STATEMENT ON DATA PROTECTION

Information on the Processing of Personal Data

EveryPay takes very seriously personal data collection. EveryPay is compliant with the requirements of the European Union Regulation (EU) 2016/679 (General Data Protection Regulation), as well as the applicable national legal framework for the collection and processing of personal data.

1. DATA PROCESSING OFFICER – CONTACT INFORMATION

EveryPay A. E.

Address: 25 Karneadou str, 106 75, Athens

Phone: +30 218 218 2800

E-mail: dpo@everypay.gr

2. WHAT DATA WE COLLECT

EveryPay collects and processes personal data like name, address, email, mobile / landline, VAT, ID, personal tax statement, digital trace, credit / debit / prepaid card details, service contracts etc.

3. PROCESSING PURPOSES & LEGAL PROCESSING BASES

The above personal data is collected and processed for the purpose of clearing card payments.

Legal data processing cases for collecting such data are:

  • The conclusion and execution of a contract between the Company and its customers for the processing and clearing of payments.
  • The Company’s compliance with its legal obligations arising from the applicable legal framework regarding the Company’s business activities.
  • Safeguarding and protecting the legitimate interests of EveryPay and its customers.
  • Your consent in case you require us to provide you with information about EveryPay’s services, commercial activities, etc.

4. DATA RECEIVERS

EveryPay transmits personal data to third parties, such as Banks, external tax offices, etc. EveryPay is still the Data Controller. All data recipients have signed with EveryPay a specific data processing contract, which sets out in detail all the individual processing elements, thereby ensuring that third parties comply with the requirements of the General Data Protection Regulation.

5. DATA STORAGE TIME

The time period for storing personal data is decided on a case-by-case basis. More specifically:

  • Regarding contract details, the data is stored for as long as it is necessary to complete that contract, or even longer if required by the applicable law.
  • In many cases, the data is stored for as long as the various legal / regulatory and complainace frameworks are applicable to the Company. For security reasons and for the Company to be able to respond to a possible audit by a state authority, some data are kept for 3-5 years longer than their statutory mandatory time.
  • If the processing is based on your consent, the personal data will be kept until you withdraw that consent. It is clarified that the withdrawal of consent does not affect the legality of the consent-based treatment given before its withdrawal.

6. RIGHTS RELATED TO YOUR PERSONAL DATA

With regard to the processing of your personal data you may exercise the following rights:

  • Right of access
    • You have the right to know what data we hold and process and why.
  • Right to correction
    • You have the right to augment your personal data.
  • Right of cancellation (‘right to be forgotten’)
    • You have the right to request the deletion of your personal data, when it is processed without your consent. In cases where the processing is based on another legal basis (such as contractual obligations, legal obligation, the protection of the Company’s legal interests, etc.), your right may be subject to restrictions or might not exist.
  • Right to limit processing

You have the right to restrict the processing of your personal data:

    • When their accuracy is called into question and until verification process is completed
    • alternatively, instead of asking to delete them you may ask to keep them
    • when they are no longer necessary for the purposes we have collected them, but are necessary for the support, exercise or proof of legal claims by you
    • when you have objections to their processing and until it is verified that the Company has legitimate reasons for such processing
  • Right to object to data collection and processing
    • You have the right to object to the collection and processing of your personal data, when it is based on a legitimate claim, as well as for the use from Everypay for the purpose of marketing and customer profiling.
  • Right to portability
    • You have the right to request and receive your personal data in a form that allows you to access, use and process it with our commonly used processing methods. In addition, you may ask us to forward it directly to another controller, if this is technically feasible.

Please contact dpo@everypay.gr to exercise your portability rights if needed.

7. COMPLAINTS RELATED TO PRIVACY DATA PROTECTION AUTHORITY (IPSAS)

You have the right to file a complaint with the Personal Data Protection Authority (www.dpa.gr) regarding the processing of your personal data.

8. SECURITY OF PERSONAL DATA

EveryPay takes all appropriate technological and operational measures to ensure continually the protection of the personal data processed from accidental or unauthorized loss, destruction, tampering, unauthorized dissemination or unauthorized access to them.