PRIVACY POLICY

Direct Pay considers the personal data protection as a matter of outmost seriousness and great importance. Respecting the personal data we collect and manage and ensuring their proper processing is one of the company’s priorities.

This is the reason why we take all appropriate technical and organizational measures in order to protect the personal data we process and to ensure that this processing will always meet the requirements of the current national and European legal framework and in particular the General Data Protection Regulation (EU) 2016/679 (GDPR).

1. DATA CONTROLLER – CONTACT DETAILS

Direct Pay is the Data Controller for all the personal data that collects, processes and stores.

DIRECT PAY PAYMENT INSTITUTION S.A. (Title: Direct Pay)

Address: 1 Androu str. & Patision, P.C.11257, Athens, Greece

Phone Number:  (+30) 210 5243171

Email: info@directpay.gr

For the matters concerning the processing of personal data you can contact the Company’s Data Protection Officer (DPO) at privacy@directpay.gr.

2. CATEGORIES OF PERSONAL DATA COLLECTED AND PROCESSED AND PURPOSES OF THE PROCESSING

Α. If you are a client of our services

We collect and process personal data for the main purpose of executing the money transfer and payment orders you give to our local agents, every time you use our services.

To carry out these actions, we collect and process all the information required on the relevant printed forms or electronic application forms, such as full name, father’s name, full address data, phone number, e-mail address, birth data (country, city, date), occupation, number/country of issue/ date of issue and expiration date of your identification document (identity card or passport), payment code and amount of payment and sample of your signature.

Β. If you are Direct Pay’s local agent

For the purpose of investigating the prospect of our cooperation and signing a business agreement between us, we collect and process -as the case may be- personal data such as full name, brand name and distinctive title of your company, identification document (e.g. copy of ID card), statute of the company, company’s register data (myAADE copy), personalized information – Taxisnet, VAT & Tax Office, full address data, phone number, e-mail address, lease document or Ε9 document of your tax declaration, bank account number, criminal record and judicial solvency (the last two pieces of information are required by the Bank of Greece, as it is mandatory to be attached to the submitted application).  

Γ. When you visit Direct Pay’s website (www.directpay.gr)

Cookies are used each time you visit the Company’s website. “Cookies” are small text files sent to your browser and stored in your computer for as long as your visit in the Company’s website lasts. We use cookies in order to ensure the website’s proper operation and continuous improvement and to offer you the best service through www.directpay.gr.  For more related information please read the Cookies Policy (https://directpay.gr/politiki-cookies/) which is available in the Company’s website.

Δ. When you use the contact form or the CV application form on th website of Direct Pay (www.directpay.gr)

Every time you use the contact form of our website (or when you contact us via email) we collect the data you enter in the required fields (name, phone number, and email) as well as any files/documents you may attach to your message, in order to respond to your message.  

In case you send us your CV, we collect the information you enter in the relevant fields (name, phone number and e-mail, any information you provide us about your education and previous work experience, etc.). We also save the attached CV along with any annexes, in order to evaluate it for a possible work position in the Company. We would like to inform you that we keep the CVs that we receive for a period of 6 months. If you would like your CV to be deleted earlier, please notify us at the e-mail address info@directpay.gr or privacy@directpay.gr.

Ε. When you subscribe to Direct Pay‘s newsletter

We use the email you provide us with on the newsletter form of our website in order to send you updates about Direct Pay’s news and services.

ΣΤ. When you visit  Direct Pay’s premises

For the protection and security of the staff, visitors and properties, the Company operates closed video-surveillance circuit (CCTV) that records the images of clients, visitors and employees in public areas (where permitted by law). The recording is done always in accordance with the relevant legislation. You can find detailed information regarding the processing of the image data through the CCTV operating in the Company in the CCTV Policy, which is uploaded to our website (https://directpay.gr/politiki-cctv/).

3. LEGAL BASIS OF THE PROCESSING

Legal basis of the data processing may be:

1. The performance of a contract between the Company and its clients (to execute money transferring and payment orders) or its agents. Without collecting and using the above information it will not be possible to carry out your transactions (for the clients) nor to sign a business agreement (for the agents).
2. The Company’s compliance with its legal and regulatory obligations, arising by the current legal framework regarding the Company’s business activities. We are required by law (and we are controlled by relevant state mechanisms) to process and sometimes to disclose your personal data to the relevant governmental bodies for the control and verification of your identity and to ensure the transparency and legitimacy of financial transactions.

• The preservation and protection of the legitimate interests of both Direct Pay and its clients, in case we need to rise and support legitimate claims or defend our rights and interests before court. Legitimate interests include, inter alia, the development and improvement of the services provided by the Company, as well as its uninterrupted and continuously improving operation.

1. The consent that you may provide us for specific processing purposes (e.g. receiving newsletters in order to receive information related to the Company’s services, its pricing policy, commercial actions and activities etc.).

1. RECIPIENTS OF THE PERSONAL DATA

First, the authorized personnel of Direct Pay have access to your data, as part of their duties, according to their job description.

The personal data of the clients of our services will be transmitted to Direct Pay‘s agents  who facilitate the transactions. In this case, Direct Pay is still the Data Controller and has bound its network of agents with a data processing agreement, which specifies in detail all the data processing terms, thus ensuring their compliance with the requirements of the General Data Protection Regulation and the rest of the relevant data protection national and European legislation.

Moreover, your data may be disclosed –as required or/and permitted by the applicable laws– to payments providers, banking partners and regulatory, financial or other public authorities and bodies and courts, in order that the Company comply with its legal obligations or to defend its rights and interests.

5. TRANSFERS OF PERSONAL DATA TO THIRD COUNTRIES OR INTERNATIONAL ORGANISATIONS

If it is required by the nature of the transaction, it is likely that the data of our clients or/and our agents will be transmitted to countries or organisations outside the European Union or the European Economic Area. In case that these transfers are not on the basis of an adequacy decision of the European Commission, they will be protected by appropriate safeguards or other mechanisms approved by the European Commission, as required by the relevant legislation.

6. TIME PERIOD OF STORAGE OF THE PERSONAL DATA

In the first place we store your data at least for the time required by the respective legal frameworks regulating the financial transactions, as well as the overall Company’s business operation and which Direct Pay is committed to and complied with. More specifically, financial transaction data is kept for five years after the date of your transaction, unless permitted or required by another provision of law or regulation to keep it for a longer period, which cannot exceed ten years.

The data collected and processed through the contact form on the Company’s website are kept until the message is answered.

If the processing of your data is based on your consent, your personal data will be kept until you withdraw your consent. It should be clarified that the withdrawal of the consent does not affect the lawfulness of the processing based on the consent while it was in force.

7. RIGHTS IN RELATION TO YOUR PERSONAL DATA

You can exercise the following rights regarding the processing of your personal data:

• Right of access

You have the right to know what categories of personal data of yours we keep and process, for what processing purposes and other additional relevant information. You also have the right to request a copy of your personal data undergoing processing.

• Right to rectification

You have the right to request the rectification, modification and completion of your personal data.

• Right to erasure («right to be forgotten»)

You have the right to request the erasure of your personal data when they are processed based on your specific consent. In cases where the processing is based on another legal basis (such as performance of a contract, legal obligation or protection of legitimate interests of the Company etc.), this right of yours may be subject to restrictions or not be exercised.

• Right to restriction of processing

You have the right to request the restriction of processing of your personal data

• When their accuracy is contested by you and until we make their relevant verification
• Alternatively, instead of their erasure
• When they are no longer necessary for the processing purposes for which we have collected them, but they are required by you for the establishment, exercise or defence of legal claims
• When you object to their processing and until it is verified that there are legitimate reasons for such processing by the Company
• Right to object and automated individual decision-making including profiling

You have the right to object to the processing of your personal data when it is based on a legitimate interest, as well as for direct marketing and profiling purposes

• Right to data portability

You have the right to request and receive your personal data in a format that allows you to access them, use them and process them with the commonly used editing methods. In addition, you have the right to request us to transmit your personal data to another controller where we process them by automated means and based on your consent or for the performance of a contract and if this is technically feasible.

• Right to withdrawal of consent

If the processing of your personal data is based on your consent, you have the right to withdraw it at any time. The withdrawal of your consent does not affect the lawfulness of the processing based on the consent before its withdrawal.

You may exercise your above-mentioned rights as well as pose any question, complaint or ask other information regarding the processing of your personal data, by contacting privacy@directpay.gr or the contact information mentioned in paragraph 1.

8. RIGHT TO LODGE A COMPLAINT WITH THE SUPERVISORY AUTHORITY

You have the right to lodge a complaint with the Hellenic Data Protection Authority (www.dpa.gr) on matters concerning the processing of your personal data.

9. PROTECTION OF PERSONAL DATA

Direct Pay applies all appropriate technical and organizational measures to ensure the protection of the personal data it processes against accidental or unlawful loss, destruction, falsification, prohibited dissemination or unauthorized access to them.

10. LAST UPDATE

This policy may be periodically updated.

This current version is effective since 01.02.2024