DATA PROTECTION POLICY OF EYATH S.A.
Update on the processing of personal data
We would like to ensure that for EYATH S.A., the protection of the personal data of our clients, is of fundamental importance. That is the reason why we strive to provide protective measures to protect the personal data we process and to ensure that the processing of the personal data is done in accordance with the law, both from our company and from associate third parties.
Data Processing Officer- Data Protection Officer (DPO)
Data Processing Officer is the anonymous company legally represented as EYATH S.A., which is headquartered in Thessaloniki, 127 Egnatia Street, (Zip code 546 35), and it is legally represented by its C.E.O. Mr. N. Georgiadis, (tel: 2310 966600, website: www.eyath.gr). The company would like to inform you that, due to the company’s operations, the personal data processing is bound by the provisions of the Regulation(EU) 2016/679 and the Greek legislation to its customers.
Data Protection Officer (DPO) is Prof. I. Igglezakis with the following communication details: firstname.lastname@example.org, 127, Egnatia Street, Thessaloniki, 54635, 2310 966600 (option 4-1).
For any inquiries, clarifications or to exercise your rights, please contact the Data Protection Officer (DPO) by using the data above.
1. The type of data we collect
EYATH. SA collects and processes information which is personal data in accordance with Regulation 2016/679 (Article 4 No 1) only for the purpose of promoting its purposes and according to the legitimate basis where applicable and are implemented, as detailed below. The personal data we collect is: name, address, e-mail, mobile phone number, fixed telephone number, FAX, VAT number, Social Security number, VAT number, ID, Tax Office, Passport number, bank account number, signature, professional status, customer number- customer code, lease agreements, property titles, solemn declarations/ applications for affiliation, E1, E9, documents that by law and public contract declaration are required for the participation or the assignment and implementation of public contracts with EYATH, etc.
2. What is the legal basis for the processing
2.1. On what legal basis do we collect and process information about you?
The legal basis for the use of information about you is one of the following:
- The compliance of EYATH S.A. with a legal obligation to which we are bound (Article 6 paragraph 1c of the GDPR),
- Fulfillment of the duty performed to public interest (Article 6 paragraph 1e of the GDPR),
- The implementation of a contract (water supply / sewerage / under the Public Procurement Law) to which you are a contracting party or at your request to take action prior to the conclusion of a contract (Article 6 (1b) of the GDPR),
- The lawful interest of EYATH S.A. against which, the interests you have as the subject of the personal data for the protection of the information we process, are not overridden (Article 6 (1f) GDPR),
- Preserving your vital interest as a subject of the personal data we process (Article 6 (1d) GDPR) and
- If none of the above apply, your consent, which we will ask before processing the information and always taking into account the particular circumstances of each case (Article 6 (1a) GDPR).
2.2. Legitimate reasons for processing your personal information are:
- Provision of the services you assign to us and wish to receive from us by contract, which is Water Supply and Sewerage.
- Satisfaction of Requests: Interruption, Cancellation, Reconnection, Transfer of Water Supply and Sewerage, Customer Complaints Handling, Customer Requests Service, Water Checks.
- Issuing of Customer Invoices for Water Supply and Sewerage Services and disclosure to External Partner Service for Printing and Invoicing Services.
- Send the accounts to your email address.
- Water / sewage repair
- Run customer proceeds information on company information systems.
- Resolving company information systems problems
- Preserve and protect the lawful interests of yours as well as ours. So, we use:
- α) CCTV and security cameras in order to be able to protect the security of individuals, materials, facilities, in all our branches,
- β) Electronic tracking of the web site or mobile applications such as IP address.
- Compliance with an obligation imposed by law (special legislation).
- Establishment, exercise and support of the Company’s legal claims as a party (plaintiff / defendant) before a court or other competent authority.
3. Further Processing
In case of further processing your data, we will inform you and we will ask for your prior consent for this new processing if required.
4. Where, how and when we collect personal data
A) Data provided by you
We receive and store any information you provide to us in the course of your transaction with the company in any way and in particular by your physical presence at our offices, by telephone, by fax, and by e-mail. In addition, we collect the data you import using digital media (on the company’s website and applications), such as signing up, accessing your account or profile for bill payments, online updating your information, reporting network faults, submitting applications, etc.
B) Data collected by our company
We automatically collect and store information about you through the use of web technologies (such as cookies) and similar tracking technologies when receiving error reports or usage data from software applications on your devices online or through WIFI at the company’s offices in the following cases:
- When you use our website
- When you pay your bill through our website
- When you report damages through our website
- When set / update your information through our website
- When you request an electronic version of your account through our website
- When electronically submitting applications for water meter replacement
- When entering your water meter reading through our website
- When you contact us via the online contact form
- When complaining through our website
We collect and analyze device, connectivity, and configuration data, including the IP address used to connect your computer or device to the internet, computer and connection information such as browser type, version, time zone and other computer software installed on the device, browser plug-ins types and versions, operating system, payment history, the features you use, and the pages that you accessed and sites visited.
C) Data collected from third party sources
We collect information about you from third parties, such as suppliers of projects and services, and Electronic Social Security Governance (EDIKA).
5. Where do we transfer the data?
Banking Institutions, direct mail companies, call center service providers and customer information services for past-due payments, market research companies. Any competent supervisory, public, municipal or judicial authority.
In these cases EYATH SA is responsible for the processing of your personal data and specifies the details of the processing, signing a specific DPA with the third parties to whom it carries out processing activities in order to ensure that the processing is carried out in accordance with the applicable legal framework and that each individual may freely and without hindrance exercise the rights given by the legal framework.
In particular, personal data disclosed to third parties are: name, address, address of posting, ID, Passport Number, Tax Office, VAT number, bank account number, consumer number, fixed telephone number, mobile phone number and e-mail address to fulfill the purpose of the company (Water-Sewerage).
6. Storage Time
The time period for the storage of the data is determined on the basis of the following specific criteria, as appropriate: When processing is required as a requirement under provisions of the applicable legal framework, your personal data will be stored for as long as required by the relevant provisions.
When processing is done on a contractual basis, your personal data will be stored for as long as necessary for the performance of the contract and for the foundation, exercise, and / or support of legal claims under the contract.
To withdraw your consent, please contact the Data Protection Officer (DPO) of EYATH SA at the above contact details.
7. What are your rights with respect to your personal data
Any individual whose data is processed by EYATH SA enjoys the following rights:
A. Right of access:
You have the right to be aware of and verify the legitimacy of the processing. So, you have the right to access the data and get additional information about how to process it.
B. Right to rectification:
You have the right to study, correct, update or modify your personal data by contacting the Data Protection Officer (DPO) at the above contact details.
C. Right to Deletion:
You have the right to request a deletion of your personal data in any case but note that this right is subject to specific restrictions or does not exist as the case may be.
D. Right to limit processing:
You have the right to request a limitation on the processing of your personal data in the following cases: (a) when you dispute the accuracy of the personal data and until it is verified, (b) when you object to deleting personal information and requesting instead of deleting the limitation of their use, (c) when personal data are not needed for the purposes of processing, they are nevertheless indispensable for you, for the foundation, exercise, support of legal claims, and (d) when you object to the processing and until it is verified that there are legitimate reasons that concern us and overriding the reasons why you are opposed to processing.
E. Right to object to the process:
You have the right to object at any time to the processing of your personal data where, as described above, it is necessary for the purposes of legitimate interests we seek as processors, as well as for processing for direct marketing and consumer profile training.
F. Right to Mobility:
You have the right to receive your personal data free of charge in a format that allows you to access them, use them and edit them with commonly used editing methods. You also have the right to ask us, if technically possible, to pass the data directly to another person responsible for processing. Your right to do so is for the data you have provided to us and is processed by automated means based on your consent or implementation of a relevant contract.
G. Right to complain to the DPA
Furthermore, we inform you that you have the right to appeal to the Personal Data Protection Authority for issues concerning the processing of your personal data. For the Authority’s authority and how to file a complaint, you can visit website (www.dpa.gr → My Rights → Submit a Complaint) where detailed information is available.
EYATH S.A. applies the necessary technical and organizational measures to secure the processing of personal data and to prevent accidental loss or destruction and unauthorized and / or unauthorized access to, use, modification or disclosure thereof. In any case, the way the internet works and the fact that it is free to anyone can not guarantee that unauthorized third parties will never be able to violate the technical and organizational measures applied by gaining access to and possibly using personal data for unauthorized and / or unlawful purposes.
9. Changes to the data protection policy
We may review this data protection policy regularly in order to reflect changes in accordance with applicable laws or our Services. If we want to use your personal data in a way that we have not previously defined, we will contact you for information and, if necessary, request your consent. The revised data protection policy will enter into force on the date of publication / posting on the company’s website.