Privacy Policy

Privacy Notice of INTRACOM PROPERTIES SINGLE MEMBER SOCIETE ANONYME

64, Kifissias Avenue, Maroussi, Attica, PC 151 25,

TIN 094057643 – General Commercial Registry no. 168876601000

Last update: 31.08.2023

Information on the Processing of Personal Data

Introduction

We would like to assure you that for INTRACOM PROPERTIES SINGLE MEMBER SOCIETE ANONYME (hereinafter referred also as the “Company”), the protection of personal data associated with data subjects contacting or contracting in any way whatsoever with the Company is of primary importance. That is why we are taking all appropriate steps to protect the personal data we process as well as to ensure that the processing of personal data is always carried out in accordance with the obligations laid down by the applicable legal framework, by both the Company itself and third parties that process personal data on behalf of the Company.

This Privacy Policy (the “Policy”) explains how the Company collects, stores, uses, processes and in general handles personal data. This Policy is designed to assist you in making informed decisions when using our website or interacting with us.

The Policy describes also how we use the personal information of individuals whose loans, mortgages or other financial products are owned by the Company and of any associated guarantors/ 3rd parties tied to such loans/ credits e.g. owner of collaterals if not the same person with the debtors, guardian of a minor, legal representatives, and beneficial owners of corporations etc. Individuals are recommended to read carefully this Policy. By providing us your personal data, you agree and consent to the collection, use and disclosure of your personal information as outlined in this Policy.

Personal data means any information or set of information that relates to an individual such as name, address, email, telephone number etc. which can be either direct or indirect and can be collected by or on behalf of the Company.

Data Controller

INTRACOM PROPERTIES SINGLE MEMBER SOCIETE ANONYME having its registered seat at 64 Kifisias Avenue, Marousi, 151 25, Attiki, Greece,  email: info@intracomproperties.com, Tel: +30 2106674000, website: https://www.intracomproperties.com, would like to inform the public that in the context of its operational activities it processes the personal data of data subjects, indicatively those of its customers, partners, suppliers, investors, employees and candidate employees, in accordance with applicable national legislation (incl. Greek Law 4624/2019) and the European General Data Protection Regulation 2016/679 on the protection of individuals with regard to the processing of their personal data and on the free movement of such personal data (General Data Protection Regulation, hereafter referred to as the “Regulation”) as in force from time to time.

For any matter relating to the processing of personal data, you may directly contact Company’s competent function by e-mail to privacy@intracomproperties.com.

Which personal data do we process?

The personal data you provide us (such as your name, contact details, email address, telephone number, date of birth, marital status, etc.) along with any additional data resulting from resumes when submitted through the Company’s job application CV form in the context of job vacancies, are only processed as long as we have a legitimate reason to do so.

With regard to the loans owned by the Company we may process the following types of personal data:

  • Identification data: such as name (including name prefix or title), gender, age, date of birth, proof of identification (such as driving licence or passport).
  • Contact data: such as email address, residential address or phone number.
  • Personal circumstances and financial data: including employment status and details, bank statements, social security number, tax data, payment card details, savings, debts such as loans and credit cards, income and expenditure, employer and pension benefits, and other assets.
  • Lifestyle and personal circumstance data: including any data you or a co-borrower provides to us regarding your family, lifestyle and other circumstances, as relevant to the administration of your account.
  • Interactions with us, or our representatives: including notes of any interaction that our servicers have with you in relation to the administration of your loan, mortgage or other financial product.
  • Special categories of personal data: such as disclosures by you about health information or criminal background.
  • Information from third parties: including credit references.

Which are the legitimate reasons for processing your personal data?

The Company will process your personal data only for purposes permitted by applicable laws.

Legitimate reasons for lawful processing your personal information are:

  1. the performance of a contract or the intention to award a contract, such as the execution of a work or the provision of services, in order to meet contractual obligations in that context;
  2. safeguarding and protecting both your and our legitimate interests;
  3. compliance with obligations and duties imposed by the law or administrative acts, particularly in cases where it is required to publish corporate acts and information related to a societe anonyme according to Greek Law 4548/2018, to disclose transactions of nominated persons to the Athens Stock Exchange, to submit shareholders lists and provide information when participating in public tenders, to handle claims for compensation arising from accidents caused during the execution of a project, to manage legal disputes etc.;
  4. the consent you explicitly provide under the specific conditions set forth in the applicable legal framework or based on contractual relations or when contacting departments of our Company; or
  5. the processing necessary to protect the vital interests of the data subject or other natural person, where the data subject is physically or legally incapable of granting consent are the legitimate reasons for processing any information provided regarding health data.

The Company may process personal data for further purposes, where lawful to do so or when legally obliged to do so.

With regard to the loans owned by the Company we may use your personal data for the following purposes:

1. to collect debts and any related activities;

2. to identify you and to verify your information as part of our efforts to prevent money laundering, terrorist financing, tax avoidance and/or fraud;

3. to assess and respond to your enquiries and requests (if any);

4. to assess any application to vary our security or for an alternative repayment arrangement where you find yourself in financial difficulty;

5. to assess affordability and suitability for the provision of credit throughout our relationship with you, including analysing your credit data for regulatory reporting;

6. to administer your account and to manage our business relationship with you;

7. to administer your account, including processing payments and managing fees and payment collection;

8. to meet contractual obligations that we have to third parties in connection with the administration of your account;

9. to prevent imminent and serious harm to a person or property;

10. to respond to queries raised by regulatory authorities, law enforcement and/or other government agencies;

11. to deliver mandatory communications as required by legislation or regulations;

12. to perform aggregated analysis of psedonymised or anonymous data;

13. to investigate and resolve complaints; and

14. to comply with relevant law, regulation or other requirements

Where your loan, mortgage or other financial or credit product has been transferred to us from another lender, we have obtained your personal data and account data from that lender.

Where you have taken a loan, mortgage or other financial or credit product jointly with another person, we may have obtained your personal information from a co-borrower.

We also sometimes obtain personal data from the following third parties with whom we work:

  • asset managers, servicers, field agents and law or property receivers;
  • our solicitors;
  • credit reference agencies;
  • fraud prevention agencies; and
  • law enforcement agencies or government agencies.

In addition, we also may collect data about you from public data sources.

How and why do we use your personal data?

To fulfil our contractual commitments and to maintain communication.

We draw and use in the context of our contractual relationship, or related to the processing of personal data at a pre-contractual stage, the information necessary for the due performance of our cooperation between us, such as the signing of amendments to the main contract, the management of the pending financial issues resulting from our cooperation, etc.

To communicate and manage our relationship with you.

We may need to contact you by email or phone for management reasons, such as providing information on the progress of our cooperation, arranging a professional meeting with job candidates, managing other requests or issues, etc.

To comply with legal obligations or where processing is deemed necessary in the public interest or for a public task.

For the communication with labor and social security authorities and agencies, the publication on our website, on our other public websites (i.e., the General Commercial Registry, the Athens Stock Exchange, etc.), of General Assembly resolutions, the announcement to the Athens Stock Exchange and the Securities and Exchange Commission of issues related to Company’s activity or disclosure of significant shareholdings rights or changes thereof to the Securities and Exchange Commission in accordance with the applicable provisions, the granting of representative powers to natural persons and announcement thereof in order to carry out activities relating to Company’s business activities.

To safeguard our legitimate interests and protect individuals and/or their vital interests and goods.

To protect the safety of physical persons, assets, and Company’s premises.

With regard to the loans owned by the Company we use your personal data on the following basis:

  • to manage, perform and fulfill our contract and / or our relationship with you;
  • for the legitimate business interests of the Company and others including our affiliates, including:
  • to carry out reviews, analysis and reporting activities for the purposes of strategic business decision-making and internal governance compliance;
  • to monitor and manage our internal business processes;
  • to ensure business continuity and disaster recovery and to respond to incidents and emergencies;
  • to undertake systems testing; and
  • to analyse complaints for the purposes of preventing errors and process failures;
  • to comply with certain legal and regulatory obligations of the Company; and
  • if applicable, because you have consented to the processing of your personal data.

Where do we communicate your personal data to?

Personal data are not disseminated to unspecified recipients. The Company discloses your personal data to third party recipients on a need-to-know basis where this is reasonably permitted to pursue its legitimate business aims and as required by applicable law. Your personal data will be disclosed only in accordance with applicable laws and appropriate safeguards through contractual agreements.

Access to your personal data is provided to the absolutely necessary staff of the Company, which is committed to maintaining confidentiality.

The Company communicates your personal data to the following categories of recipients:

State authorities, law enforcement agencies:

When this is necessary for the fulfillment of a statutory or administrative obligation or conduct of an audit and in accordance with the prescribed legal procedures, as well as in the cases of participation in public tenders.

Our collaborators (partners, subcontractors, banks, insurance companies, auditing company, etc.):

Τhe Company maintains subcontractors to whom it delegates the processing of personal data on its behalf (e.g., subcontracts, bank transactions, audit share transfer deeds by a statutory auditor, etc.). In these cases, the Company remains responsible for the processing of your personal data and sets out the details of the processing, by signing a specific contract with the respective collaborators to whom it assigns processing activities, to ensure that the processing is carried out in accordance with the applicable legal framework and that any individual may freely and without hindrance exercise the rights conferred on them by the legal framework.

Finally, the Company may forward personal data to other companies of its Group as well as to third-party affiliates (e.g., members of joint ventures or associations of companies) in order to provide information on the Company’s status, provided that it has obtained the consent from the natural person as mentioned above, and that the aforementioned applies regarding the assignment in writing of processing.

With regard to the loans owned by the Company the following third parties may have access to your personal data, where relevant:

  • financial organisations: including finance providers and insurance companies;
  • service providers who perform services on our behalf: such as servicers, asset managers, valuers, estate agents, print providers, document storage providers, IT suppliers, providers of analytical services, and fraud prevention agencies;
  • professional advisers: including our lawyers, accountants, auditors, receivers and business consultants.
  • regulators and law enforcement agencies;
  • joint borrowers and guarantors on your account and third parties with whom you have authorised us to communicate;
  • prospective and actual purchasers, assignees and other parties with an interest in your loan, mortgage or financial product in the event that the Company, its assets or an interest in such assets may be or are sold, transferred or assigned in whole or in part, including as part of a securitisation, funding or co-investment arrangement; and
  • any other parties the Company reasonably thinks customary, necessary or advisable for the processing purposes described in this notice and in any other way which does not identify you individually (including as part of an aggregated or anonymised dataset).

The following apply to those with whom the Company shares your personal data:

  1. The Company only provides the information needed to perform their specific services;
  2. They may use your personal data only for the exact purposes set out in our contract with them;
  3. The Company works closely with them to ensure that your personal data are respected and protected at all times; and
  4. If the Company stops using their services, any of the personal data they hold will be deleted or anonymized.

The third parties processing your personal data on our behalf have agreed and committed contractually with the Company:

  1. to maintain confidentiality;
  2. not to send to third parties your personal data without the consent of the Company;
  3. to take appropriate security measures; and
  4. to comply with the legal framework for the protection of personal data.

When third parties are given access to your personal data, we will take the required contractual, technical and organisational measures to ensure that your personal data is only processed to the extent that such processing is necessary.

International Transfer of Personal Data

The personal data collected by the Company for the purposes provided herein are stored in Greece. However, your personal data may be accessed by staff or service providers in, transferred to and stored at, a location outside the EU or the EEA. Where the Company processes personal information in countries that may not provide the same level of data protection as in the EU / EEA or in your own country, where you are resident, the Company will implement reasonable and appropriate legal and technical and organizational security measures with the aim to ensure the security of the processing and in particular to protect your personal data from unauthorized access, use or disclosure.

In particular, for residents of EEA – whenever the Company transfers your information outside of the EEA, it will take all reasonable steps to ensure that adequate safeguards are put in place to protect your information (unless we are permitted under applicable data protection law to make such transfers without additional formalities (e.g., where the recipient country is considered an adequate destination). Where appropriate, the Company may also ask for your explicit consent.

Personal Data Retention Period

The length of the personal data retention period is determined based on the following specific criteria, per case:

  1. when processing is required as an obligation under the applicable legal framework, your personal data will be stored for the period prescribed in the respective provisions applicable to each case; and
  2. when processing takes place in the context of performing a contract, your personal data will be stored for the period necessary to ensure fulfillment of contractual obligations throughout the term of the contract and, if necessary, for the establishment, exercise or defense of legal claims arising from such contract.

Personal data may be retained for a longer duration where applicable laws or regulations require or allow the Company to do so. When your personal data are no longer needed it will be either irreversibly anonymized (and the anonymized information may be retained) or securely destroyed.

What are your rights in respect to your personal data:

Every natural person whose personal data is being processed by the Company has the following rights:

Right of Access

You have the right to be aware and verify the legitimate nature of the processing – i.e., you have the right to access your personal data and receive additional information about their processing.

Right to rectification:

You have the right to review, correct, update, or modify your personal data by contacting the Company at the above contact details.

Right to erasure (right to be forgotten):

You have the right to request the deletion of your personal data when we process it based on your consent. There are however other cases or instances (such as, indicatively, where there is a contract, an obligation to process personal data required by law, public interest, etc.), where such right shall be subject to specific restrictions or shall not be applicable, as the case may be.

Right to restriction of processing:

You have the right to request the restriction of processing of your personal data in the following cases:

  1. when the accuracy of the personal data is contested by you and until such personal data is verified;
    1. when you object to the deletion of personal data and request the restriction of their use instead of their deletion;
    1. when such personal data are no longer necessary for processing purposes, they are, however, required for the establishment, exercise, defense of legal claims; and
    1. when you oppose to the processing that is necessary for the performance of a task of public interest or for the exercise of public authority or for the purposes of our legitimate interests or in case of profiling thereunder and until it is verified that there are legitimate grounds of the Company overriding the reasons for which you are opposed to the processing.

Right to object:

You are entitled to object to the processing of your personal data, at all times, in case where, as described above, this is necessary for the performance of a task of public interest or for the exercise of public authority or in case of profiling thereunder or for the purposes of legitimate interests pursued by us as controllers.

Right to data portability:

You have the right to receive your personal data free of charge in a structured, commonly used, and machine-readable format that allows you to access, use, and edit them in cases where the processing is based on your consent or on a contract and to the extent that such processing carried out by automated means. Moreover, you have the right to request from us, in case it is technically feasible, to transmit your personal data directly to another controller.

Right to withdraw your consent:

In cases where processing is based on your consent, you have the right to withdraw it without affecting the lawfulness of processing based on consent prior to its withdrawal.

To exercise any of the above rights you may directly contact Company’s competent function by e-mail to privacy@intracomproperties.com.

Right to lodge a complaint with a Supervisory Authority:

You have the right to lodge a complaint with the Hellenic Data Protection Authority (www.dpa.gr), or with the supervisory authority in the member state of your habitual residence or your place of work.

Security of Personal Data

The Company will take all steps reasonably necessary to ensure that your personal data are treated securely and in accordance with this Policy, applicable data protection laws and regulations as well as international security standards. All personal data you provide are stored on secure servers and accessed and used subject to our security policies and standards. The Company has implemented reasonable physical, technical, and managerial controls and safeguards to keep your personal data protected from unauthorized access, disclosure, alteration, and destruction. Access to your personal data is limited to a restricted number of the Company’s employees whose duties reasonably require such information and third parties with whom the Company contracts to carry out business activities related to the provision of services.

The Company implements appropriate technical and organizational measures aiming at ensuring safe processing of personal data and the prevention of accidental loss or destruction and the unauthorized and/or unlawful access to, use, modification, or disclosure thereof.

Policy updating

The Company reserves the right to amend this Policy from time to time to reflect technological advancements, legal and regulatory changes, and the Company’s business practices, subject to applicable laws. If the Company changes its privacy practices, an updated version of this Policy will reflect those changes by posting any revisions on with the respective update of the effective date listed on the bottom of this Policy. We therefore encourage you to periodically visit this page to stay informed of how we are using your personal data.

The Company keeps this Policy under regular review to make sure it is up-to-date and accurate.

Contact Information

If you have any questions in relation to this Policy, or you want to obtain more information about the Company’s privacy practices, please contact us by email at privacy@intracomproperties.com.

Last update: 31.08.2023