Legal notice

Privacy policy



NEXI PAYMENTS HELLAS S.A. (“NEXI”), headquartered at 15 Charilaou Trikoupi Street, 10678, Athens, Attica (hereinafter referred to as the “Company”, “we”, or “us”), as data controller, is committed to protecting the user’s privacy. This Privacy Policy (“Privacy Policy”) applies solely to the website www.nexi.gr (hereinafter the “Website”).
Please read this Privacy Policy before using the Website.

1. The Website

The primary purpose of the Website is to present the Company’s services and products and to provide users with detailed information about them, as well as about the Company’s annual financial statements.
This Privacy Policy describes how we collect, use, and disclose personal data obtained in connection with users’ use of the Website.
Since the Company reserves the right to add or remove functionalities from the Website at any time and to modify the services and/or products offered, this Privacy Policy may be updated at any time by the Company, through a relevant notice to users and visitors of the Website regarding the changes made.
As the Website may provide access to websites owned and operated by the Company as well as third parties, we clarify that this Privacy Policy does not apply to such third-party websites and, in particular, that the Company is not responsible for the protection of personal data by third parties.

2. Data Processed

Browsing Data
Browsing data includes all information automatically collected through the Website concerning, for example, the actions performed on the Website by users and how they use the Website. Furthermore, we may automatically record the IP address (i.e., the unique address identifying the user’s device on the internet) which is automatically recognized by our server.
Browsing data is used exclusively for the purpose of obtaining anonymous statistical information about the use of the Website and for verifying its proper functioning and is deleted immediately after processing. Such data may also be used to establish liability in the event of cybercrimes against the Website or to protect our rights.

For more information on the use of cookies on this Website, you can refer to the detailed Cookie Policy notice available via the relevant link.

3. Purpose and legal basis of the processing

Purpose Legal basis
A. The Company processes the user's personal data to ensure that the Site is up-to-date and meets the needs of users, to analyze, review and improve the products or services offered on the Site, to provide users with a user-friendly browsing experience, to ensure compliance with the terms of use of the Site, the safety of the Site and of its users and for the protection of the rights and/or assets of the Company. The information used for this purpose will remain strictly anonymous and will not be used to identify any user nor will it be added to the personal data of users. A. The Company processes the data for these purposes in order to pursue its legitimate interest of protecting its assets, its business and its rights.
B. The Company processes the user's personal data to fulfill obligations deriving from the law, regulations or EU legislation. B. The Company processes the data for these purposes to fulfill a legal obligation.


4. Nature of the processing of data

The processing of data for the purposes referred to in paragraph 3. A is automatic and implicit in Internet transmission protocols.

5. Recipients of the data

Affiliated companies, subsidiaries.  Where it is necessary to pursue the purposes described in this Privacy Policy, the Company communicates the users’ personal data to its affiliated, subsidiary and parent companies, which may be also located outside the European Union.

Third-party service providers. We share the users’ personal data with third-party service providers who act as data processors in order to make the use of the Site possible and/or obtain services through the Site. By way of example, such third parties may include professionals, even in associated form, who provide technical, commercial or administrative consulting to the Company in relation to its business and purposes as described in this Privacy Policy, companies that deal with the management or maintenance of the IT infrastructure on which the Site is based, and agencies performing promotional and marketing services in the name and on behalf of the Company.

Third parties in compliance with a legal obligation or to protect the rights of the Company. The users’ personal data can be communicated to institutions, law enforcement agencies, judicial, administrative, or regulatory bodies, in the context of a legal or administrative procedure, or in order to fulfil a legal obligation or protect our rights, including in court of law.

6. Transfer abroad

To provide services to the users themselves and to pursue the other purposes listed in this Privacy Policy, the Company may need to transfer the users’ personal data abroad. Before proceeding with the transfer of data outside the European Union, it will adopt all the appropriate precautions, also of a contractual nature, provided for by the applicable privacy legislation in order to guarantee the protection, security and confidentiality of the personal data transferred (for example, the adoption of the Standard Contractual Clauses approved by the European Commission).

7. Data retention

We retain the users’ personal data only for the time strictly necessary to provide the services or to achieve the purposes for which the data were collected and in compliance with legal obligations. For example, we retain the personal data necessary for the exercise of our defense rights in the event of legal disputes such as personal data relating to a contract or the provision of a service, up to a maximum of 20 years from the termination of the supply of the service and/or supply of the product, according to the limitation period set out in the Greek Civil Code.

Without prejudice to the foregoing, we retain the personal data for purposes as per point 3.A for a period not exceeding 12 months from their collection. 
After this period, the data are deleted or rendered anonymous.

8. Data security

The Company undertakes to protect the security of the users’ personal data and complies with the security provisions of the applicable law in order to avoid any loss, illegitimate or illegal use of the data and unauthorized access to the same. In addition, information systems and computer programs are configured in such a way as to minimize the use of personal and identifying data, which are used only when necessary for the specific purposes from time to time pursued as indicated in this policy. The Company uses multiple advanced security technologies and procedures to promote the protection of the users' personal data. For example, personal data are stored on secure servers located in places with controlled access. Users can help the Company to update and maintain their personal data by communicating any changes, such as for instance their e-mail address.

9. Privacy rights

The user has the right to access, rectify or delete the data stored by the Company that concerns him or her, as well as the right to object to, or limit, certain types of processing (including the right to revoke consent to the processing previously granted), as well as to be sent the personal data concerning him or her in a structured, commonly used format readable using an automatic device (right to data portability). Finally, the user has the right to lodge a complaint with a competent Supervisory Authority. The exercise of the above rights does not have costs but should we deem the exercise of privacy rights by the user manifestly unfounded or excessive, we reserve the right to charge the requesting user a reasonable contribution for expenses relating to his/her request. To exercise your privacy rights, as well as to request any information or clarification regarding this Privacy Policy, you can contact the Company at the following email address: npgr.dpo@nexigroup.com.

 


Nexi Greece Processing Services Sole Proprietorship ("NEXI"), based in the Municipality of Dionysos, at the 23rd km Athens-Lamia National Road, Agios Stefanos, 14565 Attica, Greece (hereinafter, the "Company", "we", and "us"), as a data controller, is committed to protecting the user's privacy. This Privacy Policy applies exclusively to www.nexi.gr website (hereinafter referred to as the "Website").  Please read the Privacy Policy carefully before using the Website.

1. The Website

The main purpose of the Website is to present the Company's services and products and to provide users with detailed information about them but also about the Company's annual financial statements.  This Privacy Policy describes how we collect, use, and share the personal data we receive as part of users' use of the Website.

Since the Company reserves the right to add or remove functions from the Website at any time and to modify the services and/or products offered, this Privacy Policy may be updated at any time by the Company, by informing users and visitors of the Website about the changes made.

Since the Website allows access to websites owned and operated by the Company and third parties, we clarify that this Privacy Policy does not apply to such third-party websites and that, in particular, the Company is not responsible for the protection of personal data on the part of third parties.

2. Data processed

Usage browsing data. Browsing data includes all data collected automatically through the Website and concerns, for example, all kinds of actions performed on the Website by users and how they use the Website (e.g. pages you visit, type of browsing, date and time of visit, etc.). Further, we may automatically record the IP address (i.e. the unambiguous address that identifies the user's device online) which is automatically identified by our server. Browsing data is used for the sole purpose of obtaining anonymous statistical data on the use of the Website and checking its proper functioning and is deleted immediately after it is processed.  This data may also be used to establish liability in the event of cybercrimes against the Website or to protect our rights. For more information on the use of cookies on this Website you can refer to the detailed information note on the Cookie Policy via the relevant link.

Data you provide to us (e.g. when you create an account with us, submit information through forms on our Website or app, use our services or applications, state your preferences for receiving information in general and marketing information in print and electronic form (such as mail, email, viber and SMS, etc.), participate in surveys;  questionnaires and other market research activities and contact us). As well as your contact details (e.g. postal address, telephone number, e-mail address).

Identifying data and information, including financial information, data we collect during the remote identification process or as part of due diligence and anti-money laundering procedures (such as name, copies of identification, tax identification number, proof of address, business documents and information, biometric data contained in or extracted from video or image).

Data from third parties. In some cases your data is provided to us from other sources, for example:

·         from our apps, when you use them;

·         from social media, when you are logged in as a user;

·         from banking institutions, where your account is linked to the account you have created with us;

·         by our affiliates or our selected business partners in relation to business opportunities;

·         from search engines;

·         by information providers to ensure the legality and accuracy of the respective data, such as credit rating information providers, government agencies, registries or other public sources such as the General Secretariat of the General Registry of Commercial Enterprises (GEMI), e-Gov, AADE, TIRESIAS, etc., in relation to the control procedures we apply.

3. Purpose and legal basis of the processing

Purpose Legal basis
A. The Company processes the user's personal data to ensure that the Website is up-to-date and meets the needs of users, to analyze, review and improve the products or services offered on the Website, to provide a user-friendly browsing experience, to ensure compliance with the terms of use of the Website; the security of the Website and users and to ensure the protection of the Company's rights and/or property. The information used for this purpose remains strictly anonymous and will not be used to identify users nor will it be incorporated into users' personal data. A. The Company processes the data for these purposes in order to pursue its legitimate interests for the protection of its assets, its business and its rights.
B. The Company processes the user's personal data in order to fulfill the obligations arising from EU laws, regulations or legislation. B. The Company processes the data for these purposes, for the fulfillment of a legal obligation.
C. The collection and processing of the user's personal data, which are necessary for the provision of the Company's services and products. C. The processing is necessary for the performance of a contract to which the data subject is a party or for taking measures at the request of the data subject prior to the conclusion of a contract.
D. The Company processes the data for the purposes of commercial communication, promotion of products/services or sending newsletters, through electronic or other means of communication. D. The processing is carried out on the basis of the consent of the data subject. The user reserves the right to withdraw his/her consent at any time, without affecting the lawfulness of the processing based on the consent prior to its withdrawal.

4. Nature of the data processing

The processing of data for the purposes referred to in paragraph 3.A is automatic and inherent in online transmission protocols.

5. Recipients of the data

Affiliates, subsidiaries, companies of the Nexi Group: In case it is necessary to pursue the purposes described in this Privacy Policy, the Company shares the personal data of users with its affiliates, subsidiaries and parent companies, which may also be located outside the European Union.

Third-party service providers: We share users' personal data with third-party service providers acting as processors in order to enable them to use the Website and/or receive services through the Website. For example, such third parties may include professionals, even in the form of an association, who provide technical, commercial or administrative consulting services to the Company in connection with its business and the purposes described in this Privacy Policy, companies that have undertaken the management or maintenance of the IT infrastructure on which the Website is based;  card schemes and organizations that provide promotional and marketing services in the name and on behalf of the Company; these providers process the data on contractual terms that ensure their protection.

Law enforcement agencies or judicial bodies: Third parties for the purpose of complying with a legal obligation or for the purpose of protecting the rights of the Company. Users' personal data may be shared with bodies, law enforcement agencies, judicial, administrative or regulatory bodies, in judicial or administrative proceedings, or in order to comply with a legal obligation or to protect our rights, including before a court.


6. Transfer abroad

In order to provide services to the users themselves and to pursue other purposes described in this Privacy Policy, the Company may need to transfer users' personal data abroad. Before proceeding with the transfer of data outside the European Union, it will take all appropriate precautions, including those of a contractual nature, provided for by the applicable data protection legislation; in order to guarantee the protection, security and confidentiality of the personal data transferred (for example, the adoption of the Standard Contractual Clauses provided for by the European Commission).

7. Data retention

We retain users' personal data only for as long as it is strictly necessary to provide the services or to achieve the purposes for which the data was collected and in accordance with legal obligations. For example, we retain the personal data necessary for the exercise of the rights of defence in the event of legal disputes and claims, such as personal data related to a contract or the provision of a service, for a maximum period of 20 years from the end of the provision of the service and/or the supply of the product, in accordance with the limitation period provided for in the Greek Civil Code.

Without prejudice to the foregoing, we retain users' personal data collected in accordance with this Privacy Policy for the purposes set out in paragraph 3.A for a period not exceeding 12 months from its collection. After this period, the data will either be deleted or anonymized.

8. Data security

The Company undertakes the protection of the security of personal data and complies with the security provisions of the applicable legislation in order to avoid any losses, unfair or illegal use of the data and unauthorized access to them. In addition, computer systems and programs are designed in such a way as to minimize the use of personal and identifiable data, which are used only when necessary for the specific purposes pursued from time to time in accordance with this policy.

The Company uses multiple advanced security technologies and procedures to enhance the protection of users' personal data. For example, personal data is stored on secure servers located in controlled access areas. Users can assist the Company in updating and maintaining personal data by notifying any changes, such as changing their email address.

9. Privacy rights

Users of the Website have the following rights regarding their personal data:

·         Right of Access: Right to know what personal data is held by the Company and for what purpose.

·         Right to Rectification: The right to request the correction of inaccurate or incomplete personal data.

·         Right to Erasure: The right to request the erasure of their personal data, when it is no longer necessary for the purposes for which it was collected.

·         Right to Restriction of Processing: The right to request restriction of the processing of their personal data.

·         Right to Data Portability: The right to request the transfer of their personal data to another entity, under certain conditions.

The Company will respond to users' requests within the legal deadlines and in accordance with the applicable legislation on the protection of personal data. There is no cost to exercise the above rights but in the event that we deem that the user's exercise of privacy rights is unfounded or abusive, we reserve the right to charge the requesting user a reasonable contribution to cover the costs associated with their request.

To exercise your privacy rights, as well as to request any information or clarifications regarding this Privacy Policy, you may contact the Company and the Data Protection Officer at the following email address privacy.gr@nexigroup.com.

10. Communication with the Authority

If you consider that the Company has not adequately responded to the exercise of your rights, you have the right to contact the competent supervisory authority for the protection of personal data. Specifically, you can visit the Authority's website at https://www.dpa.gr or contact directly:

Address: 1-3 Kifisias Avenue, 115 23, Athens

Phone: +30-210 6475600

Email: complaints@dpa.gr

11. Privacy Policy Amendments

Amendments to the Privacy Policy will be effective from the moment they are published on the Website. Your continued use of the Website after the posting of any modification is considered as acceptance of such modifications.

We encourage you to read this Policy periodically in order to be aware of how your Data is protected.