Personal data protection policy
At OTRO PAY we care about the protection of your personal data and want to be open and transparent about how we process it.
This Privacy Policy explains how we collect, process, and protect your personal data. It applies to visitors of our website, to our service points collaborating with us for bill payment services, and to consumers using our services.
The processing of personal data is carried out in accordance with the General Data Protection Regulation (GDPR – Regulation EU 2016/679), any specific national and European legislation applicable to certain sectors, the applicable Greek data protection law (Law 4624/2019) and the Law 3471/2006 on data protection and privacy in electronic communications, as well as the decisions of the Hellenic Data Protection Authority (HDPA).
DATA CONTROLLER
The Greek company «OTRO PAY PAYMENT INSTITUTION SOLE INDIVIDUAL LIMITED COMPANY», (hereafter «OTRO PAY») is the controller of your personal data in accordance with applicable law.
- Address: 10-12 Dorylaou, Athens, 11521, Greece
- G.E.M. Number: 15964080100
- A.F.M.: 801587027
- Tel.: +30 2160020110
- contact e-mail for personal data matters: gdpr@otropay.gr
WHERE IS YOUR DATA STORED?
The data we collect from you is stored within the European Economic Area (EEA).
Your rights
Access right:
You have the right to request information about your personal data held by us at any time. For this purpose you can send us an e-mail at: gdpr@otropay.gr
Right to portability:
Where OTRO PAY processes your personal data by automated means and the processing is based either on your consent or on a contract, you have the right to receive your data in a structured, commonly used and machine-readable format. You may also request that your data be transmitted directly to another controller. This right applies only to personal data you have provided to us. To exercise this right, you can contact us at: gdpr@otropay.gr gdpr@otropay.gr
Right to rectification:
You have the right to request the correction of your personal data if it is inaccurate or its completion if it is incomplete by sending an e-mail to: gdpr@otropay.gr
Right to erasure:
You have the right to request at any time the deletion of your personal data processed by OTRO PAY especially when:
- Your personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed
- The processing of your data is based on your consent and you revoke this consent
- Your data has been processed unlawfully.
The above right does not exist in particular when:
- The processing of your data is necessary to establish, exercise or support legal claims
- The processing of your data is necessary to comply with a legal obligation OTRO PAY which enforces the processing.
In any case, we will inform you of the satisfaction or non-satisfaction of your request and, in case of non-satisfaction, the reasons for this.
To exercise your right above you can send us an e-mail at: gdpr@otropay.gr
Right to object:
You have the right to object to the processing of your personal data based on a legitimate interest of OTROPAY. In this case we will stop processing your personal data, unless we can demonstrate that we have compelling and legitimate reasons for the processing which override your rights and freedoms or to establish, exercise or support legal claims.
To exercise your right above you can send us an e-mail at: gdpr@otropay.gr
Right to object to direct marketing:
You have the right to object to the processing of your personal data for direct marketing purposes.
You can indicate your relevant wish in the following ways:
- By following the instructions accompanying each e-mail with promotional content
- By sending an e-mail to: gdpr@otropay.gr
Right of limitation:
You have the right to request the restriction of the processing of your personal data in the following cases:
- When you dispute the accuracy of your personal data and up to OTRO PAY to verify their accuracy.
- When the processing of your data is illegal and you object to its deletion, requesting instead the restriction of its use.
- When the OTRO PAY no longer needs your personal data for the purposes of processing, but this data is necessary for the establishment, exercise or support of legal claims
- When you object to the processing of your data by OTRO PAY which is based on a legitimate interest of the latter and until the existence of its illegitimate reasons is verified OTRO PAY that override your freedoms or rights.
To exercise your right above you can send us an e-mail at: gdpr@otropay.gr
Right to submit a complaint to the competent supervisory authority:
If you think that the OTRO PAY processes your data incorrectly, you can contact us at gdpr@otropay.gr or by phone at +30 2160020110.
You can also file a complaint with the Personal Data Protection Authority or any other competent supervisory authority.
Amendments to the Privacy Policy:
We may need to modify this policy. Its latest version Personal Data Protection Policy is always available on our website.
Contact form
Why do we use your personal data?
When you send a contact message to OTRO PAY through its website, OTRO PAY processes the data contained in said message for the purpose of fulfilling the request contained in your message.
What kind of data do we process?
We process your name, e-mail, telephone number and area of residence/activity (if you choose to share this information with us). We also process any other personal data included in your message
.In any case, you are encouraged not to disclose your personal data unless it is absolutely necessary to manage the request contained in your message.
What is the legal basis for processing your data?
The legal basis for processing your data is your consent. You reserve the right to withdraw your consent at any time by sending an e-mail to: gdpr@otropay.gr. In this case, the legality of the processing based on consent before its withdrawal is not affected.
How long do we keep your personal data?
OTRO PAY keeps your personal data for 6 months from the final settlement of the issue that is the subject of your message, unless there are legal or other reasons that require their retention for a longer period of time and until the said period has passed.
Newsletter
Why do we use your personal data?
We will process your personal data to send you newsletters by e-mail.
What kind of data do we process?
We will process your email address.
Who has access to your personal data?
Recipients of your personal data may be advertising agencies and technical providers for the dissemination of marketing messages.
What is the legal basis for processing your personal data?
Right to withdraw your consent at any time by sending an e-mail to: gdpr@otropay.gr. In this case, the legality of the processing based on consent before its withdrawal is not affected. You can also unsubscribe from our newsletter by selecting the relevant link contained in each of the messages sent to you.
How long do we keep your personal data?
We will retain your personal data for direct marketing purposes until you withdraw your consent.
Processing of personal data of cooperating points of provision of our services
Why do we use your personal data?
As long as you choose to cooperate with us as a representative of our company within the meaning of n. 4537/2018, by entering into a relevant contract with our company, our company will process your personal data in order to declare our cooperation with the Bank of Greece, so that you can be registered in the relevant register maintained by it, to notify our cooperation to the credit institution cooperating with it and to the POS distribution company cooperating with it (if you request that a POS be provided to you) and to perform its obligations arising therefrom from the contract between us (such as paying you the fee due for the services you provide to our company). We may also use your personal information in order to inform you of changes to our contract, of new obligations deriving from current legislation, of consumer requests regarding services provided by you, of orders from the competent supervisory authorities, including the Bank of Greece, concerning you, for any extension/upgrade of the services provided by our company.
What kind of personal data do we process?
We will process the following categories of personal data indicatively:
- contact information, such as name, telephone, company headquarters, branch address, e-mail
- information about the status of your debts
- details of legal representatives such as name, telephone, home address, e-mail
- identity information, VAT number, date of birth
Who has access to your personal data?
Your personal data is sent to the Bank of Greece, the cooperating bank and the cooperating POS distribution company (if you request that a POS be made available to you), who process it as independent data controllers. It is noted that your details (name, contact details) are posted by the Bank of Greece, which acts as an independent data controller, on its website and are publicly accessible.
Also, your personal data may be disclosed to tax authorities, our legal advisors, our accountants, our auditors. Also, we may post your contact details on our website to inform the consumer public of your cooperation with our company. The information posted on our website is publicly accessible.
What is the legal basis for processing your personal data?
Your personal data is processed for the purposes of fulfilling our obligations arising from the cooperation agreement between us. In particular, the sending of your data to the Bank of Greece is for the purposes of our company's compliance as a payment institution with the legal obligations arising from the legislation on payment services and the legislation on the prevention and suppression of money laundering and terrorist financing .
Finally, the posting on our company's website of information about our collaboration for the knowledge of the consumer public is based on the legal interest of our company to make the points of provision of its services more widely known to the consumer public.
How long do we keep your personal data?
We will keep your personal data for 5 years from the end of our cooperation, unless it is necessary to keep some data for a longer period in order to comply with the obligations arising from the tax legislation, the legislation on payment services, the legislation on anti-money laundering or as necessary to exercise or assert our claims.
The following processing purposes concern the end consumers/users of our services. The terms used below have the meaning provided in Terms of Service.
Provision of the service
Why do we use the Customer's personal data?
When the Customer approaches an Agent and requests the payment of an account, the Agent collects personal data, the processing of which is necessary for the execution of the Payment Order.
What kind of data do we process?
We process the Customer's first and last name, patronymic, telephone number, as well as the Payment Code. We may also process the customer's ID/passport number, nationality, place and date of birth. After the completion of the Payment Order, the Receipt is produced by the system used by the Company, which contains information such as the Amount of the Payment Order, the Transaction Costs, the date and time of the transaction, which in principle are not personal data, but may to constitute personal data, if combined with other information in a way to enable the identification of the Customer.
What is the legal basis for processing the Customer's data?
The legal basis for processing the Customer's data is the contract governed by these terms and concluded between the Company and the Customer each time they approach an Agent in order to use the Service. When the Customer requests the provision of the Service, he accepts the contract and agrees to the access, processing and retention of the personal data necessary for the provision of payment services by the Company.
To whom do we transmit the Customer’s personal data?
The Customer's personal data is normally collected by the Agents, who act as data processors on behalf of the Company.
Recipients of the personal data may be the credit institution cooperating with the Company, to the extent that this is required for the execution of the Payment Order, any payment service provider of the Beneficiary Organization, the Beneficiary Organization, the legal and tax advisors of the Company, the competent tax authorities, the Bank of Greece and any other competent supervisory authority, in the context of any audit carried out by it.
The Beneficiary Organizations and the payment service providers with whom they cooperate, the competent tax authorities, the Bank of Greece and any other competent supervisory authority act as independent controllers and the Company bears no responsibility for the processing carried out by them of the personal data of the Customer.
For how long do we retain the personal data?
The Company retains the personal data for a period of five years from the execution of the Payment Order or for a longer period, provided that this is required by applicable law or is necessary for the legal defense of the Company’s claims.
Responses to requests, inquiries, complaints
Why do we use the Customer's personal data?
When a Customer contacts the Company’s Customer Service Department and submits a complaint, request, or inquiry regarding the provision of the Service or a Payment Order, the Company collects and/or processes the personal data necessary to satisfy the Customer’s inquiry, request, or complaint.
What kind of data do we process?
We process the Customer’s full name, the Document Number, the details of any Receipt, such as the Payment Order Amount, the Transaction Fees, the date and time of the transaction, and the Payment Code, as well as any other identifying information the Customer chooses to disclose to us. In any case, the Customer is encouraged not to disclose personal information except to the extent necessary to satisfy their request or complaint.
What is the legal basis for processing the Customer's data?
The legal basis for processing the Customer's data is his consent.
To whom do we transmit the Customer’s personal data?
The Customer’s personal data collected for the above purpose are not normally transmitted to third parties except when this is absolutely necessary to satisfy the Customer’s request, complaint, or inquiry. In the latter case, the Customer’s personal data may be transmitted to the Agents, as well as to the Company’s legal or tax advisors.
For how long do we retain the personal data?
In the event that the Company has reasonable suspicions that a transaction may constitute or be used to commit fraud, money laundering and financing of terrorism or other criminal activity, the Company processes the Customer’s personal data for the purpose of detecting, preventing, deterring, or suppressing criminal activity. In addition, the Company processes, during the provision of its services to Customers, their personal data for reasons of compliance with the legislation on the prevention and suppression of money laundering and financing of terrorism or other criminal activity.
Detecting and combating fraud and other illegal activities
Why do we use the Customer's personal data?
In the event that the Company has reasonable suspicions that a transaction may constitute or through it attempt to commit fraud, money laundering and financing of terrorism or other criminal activity, the Company processes the Customer's personal data for the purpose of identifying, the prevention, deterrence or suppression of criminal activity.
What is the legal basis for processing the Customer's data?
The legal basis for processing the Customer's data is the obligation to comply with applicable legislation to prevent and combat fraud, money laundering and the financing of terrorism or other criminal activity.
To whom do we transmit the Customer’s personal data?
The Customer's personal data is transmitted to the competent judicial, prosecutorial, audit and prosecuting authorities, including the Bank of Greece.
For how long do we retain the personal data?
The Company retains the personal data for a period of 5 years from the execution of the transaction, unless their retention is required for a longer period in accordance with the instructions of the competent authorities or the applicable legislation.
Contents
Stay updated!
Subscribe to our Newsletter.