Initial information

With this statement DIAS informs its website visitors about its duties and your rights concerning personal data that it collects both through your browsing to the website and through the services DIAS offers. DIAS S.A. (hereinafter the Company, DIAS) is committed to protect your personal data that has legitimately collected and processes. The legal context under which protection of your personal data is ensured is set by the European General Data Protection Regulation 2016/679 (also known as GDPR), the Greek law No 4624/2019 as well as the opinions, decisions and guidelines issued by the competent Authorities (DPAs, EDPB).

This Personal Data Protection Notice may change without previous notice, in order to be compatible with the current legislation. As a result, we strongly recommend that you periodically visit the present section in order to remain updated on any alterations.

Latest update: December 2021.

Data Controller details

The Company «Interbanking Systems S.A.», under the distinctive title «DIAS S.A.», headquartered in Marousi, Attica, 2 Alamanas Str., P.C. 15125, tel. no +30 210 6171600, email address: info@dias.com.gr and registration no: 000740401000.

Categories of personal data

Personal data is every information that relates to an identified or an identifiable natural person (data subject).

Α. During your browsing in the present website, DIAS may collect and legitimately process the following categories of personal data:

• Personal (first and last name, gender, profession) and contact details (email address, telephone number, postal code) that you willingly provide it with, in order to contact DIAS and submit your requests, questions etc.
• The content of your written communication with the Company (email messages, fax or mail letters) and any other personal detail these messages contain. This personal data is also freely and willingly provided to DIAS.
• Personal data, including your ip adderss collected through the use of cookie files, stored in your device according to DIAS's Cookie Policy.
• Personal data concerning your academic skills, your professional experience and any other information included in your CV, in case that you send a Resume expressing your interest in joining the Company.
• Personal data that you provide DIAS with, through the “Join our Team” section of the website.

Β. In the context of its core business, DIAS collects and processes personal data of its Payment Service Providers’ clients and of other Organizations’ clients, in order to complete the interbank transactions. The personal data is provided to DIAS in the context of its contractual relationship with the afore-mentioned PSPs/ Organizations either by them or directly by the data subjects. For these purposes DIAS may collect:

• Personal details (name, post mail and email address, date and location of birth, telephone and fax number etc.)
• Unique identifications (TIN, Social Security Number, ID card Number)
• Transactional data (credit/debit card data, payment code, amount and time of payment, cheque number, IBAN/BBAN, Bank, indicator, time, status, number of transactions, beneficiary code etc.).

C. DIAS may additionally collect personal data concerning its collaborators:

• Single proprietor businesses: Personal details and unique identifiers (name, TIN, ID card no, telephone no, address, bank account no, IBAN, amount of payment etc.).
• Moral persons: Personal and contact details of their representatives, project managers.
• Personal data concerning items (e.g. car registration number).
• Image data as long as they access the Company’s facilities.

Image data processing via CCTV

DIAS has in place a CCTV surveillance system across shared areas of its building and around it, capturing solely images. The CCTV system is subject to a Data Protection Impact Assessment. Signs are placed in order to inform employees, visitors and any other person that CCTV is in operation.

The primary purpose of the CCTV system is to ensure the safety of DIAS’s employees/ visitors as well as to protect their and the Company's equipment and property. 

The CCTV system is in operation 24/7/365, including both image recording and real time monitoring. Cameras are monitored in the Security Control Room, which is a secure area, staffed with legitimately authorized persons, having undertaken the contracual obligation to protect information confidentiality and comply with every obligation imposed by the current legislation.  

Personal data processed via the surveillance system is available solely to DIAS's authorized employees or other cooperators in order to ensure the safety of staff and equipment, the CCTV system’s safety and the Company's technical systems' functionality. Under the conditions predicted by law, DIAS may grant access to competent judicial or other public authorities exercising their duties. The data collected via the CCTV system is not transferred to third countries or international Organizations. 

Images will be retained for no longer than 15 days upon the date of recording. Images will be automatically deleted after this point. This data is not processed for decision-making purposes. The afore-mentioned time period may be extended in case that an incident takes place, in compliance with the applicable legislation.

Requests by individual data subjects for images relating to themselves should be submitted in written to DIAS. In order to allow the relevant images to be located and the data subject to be identified, the latter one may be requested to provide the Company with additional details (concerning the time/ data of recording).

Processing purpose

DIAS legally processes your personal data in full accordance with the legal bases set by the GDPR and with respect to the principle of data and purpose minimization. The principal processing purposes are to:

• Properly offer its services to its clients and to PSPs’ / Organizations’ clients
• Ensure the proper operation of the website
• Efficiently respond to your queries and communicate with you
• Evaluate your request to co-operate or work with DIAS
• Adequately perform obligations to contractors
• Ensure the safety of staff and equipment

Additionally to the afore-mentioned purposes, DIAS retains its right to process your data for purposes of compliance with the obligations imposed by the currently applicable legal framework. Also, DIAS may process your data for purposes of supporting its legal claims and for other national or public security reasons, including crime prosecution and investigation purposes. 

Personal data of minors

DIAS does not process minors’ personal data, unless the person that has their custody has expressly given consent to.  

The current website is neither designed nor intended to be used by anyone under the age of 18. In case that you are under the age limit you are strongly encouraged to refrain from any action of providing your personal data to DIAS. If you believe that DIAS has collected your personal data, you should inform the person that has your custody in order to legitimately exercise your rights.

Data transfer

DIAS may transfer your personal data to third parties, indicatively to its employees (that may offer their services remotely), contractors, legal and financial consultants, suppliers, data processors, data storage companies, transaction settlement and clearing companies etc. DIAS transfers your personal data to these parties for specific purposes and under the condition that it is necessary for the completion of the afore-mentioned purposes.

DIAS ensures that every third party is obliged and contractually bound to process your personal data in compliance with the legal framework and to take efficient technical and organizational measures for personal data protection.

Under the conditions predicted by law, DIAS may grant access to your personal data to competent supervisory, audit, independent, judicial, public and/or other authorities exercising their duties.  

Transfer to countries outside the European Economic Area

In order to properly perform its operations, DIAS may transfer your personal data to countries outside the European Economic Area. In this case, the safety of your personal data is ensured as predicted by law (indicatively EU adequacy decisions, contractual clauses).

Retention time

DIAS retains your personal data for a definite time period according to the purpose of processing or in order to comply with its legal obligations and to support its legal claims.  

Personal data protection

DIAS has taken proper and efficient technical and organizational measures in order to ensure high level of your data protection. It porcesses your personal data in a legitimate manner. In this context, it has developed a complete and efficient information security and business continuity system, compatible with the requirements of PCI DSS, ISO 27001 and ISO 22301. 

Your rights

Every data subject may contact DIAS in order to exercise its legal rights. DIAS should respond to this request within 30 days. This period may be extended for two further months if necessary. In this case, DIAS informs the subject about the reasons of the delay.

You may exercise your rights by filling and sending to the Company the written form you can find below or in any other way that is convenient to you. You can either contact DIAS via its email addresses or the Company’s DPO contact details. Nonetheless, you may contact DIAS in any way you see fit.

As data subject, you have the following rights that can be exercised under the conditions and exceptions set by the applicable legislation:

• Right of access
• Right of rectification
• Right to erasure (right to be forgotten).
• Right to restriction of processing
• Right to data portability
• Right to object
• Right not to be subject to automated decision-making, including profiling
• Right to consent withdrawal in cases where consent constitutes the legal basis for the processing.

Personal data violation

DIAS processes your personal data in a safe and legitimate manner. However, in case you believe that a breach has occurred concerning your personal data, you may lodge a complaint by sending an email to the Company at dpo@dias.com.gr. Otherwise, you may also send a letter to the Company’s address or you may choose to contact DIAS by any other way that is convenient to you.

Irrespective of the procedure mentioned above, you have the right to file a complaint before the Greek Personal Data Protection Authority (Postal address: 1-3 Kifissias, PC 115 23, Athens, call center: + 30 210 6475600, e-mail address: contact@dpa.gr) if you think that your rights have been violated.

Data Protection Officer

If any questions or complaints arise regarding this Policy and in order to exercise your rights, you may contact the Company’s DPO Office.

Email address: dpo@dias.com.gr

Telephone no: 210 6171600

Postal address: 2 Alamanas Str., Marousi, PC 15125.