Data Protection Policy of INFOBANK HELLASTAT S.A.
“INFOBANK HELLASTAT S.A.”, Glyfada, Vouliagmenis Ave. number 18, 16675, with VAT number 998281508 (Reg. No. 008024201000)
) ("Website"), through which IB.HS is bound to protect the privacy of visitors and Users/ Clients of the Website.
This policy shall not apply to information collected through any other website or for practices of companies that we do not control. Please note that the Website may contain links to other websites. For instance, if you click on an advertisement in the Website and you are connected to another website, then this personal data protection policy shall not apply to any information collected by that website. We are not responsible for any personal data protection practices of other websites and we recommend you read the personal data protection policy of each website you visit.
2. Categories of Collected Data
A. Financial Information of companies and sole proprietorships: annual financial statements, accounts statements, balance sheet, sales statistics.
B. Commercial and other Verification Information of companies and sole proprietorships:historical data, VAT number, registered seat, contact details (website, corporate e-mail and telephone), activity, clients, suppliers, agencies, imports, exports, terms of payment, personnel information, property, banks of cooperation etc. depending on the activity of the entity being evaluated.
C. Shareholding / Corporate structure and Management Information: shareholding/corporate structure, management, participations, associate enterprises.
D. Companies’ Commercial Behaviour Information and natural persons (including also sole proprietorships): Conciliation Petitions, Bankruptcy Petitions, Payment Orders, Seizures, Bankruptcy Decisions, Real estate Autions, Movables Auctions, Mortgages.
Notification regarding Personal Data Processing by IB.HS (as Controller and Processor - in accordance with the General Data Protection Regulation EU 679/2016)
Why will you process my Personal Data (PD)?
IB.HS provides products and services containing commercial and financial information about entities ("Information") on the basis of the intended purpose, as this is described in section 6 hereof. Their contents vary depending on the type and purpose of the service provided by IB.HS.
Information automatically collected when visiting and interacting on the Website:
We inform you that your personal data and information that are collected and processed when you manage your account in the Website https://imentor.ibhs.gr
, are appropriate to the circumstances and they are required for the processing of your claims and the use of IB.HS services.
In particular, when visiting and interacting with the Website, certain information may be automatically collected, such as:
- your computer’s Internet protocol address (ΙΡ),
- the type of browser and the operating system,
IB.HS does not manage, collect or process geolocation data, which are collected and processed exclusively by the companies providing operating systems for each device you use (in case of use of iOS-Apple Inc or in case of android - Google Inc). IB.HS does not have access to the positioning refresh rate of GPS.
3. Data Collection Sources
1) General Commercial Registry (G.C.R) – Α, Β, C, D
2) Internet (corporate sites) – Α, Β
3) Athens Stock Exchange Website – Α, Β, C
4) 4) Courts of Peace, Cadastral Offices, Courts of 1st Instance, Land Registries, Site of auctions’ publication of ETAA-TAN - D
5) Companies-Sole Proprietorships (existing clients) – Α Β, C
6) Chambers of Commerce and Registry– Β
4. Transfer of Data to Third Parties
IB.HS reserves the right to disclose your personal data to the extent it is reasonably necessary for the purposes determined in this policy and in particular:
- Your data will be transmitted to IB.HS’s business units that are competent for the smooth and trouble-free operation of the Website services
- Your data may be transmitted and become accessible by legal entities with which, we have entered from time to time into agreements for the purpose of fulfilling our company’s goal (provision of credit rating evaluation services) in a correct and within our contractual terms framework.
- Your data may be transmitted, become accessible and processed by subsidiaries within the European union, which apply the appropriate technical, physical and administrative security measures for protecting data from loss, misuse, damage or amendment, unauthorised access and disclosure, as provided by article 32 of the GDPR 679/2016.
- During all transmissions, we always take all measures so as to ensure that the transmitted data are the minimum required and that the conditions for legitimate and lawful processing will always be met.
5. Personal Data Retention Period
The data retention period depends on the lawful basis of processing, as set out in detail below:
- In case the lawful basis for processing is the exercise of legitimate interest, the processing of personal data is carried out for as long as it is considered necessary, for the achievement of IB.HS’s intended purpose and for the time still required until the limitation period of any related claims has expired.
- In case the personal data of the user/ client (Account Information) are provided on the basis of the user/client’s own consent within the framework of the user/client’s registration in the services of the Website, we shall retain your data for as long as we maintain our contractual relationship with them both in hard copy and in electronic form or until the granted consent by the data subject is withdrawn. In case this is interrupted for any reason, we shall retain such data for as long as it is required until the limitation period of any related claims expires.
- 3. In case the lawful basis for processing is the execution of the contract, we shall retain your data for as long as you have the contractual relationship with us both in hard copy and in electronic form or we shall retain them for as long as it is required until the limitation period of any related claims expires.
6. Legitimate Interest - Intended Purpose - Lawful Basis for Data Processing
IB.HS within the framework of its general business activity according to the above and while pursuing of its statutory objectives, which include the collection, management, and provision of commercial and financial information (business information), which concern the credit risk evaluation of entities and the promotion of its business activity for the evaluation of credit risks and the resolution of transactions, has created and maintains a database, which is daily updated with financial and commercial information of entities. IB.HS processes and stores the said data within the E.U.
Moreover, the Clients/ Users of the Website, will be subject to certain personal data processing that may be required when registering on the Website, in case such processing is deemed necessary for the conclusion of a contract with IB.HS, as well as for the use of the aforementioned Websites and applications.
7. Rights of the Data Subjects
You may exercise, as the case may be, the rights deriving from the applicable Greek Legislation and the General Data Protection Regulation (Regulation (EU) 2016/679) which are as follows: a. the right of information (article 13), b. the right of access (article 15), c. the right to rectification (article 16), d. the right to erasure “right to be forgotten” (article 17), e. the right to restriction of processing (article 18), f. the right to data portability (to receive your personal data in a structured and commonly used format - article 20 where applicable) and g. the right to object (article 21).
- In case you exercise any of your rights, we will take all measures available for the satisfaction of your request within thirty (30) days following the receipt of the relevant request. We may either inform you of the acceptance of your request or any objective grounds that hinder its satisfaction.
- Notwithstanding the above, you may at any time object to the processing of your Personal Data, by withdrawing your consent (article 7, par. 3 of the GDPR 679/2016).
8. Data Processing by IB.HS
In some cases, our clients provide us with their business data, such as customer, supplier or third parties’ data - which may contain personal data (who may be individuals or companies) - within the framework of provision of our services. In such cases, IB.HS shall operate as the “Processor” of the personal data, which are included in the said business data. Consequently, in such case different provisions of the GDPR 679/2016 shall apply, with which we comply.
Additionally, IB.HS applies throughout the data processing procedure, the appropriate technical, physical, and administrative security measures for protecting the data from loss, misuse, damage or modification, unauthorised access and disclosure, as it is provided under article 32 of the GDPR 679/2016 in order to ensure appropriate security level against risks, including, among others, as the case may be: a) encryption of personal data b) the ability to ensure confidentiality (article 90 GDPR 679/2016), the integrity, availability, and resilience of processing systems and services on an ongoing basis, c) the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident, d) a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing. Moreover, IB.HS shall take measures so as to ensure that any physical person acting under the authority of the controller or of the processor, who has access to personal data, shall not process those data except on instructions from the controller and limits access to your personal information to authorised employees. IB.HS servers are hosted at IBM data centre (hosting provider) in Athens. Mr. Stylianos Barbaris is the appointed Security Officer (IB.HS IT Consultant).
We use the information we obtain to produce scores and ratings such as scores for payment consistency, the level of maximum credit etc. We may also carry out customized profiles for our customers. We use highly developed scoring models and algorithms, which are based on previous similar circumstances, adverse events and economic forecasts to produce a score.
We recommend to our customers how to interpret and use our scores. Our customers may choose to use our scores alone or combine the scores with other information available to them. Their decision making will be based around whether to insure or market to, extend credit, acquire, trade or partner with a business. Our scores predict whether a business is likely to continue trading, pay its bills on time, receive credit, whether they would be likely to purchase a product or service, where they benchmark within their industry or whether they are subject to any specific risks. We do not make any decisions about an organization – we do not hold blacklists and we do not encourage our customers whether to trade with an organization.
10. Submission of Complaint - Appeal
This policy may be renewed from time to time, due to amendments to the related legislation or change of IB.HS’s corporate structure. Thereby, we encourage the Clients/Users to periodically check this site so as to be informed regarding recent information on privacy practices. In any case, the Clients/Users will be informed via e-mail or a notice on our Website regarding any amendments to this policy.