The company NEXI PAYMENTS GREECE SOCIETE ANONYME (“NEXI”) with registered office at Charilaou Trikoupi 15, 10678, Athens (hereinafter, "Company", "we" and "our"), as the data controller, undertakes to protect the user's privacy. This privacy policy ("Privacy Policy") applies only to the website www.nexi.gr (hereinafter referred to as the "Site").
Please read the Privacy Policy carefully before using the Site.
1. The Site
The main purpose of the Site is to present the services and products of the Company and provide users with detailed information on these services but also on the Annual Financial Statements of the Company .
This Privacy Policy describes how we collect, use and share the personal data we obtain as a result of use of the Site by users.
Since the Company reserves the right to add or remove functions from the Site at any time and to change the services and/or products offered, the Privacy Policy can be updated at any time by the Company with communication to users and visitors of the Site regarding any changes made.
Since the Site could allow access to websites owned and operated by the Company or by third parties, we specify that this Privacy Policy does not apply to such websites and that, in particular, the Company is not responsible for the protection of personal data processed by these third parties.
2. Data processed
Browsing data. The browsing data includes all data collected automatically through the Site and relate, for example, to the types of actions performed on the Site by users and how they use the Site. Furthermore, we can automatically record the IP address (meaning the univocal address that identifies the user's device on the internet), which is automatically identified by our server. Browsing data are used for the sole purpose of obtaining anonymous statistical information on the use of the Site and to check its correct functioning, and they are deleted immediately after they are processed. These data could also be used to establish responsibility in case of any computer-related crimes against the Site or to protect our rights. For further information on the use of cookies by this website, you may consult our Cookie Policy through the relevant link.
| Purpose | Legal basis |
|---|---|
| A. The Company processes the user's personal data to ensure that the Site is up-to-date and meets the needs of users, to analyze, review and improve the products or services offered on the Site, to provide users with a user-friendly browsing experience, to ensure compliance with the terms of use of the Site, the safety of the Site and of its users and for the protection of the rights and/or assets of the Company. The information used for this purpose will remain strictly anonymous and will not be used to identify any user nor will it be added to the personal data of users. | A. The Company processes the data for these purposes in order to pursue its legitimate interest of protecting its assets, its business and its rights. |
| B. The Company processes the user's personal data to fulfill obligations deriving from the law, regulations or EU legislation. | B. The Company processes the data for these purposes to fulfill a legal obligation. |
4. Nature of the processing of data
The processing of data for the purposes referred to in paragraph 3. A is automatic and implicit in Internet transmission protocols.
5. Recipients of the data
Affiliated companies, subsidiaries. Where it is necessary to pursue the purposes described in this Privacy Policy, the Company communicates the users’ personal data to its affiliated, subsidiary and parent companies, which may be also located outside the European Union.
Third-party service providers. We share the users’ personal data with third-party service providers who act as data processors in order to make the use of the Site possible and/or obtain services through the Site. By way of example, such third parties may include professionals, even in associated form, who provide technical, commercial or administrative consulting to the Company in relation to its business and purposes as described in this Privacy Policy, companies that deal with the management or maintenance of the IT infrastructure on which the Site is based, and agencies performing promotional and marketing services in the name and on behalf of the Company.
Third parties in compliance with a legal obligation or to protect the rights of the Company. The users’ personal data can be communicated to institutions, law enforcement agencies, judicial, administrative, or regulatory bodies, in the context of a legal or administrative procedure, or in order to fulfil a legal obligation or protect our rights, including in court of law.
6. Transfer abroad
To provide services to the users themselves and to pursue the other purposes listed in this Privacy Policy, the Company may need to transfer the users’ personal data abroad. Before proceeding with the transfer of data outside the European Union, it will adopt all the appropriate precautions, also of a contractual nature, provided for by the applicable privacy legislation in order to guarantee the protection, security and confidentiality of the personal data transferred (for example, the adoption of the Standard Contractual Clauses approved by the European Commission).
7. Data retention
We retain the users’ personal data only for the time strictly necessary to provide the services or to achieve the purposes for which the data were collected and in compliance with legal obligations. For example, we retain the personal data necessary for the exercise of our defense rights in the event of legal disputes such as personal data relating to a contract or the provision of a service, up to a maximum of 20 years from the termination of the supply of the service and/or supply of the product, according to the limitation period set out in the Greek Civil Code.
Without prejudice to the foregoing, we retain the personal data for purposes as per point 3.A for a period not exceeding 12 months from their collection.
After this period, the data are deleted or rendered anonymous.
8. Data security
The Company undertakes to protect the security of the users’ personal data and complies with the security provisions of the applicable law in order to avoid any loss, illegitimate or illegal use of the data and unauthorized access to the same. In addition, information systems and computer programs are configured in such a way as to minimize the use of personal and identifying data, which are used only when necessary for the specific purposes from time to time pursued as indicated in this policy. The Company uses multiple advanced security technologies and procedures to promote the protection of the users' personal data. For example, personal data are stored on secure servers located in places with controlled access. Users can help the Company to update and maintain their personal data by communicating any changes, such as for instance their e-mail address.
9. Privacy rights
The user has the right to access, rectify or delete the data stored by the Company that concerns him or her, as well as the right to object to, or limit, certain types of processing (including the right to revoke consent to the processing previously granted), as well as to be sent the personal data concerning him or her in a structured, commonly used format readable using an automatic device (right to data portability). Finally, the user has the right to lodge a complaint with a competent Supervisory Authority. The exercise of the above rights does not have costs but should we deem the exercise of privacy rights by the user manifestly unfounded or excessive, we reserve the right to charge the requesting user a reasonable contribution for expenses relating to his/her request. To exercise your privacy rights, as well as to request any information or clarification regarding this Privacy Policy, you can contact the Company at the following email address: npgr.dpo@nexigroup.com.