General Data Protection Regulation (GDPR)

ATHEXGROUP PRIVACY STATEMENT FOR WEBSITE USERS

This notice concerns the processing of your personal data carried out by the Companies of Athens Stock Exchange Group, "HELLENIC EXCHANGES ? ATHENS STOCK EXCHANGE S.A." ("ATHEX"), "HELLENIC CENTRAL SECURITIES DEPOSITORY S.A." ("ATHEXCSD"), "ATHENS EXCHANGE CLEARING HOUSE S.A." ("ATHEXCLEAR"), collectively referred to as "Group" or the "Companies", in the context of your status as a user of the Group website.

In particular, through the website https://www.athexgroup.gr/ of the Group ("Website") you may be informed about the services, products and activities of the Companies of the Group, register for training seminars, submit questions and contact us, if you wish.

Please read this notice in order to be informed in detail about the terms of processing your data.

1. Data Controller

The Companies act as independent data controllers, pursuant to General Data Protection Regulation (EE) 2016/679 ("GDPR") and national law 4624/2019, for the processing of your personal data, which is carried out when you use the Website. The registered seat of the Companies is in Athens, at 110 Athinon Ave., postal code 104 42, contact telephone number: +30 210 33 66 800 e-mail: protocol@athexgroup.gr.

2. Collection of personal data

When you use the Website, the Companies process solely the personal data that you provide either within the context of your communication with the Companies of the Group when you submit a request or question regarding the Companies' services or when you wish to be assisted either within the context of submitting an application form in order to participate in training seminars or if you declare that you wish to receive press releases and other updates from the Group.

At the same time, the Group processes your data through the cookies installed on the Website. For more information regarding the use of cookies, read the Cookies Policy.

Within the context of the Website's operation, the Companies do not collect special categories of personal data (racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, health data or data concerning the sexual life of a natural person or sexual orientation). The Companies therefore urge you not to send such data when communicating with the Group and in case you do so, the Companies of the Group inform you that they will immediately proceed to their deletion.

3. Purpose of the processing

The Companies of the Group process your personal data exclusively for the following purposes:

to communicate with you in case you send a message or wish to apply for the use of the Group's services by sending an e-mail to the e-mail addresses listed on the Website or
to manage your request to participate in training seminars; or
to send information and press releases regarding the services provided, actions, educational activities and certifications of the Group,
to ensure the best operation of the Website and the improvement of your navigation, with the use of cookies. Learn more about our Cookies Policy here.

Your data is processed exclusively for the aforementioned purposes or, where applicable, for legislative/regulatory compliance purposes or for the defense of legal claims.

The processing of your personal data is carried out with respect to the basic principles of personal data protection imposed by the General Data Protection Regulation, namely, lawfulness, fairness and transparency, purpose limitation, data minimisation, accuracy, storage limitation, integrity and confidentiality, and finally accountability.

4. Legal basis for the processing of personal data

With regard to your personal data received by the Companies of the Group, in case you wish to contact us, the processing carried out is necessary for the purpose of safeguarding the legitimate interests of the Group, and in particular maintaining the necessary channels of communication with existing and potential customers, members and in general with any interested party, as well as for the purpose of informing the public for the services and actions of the Group's Companies.

Regarding your personal data received by the Companies of the Group, in case you wish to send by e-mail any relevant request for the use of their services, based on the request forms that you can find on our Website, the processing that takes place is necessary for the performance of a contract between the Companies of the Group regarding the services they provide to their members and customers.

With regard to your personal data that the Companies process upon completion of the online form for participation in training seminars, the legal basis for the processing is that it is necessary in order for the Group to take steps at your request prior to entering into a contract.

The personal data you provide us with by subscribing to the list of recipients of our press releases and general updates, are processed on the basis of your explicit consent, which is given to the Companies of the Group for the aforementioned purpose through a relevant checkbox before completing your subscription, which you can withdraw at any time either through a relevant option that will be given to you each time you receive one of our newsletters or by contacting the Group's Data Protection Officer at dataprotectionofficer@athexgroup.gr.

Finally, regarding the personal data we receive through the cookies installed on our Website, the processing is based on the provision of your explicit consent in case you do not solely use the cookies which are technically necessary for the operation of the Website.

5. Who has access to your personal data

Access to your personal data is granted exclusively to the necessary, in each case, personnel of the Group, who have been duly informed about the secure processing of your personal data.

In addition, your data may be received by associated natural and legal persons offering their services to the Companies of the Group, such as providers of technological and information security services and providers of educational services. These persons, acting as processors of personal data, have been informed and have committed in advance to respecting the confidentiality of your data, are aware of and follow the Group's instructions regarding the processing of personal data and take all appropriate measures for the protection of the aforementioned.

Official governmental and supervisory bodies (e.g. law enforcement and prosecution authorities, supervisory authorities, etc.) may also have access to your personal data when the Group is required to comply with the law, when the transfer is deemed necessary for important public interest reasons, and for the establishment, exercise or defense of legal claims.

6. Transfer of personal data outside the EEA

Your personal data, which are collected for the aforementioned purposes are not transferred to third countries (outside the European Economic Area).

If a transfer to a third country or an international organisation is required in the future, it will be carried out under the conditions of legal and secure transfer provided for by Regulation 2016/679 (Chapter V thereof) and national legislation.

7. Automated decision-making/ profiling

Within the context of the use of the Website, profiling and automated decision-making is not carried out.

8. Data retention period

Your personal data are only retained for the reasonable period of time, which is necessary due to the nature of the processing, for the fulfillment of the Group's legal obligations and for the defense of legal claims.

The personal data that the Group processes for the management of your applications for participation in training seminars are retained for a period of 6 months from the completion of the seminar.

The personal data that the Group processes within the context of sending you press releases and updates are retained for as long as you have not withdrawn your consent.

The personal data collected through cookies are retained in accordance with the Cookies Policy.

9. Interaction with third party websites

Any interconnection of the Website with other third party websites through special links, hyperlinks, banners, etc. does not imply that the Group assumes any responsibility for the content of this website, the quality and completeness of any products or services presented on this website or the policy followed on this website regarding the protection and processing of personal data. The natural person should ensure that he or she is informed about the protection and processing of his or her data by the aforementioned websites and that he or she has read their respective personal data policies.

10. Security of personal data

The Companies implement an information security management system, in order to ensure secrecy, security of data processing and protection of personal data from any accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access, as well as from all inappropriate forms of processing. The Companies have implemented all appropriate organizational and technical measures in order to safeguard the processing of data against any form of accidental or unlawful processing. In this respect, the authorised personnel of the Companies that processes your personal data, has received the appropriate training and guidance. The measures taken by the Companies are reviewed and amended regularly or when deemed necessary based on new needs and technological developments.

11. Your rights

In accordance with the provisions of Regulation (EU) 2016/679 (GDPR), as a data subject, you have the following rights, which may be exercised as appropriate:

Right to access your personal data.
Right to correct and/or update your data.
Right to deletion / right to be forgotten.
Right to restrict processing.
Right to data portability.
Right to object to the processing of your personal data.
Right to withdraw your consent.

12. Exercise of rights

If you wish to receive further information about the processing of your personal data or exercise any of your rights, you can contact the Companies either in writing at: Athens Stock Exchange Group, 110 Athinon Ave., 104 42 Athens, for the attention of: Data Protection Officer (DPO), or by e-mail addressed to the Data Protection Officer (DPO) of the Group at: dataprotectionofficer@athexgroup.gr.The Companies shall reply to your request within one (1) month of its receipt and at no cost to you. This time limit may be extended for a period of two (2) more months, due to the complexity or number of requests. In this case, you will be notified regarding the extension and the reasons for it at the earliest and no later than one month after receiving the request.

13. Right to lodge a complaint

If you believe that any request submitted by you has not been adequately and legally satisfied, or your right to personal data protection is being breached by any processing that is carried out by the Companies, you have the right to lodge a complaint with the Hellenic Data Protection Authority (postal address: 1-3 Kifissias Ave., 115 23, Athens, https://www.dpa.gr/, tel. 210 6475600, e-mail: contact@dpa.gr).

Search

Toolbox

New Listings Prospectuses

Laws and Regulations

Market

Composite index

Calendar

FinancialCalendarPortlet

Asset Publisher

Cookies Policy

We use necessary cookies so that our website operates properly (allowing key features such as security, network management and accessibility) and optional statistics cookies (Google Analytics to help us improve our website by collecting and reporting information about how you use it). For more information about the cookies we use, you can refer to our cookies policy. If you want to continue only with the necessary cookies, select "Reject", otherwise if you want to accept the statistics cookies select "Accept".

athexgroup.gr