We would like to assure you that for the company with the trade name “HERON THERMOILEKTRIKI SOCIÉTÉ ANONYME” / “HERON ΙΙ THERMOILEKTRIKOS STATHMOS VIOTIAS SOCIÉTÉ ANONYME” (hereinafter referred to as the “Company”), member of GEK TERNA & ENGIE Group, the protection of personal data of the natural persons who are in any way involved with the Company, is of paramount important. That is why we are taking appropriate steps in order to protect the personal data of persons that we process and to ensure that personal data is always processed in accordance with the obligations laid down by the legal framework, both by the Company itself and by third parties who process personal data on behalf of the Company.
Data Controller – Data Protection Officer (DPO)
The company “HERON THERMOILEKTRIKI SOCIÉTÉ ANONYME” / “HERON ΙΙ THERMOILEKTRIKOS STATHMOS VIOTIAS SOCIÉTÉ ANONYME”, headquartered in the Municipality of Athens, 85 Mesogeion Avenue, operating offices in Athens, 124, Kifissias Avenue, Postal Code 11526, and two (2) Thermal Power stations in Thebes, Viotia in the 4th km PEO Thebes - Eleusis, Postal Code 32200, email: [email protected], website: http://www.heron.gr, informs that, in the context of its business activities, it processes the personal data of the data subjects, natural persons concerned (such as its customers, suppliers, shareholders, and potential personnel), in accordance with the applicable national legislation and the Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation, hereinafter referred to as the “Regulation”) as currently in force.
For any matter concerning the processing of personal data, please contact directly the Data Protection Officer (DPO), i.e. the Law Firm “PISTIOLIS - TRIANTAFYLLOS & ASSOCIATES LAW FIRM” at the following email address: [email protected], phone no.: 210-3626971, fax no.: 210-3626974.
What personal data do we process?
We process the personal data that you provide us with [such as, your name and surname, home address, email address, phone number and FAX number if available, identity card number (ID-Card no.) and issuing authority, tax registration number and competent Tax Office, gender and date of birth, etc., as well as your supply account number, photographs of the reconciliation bill for electricity or natural gas that your supplier provides you with], only when we have a legitimate reason to do so.
What are the legitimate reasons for processing your personal data?
The legitimate reasons for processing your personal data include the following:
(a) the performance of the existing contract between you and the Company, as well as the preparatory actions required within the scope of the contract that is to be drafted between you and the Company, such as, a contract for the supply of electricity or natural gas to our customers, satisfying our customer’s requests / complaints in the context of proper provision of our services, executing project contracts with our collaborating contractors or providing our services through our partners throughout Greece, in order to fulfill our contractual obligations in the above context.
(b) the safeguarding and the protection of both your legitimate interest and ours. Therefore, we use closed-circuit television (CCTV) and security cameras in order to protect the safety of natural persons, materials and other facilities of the Company. Additionally, we record details of our visitors and collaborators entering the facilities of the Company in order for them to be served or in order to execute the relevant works that we have been assigned, etc. and to be able to provide access cards for the facilities of the Company.
(c) compliance with an obligation imposed by law, such as the disclosure of acts and information of a société anonyme (including details of natural persons, such as shareholders, members of the Board of Directors or Company executives), pursuant to Art. 7b of Law 2190/1920, as amended, the disclosure of transactions of obliged persons to the Stock Exchange, the management of claims for damages caused by accidents while carrying out a project, the management of litigation cases, etc.
(d) the consent you provide us with under the specific conditions set by the legal framework.
(e) the manifest disclosure by the subject of the data and the processing which is necessary to protect the data subject's or other natural person's vital interests (in case the data subject is physically or legally incapable to give his/her consent) are the legitimate reasons for which we process any information related to health data.
How and why do we use your personal data?
- To properly comply with our contractual obligations and to maintain the quality of our provided services.
We collect and use the information required for the smooth cooperation with you whether it includes a supply contract, a contract for service provision to our customers, a contract for the execution of works by our contractors / subcontractors, etc., or the processing of personal data in the context of actions required at a pre-contractual stage.
Specific examples where the processing of our customers' personal information (as detailed above) is required include the following:
- Provision of authorization of the customer to the Company for the cessation of the Meter Representation & disconnection of power supply
- Certification of meter readings and general tariff parameters for Bill amendment
- Tariff dispute on behalf of our customer
- Customer request for the amendment of tariff category
- Customer request for VAT exemption
- Request to amend the existing supply contract
- Request to withdraw a direct debit for the settlement of bills via credit card
- Contract termination by our customer
- Activation of direct debit for the settlement of bills via credit card
- Withdrawing statement of our customer
- Submission of requests / complaints by our customer or a third party
- Provision of authorization of the customer to the Company for the cessation of the customer’s Meter Representation by another supplier by 100% and the termination of the contract
- Submission of customer request for a new supply representation
- Submission of customer expression of interest in an exhibition of our Company
- For the purpose of contacting you and optimizing our support.
We may need to contact you by email or telephone for administrative purposes, such as informing you about the status of our cooperation, arranging a professional meeting with potential staff, managing your further requests or complaints, etc.
- To comply with our legal obligations.
In case we publish, for example, information on our website or on the website of the General Electronic Commercial Registry (GEMH) and / or the Board of Directors of the Company (including details of natural persons), we use provide authorizations to designate and notify third party natural persons as representatives of the Company in order to conduct actions within the scope of the Company’s business activities.
- To protect our legitimate interests, individuals and premises
Within the above scope we use closed-circuit television (CCTV) and security cameras to ensure the safety of individuals, materials and premises of the Company.
- For newsletters subscription purposes and in order to send information on our new offers
We ask for your consent first, and then your email address, so that you may receive newsletters from our Company about our latest news and offers.
With your consent and subsequent subscription, you will be able to stay informed about our new services and offers that we send via emails and text messages or Instant messaging through related services (for example SMS, Viber, Push Notifications etc.).
- To create a Member Account
In case you wish to create a Member Account, you will need to provide us with your email address and set your own personal passwords.
- For the provision of information regarding the benefits available to you by concluding a contract for the provision of electricity or natural gas with our Company
In order to inform you about how much you would pay in case you were a customer of our Company, you are kindly requested to send us photographs of the reconciliation bill for electricity or natural gas that your supplier provides you with for processing purposes, and your phone number, so that we may contact you through viber.
- For a customized communication (profiling)
In order to provide you with the best possible experience, all personal data collected under our contractual relationship may be used to send personalized news / updates provided you have given your consent under specific conditions set by the legal framework.
Who do we disclose your personal data to?
The company “HERON THERMOILEKTRIKI SOCIÉTÉ ANONYME” / “HERON ΙΙ THERMOILEKTRIKOS STATHMOS VIOTIAS SOCIÉTÉ ANONYME” discloses your personal data to the following recipient categories:
- Company employees
To our Company employees, who are responsible for the evaluation and realization of your requests, the provision of information at a pre-contractual stage, and in case you express your interest in the conclusion of a customer relationship with the company, the proper execution of your contract with the company, as well as the fulfillment of obligations provided by the contract or by Law.
Your personal data are treated with the strictest confidentiality, since our employees processing your personal data possess an adequate and significant level of knowledge on personal data protection and are either bound by a confidentiality clause or obliged to comply with the confidentiality clause.
- State authorities, law enforcement Bodies
Personal data is disclosed whenever necessary for verification (e.g. by the Regulatory Authority for Energy, Hellenic Consumer’s Ombudsman, Hellenic Data Protection Authority, etc.) and in accordance with statutory procedures.
- Collaborators of our Company (partners, subcontractors, banks, insurance companies, auditing company etc.)
The company “HERON THERMOILEKTRIKI SOCIÉTÉ ANONYME” / “HERON ΙΙ THERMOILEKTRIKOS STATHMOS VIOTIAS SOCIÉTÉ ANONYME” works with collaborators to whom our Company assigns personal data processing on its behalf (e.g. subcontracting, banking transactions, audit of a transfer of shares by a statutory auditor, product promotion or market research companies, financial institutions, companies such as TIRESIAS S.A., in order to verify your credit standing, debtor notification companies, auditors, accountants, notaries, lawyers, bailiffs or other financial or professional consultants). In the above cases “HERON THERMOILEKTRIKI SOCIÉTÉ ANONYME” / “HERON ΙΙ THERMOILEKTRIKOS STATHMOS VIOTIAS SOCIÉTÉ ANONYME” remains the controller of the processing of your personal data and sets out the details of the processing, signing a specific contract with the third parties assigned with processing activities, in order to ensure that the processing is carried out in accordance with the applicable legal framework and that any individual may freely and without hindrance exercise the rights conferred on him/her by the legal framework.
In addition, “HERON THERMOILEKTRIKI SOCIÉTÉ ANONYME” / “HERON ΙΙ THERMOILEKTRIKOS STATHMOS VIOTIAS SOCIÉTÉ ANONYME” may also transfer data to other affiliated companies, as well as collaborating companies (e.g. to joint venture members or company associations) with the purpose to provide a report on the Company’s status provided that consent has been given by the natural person, as mentioned above and that the above provision on written assignment of processing applies.
Duration of Data Storage
The duration of data storage is defined according to the following specific criteria, as appropriate:
- In case the processing is required by provisions of the applicable legal framework, your personal data will be stored for as long as the relevant provisions require.
- In case the processing is performed on a contractual basis, your personal data will be stored for as long as necessary for the execution of the contract and for the basis, exercise, and / or support of legal claims under the contract.
What are your rights in relation to your personal data?
Any natural person whose data is processed by “HERON THERMOILEKTRIKI SOCIÉTÉ ANONYME” / “HERON ΙΙ THERMOILEKTRIKOS STATHMOS VIOTIAS SOCIÉTÉ ANONYME” is entitled to the following rights:
Right of access
You have the right to be aware and to verify the legality of the processing. Therefore, you have the right to access the data and receive additional information about data processing.
Right to Rectification
You have the right to read, rectify, update or modify your personal data by contacting the Data Protection Officer (DPO) with the above contact details.
Right to Erasure
You have the right to request the erasure of your personal data in case we process it with your consent or in order to protect our legitimate interests. In any other case (such as in the context of performance of contract in effect, obligation to process personal data required by law, public interest, etc.), this right is subject to specific restrictions or does not exist on a case-by-case basis.
Right to Restriction of Processing
You have the right to obtain from us restriction on the processing of your personal data where one of the following applies:
(a) the accuracy of the personal data is contested and until such accuracy is verified;
(b) you oppose the erasure of your personal data and request (instead of erasure) the restriction of their use;
(c) personal data are not needed for the purposes of processing, but they are, however, required for the establishment, exercise or defense of legal claims; and
(d) you object the processing pending the verification whether our legitimate grounds override those of yours.
Right to Object
You have the right to object to the processing of your personal data at any time where, as described above, such processing is necessary for the purposes of legitimate interests we seek as controllers.
The Right to Data Portability
You have the right to receive your personal data free of charge in a format that allows you to access, use, and edit them, using commonly used editing methods. You also have the right to ask us, if technically feasible, to transmit the data directly to another controller. This right concerns the data you have provided to us and their processing is carried out in a commonly used format based on your consent or in order to perform a contract.
The Right to Withdraw Consent
Where processing is based on your consent, you have the right to withdraw it. The withdrawal of your consent shall not affect the lawfulness of the processing based on consent before its withdrawal.
In order to exercise any of the above rights, please contact the Data Protection Officer (DPO), i.e. the Law Firm “PISTIOLIS - TRIANTAFYLLOS & ASSOCIATES LAW FIRM”, address: 103 Vasilissis Sofias, Athens, email address: [email protected], phone no.: 210-3626971
Right to lodge a complaint with the Hellenic Data Protection Authority
You have the right to file a complaint with the Hellenic Data Protection Authority (www.dpa.gr): Telephone: +30 210 6475600, Fax: +30 210 6475628, email: [email protected]
Personal Data Safety
“HERON THERMOILEKTRIKI SOCIÉTÉ ANONYME” / “HERON ΙΙ THERMOILEKTRIKOS STATHMOS VIOTIAS SOCIÉTÉ ANONYME” implements appropriate technical and organizational measures aimed at the safe processing of personal data and the prevention of accidental loss or destruction and/or unauthorized access to, use, modification or disclosure thereof. In any case, the way in which the internet operates and the fact that it is free to anyone cannot guarantee that unauthorized third parties will never be able to violate the applicable technical and organizational measures by gaining access and possibly using personal data for unauthorized and/or unfair purposes.