Privacy Policy
Welcome to www.snappibank.com. We value your privacy and the protection of your personal data. This Privacy Policy explains what data we collect, why we collect it, how we use it, the way your data is processed and their recipients, and your rights regarding your data. If you have any concerns, please contact us.
This Data Protection Policy includes:
- Information about the Controller of your personal data.
- The type of personal data we collect.
- The purpose of collecting and processing your personal data and the legal basis for processing them.
- The security measures we take to protect your personal data.
- The retention period of your personal data.
- Information about your rights and how to exercise them.
Data Controller
- Banking Company: SNAPPI S.A.
- Address: Krystalli Street No. 7A, 45444, Ioannina
- GEMI Number: 164679129000
- TIN: 801858330
- Supervisory Authority: Bank of Greece, 21 Eleftheriou Venizelou Street, 102 50 Athens
- Email: hello@snappibank.com
Information We Collect
"Personal Data" refers to any information that identifies a person. SNAPPI S.A. collects such information when you use, or interact with, it through our website or social media accounts.
- Website Visitors: If you contact us via our website's form, we collect your name and email address. We also collect data when you interact with our social media accounts. Through the contact form on our website , in order to serve any requests and clarifying questions on issues related to the services provided by us, you will be asked to enter your name and your e-mail address.
Automated Data Collection
- Log files
During your visit to our website, certain data is automatically collected from our server and recorded in special files (log files). The purpose of storing this information is to check the security of the information and services of our website, to ensure the ability to investigate any online attacks and incidents and to support any relevant legal claims.
The legal basis for the above processing is Article 6 para. 1 (f) GDPR, which allows us to process data when this is necessary to achieve the legitimate interests of SNAPPI S.A. The logs are kept for 3 months and may be shared with third-party processors to manage the website and with the competent authorities in case it is necessary to investigate any online attack and incident. The data for which they are investigated or used in the context of legal claims are kept for the time required for these purposes.
- Cookies
Furthermore, when you interact with our website, certain data is automatically collected by your device or web browser ("cookies"). By using cookies, small text files with information used by websites make your user experience more effective on our website.
Detailed information on the automated data collection can be found in our Cookies Policy.
Information concerning minors
Our website and services are not intended for use by minors under the age of 15. SNAPPI S.A. does not collect Personal Data of minors under the age of 15 without the consent of a parent or guardian. In any case, SNAPPI S.A. deletes any personal data of a minor under the age of 13. If you believe we have collected such data, please contact us.
Why do we use your Personal Data?
We use your data to:
- To respond to your requests and questions about the provided services.
- To handle your complaints.
- To execute your rights regarding your personal data.
- To improve our business and services.
- To detect and prevent fraud or illegal activities.
- To protect our rights, assets or those of third parties.
- Other purposes: we may use your data in other ways. In this case, we will provide prompt notifications to inform you when we collect the data, while we will obtain your consent before processing, where required.
For the realization of these purposes, we will collect and generally process only those data that are compatible with the purpose of processing.
Data Sharing
We may share your data with:
- Competent supervisory, public or judicial authority, as required by law.
- Third-party service providers who assist us, such as law firms, financial advisors-accountants, advertising companies, providers of IT products and / or services and / or support of all kinds of information and electronic systems and networks, courier companies, etc., under strict data protection agreements.
We do not disclose your personal data to third parties outside the European Union in countries where there is no appropriate data protection regime. However, should such a data transfer need to take place, we will take all possible steps to ensure that your data is treated securely, e.g. using Standard Contractual Clauses (SCCs) adopted by the Commission.
Legal bases for processing your personal data
SNAPPI S.A. relies on the following four legal bases when processing your personal data:
- Contract: when the processing of your personal data is necessary for the performance of our obligations arising from the contract.
- Legal obligation: when we are required to process your personal data to comply with a legal obligation, such as to provide information to a public body or law enforcement authority.
- Legitimate interest: we may process data about you when we have a legitimate interest in performing a lawful activity in order to ensure the continuity of that activity, as long as it does not exceed your interests, or
- Consent: we may occasionally ask you for your specific consent in order to process some of your personal data. Your personal data will only be processed if you agree to this. You may withdraw your consent at any time, without retroactive effect, by contacting SNAPPI. S.A. at hello@snappibank.com.
Your rights
Your rights under Law 4626/2019 and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons regarding the processing of personal data and on the free movement of such data (General Data Protection Regulation).
Under GDPR, you have the right to:
- Access: Request a copy of your data.
- Rectify: Correct any inaccurate data.
- Delete: Request deletion of your data.
- Restrict: Limit how we use your data.
- Portability: Receive your data in a structured, commonly used and machine-readable format, as well as transmit them, under legal conditions, to another controller as long as this does not adversely affect the rights and freedoms of others (only for automated processing of information that you provided to us with your consent or for the performance of the contract between us.)
- Object: Object to data processing at any time. SNAPPI S.A. may not satisfy this right if it demonstrates compelling legitimate reasons for processing that override your interests, rights and freedom or for the establishment, exercise or support of legal claims.
- Complain: Lodge a complaint with the Data Protection Authority (www.dpa.gr). if you consider that your rights are violated in any way (right to complain to the Authority). Postal Address: 1-3 Kifissias Avenue, P.C. 115 23, Athens, call center: +30 210 6475600, e-mail: contact@dpa.gr.
For any additional information, as well as for the exercise of the above rights, please contact us by sending a mail to the address Krystalli Street No. 7A, 45444, Ioannina or at hello@snappibank.com email address. As a rule, your request will be fulfilled within one month of receipt. The information, any announcement as well as all actions taken in accordance with Articles 15 to 22 and 34 GDPR are provided free of charge.
You can also contact the Data Protection Officer – DPO at the following contact details by post: Stadiou 49, 10559, Athens, email dpo@snappibank.com
Security and Retention of Your Personal Data
We retain your personal data only as long as necessary for the purposes outlined, i.e. for the duration of the contract between us, your consent, our legal obligations (such as keeping for tax purposes) and our legitimate interest on a case-by-case basis.
The processing of personal data is carried out in a way that ensures its confidentiality. SNAPPI S.A. implements appropriate technical and organizational measures to ensure the appropriate level of security of your data against the risks of accidental or unlawful destruction, accidental loss, alteration, unauthorized disclosure or access and any other form of unlawful processing.
The data you provide to us is protected by appropriate information security techniques to ensure both their safe transfer over the internet and their secure storage in Information Systems.
We require all third parties who may receive your personal data to have appropriate technical and operational security measures in place to protect your personal data, in accordance with Greek and EU data protection legislation.
Special Categories of Data
We ask you not to disclose to us sensitive personal data (e.g., banking details) via email. Such data is not needed for our processing purposes.
Links
Our website contains links to other websites (such as jobs.workable.com where the user can see the jobs available in snappi and apply by sending a CV).
Frequently asked questions about the processing of employee candidate data
- What personal data of the employee candidate are processed?
The data collected are those which are strictly necessary for the purpose of the processing, such as the following and/or any other data where there is a legitimate purpose and legal basis for the processing and the data are strictly necessary for that purpose.
- Identifying information: full name, father's name, mother's name, ID number, gender, date and place of birth, nationality.
- Contact details: postal address, e-mail address, telephone number (fixed, mobile).
- Marital status, education, curriculum vitae, any disabilities.
- Previous experience, professional experience.
- Reason for rejecting a recruitment application.
- What is the purpose of processing and what is the legal basis?
The assessment of potential employees as to whether they meet the recruitment requirements for a specific job. The legal basis for the collection of this data by the prospective employer is to serve his/her legitimate interest in recruiting qualified and suitable staff.
To provide information on the possibility of recruitment for future employment positions within the enterprise. The legal basis for the collection of this data by the prospective employer is the consent of the prospective employee.
- For how long is the data kept?
The personal data of candidate employees who will not enter an employment contract are retained for six (6) months from the date of the job for which they were collected and then deleted.
The data of candidate employees is retained for a longer period of up to two (2) years, provided that the candidate employee has given consent, and then deleted. In case prospective employees wish to have their data retained for possible employment opportunities in the future, they may choose the period of time they wish to retain their data for up to two (2) years and then they will be deleted.
- To which recipients are the personal data of the candidate employees transmitted?
In order to meet its processing purposes and its legal obligations, the Company communicates the personal data relating to candidate employees to categories of persons or entities (recipients). The recipients have access only to the personal data that are strictly necessary for the performance of their duties and the provision of the services they have undertaken with respect to the Merchant. These categories are as follows:
- Processors: the Merchant cooperates with processors on its behalf to provide hosting or IT system support services, subject to data confidentiality.
- Lawyers, where this is necessary for the fulfilment of the legal obligations of the Merchant or for the exercise of its rights and the defense of its legitimate interests.
- Bailiffs, notaries, judicial, prosecutorial, and police authorities, as well as auditing authorities, where this is required by legal provisions or court decisions or following relevant legitimate requests from them in the exercise of their duties.
- What are the rights of prospective employees and how are they exercised?
The below list presents the employee's rights by processing purpose and corresponding legal basis.
- Assessment of candidate employees as to whether they meet the recruitment requirements for a specific job.
Legal basis: serving the legitimate interest of the prospective employer in recruiting suitable staff (6.1f)
Related Rights: Access (Article 15 of the GDPR), Correction (16), Deletion (17), Restriction (18), Rejection (21).
- Informing the candidate about employment opportunities in the company.
Legal Basis: Consent (6.1a)
Related Rights: Access (Article 15 of the GDPR), Rectification (16), Erasure (17), Deletion (17), Restriction (18), Portability (20), Withdrawal of consent (7.3)
If the prospective employee wishes to exercise a right, he/she should address the Company in writing or electronically by sending an e-mail to the Company. Please note that in case of reasonable doubt about the identity of the data subject, the Merchant may request additional information to confirm the identity.
The Merchant must respond to the request within one (1) month of receipt. The deadline may be extended by two (2) more months, if required at the Merchant's discretion taking into account the complexity of the request and the number of requests, in which case the Merchant must inform within one month of receipt of such extension and the reasons for the delay.
If the Merchant does not act on the request when exercising the above rights or after responding the prospective employee considers that his/her rights are violated, he/she has the possibility of filing a complaint with the Personal Data Protection Authority, as well as a legal action.
6.When is consent required for the processing of data of candidate employees?
In the case of data retention time beyond 6 months in order to inform the candidate about possible employment opportunities in the Company in the future.
This privacy statement does not apply with regard to the user's access to other websites. Please refer to the privacy policies of these websites for more information on how they handle your data.
The Data Controller is not responsible for the content and services of other third parties to which it refers via their links, hyperlinks or banners (including, without limitation, social networking sites such as LinkedIn, for example). The Data Controller does not guarantee, nor can it control the availability, content and privacy policy of the linked website. Therefore, for any problem encountered when visiting/using them, you should contact the respective websites that are solely responsible for the provision of their services. Access using the links provided to the website in question is the sole responsibility of the user.
Policy Updates
Latest Update: Athens, June 2024
- Please be advised that this policy may change from time to time. If we decide to change our policy, we will inform you through notifications that will appear on our website.
- If we decide to substantially alter the processing of your personal data, you will receive prior notice or, where necessary, your consent will be requested before applying the new policy.
Contact
For any questions or comments regarding our current policy, as well as the practices we follow, please do not hesitate to contact us at: hello@snappibank.com