Privacy Policy

Personal Data Processing Notice for Visitors/ Users of the Website

This information applies specifically to the processing of personal data of visitors / users of the website www.ziraatbank.com.gr. The general information on the processing of personal data of debtors, natural persons transacting with T.C. ZIRAAT BANKASI A.S. – ATHENS CENTRAL BRANCH (the “Bank”) is provided here: https://www.ziraatbank.com.gr/el/privacy-notice.

Data Controller
Data Controller is T.C. ZIRAAT BANKASI A.S. – ATHENS CENTRAL BRANCH, with registered offices in 2, Ermou Str. P.C. 105 63, Athens, Greece and GEMI no. 123207101001, Tel.: +30    210 3223038

Contacting the Data Protection Officer
You may contact the Data Protection Officer for any matter regarding the processing of your personal data, in writing at the address 2, Ermou Str. P.C. 105 63, Athens, Greece or by sending an email at  grdataprotection@ziraatbank.gr.

What personal data the Bank processes and from which sources
the personal data that the Bank collects and processes may indicatively be the following and not all of them necessarily concern you: 
•    Personal data collected directly from you, when you fill in and submit the e-forms available on our Website (communication and request forms, etc.). 
Indicatively, such data may include: full name, father’s name, fix or mobile phone number, postal address, e-mail address, information of your relationship with/products held by the Bank, status (natural or legal person), and generally data you fill in the free text fields. With regard to the free text fields in particular, we would like to urge you to avoid writing and revealing personal data that fall within the special data categories, such as data concerning your racial or ethnic origin, political opinions, religious or philosophical beliefs, data concerning your physical or mental health, biometric or genetic data, data relating to your sex life or sexual orientation, etc. You shall be held solely liable for any damage caused to the Bank or any third party as a result of the wrong, inaccurate or insufficient data/information provided via the Website forms. The provision of these data is necessary for addressing your enquiry.

  • Personal data collected directly from you, when you submit an application for employment in the Bank in case we have issued a relevant announcement on the Website or on collaborating platforms of our partners or affiliates.

Indicatively, such data may include: identification data, contact data, data related to your education and skills, your work experience, etc. The provision of these data is necessary in order to assess your employment application at the Bank. You shall be informed by the Bank for the progress of your employment application.

  • Personal data collected automatically through our Website. When you visit and/or browse our Website or when you submit an electronic request, complaint or application, personal data may be automatically collected. 

Indicatively, such data may include: your URL address, date and time of your visit to our Website, information concerning your device and browser you use to access our Website, the IP address of your computer, information about software programs installed on your computer, basic connection information with the web server and data collected through the use of cookies and other technological media, such as web beacons and social plug ins.

For further information regarding the use of cookies, you may read our Cookies Policy at the following link: https://www.ziraatbank.com.gr/en/cookies-policy.

The collection of personal data from you, as described above, includes the data collection from a third natural or legal person acting on your behalf. Moreover, in case you provide us with personal data of third parties, you must have in advance properly informed them (indicatively by referring them to this Information) and have obtained their relevant consent, where necessary.

Why the Bank collects your personal data and for which processing purposes
The Bank, collects and processes your personal data for the following purposes:
Α. In relation to your contractual relationship with us:

     1.  For your identification in order to contact you.
     2.  To handle a complaint, you may submit in relation to your account/product.
     3.  To handle a request you may submit.
     4.  To assess your employment application at the Bank.

Β. To respond to your enquiry or as per your consent
Such processing is being carried out for the purposes mentioned below:

     1.  To communicate with you if you have electronically filled in the forms available on the Website (contact forms etc.).
     2.  To assess your employment application at the Bank.
     3.  To improve the services provided through our Website, in order to meet your personal needs and choices.
     4.  To understand how you use and interact with the content of our Website through the use of cookies.

*Necessary processing and optional processing 
The forms to be completed on this website require you to confer personal data which are strictly necessary to handle your communications and requests. Such fields are marked with an asterisk [*]. If you do not wish to confer them, we will not be able to handle your communication/request. Conversely, forms may also provide the possibility to confer personal data which are not strictly necessary to handle your requests: providing such data is optional - failure to do so has no consequence.

C. For the compliance of the Bank with its legal obligations
The Bank may process your data for purposes relating to its compliance with the obligations imposed by the relevant legal, regulatory and supervisory framework, as well as with the decisions of any authorities (public, supervisory, prosecutorial etc.) or courts.
D. For the purpose of the legitimate interests pursued by the Bank
This processing is subject to the condition that the legitimate interests of the Bank do not override the fundamental rights and freedoms of the visitors of our Website which require protection of personal data, and is being carried out, inter alia, for the following purposes:

     1.  The proper and more efficient operation and management of our Website.
     2.  The investigation and resolution of technical issues connected to the provision of our services (e.g. code errors).
     3.  For protection and security of the information systems, to prevent, deter and repress any illegal act, and to investigate the possible breach of the terms of use of our Website or this Notice.
     4.  To perform studies allowing us to evaluate and improve our products and services.
     5.  To contact you and provide you with information on the utilization of our products or services, their capabilities, their characteristics, as well as any new developments.

E. Browsing data
If you only visit the Website (i.e., without sending communications or using any of the available services/functions), the processing of your data is limited to browsing data i.e., data whose transmission to the Website is necessary for the functioning of the computers which operate the Website and of the Internet communication protocols. This category includes, for example, IP addresses or computer domain used to visit the Website and other parameters pertaining to the operating system used to connect to the Website. The Bank collects these and other data (such as, for example, number of visits and time spent on the Website) merely for statistical purposes and in anonymous form in order to monitor the functioning of the Website and improve its performance. Such data is not collected to be associated with other information regarding, or for the identification of, users; however, such information, by its very nature, may enable the Bank to identify users through processing and association with data held by third parties. Browsing data are normally deleted following processing in anonymous form but can be stored and used by the Bank to detect and identify perpetrators of any computer offences committed to the detriment of the Website or using the Website. 

Children’s Personal data
The Bank fully understands the importance of the protection of children’s personal data. This Website is neither addressed nor is intentionally designed to be addressed to children. The Bank has no intention of knowing collecting or keeping children’s personal data who may have access to its Website.
However, if the Bank finds that children’s personal data have been collected without the relevant legal conditions having been met, this data will be immediately deleted.

How long the Bank stores your personal data
Personal data will be retained only for the time required to fulfill the purposes for which such data have been originally collected and further processed otherwise for the time dictated by the relevant legal and/or regulatory framework, or for the necessary period of time for the exercise of claims or the defense of legal rights and legitimate interests.

Who are indicatively the recipients of your data

     1.  The authorised employees of the Bank who are responsible for the processing of requests, the handling of your requests, complaints, queries you submit through our Website, and provided that the respective legal conditions are met, authorised employees of the Group where the Bank belongs, either in Greece or in other member-states of the European Union or in Third Counties within the context of their activities and subject to the applicable law.
     2.  The (natural or legal) persons to which the Bank delegates the performance of specific tasks on its behalf (processors or independent controllers). In this context, your personal data may be transferred, indicatively to: providers of products and/or IT services and/or support of all kinds of information and electronic systems and networks, including online collection systems and platforms, other natural or legal persons who process data for purposes relating to the inspection and update thereof, companies active in advertising and marketing, market research, human resource management companies, real estate companies etc., under strict security and confidentiality conditions.
     3.  Supervisory, independent, judicial, prosecution, public and/or other authorities or entities or parties entrusted with the control/audit of the activities of the Bank and within the framework of their duties.

Transfer of your personal data outside the European Economic Area
The Bank will not transfer your personal data directly to third countries or international organisations, unless such transfer is required by the applicable regulatory or legal framework. If applicable, the Bank may transfer your personal data to third countries under the following circumstances:
i) Where the European Commission has decided that the third country, a territory or one or more specified sectors within that third country ensure an adequate level of protection, or
ii) If appropriate safeguards have been provided from the recipient, in accordance with the law.
In the absence of the abovementioned circumstances a transfer may take place if:
i) You have provided your explicit consent to the Bank or
ii) The transfer is necessary for the execution of your orders, in which case your data that is necessary for this purpose will be transferred to the entities involved, or
iii) the transfer is necessary for the establishment or exercise or defense of legal claims and rights of the Bank, or
iv) there is a relevant obligation arising from a legal provision or an international convention to which the Bank is subject. 
In order to fulfill such obligation, the Bank may transfer your personal data to competent national authorities so that such data are delivered through them to the respective authorities of third countries.
 
Cookies
To ensure that its Website operates properly, the Bank may use Cookies (small data files), which are stored on your computer. Find out more about the Bank’s Cookies Policy at the following link:https://www.ziraatbank.com.gr/en/cookies-policy 

Links to third party websites
This Notice applies only to the Website as defined above. Even though the Website may contain links to other websites (known as third party websites), please be informed that the Bank does not perform any access or control over cookies, web beacons or other user-tracking technologies that may be active on such third party websites, on the contents and materials published thereon, or on their methods of processing of your personal data; for this reason, the Bank expressly declines any liability for such matters. You should therefore verify the privacy policies of such third party websites and collect information about their terms and conditions and about how they process your personal data.   
What are your rights with respect to the protection of your personal data
You have the following rights:
i)  Right to know the categories of your personal data that are stored and processed by the Bank, as well as the origin of the data, the purposes of processing, the categories of their recipients, the period of their storage and your respective rights (right of access).
ii) Right to request the rectification and/or completion of your personal data, in the event of inaccurate data or for the purposes of completing incomplete personal data, by providing any necessary document from which the need for correction or completion arises (right to rectification).
iii) Right to request the restriction of processing of your personal data (right to restriction of processing).
iv) Right to object to further processing of your stored personal data (right to object).
v) Right to demand the erasure of your personal data from our records (right to be erasure) under certain circumstances, such as  in case these data are no longer necessary or you have  withdrawn your consent, or in case the data have been unlawfully processed etc.
vi) Right to request the transfer of your data to another controller (right to data portability).
vii) Right to withdraw your consent at any time. The withdrawal of your consent shall not affect the lawfulness of processing based on your consent provided before its withdrawal. Re-granting of withdrawn consent is permitted.
Please note the following with regard to your abovementioned rights:
i) The Bank has in any case the right to reject your request for restriction of processing or erasure of your personal data, if the processing or storage thereof is necessary for the establishment, exercise or defense of the rights of the Bank or for the fulfillment of its obligations.
iii) The right to data portability (point vi above) does not include the erasure of the personal data from the records of the Bank. The erasure is subject to the conditions of point (ii) above.
iv) The exercise of the rights above is valid for the future and does not affect the processing already performed on your personal data. 
v) You have the right to lodge a complaint before the Hellenic Data Protection Authority for any matter regarding the processing of your personal data.
For the respective competence of the Authority and the procedure to be followed for filing a complaint, you may visit the Hellenic Data Protection Authority website (www.dpa.gr), where detailed information is available.

How you may exercise your rights towards the Bank
For the exercise of your rights, you may address your relevant requests in writing, to the Customer Service of the Bank, 2, Ermou Str. P.C. 105 63, Athens, Greece or via email at  : zbgrwebbank@ziraatbank.gr.
The Bank shall use its best endeavors to address your request within thirty (30) days from its submission. The abovementioned period may be extended by two (2) further months, if deemed necessary at reasonable discretion of the Bank, taking into account the complexity and number of requests. The Bank shall inform you in case of such extension within one month from the receipt of the request.
The abovementioned service is provided by the Bank free of charge. However, where requests are manifestly unfounded, excessive or repetitive, the Bank may, after informing the data subject, either charge a reasonable fee or refuse to act on the request/requests.

How the Bank protects your personal data
The Bank implements appropriate technical and organisational measures to ensure the lawful protection and processing, as well as the effective protection of your personal data from unauthorised access to, disclosure of, processing, loss, alteration, accidental or unlawful destruction or corruption, prohibited transmission by third parties as well as any other form of unlawful processing.
Although concerted efforts are made to safeguard personal data, the Bank cannot guarantee the security of data transmitted to its Website simply because sending information via the internet is not completely safe. It is your responsibility to ensure that the equipment (e.g. personal computer), software, telecommunications equipment you use is sufficiently secure and protected from malware (such as viruses). Be aware that without adequate security measures (such as securely configuring your browser, malware updates, misuse of software and equipment from questionable sources, etc.) there is a risk that the data will be reported to non-authorized third parties.

Updating and modifying this Notice on the processing of personal data
The Bank may in accordance with its applicable policy on the protection of personal data and pursuant to the applicable legal and regulatory framework, modify or amend this Notice, the updated version of which will always be posted on the Website.

Last update: 14/01/2022