The Companies act as independent data controllers, pursuant to General Data Protection Regulation (EE) 2016/679 (“GDPR”) and national law 4624/2019, for the processing of your personal data, which is carried out when you use the Website. The registered seat of the Companies is in Athens, at 110 Athinon Ave., postal code 104 42, contact telephone number: +30 210 33 66 800 e-mail: protocol@athexgroup.gr.
 

When you use the Website,  the Companies process solely the personal data that you provide either within the context of your communication with the Companies of the Group when you submit a request or question regarding the Companies’ services or when you wish to be assisted either within the context of submitting an application form in order to participate in training seminars/ preparatory seminars held in order to obtain certification or if you declare that you wish to receive press releases and other updates from the Group. 

At the same time, the Group processes your data through the cookies installed on the Website. For more information regarding the use of cookies, read the Cookies Policy.  

Moreover, if you wish to schedule an educational visit to the Group's premises, we collect personal data included in the respective contact form (name, surname, email, job title, company/organization).

In addition, the Group processes personal data, which are necessary for your access to a locked area of the Group's website where members and suppliers have access in order to obtain more complete information.  
 

Within the context of the Website’s operation, the Companies do not collect special categories of personal data (racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, health data or data concerning the sexual life of a natural person or sexual orientation). The Companies therefore urge you not to send such data when communicating with the Group and in case you do so, the Companies of the Group inform you that they will immediately proceed to their deletion. 

The Companies of the Group process your personal data exclusively for the following purposes:

• to communicate with you in case you send a message or wish to apply for the use of the Group’s services by sending an e-mail to the e-mail addresses listed on the Website or
• to manage your request to participate in training seminars; or preparatory seminars held in the context of certifications
• to send information and press releases regarding the services provided, actions, educational activities and certifications of the Group,
• to ensure the best operation of the Website and the improvement of your navigation, with the use of cookies. Learn more about our Cookies Policy here
• for the planning and organisation of educational visits to the Group's premises
• to provide access to the locked area of the Group's website for members and suppliers and to manage your access.
   

Your data is processed exclusively for the aforementioned purposes or, where applicable, for legislative/regulatory compliance purposes or for the defense of legal claims.

The processing of your personal data is carried out with respect to the basic principles of personal data protection imposed by the General Data Protection Regulation, namely, lawfulness, fairness and transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity and confidentiality, and finally accountability. 

With regard to your personal data received by the Companies of the Group, in case you wish to contact us, the processing carried out is necessary for the purpose of safeguarding the legitimate interests of the Group, and in particular maintaining the necessary channels of communication with existing and potential customers, members and in general with any interested party, as well as for the purpose of informing the public for the services and actions of the Group's Companies.

Regarding your personal data received by the Companies of the Group, in case you wish to send by e-mail any relevant request for the use of their services, based on the request forms that you can find on our Website, the processing that takes place is necessary for the performance of a contract between the Companies of the Group regarding the services they provide to their members and customers.

With regard to your personal data that the Companies process upon completion of the online form for participation in training seminars, the legal basis for the processing is that it is necessary in order for the Group to take steps at your request prior to entering into a contract.

The personal data you provide us with by subscribing to the list of recipients of our press releases and general updates, are processed on the basis of your explicit consent, which is given to the Companies of the Group for the aforementioned purpose through a relevant checkbox before completing your subscription, which you can withdraw at any time either through a relevant option that will be given to you each time you receive one of our newsletters or by contacting the Group's Data Protection Officer at dataprotectionofficer@athexgroup.gr. 

With regard to personal data collected in the context of educational visits to the Group's premises, their processing is carried out in the legitimate interest of the Companies for the planning of visits and the uninterrupted operation of the Group.
 

As regards the personal data collected for the purpose of obtaining access to a special locked area of the Website for members and suppliers, when the processing is carried out in the context of a cooperation-service agreement that you have concluded with the Companies, the legal basis is the fact that the processing of your data is necessary for the performance of the cooperation agreement between us. If you are an employee of a legal entity with whom the Companies have entered into a cooperation agreement, under which you have gained access to the locked area of the website, the Companies process your data in order to ensure the successful, timely and efficient performance of the contract between the Companies and your employer. The legal basis for such processing is the legitimate interest of the Companies, which consists in particular in the performance of the contract they have concluded with your employer (Art. 6(1)(f) GDPR).
 

Finally, regarding the personal data we receive through the cookies installed on our Website, the processing is based on the provision of your explicit consent in case you do not solely use the cookies which are technically necessary for the operation of the Website.

Access to your personal data is granted exclusively to the necessary, in each case, personnel of the Group, who have been duly informed about the secure processing of your personal data.

In addition, your data may be received by associated natural and legal persons offering their services to the Companies of the Group, such as providers of technological and information security services and providers of educational services. These persons, acting as processors of personal data, have been informed and have committed in advance to respecting the confidentiality of your data, are aware of and follow the Group’s instructions regarding the processing of personal data and take all appropriate measures for the protection of the aforementioned. 

Official governmental and supervisory bodies (e.g. law enforcement and prosecution authorities, supervisory authorities, etc.) may also have access to your personal data when the Group is required to comply with the law, when the transfer is deemed necessary for important public interest reasons, and for the establishment, exercise or defense of legal claims.

Your personal data, which are collected for the aforementioned purposes are not transferred to third countries (outside the European Economic Area). 

If a transfer to a third country or an international organization is required in the future, it will be carried out under the conditions of legal and secure transfer provided for by Regulation 2016/679 (Chapter V thereof) and national legislation.

Within the context of the use of the Website, profiling and automated decision-making is not carried out. 

Your personal data are only retained for the reasonable period of time, which is necessary due to the nature of the processing, for the fulfillment of the Group’s legal obligations and for the defense of legal claims. 
The personal data that the Group processes for the management of your applications for participation in training seminars are retained for a period of 6 months from the completion of the seminar. 
The personal data that the Group processes within the context of sending you press releases and updates are retained for as long as you have not withdrawn your consent. 

The personal data collected through cookies are retained in accordance with the Cookies Policy.  
Interaction with third party websites.

Any interconnection of the Website with other third party websites through special links, hyperlinks, banners, etc. does not imply that the Group assumes any responsibility for the content of this website, the quality and completeness of any products or services presented on this website or the policy followed on this website regarding the protection and processing of personal data. The natural person should ensure that he or she is informed about the protection and processing of his or her data by the aforementioned websites and that he or she has read their respective personal data policies.

The Companies implement an information security management system, in order to ensure secrecy, security of data processing and protection of personal data from any accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access, as well as from all inappropriate forms of processing. The Companies have implemented all appropriate organizational and technical measures in order to safeguard the processing of data against any form of accidental or unlawful processing. In this respect, the authorized personnel of the Companies that processes your personal data, has received the appropriate training and guidance.  The measures taken by the Companies are reviewed and amended regularly or when deemed necessary based on new needs and technological developments.

In accordance with the provisions of Regulation (EU) 2016/679 (GDPR), as a data subject, you have the following rights, which may be exercised as appropriate:

• Right to access your personal data.
• Right to correct and/or update your data.
• Right to deletion / right to be forgotten.
• Right to restrict processing.
• Right to data portability.
• Right to object to the processing of your personal data.
• Right to withdraw your consent. 

If you wish to receive further information about the processing of your personal data or exercise any of your rights, you can contact the Companies either in writing at: Athens Stock Exchange Group, 110 Athinon Ave., 104 42 Athens, for the attention of: Data Protection Officer (DPO), or by e-mail addressed to the Data Protection Officer (DPO) of the Group at: dataprotectionofficer@athexgroup.gr.The Companies shall reply to your request within one (1) month of its receipt and at no cost to you. This time limit may be extended for a period of two (2) more months, due to the complexity or number of requests.  In this case, you will be notified regarding the extension and the reasons for it at the earliest and no later than one month after receiving the request.   

If you believe that any request submitted by you has not been adequately and legally satisfied, or your right to personal data protection is being breached by any processing that is carried out by the Companies, you have the right to lodge a complaint with the Hellenic Data Protection Authority (postal address: 1-3 Kifissias Ave., 115 23, Athens, https://www.dpa.gr/, tel. 210 6475600, e-mail: contact@dpa.gr).