctive title “TIRESIAS S.A.”, for the purposes of keeping interbank records of data of financial behavior, the protection of commercial credit and the rehabilitation of financial transactions. You can visit the website of “TIRESIAS S.A.” at www.tiresias.gr, on which there is detailed information on Tiresias’ personal data protection policy
- to companies providing secure storage of physical records and digitization of the Bank's contracts
- to persons cooperating with the Bank to ensure fulfillment of its obligations or for its good operation, such as accountants, auditors, courier companies, the Greek post etc.
- to any companies affiliated with the Bank
- to any cooperating companies for the promotion of products and services of the Bank or the conduct of market research and/or analyses.
What are your rights in relation to your personal data?
You have the right to access your personal data that the Bank processes:
You may seek confirmation whether your data are being processed and, if this is the case, request information on the purpose of such processing, the relevant categories of personal data, their recipients, the envisaged period for which personal data will be stored, the right to lodge a complaint with the supervisory authority, where the relevant data are not collected by you any available information on their source and the logic involved in any automated processing, if any.
You have the right to rectify your personal data:
If you believe that your personal data which are being processed by the Bank are inaccurate or incomplete, you may request the Bank to complete or rectify them. The Bank has the right to dispute your claim that your data are inaccurate, but is obligated to review your claim.
You have the right to data portability:
You may request from the Bank a copy of the data that you have provided to Us in a structured, commonly used and machine-readable format ("digital file”). You can also transfer the data you receive to third parties, provided that the data is processed by the Bank by automated means.
You have the right to withdraw your consent at any time:
If the processing of your data by the Bank is based on your consent, you are entitled to object to such processing at any time by withdrawing your consent. In this case, it may not be possible for you to receive certain of the Bank's services any more. If this is the case, We will let you know. In any case, your withdrawal of consent shall not affect the lawfulness of processing based on your consent before its withdrawal.
You have the right to request from the Bank to stop processing your personal data:
If you wish the Bank to stop using and processing your personal data, you have the three options:
- at any time, object to the use of your personal data in case of processing for marketing purposes and in any other case where processing is based on the Bank's legitimate interests, unless the Bank demonstrates that there are overriding legitimate grounds for processing.
- request that your data be erased from the Bank's records if they are no longer necessary in relation to the purposes for which they were collected or otherwise processed, and there are no legitimate grounds to preserve them,
- to request from the Bank to restrict the use of your data in case you contest the accuracy of such data; or if processing is unlawful but you oppose their erasure; or if the data are no longer necessary for processing purposes but they are required for the establishment, exercise or defence of legal claims; or if you have objected to the processing and the verification whether the legitimate grounds of the Bank override yours is pending.
How can you exercise your rights?
If you wish to exercise any of your rights or if you are dissatisfied with the terms of processing of your personal data by the Bank, you may contact Us via email at firstname.lastname@example.org or send a letter to Praxia Bank, Data Protection Officer, 24B Kifissias Avenue, 15125, Marousi.
At any time, you may file a complaint with the Independent Personal Data Protection Authority (Kifissias 1-3, 11523 Athens) if you believe that processing of your personal data by the Bank infringes the Regulation.
The Bank will take all reasonable steps to satisfy your claim within one month of its receipt and will inform you in writing of its satisfaction, otherwise of any impediments to its satisfaction. This one-month period may be extended by the Bank, subject to notification, for an additional two months, in case the Bank receives a large number of, or complex, requests. The requested information is provided by the Bank without charge to you, unless the requests are reiterated, in which case you may be charged with a reasonable fee for the Bank’s response.