Notification concerning the Processing of Personal Data
We would like to assure you that for ATTICA HOLDINGS S.A. (Attica Group), the protection of the personal data of its shareholders and investors and any other case where there is identification of natural persons and users of our website is of paramount importance. That is why we are taking appropriate steps to protect the personal data we process and to ensure that the processing of personal data is always carried out in accordance with the obligations laid down by the legal framework, both by the company itself and by third parties processing personal data on account of the company.
Controller – Data Protection Officer (DPO)
What are the legitimate reasons for processing your personal data?
We only process the personal data you provide us [such as your name, contact details, e-mail address, telephone number, nationality] when we have a legitimate reason for doing so.
Legitimate reasons for processing personal data are:
(a) compliance with obligations under law, such as making public acts and details of the Société Anonyme under Law 2190/1920, as well as tax or corporate obligations and obligations deriving from the fact that ATTICA HOLDINGS S.A. is listed on the Athens Stock Exchange;
(b) the safeguarding and protection of both yours and our legitimate interests. For this purpose, we use closed circuit television (CCTV) and security cameras in order to be able to protect the security of individuals, materials and facilities;
(c) the provision of information when questions or comments are submitted through the website form, in the context of an existing contract or pre-contractually, so that measures may be taken at the request of the subject.
How and why do we use your personal data?
• To communicate with you and manage our relationship with you
We may need to contact you by e-mail or telephone for administrative purposes, such as through the contact form found on our website, in order to respond to a question or comment you made.
• To comply with legal obligations
When, for example, we collect information to brief shareholders and potential investors, we publish accounting statements, financial results and other published acts of our company in the General Commercial Registry (GEMI), and when we discharge tax or other corporate obligations deriving from the fact that ATTICA HOLDINGS S.A. is listed on the Athens Stock Exchange.
• To safeguard our legitimate interests and protect individuals and goods
When we use closed circuit television (CCTV) and security cameras in order to be able to protect the security of individuals, materials and facilities.
Where are your data shared?
ATTICA HOLDINGS S.A. communicates your personal data to the following categories of recipients:
• State Authorities, Law Enforcement Agencies
When this is necessary for the discharge of the company's tax and corporate obligations in accordance with the foregoing (e.g. notification of disclosure of data during audits conducted by the Hellenic Capital Market Commission).
Data Storage Period
The length of the data storage period is decided on the basis of the following specific criteria, as appropriate:
When processing is done on a contractual basis, your personal data will be stored for as long as is necessary for the performance of the contract and for the foundation, exercise, and/or support of legal claims under the contract.
When processing is required as an obligation under provisions of the legal framework in force, your personal data will be stored for as long as required by the relevant provisions.
What are your rights with respect to your personal data?
Any natural person whose data are being processed by ATTICA HOLDINGS S.A. enjoys the following rights:
Right to access:
You have the right to be made aware and verify the legitimacy of the processing. Thus, you have the right to access the data and receive additional information concerning its processing.
Right to rectification:
Right to erasure:
You have the right to request the erasure of your personal data when we process it or in order to protect our legitimate interests. In all other cases (for example, where there is a contract, an obligation to process personal data required by law, public interest), this right is subject to specific restrictions or does not exist, as the case may be.
Right to restriction of processing:
You have the right to request a restriction on the processing of your personal data in the following cases: (a) when you contest the accuracy of the personal data and until verification takes place; (b) when you oppose the erasure of personal data and request the restriction of their use instead of erasure; (c) when the personal data are not needed for processing purposes but are necessary for the foundation, exercise and support of legal claims; and (d) when you object to the processing and it is verified that there are legitimate reasons that concern us and supersede the reasons for which you oppose the processing.
Right to oppose processing:
You have the right to object at any time to the processing of your personal data where, as described above, it is necessary for the purposes of the legitimate interests we pursue as controllers, as well as for processing for direct marketing and consumer profiling purposes.
Right to portability:
You have the right to receive your personal data free of charge in a format that allows you to access, use, and edit them through commonly used editing methods. You also have the right to ask us, if technically feasible, to transfer the data directly to a different controller. Your right to do so applies to the data that you have provided to us and that is being processed by automated means based on your consent or performance of a relevant contract.
Right to complain to the HDPA
Personal Data Security
ATTICA HOLDINGS S.A. applies appropriate technical and organisational measures to secure the processing of personal data and to prevent the accidental loss or destruction and unauthorized and/or unlawful access to, use, modification or disclosure of personal data. In any event, the manner in which the Internet functions and the fact that it is freely accessible by anyone cannot guarantee that unauthorised third parties will never be able to violate the technical and organisational measures applied, gaining access and potentially using personal data for unauthorised and/or illicit purposes.