Privacy Protection Policy

This policy-notice (hereinafter Policy) of the Data Controller with details:

ALPHA TRUST-ANDROMEDA Investment Trust S.A.
Head offices: 1 Aristeidou Street, Kifissia - Postal Code 14561
Τel.: 210 62 89 100
E-mail: info@andromeda.eu

This Policy is addressed to natural persons and presents how ALPHA TRUST-ANDROMEDA S.A. (hereinafter also referred to as Andromeda or Company) collects and processes your personal data (hereinafter also referred to as Data) and informs you of your rights in accordance with national law and the General Data Protection Regulation of the EU 2016/679, also known as GDPR.

Collection and processing of Personal Data

Personal data is considered as any information relating to an identified or identifiable natural person and may lead either directly or in combination with other data to the recognition/identification of the natural person. An identifiable natural person is one whose identity can be ascertained, directly or indirectly, in particular by reference to an identity identifier, such as name, identity card number, location data, online identifier, or one or more factors that characterize the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person, as well as any other information that allows your identification according to the provisions of GDPR, the Greek legislation in force and the decisions of Hellenic Data Protection Authority.

Andromeda collects and process personal data as Data Controller (GDPR art. 4(7)):

In the context of maintaining the Company's shareholders registry and informing its shareholders (name, physical and electronic address (e-mail), ID data, telephone, VAT number, nationality, financial data contained in shareholders registry).
When you request information regarding financial reports, decisions, notifications, updates issued by the Company or when you submit requests-queries, complaints, comments, reviews or generally contact us about any issue via phone, e-mail, or surface mail.
When you subscribe (e-mail) to our newsletter service.
When you send us your CV in order to fill a job position in the Company.
When you visit or navigate the Company's website. We use cookies to collect information about how you use our website. In this way, we can adapt to your interests and needs, via recording details that will allow us to recognize you the next time you visit our website (for further details please see our Cookies Policy).
When you visit Company’s facilities, we collect (and maintain for as long as foreseen by the relevant legislation) CCTV data for the protection of persons and property, facilities security and crime prevention.

Purpose and legal basis of Processing

We process your personal data in accordance with the GDPR and national data protection legislation for one or more of the following purposes:

For the distribution of dividends or capital returns provided on a case-by-case basis and to inform you in accordance with the provisions of the applicable legislation (GDPR art. 6 (1b)).
To comply with our regulatory and legal obligations (GDPR art. 6(1c)).
To defend and secure the legal interests of the Company (GDPR art. 6 (1f)).
To inform you in general about our services (unless you have chosen not to receive promotional messages) as well as about events and financial studies of our Company.
To respond to your questions or requests.

In addition, the legal basis for the processing of your personal data can be your consent (GDPR art. 6 (1a)). If you have given your consent for specific purposes (e.g., receiving promotional messages, downloading-installing cookies, etc.), the purposes are obtained from the corresponding content of this consent.

Data Retention

We will keep your Data for as long as your shareholder relationship with the Company lasts and after its termination for as long as the relevant legislation requires or until the statute of limitations for relevant claims has expired. In any case, this time does not exceed twenty (20) years. It is specially pointed out that the CVs that you may send us in order to fill a job position in the Company and are subject to par. 6 of article 27 of Hellenic Law 4624/2019, are kept in the Company's file for a period of six (6) months from sending them to the Company, at which point they are deleted. In particular, we delete personal data immediately, when there is no legal basis for processing others, or if they are no longer necessary for the purpose of preparing and executing, among others, a concluded contract, and if there is no other specific legal basis, in case objection by others, unless further processing is permitted according to relevant provisions, if we are obliged to do so for other legitimate reasons, and in any case after twenty (20) years.

In the event that you visit our Company's premises, CCTV data is kept for 15 days. In cases where the retention of personal data is necessary for the exercise or defence/exercise of the Company's legal rights before judicial or other authorities provided for by the current legislation, the above deadline is extended until the end of the period in which such data is no longer necessary for the above purposes.

We make every effort to minimize the personal data we use over time, and to anonymize it so that it can no longer be associated with you or make you identifiable. In the case of anonymized data, we may use it without any further notice.

Recipients of your personal data

In fulfilling our contractual and legal/regulatory obligations, your personal data may be disclosed to:

Regulatory and public authorities, to the extent we are legally bound to provide these information, i.e., the prosecuting authorities.
Service providers-subcontractors (data processors).
Law Firms and / or legal counsellors.

Finally, access to your Data is given to the Company's absolutely necessary personnel, who are committed to maintaining confidentiality and have been properly trained.

The Company warrants that it will not transmit or disclose in any way, without your prior written consent, your Data to third parties (other than the recipients mentioned herein) for any purpose or use, unless required by applicable law or required by public / prosecutorial / judicial services / authorities.

Transfer of personal data outside the EU/EEA

The Company does not transfer your Data outside the EU/EEA.

Automated decision making

No automated decision-making process takes place in the course of our business activities.

Security of Data

We recognize the importance of Data protection and constantly review and improve our safeguards (technical and organizational measures) against unauthorized access and use, accidental loss, dissemination or destruction of your Data. Every employee of the Company who has access to the above information, uses it to exclusively serve the purposes of processing.

Your personal data is not used for purposes other than those described in this Policy. Also in cases where an organization, a company or an external partner provides services to us or on our behalf that include the processing of personal data, we ensure that appropriate protection measures (technical and organizational measures) are applied and the Data is processed in accordance with the specified manner and Company’s instructions. These organizations cannot process your Data for their own purposes, and are bound, by contract (Data Processing Agreement), to ensure the confidentiality, integrity, availability and in general and protection of Data in accordance with national data protection legislation and the General Data Protection Regulation (GDPR).

Your Rights

You can contact us to inform you about what Data is retained by us and how we process it. In addition, you can at any time request a copy of your personal data. To obtain a relevant copy, you can fill out the form that you can download here and send it to us signed with the authentication of your signature by a competent authority (GDPR art. 15, under reservation to the provisions of art. 33 of Law 4624/2019).

If you think that your personal data are incomplete or inaccurate, please contact us to proceed with the appropriate rectification (GDPR art. 16). In the event that you consider that your Data is not subject to processing for a specific and legal purpose, you can ask us to proceed with its deletion, after consultation with us (GDPR art. 17, under reservation to the provisions of art. 34 of Hellenic Law 4624/2019).

You can ask us to suspend or object to the processing of your personal data for reasons relating to your particular situation. If you submit such a relevant request, we will no longer process your personal data, unless we demonstrate compelling and legitimate reasons for the processing, which override your interests, rights and freedoms or to establish, exercise or support legal claims (GDPR art. 21, under reservation to the provisions of art. 35 of Hellenic Law 4624/2019).

You can opt-out of all promotional activities or choose to opt-out of certain forms of commercial communication (such as e.g., e-mail, telephone, etc.). In case you no longer wish to receive promotional messages via e-mail, you can unsubscribe from our list.

You may request to receive a copy of your personal data in a structured, commonly used and machine-readable format, in order to transmit that Data to other organizations. You also have the right to request that your personal data be transmitted directly by us to other organizations that you will name (right to data portability, GDPR art. 20).

You can withdraw at any time the consent (GDPR art. 7) you have given to the processing of your personal data, in cases where the processing takes place following your consent and without any other legal basis. In this case, their processing by us will be stopped, without this affecting the legality of the processing that has already taken place until the withdrawal of your consent.

You can request the restriction of processing of your personal data, only for specific purposes, including in the case of questioning the correctness of the Data or unlawful processing (GDPR art. 18).

In order to exercise any of your rights or if you have any other questions regarding the process of your personal data by us, you may contact us or fill out the relevant form, which you can find it here and send it (via surface mail or via e-mail) to:

ALPHA TRUST-ANDROMEDA Investment Trust S.A.
Head offices: 1 Aristeidou Street, Kifissia - Postal Code 14561
Τel.: 210 62 89 100
E-mail: info@andromeda.eu

Andromeda will respond to your request within one month following its receipt. If it is not possible for us to satisfy your request within the period of one month, we will inform you of the reasons for the delay.

Andromeda shares your concern about your personal data. For any information you can contact us at info@andromeda.eu

Right to submit a complaint

If you have exercised some or all of your rights regarding data protection and you still feel that your concerns about the way we process your personal data have not been duly addressed, you have the right to submit a complaint. You also have the right to submit a complaint with the Hellenic Data Protection Authority, Kifissias 1-3, PC 115 23, Athens. On the relevant website (http://www.dpa.gr) you will find information on how to submit complaints.

Changes to this Policy

We may change or amend this Policy from time to time, and we will accordingly amend the revision date indicated at the end of this notice. We recommend that you review this Policy periodically so that you are always aware of the of the way we process and protect your personal data.

This Policy was revised on December 29^th, 2022.