With this statement DIAS informs its website visitors about its duties and your rights concerning personal data that it collects both through your browsing to the website and through the services DIAS offers. DIAS S.A. (hereinafter the Company, DIAS) is committed to protect your personal data that has legitimately collected and processes. The legal context under which protection of your personal data is ensured is set by the European General Data Protection Regulation 2016/679 (also known as GDPR), the Greek law No 4624/2019 as well as the opinions, decisions and guidelines issued by the competent Authorities (DPAs, EDPB).
This Personal Data Protection Notice may change without previous notice, in order to be compatible with the current legislation. As a result, we strongly recommend that you periodically visit the present section in order to remain updated on any alterations.
Latest update: December 2021.
Data Controller details
The Company «Interbanking Systems S.A.», under the distinctive title «DIAS S.A.», headquartered in Marousi, Attica, 2 Alamanas Str., P.C. 15125, tel. no +30 210 6171600, email address: firstname.lastname@example.org and registration no: 000740401000.
Categories of personal data
Personal data is every information that relates to an identified or an identifiable natural person (data subject).
Α. During your browsing in the present website, DIAS may collect and legitimately process the following categories of personal data:
Β. In the context of its core business, DIAS collects and processes personal data of its Payment Service Providers’ clients and of other Organizations’ clients, in order to complete the interbank transactions. The personal data is provided to DIAS in the context of its contractual relationship with the afore-mentioned PSPs/ Organizations either by them or directly by the data subjects. For these purposes DIAS may collect:
C. DIAS may additionally collect personal data concerning its collaborators:
Image data processing via CCTV
DIAS has in place a CCTV surveillance system across shared areas of its building and around it, capturing solely images. The CCTV system is subject to a Data Protection Impact Assessment. Signs are placed in order to inform employees, visitors and any other person that CCTV is in operation.
The primary purpose of the CCTV system is to ensure the safety of DIAS’s employees/ visitors as well as to protect their and the Company's equipment and property.
The CCTV system is in operation 24/7/365, including both image recording and real time monitoring. Cameras are monitored in the Security Control Room, which is a secure area, staffed with legitimately authorized persons, having undertaken the contracual obligation to protect information confidentiality and comply with every obligation imposed by the current legislation.
Personal data processed via the surveillance system is available solely to DIAS's authorized employees or other cooperators in order to ensure the safety of staff and equipment, the CCTV system’s safety and the Company's technical systems' functionality. Under the conditions predicted by law, DIAS may grant access to competent judicial or other public authorities exercising their duties. The data collected via the CCTV system is not transferred to third countries or international Organizations.
Images will be retained for no longer than 15 days upon the date of recording. Images will be automatically deleted after this point. This data is not processed for decision-making purposes. The afore-mentioned time period may be extended in case that an incident takes place, in compliance with the applicable legislation.
Requests by individual data subjects for images relating to themselves should be submitted in written to DIAS. In order to allow the relevant images to be located and the data subject to be identified, the latter one may be requested to provide the Company with additional details (concerning the time/ data of recording).
DIAS legally processes your personal data in full accordance with the legal bases set by the GDPR and with respect to the principle of data and purpose minimization. The principal processing purposes are to:
Additionally to the afore-mentioned purposes, DIAS retains its right to process your data for purposes of compliance with the obligations imposed by the currently applicable legal framework. Also, DIAS may process your data for purposes of supporting its legal claims and for other national or public security reasons, including crime prosecution and investigation purposes.
Personal data of minors
DIAS does not process minors’ personal data, unless the person that has their custody has expressly given consent to.
The current website is neither designed nor intended to be used by anyone under the age of 18. In case that you are under the age limit you are strongly encouraged to refrain from any action of providing your personal data to DIAS. If you believe that DIAS has collected your personal data, you should inform the person that has your custody in order to legitimately exercise your rights.
DIAS may transfer your personal data to third parties, indicatively to its employees (that may offer their services remotely), contractors, legal and financial consultants, suppliers, data processors, data storage companies, transaction settlement and clearing companies etc. DIAS transfers your personal data to these parties for specific purposes and under the condition that it is necessary for the completion of the afore-mentioned purposes.
DIAS ensures that every third party is obliged and contractually bound to process your personal data in compliance with the legal framework and to take efficient technical and organizational measures for personal data protection.
Under the conditions predicted by law, DIAS may grant access to your personal data to competent supervisory, audit, independent, judicial, public and/or other authorities exercising their duties.
Transfer to countries outside the European Economic Area
In order to properly perform its operations, DIAS may transfer your personal data to countries outside the European Economic Area. In this case, the safety of your personal data is ensured as predicted by law (indicatively EU adequacy decisions, contractual clauses).
DIAS retains your personal data for a definite time period according to the purpose of processing or in order to comply with its legal obligations and to support its legal claims.
Personal data protection
DIAS has taken proper and efficient technical and organizational measures in order to ensure high level of your data protection. It porcesses your personal data in a legitimate manner. In this context, it has developed a complete and efficient information security and business continuity system, compatible with the requirements of PCI DSS, ISO 27001 and ISO 22301.
Every data subject may contact DIAS in order to exercise its legal rights. DIAS should respond to this request within 30 days. This period may be extended for two further months if necessary. In this case, DIAS informs the subject about the reasons of the delay.
You may exercise your rights by filling and sending to the Company the written form you can find below or in any other way that is convenient to you. You can either contact DIAS via its email addresses or the Company’s DPO contact details. Nonetheless, you may contact DIAS in any way you see fit.
As data subject, you have the following rights that can be exercised under the conditions and exceptions set by the applicable legislation:
Personal data violation
DIAS processes your personal data in a safe and legitimate manner. However, in case you believe that a breach has occurred concerning your personal data, you may lodge a complaint by sending an email to the Company at email@example.com. Otherwise, you may also send a letter to the Company’s address or you may choose to contact DIAS by any other way that is convenient to you.
Irrespective of the procedure mentioned above, you have the right to file a complaint before the Greek Personal Data Protection Authority (Postal address: 1-3 Kifissias, PC 115 23, Athens, call center: + 30 210 6475600, e-mail address: firstname.lastname@example.org) if you think that your rights have been violated.
Data Protection Officer
If any questions or complaints arise regarding this Policy and in order to exercise your rights, you may contact the Company’s DPO Office.
Email address: email@example.com
Telephone no: 210 6171600
Postal address: 2 Alamanas Str., Marousi, PC 15125.