Personal data protection policy
In OTRO PAY we care about the protection of your personal data and want to be open and transparent about how we process it.
For this reason we have created this Privacy Policy in which we explain how we process and protect your personal data. This policy is addressed both to the users of our website, as well as to the points providing the bill payment service cooperating with our company, as well as to the consumers who turn to our company to provide them with bill payment services.
The processing of personal data is carried out in accordance with the provisions of the General Regulation on the Protection of Personal Data (GDPR 2016/679), any more specific national and European legislation for certain sectors, the currently applicable Greek legislation on the protection of personal data (Law 4624/2019 ), as well as for the protection of personal data and privacy in the field of electronic communications (Law 3471/2006, as applicable from time to time) and the decisions of the Personal Data Protection Authority (PDPA).
Processing Manager
The Greek company «OTRO PAY PAYMENT INSTITUTION SOLE INDIVIDUAL LIMITED COMPANY», (hereafter «OTRO PAY») is the controller of your personal data in accordance with applicable law.
- Address: 10-12 Dorylaou, Athens, 11521, Greece
- G.E.M. Number: 15964080100
- A.F.M.: 801587027
- Tel.: +30 2160020110
- contact e-mail for personal data matters: gdpr@otropay.gr
Where do we store your data?
The data we collect from you is stored within the European Economic Area.
Your rights
Access right:
You have the right to request information about your personal data held by us at any time. For this purpose you can send us an e-mail at: gdpr@otropay.gr
Right to portability:
In cases where OTRO PAY processes your personal data by automated means based on your consent or based on a contract, you have the right to receive a copy of your data in a structured, commonly used and machine-readable format. You can also request the direct transmission of your data to a third party. The above right only concerns personal data that you have provided to us. To exercise your right above you can send us an e-mail at: gdpr@otropay.gr
Right of rectification:
You have the right to request the correction of your personal data if it is inaccurate or its completion if it is incomplete by sending an e-mail to: gdpr@otropay.gr
Right to erasure:
You have the right to request at any time the deletion of your personal data processed by OTRO PAY especially when:
- Your personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed
- The processing of your data is based on your consent and you revoke this consent
- Your data has been processed unlawfully.
The above right does not exist in particular when:
- The processing of your data is necessary to establish, exercise or support legal claims
- The processing of your data is necessary to comply with a legal obligation OTRO PAY which enforces the processing.
In any case, we will inform you of the satisfaction or non-satisfaction of your request and, in case of non-satisfaction, the reasons for this.
To exercise your right above you can send us an e-mail at: gdpr@otropay.gr
Right to object:
You have the right to object to the processing of your personal data based on a legitimate interest of OTROPAY. In this case we will stop processing your personal data, unless we can demonstrate that we have compelling and legitimate reasons for the processing which override your rights and freedoms or to establish, exercise or support legal claims.
To exercise your right above you can send us an e-mail at: gdpr@otropay.gr
Right to object to direct marketing:
You have the right to object to the processing of your personal data for direct marketing purposes.
You can indicate your relevant wish in the following ways:
- By following the instructions accompanying each e-mail with promotional content
- By sending an e-mail to: gdpr@otropay.gr
Right of limitation:
You have the right to request the restriction of the processing of your personal data in the following cases:
- When you dispute the accuracy of your personal data and up to OTRO PAY to verify their accuracy.
- When the processing of your data is illegal and you object to its deletion, requesting instead the restriction of its use.
- When the OTRO PAY no longer needs your personal data for the purposes of processing, but this data is necessary for the establishment, exercise or support of legal claims
- When you object to the processing of your data by OTRO PAY which is based on a legitimate interest of the latter and until the existence of its illegitimate reasons is verified OTRO PAY that override your freedoms or rights.
To exercise your right above you can send us an e-mail at: gdpr@otropay.gr
Right to submit a complaint to the competent supervisory authority:
If you think that the OTRO PAY processes your data incorrectly, you can contact us at gdpr@otropay.gr or by phone at +30 2160020110.
You can also file a complaint with the Personal Data Protection Authority or any other competent supervisory authority.
Amendments to the Privacy Policy:
We may need to modify this policy. Its latest version Personal Data Protection Policy is always available on our website.
Contact form
Why do we use your personal data?
When you send a contact message to OTRO PAY through its website, OTRO PAY processes the data contained in said message for the purpose of fulfilling the request contained in your message.
What kind of data do we process?
We process your name, e-mail, telephone number and area of residence/activity (if you choose to share this information with us). We also process any other personal data included in your message
.In any case, you are encouraged not to disclose your personal data unless it is absolutely necessary to manage the request contained in your message.
What is the legal basis for processing your data?
The legal basis for processing your data is your consent. You reserve the right to withdraw your consent at any time by sending an e-mail to: gdpr@otropay.gr. In this case, the legality of the processing based on consent before its withdrawal is not affected.
How long do we keep your personal data?
OTRO PAY keeps your personal data for 6 months from the final settlement of the issue that is the subject of your message, unless there are legal or other reasons that require their retention for a longer period of time and until the said period has passed.
Newsletter
Why do we use your personal data?
We will process your personal data to send you newsletters by e-mail.
What kind of data do we process?
We will process your email address.
Who has access to your personal data?
Recipients of your personal data may be advertising agencies and technical providers for the dissemination of marketing messages.
What is the legal basis for processing your personal data?
Right to withdraw your consent at any time by sending an e-mail to: gdpr@otropay.gr. In this case, the legality of the processing based on consent before its withdrawal is not affected. You can also unsubscribe from our newsletter by selecting the relevant link contained in each of the messages sent to you.
How long do we keep your personal data?
We will retain your personal data for direct marketing purposes until you withdraw your consent.
Processing of personal data of cooperating points of provision of our services
Why do we use your personal data?
As long as you choose to cooperate with us as a representative of our company within the meaning of n. 4537/2018, by entering into a relevant contract with our company, our company will process your personal data in order to declare our cooperation with the Bank of Greece, so that you can be registered in the relevant register maintained by it, to notify our cooperation to the credit institution cooperating with it and to the POS distribution company cooperating with it (if you request that a POS be provided to you) and to perform its obligations arising therefrom from the contract between us (such as paying you the fee due for the services you provide to our company). We may also use your personal information in order to inform you of changes to our contract, of new obligations deriving from current legislation, of consumer requests regarding services provided by you, of orders from the competent supervisory authorities, including the Bank of Greece, concerning you, for any extension/upgrade of the services provided by our company.
What kind of personal data do we process?
We will process the following categories of personal data indicatively:
- contact information, such as name, telephone, company headquarters, branch address, e-mail
- information about the status of your debts
- details of legal representatives such as name, telephone, home address, e-mail
- identity information, VAT number, date of birth
Who has access to your personal data?
Your personal data is sent to the Bank of Greece, the cooperating bank and the cooperating POS distribution company (if you request that a POS be made available to you), who process it as independent data controllers. It is noted that your details (name, contact details) are posted by the Bank of Greece, which acts as an independent data controller, on its website and are publicly accessible.
Also, your personal data may be disclosed to tax authorities, our legal advisors, our accountants, our auditors. Also, we may post your contact details on our website to inform the consumer public of your cooperation with our company. The information posted on our website is publicly accessible.
What is the legal basis for processing your personal data?
Your personal data is processed for the purposes of fulfilling our obligations arising from the cooperation agreement between us. In particular, the sending of your data to the Bank of Greece is for the purposes of our company's compliance as a payment institution with the legal obligations arising from the legislation on payment services and the legislation on the prevention and suppression of money laundering and terrorist financing .
Finally, the posting on our company's website of information about our collaboration for the knowledge of the consumer public is based on the legal interest of our company to make the points of provision of its services more widely known to the consumer public.
How long do we keep your personal data?
We will keep your personal data for 5 years from the end of our cooperation, unless it is necessary to keep some data for a longer period in order to comply with the obligations arising from the tax legislation, the legislation on payment services, the legislation on anti-money laundering or as necessary to exercise or assert our claims.
The following processing purposes concern the end consumers/users of our services. The terms used below have the meaning provided in Terms of Service.
Provision of the service
Why do we use the Customer's personal data?
When the Customer approaches an Agent and requests the payment of an account, the Agent collects personal data, the processing of which is necessary for the execution of the Payment Order.
What kind of data do we process?
We process the Customer's first and last name, patronymic, telephone number, as well as the Payment Code. We may also process the customer's ID/passport number, nationality, place and date of birth. After the completion of the Payment Order, the Receipt is produced by the system used by the Company, which contains information such as the Amount of the Payment Order, the Transaction Costs, the date and time of the transaction, which in principle are not personal data, but may to constitute personal data, if combined with other information in a way to enable the identification of the Customer.
What is the legal basis for processing the Customer's data?
The legal basis for processing the Customer's data is the contract governed by these terms and concluded between the Company and the Customer each time they approach an Agent in order to use the Service. When the Customer requests the provision of the Service, he accepts the contract and agrees to the access, processing and retention of the personal data necessary for the provision of payment services by the Company.
To whom do we pass on the Customer's personal data?
The Customer's personal data is normally collected by the Agents, who act as processors on behalf of the Company.
Recipients of the personal data may be the credit institution cooperating with the Company, to the extent that this is required for the execution of the Payment Order, any payment service provider of the Beneficiary Organization, the Beneficiary Organization, the legal and tax advisors of the Company, the competent tax authorities, the Bank of Greece and any other competent supervisory authority, in the context of any audit carried out by it.
The Beneficiary Organizations and the payment service providers with whom they cooperate, the competent tax authorities, the Bank of Greece and any other competent supervisory authority act as independent controllers and the Company bears no responsibility for the processing carried out by them of the personal data of the Customer.
How long do we keep personal data?
The Company retains the personal data for a period of five years from the execution of the Payment Order or for any longer period, as long as this is required by the applicable legislation or is necessary for the legal defense of the Company's claims.
Answers to requests, questions, complaints
Why do we use the Customer's personal data?
When a Customer addresses the Company's Customer Service Department and addresses a complaint, request or question regarding the provision of the Service or a Payment Order, the Company collects and/or processes the personal data necessary to satisfy the query, the of the Customer's request or complaint.
What kind of data do we process?
We process the Customer's name, Document Number, the details of any Receipt, such as the Payment Order Amount, Transaction Costs, the date and time of the transaction and the Payment Code, as well as any other identifying information that the Customer chooses to disclose to us. In any case, the Customer is encouraged not to disclose personal information except to the extent necessary to satisfy his request or complaint.
What is the legal basis for processing the Customer's data?
The legal basis for processing the Customer's data is his consent.
To whom do we pass on the Customer's personal data?
The Customer's personal data collected in the context of the above purpose are generally not transmitted to third parties unless this is absolutely necessary to satisfy the Customer's request, complaint or question. In the latter case, the Customer's personal data may be transmitted to the Agents, as well as to the Company's legal or tax advisors.
How long do we keep personal data?
The Company keeps the personal data for six (6) months from the satisfaction of the Customer's request, question or complaint, unless it is necessary to keep them for a longer period for the purpose of compliance with the applicable legislation or the defense of legal claims of the Company.
Detecting and combating fraud and other illegal activities
Why do we use the Customer's personal data?
In the event that the Company has reasonable suspicions that a transaction may constitute or through it attempt to commit fraud, money laundering and financing of terrorism or other criminal activity, the Company processes the Customer's personal data for the purpose of identifying, the prevention, deterrence or suppression of criminal activity.
What is the legal basis for processing the Customer's data?
The legal basis for processing the Customer's data is the obligation to comply with applicable legislation to prevent and combat fraud, money laundering and the financing of terrorism or other criminal activity.
To whom do we pass on the Customer's personal data?
The Customer's personal data is transmitted to the competent judicial, prosecutorial, audit and prosecuting authorities, including the Bank of Greece.
How long do we keep personal data?
The Company keeps the personal data for a period of 5 years from the transaction, unless it is required to keep them for a longer period according to the orders of the competent authorities or the applicable legislation.
Contents
Stay updated!
Subscribe to our Newsletter.
