Privacy Policy

Latest update: May 25th, 2018

You may download the file in PDF format here.

Thank you for using our products and services (hereinafter referred to as the “Services”). The Services are provided by the company under the corporate name “Societe Anonyme for the Management & Operation of Networks for Electronic Transactions Cardlink” and with the distinctive title “CARDLINK S.A.”, having its registered seat at Irakleio of Attica, 41-45 Marinou Antipa Str., with Tax Registration Number 999265069, Tax Offices FAE of Athens (hereinafter “Cardlink”).

The present Privacy Policy aims at explaining to you which data we collect through our Services and websites, how we use such data as well as to inform you of your respective rights (hereinafter the “Privacy Policy”).

  1. Information we collect

While providing its Services, Cardlink may collect data, such as name and/or corporate name, address, telephone number, tax registration number, e-mail address, comments and observations, data relating to the means of payment (i.e. credit card numbers etc.), transactional details and/or other information, under the condition that such data were requested and voluntarily submitted by you per Service. Cardlink may also collect the above data from third-party contractors or from the cooperating banks, provided that they were lawfully collected pursuant to an agreement or an existing relationship between you and such third party and that you were duly informed that data that concern you may or will be transferred and/or notified to third parties, such as our company.

  1. Purposes of processing

Cardlink processes and uses the personal data it collects and/or are provided by you for one or more of the following legitimate purposes:

–           In order to provide the Services which you assign and anticipate to receive from us, to duly perform our agreements with third parties, such as the banks for any products, services or transactions you request and consequently in order to comply with our contractual obligations, to prove and manage your orders, for after-sale support, in order to be able to communicate with you regarding any orders placed and in general where such processing is reasonably necessary, or required for the compliance with the legal or regulatory provisions, the resolution of disputes, the prevention of fraud and abuse and/or the imposition of terms and conditions. Cardlink may also use your personal data for your registration to its website and the provision of services associated with such website (i.e. for the processing of queries regarding Cardlink’s products and/or services), for the assessment and analysis of the market, customers, products and  services provided by Cardlink (i.e. for submitting questions in order to be provided with your personal opinion with respect to our products and services, conducting customer surveys), for tracking, reviewing and improving our products and services, for the creation and development of a centralized system of reporting and for the statistical analysis of your transactions and the development and retention of internal records.

–           For the preservation and protection of the legal interests, both of your and Cardlink. In this context, we also use closed circuit television system (CCTV) and security cameras in order to be able to protect the safety of all natural persons, materials, equipment, as well as of our facilities. We also use special security software aiming at tracking and preventing malicious actions. In particular, while you are visiting our electronic websites we use information, i.e. IP address, location data, genre of users’ devices, in order to track and/or to prevent frauds and/or abuses of our website.

–           For purposes of carrying out the obligations and exercising specific rights imposed under the provisions of the tax or payment systems related legislation

Under no circumstances does Cardlink collect or process a greater number of information or data than it is required to fulfill the processing purposes or personal data which are not relevant to processing purposes.

  1. Retention period for personal data

Cardlink shall retain personal data collected for the above purposes for the period necessary for each particular processing. Τhe period for which the personal data shall be stored is determined based on the particular criteria set below on a case-by-case basis:

–           When processing is performed on the basis of execution of a contract, personal data shall be stored for as long as it is necessary for the performance of the contract and the establishment, exercise and/or support of legal claims possibly arising from such contract.

–           We will retain the data of your Cardlink account for so long as you are using such account and you do not require its deletion.

–           Any data provided by you to Cardlink for the provision of its Services shall be retained for so long as it is necessary for the provision of its Services.

–           Should it be reasonably necessary for compliance with the legal or regulatory provisions, the resolution of disputes, the prevention of fraud and abuse and/or the imposition of terms and conditions, Cardlink may retain your data, as required, even after the expiry of your account or even if it is not required for the provision of its Services.

–           When processing is imposed as an obligation by provisions of the applicable legal framework, personal data shall be stored for as long as it is required by the relevant provisions.

  1. Transfer of personal data to third parties

Cardlink allows access to your personal data to members of its personnel (to the extent that this is necessary for the performance of their duties) and to companies providing systems and operations which are essential to Cardlink in order to provide its Services to you and to other customers, such as the cooperating banks. Such companies provide Cardlink with systems for the processing of transactions, call centers for customer service, software development services relating to its Services, services for the installation and management of POS terminals, marketing services as well as other ancillary services that may include customer-supplier management systems, courier and cloud services.

If you are a holder of a Cardlink electronic account, we may provide access to your personal data, only for the purposes expressly notified to you on a Service-specific basis and described in the present Privacy Policy and to the extent that such provision of access is necessary, to companies which provide us with online services and applications which are interconnected with our Services and are exclusively used for providing you with better customer services, for responding to your queries and for improving your overall experience when using your Cardlink electronic account.

Please also note that Cardlink might be required to transfer data that concern you within and outside the EU in order to provide its Services in the most efficient way and only for purposes notified on a Service-specific basis and described in the present Privacy Policy, i.e. in cases where third parties that provide Cardlink with systems and operation services maintain an establishment in or provide their services to Cardlink from third countries. Under any circumstances, we shall comply with our legal personal data protection obligations; we shall assess the level of personal data protection compliance of our sub-contractors pursuant to the requirements of the applicable legislation on the protection of personal data; and we shall conclude special written agreements in order to ensure that processing is carried out in accordance with the applicable legal framework and that the level of protection is the same or higher than the level accorded by the EU data protection legislation.

Please note that you may exercise your right of objection pursuant to par. 11 of the present Privacy Policy, in order to obtain the termination of any activities of processing and transferring of your personal data to third parties as described in the present Privacy Policy; please note, however, that in such case you may no longer be in a position to use Cardlink Services.

  1. Information security

Cardlink has adopted and currently applies all appropriate technical and organizations measures in order to safeguard the security of the Services provided, as well as the confidentiality of the information stored in its Services.

Accessing Cardlink Services depends on your own initiative, not on the initiative of Cardlink. As such, you are responsible for acquiring and maintaining the necessary equipment (i.e., personal computer), software, telecommunication equipment and other services potentially required for gaining access to Cardlink Services, websites and platforms.

You undertake to safeguard and to protect your computer and systems from viruses and other malicious software.

To the extent possible, Cardlink has adopted all appropriate security measures in order to protect its websites from viruses and other malicious software. Cardlink controls access to its website through the use of security systems that aim to prevent attacks and other unauthorized actions taken against its websites. Under any circumstances, Cardlink cannot guarantee that the content of the website through which it provides its Services is free from viruses, errors and other damaging data and/or information and as such, Cardlink is not responsible for any damage caused to users, their software, documents or files, or for any damage in general that users might suffer due to the above.

  1. Use of Cookies

Our website uses cookies in order to enable your access to our Services. One of the main purposes for the use of cookies is to save your preferences and other information to your personal computer in order to save time, since you will not need to re-submit the same or identical information each time you use our website, as well as in order to personalize your experience, to customize content and to provide advertisements that may be of interest to you when visiting our website.

You may accept or reject cookies; please note, however, that the rejection of cookies might affect the accessibility and use of Cardlink Services. Should you wish to disable cookies, you may do so by changing your web browser setting(s). Please note that disabling cookies may prevent you from logging-in, accessing or using certain interactive parts of the Services that require cookies.

We will ask you to provide us with your consent in order to use cookies, i.e. Google Analytics cookies. Further information on how Google processes your personal data through Google Analytics can be found in the web link below: https://policies.google.com/privacy/update#infocollect.

  1. Third Party websites

Our website may contain links to other websites operated by external third parties, while websites operated by external third parties may contain links to our website. Cardlink takes all necessary measures in order to ensure that its website is only linked to websites of external third parties which maintain and enforce the same standards and criteria on privacy and personal data protection. In any case, Cardlink bears no responsibility for the privacy and/or personal data protection practices adopted in third party websites insofar as you have left the present website. Cardlink suggests that you cautiously review any applicable terms and personal data protection policies of such websites.

  1. Transfer of personal data to debtor informing companies (for non-performing obligations)

In case you have entered into an agreement with Cardlink relating to any of its Services for the provision of which you have undertaken the obligation to pay a respective fee and your corresponding debt to Cardlink becomes overdue and fails to be settled, we do hereby inform you that your contact details and other information on your debt will be notified and transferred to a debtor informing company for non-performing obligations so that such company proceeds to informing you respectively on the status of your debt pursuant to the provisions of L. 3758/2009, as amended and in force. In case your personal data are inaccurate, you should immediately inform Cardlink to the contact details referred to in paragraph 10 of the present Policy.

  1. Voice recordings

We would like to inform you that in order to efficiently manage your requests for the performance of our contractual relationship, any phone conversations between you and authorized representatives of Cardlink shall be recorded. Such recordings are retained for an appropriate period of time, as such period is determined according to applicable legislation and relevant decisions of the Greek Data Protection Authority. It should be specified, however, that not all phone calls with third party enterprises are recorded, i.e. phone calls initiated from our offices are not recorded.

  1. Your rights in relation to your personal data

Right of information and access: You have the right to be informed and to have access to your personal data and to receive additional information concerning their processing. You may exercise the right to be informed, as well as the right to access your personal data here.

Right of rectification: You have the right to to obtain the correction, amendment, completion and update of your personal data. Moreover, you may be informed on the recipients of your data. You may exercise the right to rectification here.

Right of erasure (right to be forgotten): You have the right to obtain from Cardlink the erasure of your personal data, in cases when such data are processed on the basis of your consent or in order to safeguard the legitimate interests pursued by Cardlink. In all other cases (i.e., when there is a contract in force, when personal data are processed for compliance with a legal obligation or for reasons of public interest), the above right of erasure is subject to specific limitations or is not applicable depending on the particular case in question. Moreover, you have the right to be informed on the recipients of your data. You may exercise your right of erasure here.

Please specify in your request the actions to which you wish us to proceed and the purpose thereof, since in case, for example, you wish to stop being contacted for advertising and promotional purposes, the appropriate action would possibly be the restriction of the processing of your personal data rather than their erasure.

Right of restriction of processing: You have the right to obtain restriction of processing of your personal data when: (a) the accuracy of the personal data is contested, for a period enabling the verification of the accuracy of the personal data; (b) the processing is unlawful and you oppose the erasure of your personal data and request the restriction of their use instead; (c) personal data are no longer needed for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims; and (d) you have objected to processing pending the verification whether the legitimate grounds of Cardlink override those of you as the data subject. Moreover, you have the right to be informed on the recipients of your data. You may exercise your right of restriction of processing here.

Right of objection to processing: You have the right to object any time to processing of your personal data, when processing is necessary for the purposes of the legitimate interests pursued by the controller or in case personal data are processed for direct marketing purposes and profiling. You may exercise your right of objection here.

Right to data portability: You have the right to receive without any cost accrued your personal data in a structured, commonly used and machine-readable format, as well as the right to obtain the transmission of those data to another controller, provided that it is technically feasible. This rights concerns the personal data that you have directly provided to Cardlink and the processing of which is carried out by automated means based on your consent or in performance of a relative contract. You may exercise your right to data portability here.

Right to withdraw your consent: You have the right to withdraw your consent to the extent it was given for the intended processing, at any time. You may exercise your right to withdraw your consent by sending an e-mail to the e-mail address dataprotection@cardlink.gr with subject line “Personal Data – Withdrawal of Consent”.

In case you wish to directly contact the Data Protection Officer (Cardlink DPO), you may address Mrs. Aggloupa Eleni by calling the telephone number: +30 211 1069711 or by sending an e-mail to dpo@cardlink.gr  with subject line “Attn: DPO”.

  1. Right to lodge a complaint before the Greek Data Protection Authority

The natural person the personal data of whom is processed by Cardlink has the right to lodge a complaint to the Greek Data Protection Authority (www.dpa.gr), Tel: +30 210 6475600, Fax: +30 210 6475628, E-mail address: complaints@dpa.gr.

You may download the file in PDF format here.