Privacy
PRIVACY NOTICE
To access the service, it is necessary to indicate that you have read the Privacy Notice by clicking on the link at the bottom of this page.
The Company with “BDRAPES” with d.t. “Bdrapes”, informs you that the processing of your personal data, which is carried out through the website (“Website”) or which is collected through this contact form (“Form”) is carried out in accordance with the applicable data protection legislation ( regulation (EU) 2016/679 – hereinafter “GDPR” regulation) and the Privacy Policy of the Website.
1. Responsible for Data Processing and DPO The Data Processor is the Company with “BDRAPES” with d.t. “Bdrapes”, based at 20 Xenofontos, Glyfada, 16672(“Data Controller”). You can contact the Data Protection Officer (“DPO”) at the following address dataprotection@bpc.gr.
2. The Data we process With your consent, we process the following routine and sensitive personal data that you provide when you interact with the Website and use the services and features it provides. This data includes in particular your first and last name, contact information, professional qualifications, financial information, and the content of your specific requests or reports as well as additional data that may be obtained by the Data Controller, including from third parties. , in the context of conducting its business activity (“Data”).
In order for us to be able to fulfill the requests you make through the contact form and/or to provide updates on adverse reactions, it is necessary that you consent to the processing of the data marked with an asterisk (*). Without this mandatory data or your consent we cannot proceed further. In contrast, the information requested in fields not marked with an asterisk and your consent to receive informational material are optional: failure to provide them is of no consequence.
n any case, even without your prior consent, the Processor may process your data to comply with legal obligations arising from laws, regulations and EU law, to exercise rights in judicial proceedings, to exercise its own legitimate interests and in all cases provided for, as the case may be, in articles 6 and 9 of the GDPR regulation.
The processing is carried out both using computers and in paper form and always implies the application of the security measures provided for by the current legislation.
3. Why and how we process your data The data is processed for the following purposes: (i) to handle the requests you make to provide information through the Site and Form; The legal basis for processing personal data for this purpose is your consent (Article 6(1)(a) and Article 9(2)(a) GDPR).
(ii) to manage adverse event reports submitted through the Website or Forms; The legal basis of processing for these purposes is your consent (Article 6(1)(a) and Article 9(2)(a) of the GDPR), as well as the pursuit of any public interest in the field of financial asset management and configuration credit policy (Article 9(2)(i) GDPR); in addition, but only with your optional consent which is the legal basis for the processing in accordance with Article 6(1)(a) of the GDPR:
(iii) to receive promotional material (direct marketing) from the Company; By selecting the appropriate boxes you agree to the processing of your data for these purposes. Your data may in any case be processed, even without your consent, for the purpose of compliance with laws, regulations, EU law (Article 6(1)(c) GDPR), to obtain statistical data regarding the use of the Website and its proper operation (Article 6 paragraph 1 point f) of the Regulation).
Personal data is entered into the Company’s IT system in full compliance with data protection legislation, including security and confidentiality profiles and based on principles of good practice, lawfulness and transparency in processing.
The data is stored for as long as is absolutely necessary to achieve the purposes for which it was collected. In any case, the criterion used to determine this period is based on compliance with the deadlines set by law and the principles of data minimization, storage limitation and rational file management.
All your data will be processed in paper or automated means, ensuring in each case the appropriate level of security and confidentiality.
4. Persons who have access to the data The Data are processed by electronic and manual means in accordance with the procedures and practices related to the above-mentioned purposes and are accessible by the personnel of the Controller authorized to process the Personal Data and the supervisors and in particular the employees belonging to the following categories: technical staff, Information and Network Security staff, and administrative staff, product managers, facility security staff as well as other staff members who must process the data to perform their duties.
The Data may also be shared with countries outside the European Union (“Third Countries”): The Data may also be shared with countries outside the European Union (“Third Countries”): i) to institutions, authorities, public bodies for institutional purposes; ii) to professionals, independent consultants – whether working individually or collectively – and other third parties and providers who provide the Data Controller with commercial, professional or technical services required for the operation of the Website(eg providing IT and Cloud Computing services) for the purposes mentioned above and to support the Company in providing the services you requested; iii) to third parties in the event of mergers, acquisitions, transfers of businesses or their branches, audits or other extraordinary acts.
The mentioned recipients receive only the data necessary for their respective functions and duly undertake their processing only for the purposes stated above and in accordance with data protection laws. The Data may also be shared with the other legal recipients identified from time to time by applicable laws. With the exception of the above, the Data will not be communicated to third parties, natural or legal persons, who do not perform tasks of a commercial, professional or technical nature for the Controller and will not be disseminated. The persons who receive the data will process it, as the case may be, as Data Controllers, Processors or persons authorized to process the personal data for the purposes mentioned above and in accordance with the applicable data protection legislation.
Regarding the transfer of data outside the EU, even in countries whose laws do not guarantee the same level of protection of the privacy of personal data as that provided by EU law, the Controller informs that the transfer will in any case take place in accordance with by the methods permitted by the GDPR, such as based on user consent, based on standard contractual clauses approved by the European Commission, selecting parties that participate in international programs for the free movement of data (e.g. EU-US Privacy Shield) or that are implemented in countries considered safe by the European Commission .
5. Your rights You can contact the Data Controller at the addresses shown above, at any time, to exercise the rights according to Articles 15-22 of the GDPR regulation such as, for example, to receive an updated list of persons who have access to the data you, to receive confirmation of the existence or non-existence of personal data relating to you, to check its content, origin, correctness and location (also in relation to any third country), to request a copy, request their rectification and, in the cases provided for in the GDPR regulation, request the restriction of their processing, their deletion, object to direct communication activities (including restriction to certain communication media), receive advertising material (direct marketing ) from the company. Similarly, you can always report observations on specific uses of data regarding specific personal situations that are deemed incorrect or unjustified by the existing relationship with the DPO or submit complaints to the Data Protection Authority. You can withdraw your consent at any time, without affecting the lawfulness of the processing carried out before the withdrawal of consent.