Effective as of March 2020
In this privacy notice (“Privacy Notice”) we explain how we collect and use your personal information in connection with the use of the website www.euronetatms.gr (the “Website”).
1 – WHO WE ARE AND THE APPLICATION OF THIS DATA PRIVACY NOTICE
The controller of your personal data processed in connection with your use of the Website is Euronet Card Services S.A. (“Euronet”, “we”, “our” or “us”), 1 Sachtouri Street & 2 Poseidonos Av. 176 74 Kallithea, Athens, Greece, part of the Euronet Worldwide, Inc. group (the “Euronet Group”). Further details on the companies within the Euronet Group are available at: http://www.euronetworldwide.com. This means that we are responsible for deciding how we will hold and use your personal data collected in connection with your use of the Website.
The Euronet Group Data Protection Officer can be contacted:
- By email at: DPO@euronetworldwide.com or
- By post to: Euronet Data Protection Officer, Calle Cantabria, 2 28108 Alcobendas, Madrid, Spain.
By using or navigating the Website, you acknowledge that you have read, understand, and agree to be bound by this Privacy Notice. You should not provide us with any of your information if you do not agree with the terms of this Privacy Notice.
We encourage you to review and check the Website for any updates to this Privacy Notice. We will publish the updated version on the Website. By continuing to deal with us, you accept changes to this Privacy Notice as they apply from time to time.
2 – DATA PROTECTION PRINCIPLES
“Personal data” means any information that enables us to identify you, directly or indirectly, such as name, email, address, telephone number, any form of identification number or one or more factors specific to your identity.
We are committed to complying with applicable data protection laws and will ensure that personal data is:
- Used lawfully, fairly and in a transparent way;
- Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes;
- Relevant to the purposes we have told you about and limited only to those purposes;
- Accurate and kept up to date;
- Kept only as long as necessary for the purposes we have told you about;
- Kept securely.
3 – WHAT PERSONAL DATA DO WE COLLECT AND HOW DO WE COLLECT IT?
We collect your personal data when you give it to us in connection with your use of the Website, including when you visit the Website and complete forms provided through the Website.
This data includes in particular your name (or names), business name, postcode, email, telephone, as well as other personal data that may be included in your online enquiry.
It is possible that during a process of responding and processing your enquiry or at a later date, especially in the course of correspondence with us or in the course of telephone conversations with our representatives, you provide additional information. In such case, we will process the personal data you provided with this information.
Providing by you of your personal data referred to above is voluntary. Not providing this data may, however, result in the inability to process your enquiry.
Cookies and similar technologies
When you use our Website, we collect information via cookies and similar technologies, including the IP address of visitors, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform. We may use this data for the following purposes:
- To measure the use of our Website and services, including number of visits, average time spent on a website, pages viewed, page interaction data (such as scrolling, clicks, and mouse-overs), etc., and to improve the content we offer;
- To administer the Website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
- As part of our efforts to keep the Website safe and secure.
4 – HOW WE USE YOUR PERSONAL DATA
Personal data collected through our Website is typically stored and processed in the UK.
We have summarized below how we use your personal data and our basis for such usage:
|How we process your personal data||Our basis for processing of your personal data|
|We use Personal Data to register your enquiry, to contact you, to update our records about you, and to process and respond to your enquiry.||The basis for the processing of your personal data for this purpose is Article 6 Sec. 1 pt. f) of the GDPR, that is our legitimate interest to respond to an enquiry addressed to us in a relation to our business.|
|We may also process your personal data in order to pursue any legal claims, as well as for archival purposes related to this purpose, including securing information in the event of the need to prove facts about the services provided in the appropriate proceedings.||The basis for the processing of personal data for these purposes is Art. 6 clause 1 lit. f) GDPR – our legitimate interest.|
We may sometimes process your personal data (by email or SMS), in order to provide targeted marketing about our services. Such marketing communications will only be sent to you if you gave your consent (when you registered for our services or at another point) and you have not withdrawn such consent or if there is another basis to send such communications to you. The basis for processing of personal data for these purpose is Article 6 Sec. 1 pt. a) of the GDPR.
All marketing emails you receive from us will include specific instructions on how to unsubscribe and you may unsubscribe at any time or alternatively you can unsubscribe from marketing at any time by contacting us in writing by email at firstname.lastname@example.org.
You should note that we are opposed to third-party spam mail activities and do not participate in such mailings, nor do we release or authorize the use of customer personal data to third parties for such purposes.
We may use aggregate data for a variety of purposes, including analysing user behaviour and characteristics in order to measure interest in (and use of) the various portions and areas of the Website. We also use the data collected to evaluate and improve the Website and analyse traffic to the Website.
In some circumstances we may anonymise your personal data so that it can no longer be associated with you, in which case we use such data without further notice to you.
5 – IS DATA COLLECTED SHARED WITH OR COLLECTED BY THIRD PARTIES
We may share your personal data with other entities in the Euronet Group, in order to enable or facilitate us to process your enquiry.
We may share your personal data with Euronet and affiliates in the Euronet Group (some of which are based outside the European Economic Area (“EEA”) and in Canada and the United States – further details are set out at the end of this section 5) for the purposes, or to enable or facilitate the purposes, set out in section 4 and 11 of this Data Privacy Notice.
Third party service providers
We may share personal data we collect with third party service providers to manage, enable or facilitate certain aspects of the Website and if we do so, we will have safeguards in place with such third-party service providers requiring them to protect the personal data.
We don’t use advertising services suppliers on our Website. We run ads through Facebook platform, that direct customers to our Website.
We may transfer your personal data to a third party as a result of a sale, acquisition, merger, or reorganisation involving Euronet, a company within the Euronet Group, or any of their respective assets. In these circumstances, we will take reasonably appropriate steps to ensure that your information is properly protected.
Legal and regulatory
We may also disclose your personal data with entities that are entitled to request it under applicable law, including judicial authorities as well as other public authorities within the scope of their competence.
Sharing personal data outside of the EEA
As explained above, we may share your personal data within the Euronet Group, which may involve transferring your data outside of the EEA. It is important for you to note that while the laws on holding data in the countries to which we may transfer your data may be less stringent than the laws of your country, Euronet intends to adhere to the principles set forth in this Policy, unless otherwise required by applicable laws.
If we share personal data with third party service providers based outside of the EEA, we will ensure a level of protection and safeguarding of your personal data.
6 – ADVERTISING
7 – HOW LONG IS YOUR PERSONAL DATA RETAINED?
Personal data is used for different purposes and is subject to different standards and regulations. In general, personal data is retained for as long as necessary to process your enquiry, to comply with applicable legal, accounting or reporting requirements, and to ensure that you have a reasonable opportunity to access the personal data.
To determine the appropriate retention period for personal data, we consider the applicable legal requirements, the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means. For example:
- Legal and regulatory requirements. We will retain your personal data if required to comply with legal and regulatory obligations, compliance procedures and legal limitation periods.
- Customer service. If you provide us with your personal data, we may (subject to any legal or regulatory considerations) retain your personal data for as long as necessary to deal with your query.
- Marketing. Personal data provided to us for marketing purposes may be retained until you opt out or until we become aware the data is inaccurate.
The longest period that data may be retained is currently 7 years.
8 – IS CORRESPONDENCE THAT YOU SEND TO US SAVED?
Yes. If you send us correspondence, including emails, we retain such data along with any records of your account. We may also retain customer service correspondence and other correspondence involving you, us and any company within the Euronet Group, our partners, and our suppliers.
9 – DATA SECURITY
We are committed to maintaining the security of your personal data and have measures in place to protect against the loss, misuse, and alteration of the data under our control.
We employ modern and secure techniques to protect our systems from intrusion by unauthorized individuals, and we regularly upgrade our security as better methods become available.
Our datacenters and those of our partners utilize modern physical security measures to prevent unauthorized access to the facility. In addition, all personal data is stored in a secure location behind firewalls and other sophisticated security systems with limited (need-to-know) administrative access.
All our employees who have access to, or are associated with, the processing of personal data are contractually obligated to respect the confidentiality of your data and abide by the privacy standards we have established.
Please be aware that no security measures are perfect or impenetrable. Therefore, although we use industry standard practices to protect your privacy, we cannot (and do not) guarantee the absolute security of personal data.
The Website may offer a news hub, in order for users to read blogs we publish. It is important to remember that any information disclosed in this area becomes public information. Accordingly, as with any public forum, you should exercise extreme caution when deciding whether to disclose your personal information.
10 – WHAT ARE MY DATA PROTECTION RIGHTS?
In certain circumstances (for example, if you are a “data subject” in the EEA), and subject always to verification of your identity, you may request access to and have the opportunity to update and amend your personal data. You may also exercise any other rights you enjoy under applicable data protection laws.
Data subjects in the EEA have the right to:
- Request access to any personal data we hold about them (“Subject Access Request”) as well as related data, including the purposes for processing the personal data, the recipients or categories of recipients with whom the personal data has been shared, where possible, the period for which the personal data will be stored, the source of the personal data, and the existence of any automated decision making;
- Obtain without undue delay the rectification of any inaccurate personal data we hold about them;
- Request that personal data held about them is deleted provided the personal data is not required by an entity of the Euronet Group for compliance with a legal obligation under applicable law or for the establishment, exercise or defense of a legal claim;
- Under certain circumstances, prevent or restrict processing of their personal data, except to the extent processing is required for the establishment, exercise or defense of legal claims;
- Under certain circumstances, request transfer of personal data directly to a third party where this is technically feasible.
Also, where you believe that we have not complied with our obligations under this Privacy Notice or the applicable law, you may have the right to make a complaint to a relevant Data Protection Authority or through the courts.
Although not required, we would encourage you to let us know about any complaint you might have and we will respond in line with our complaints procedure set out in section 11 of this Data Privacy Notice.
11 – DATA PRIVACY COMPLAINTS PROCEDURE
Where you believe that we have not complied with our obligations under this Data Privacy Notice, or the applicable law, you may have the right to make a complaint to a relevant Data Protection Authority or through the courts. Although not required, we would encourage you to let us know about any complaint you might have and Euronet will respond in line with our complaints procedure – our contact details are set out in section 12 below.
We want to deal with your concerns fairly, effectively and promptly. However, some complaints are more complex than others and may take some time to investigate.
- We will acknowledge your complaint promptly after receiving it
- We will keep you informed throughout any investigation
In order to assist in the speedy resolution of any complaint you may have, it’s important that we understand your complaint fully. Sometimes this means we may ask you to address your concerns to us in writing. This can be either by email or post to the addresses in section 12 below. We have established internal procedures for investigating any complaint, which may also involve experienced members of staff from Euronet Companies considering or investigation the complaint. Where appropriate, the complaint will be dealt with, by someone who was not directly involved in the matter which is the subject of your complaint. The member of staff will either have authority to settle your complaint or will have ready access to someone who has the authority. Our response will fully address the subject matter of your complaint and, if appropriate, will offer redress.
Unless applicable data protection laws require responses within shorter timescales, we will try to resolve any data privacy complaints you have within 30 business days of receiving your complaint; in exceptional circumstances, we will let you know and agree on a response extension.
As noted above, if you are not satisfied with our reply/outcome, or otherwise with the handling of the complaint, you may have the right to lodge a claim before a relevant Data Protection Authority (Greece: Hellenic Data Protection Authority, http://www.dpa.gr, address: Kifissias 1-3, 115 23, Athens, phone: +30-210 6475600, E-mail: email@example.com) or the courts.
12 – CONTACT US
If you have any questions or concerns about this Data Privacy Notice or our data practices, please contact us in writing by email at DPO@euronetworldwide.com or by post to Euronet Data Protection Officer, Calle Cantabria, 2, 28108 Alcobendas, Madrid, Spain.