We would like to assure you that for the company with the trade name “HERON SOCIÉTÉ ANONYME ENERGY SERVICES” / “HERON ΙΙ THERMOILEKTRIKOS STATHMOS VIOTIAS SOCIÉTÉ ANONYME” and the Distinctive Title “HERON ENERGY S.A.” / “HERON II VIOTIAS S.A.” (hereinafter referred to as the “Company”), member of GEK TERNA Group, the protection of personal data of the natural persons who are in any way involved with the Company, is of paramount important. That is why we are taking appropriate steps in order to protect the personal data of persons that we process and to ensure that personal data is always processed in accordance with the obligations laid down by the legal framework, both by the Company itself and by third parties who process personal data on behalf of the Company.
Data Controller – Data Protection Officer (DPO)
The company “HERON SOCIÉTÉ ANONYME ENERGY SERVICES” / “HERON ΙΙ THERMOILEKTRIKOS STATHMOS VIOTIAS SOCIÉTÉ ANONYME”, headquartered in the Municipality of Athens, 85 Mesogeion Avenue, operating offices in Athens, 124, Kifissias Avenue, Postal Code 11526, and two (2) Thermal Power stations in Thebes, Viotia in the 4th km PEO Thebes - Eleusis, Postal Code 32200, email: firstname.lastname@example.org, website: http://www.heron.gr, informs that, in the context of its business activities, it processes the personal data of the data subjects, natural persons concerned (such as its customers, suppliers, shareholders, and potential personnel), in accordance with the applicable national legislation and the Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation, hereinafter referred to as the “Regulation”) as currently in force.
For any matter concerning the processing of personal data, please contact directly the Data Protection Officer (DPO), i.e. the Law Firm “PISTIOLIS - TRIANTAFYLLOS & ASSOCIATES LAW FIRM” at the following email address: email@example.com, tel: 213 033 3000
What personal data do we process?
We process the personal data that you provide us with [such as, your name and surname, home address, email address, phone number and FAX number if available, identity card number (ID-Card no.) and issuing authority, tax registration number and competent Tax Office, gender and date of birth, etc., as well as your supply account number, photographs of the reconciliation bill for electricity or natural gas that your supplier provides you with], only when we have a legitimate reason to do so.
What are the legitimate reasons for processing your personal data?
The legitimate reasons for processing your personal data include the following:
(a) the performance of the existing contract between you and the Company, as well as the preparatory actions required within the scope of the contract that is to be drafted between you and the Company, such as, a contract for the supply of electricity or natural gas to our customers, satisfying our customer’s requests / complaints in the context of proper provision of our services, executing project contracts with our collaborating contractors or providing our services through our partners throughout Greece, in order to fulfill our contractual obligations in the above context.
(b) the safeguarding and the protection of both your legitimate interest and ours. Therefore, we use closed-circuit television (CCTV) and security cameras in order to protect the safety of natural persons, materials and other facilities of the Company. Additionally, we record details of our visitors and collaborators entering the facilities of the Company in order for them to be served or in order to execute the relevant works that we have been assigned, etc. and to be able to provide access cards for the facilities of the Company.
(c) compliance with an obligation imposed by law, such as the disclosure of acts and information of a société anonyme (including details of natural persons, such as shareholders, members of the Board of Directors or Company executives), pursuant to Art. 7b of Law 2190/1920, as amended, the disclosure of transactions of obliged persons to the Stock Exchange, the management of claims for damages caused by accidents while carrying out a project, the management of litigation cases, etc.
(d) the consent you provide us with under the specific conditions set by the legal framework.
(e) the manifest disclosure by the subject of the data and the processing which is necessary to protect the data subject's or other natural person's vital interests (in case the data subject is physically or legally incapable to give his/her consent) are the legitimate reasons for which we process any information related to health data.
How and why do we use your personal data?
To properly comply with our contractual obligations and to maintain the quality of our provided services.
We collect and use the information required for the smooth cooperation with you whether it includes a supply contract, a contract for service provision to our customers, a contract for the execution of works by our contractors / subcontractors, etc., or the processing of personal data in the context of actions required at a pre-contractual stage.
Specific examples where the processing of our customers' personal information (as detailed above) is required include the following:
Provision of authorization of the customer to the Company for the cessation of the Meter Representation & disconnection of power supply
Certification of meter readings and general tariff parameters for Bill amendment
Tariff dispute on behalf of our customer
Customer request for the amendment of tariff category
Customer request for VAT exemption
Request to amend the existing supply contract
Request to withdraw a direct debit for the settlement of bills via credit card
Contract termination by our customer
Activation of direct debit for the settlement of bills via credit card
Withdrawing statement of our customer
Submission of requests / complaints by our customer or a third party
Provision of authorization of the customer to the Company for the cessation of the customer’s Meter Representation by another supplier by 100% and the termination of the contract
Submission of customer request for a new supply representation
Submission of customer expression of interest in an exhibition of our Company
For the purpose of contacting you and optimizing our support.
We may need to contact you by email or telephone for administrative purposes, such as informing you about the status of our cooperation, arranging a professional meeting with potential staff, managing your further requests or complaints, etc.
To comply with our legal obligations.
In case we publish, for example, information on our website or on the website of the General Electronic Commercial Registry (GEMH) and / or the Board of Directors of the Company (including details of natural persons), we use provide authorizations to designate and notify third party natural persons as representatives of the Company in order to conduct actions within the scope of the Company’s business activities.
To protect our legitimate interests, individuals and premises
Within the above scope we use closed-circuit television (CCTV) and security cameras to ensure the safety of individuals, materials and premises of the Company.
For newsletters subscription purposes and in order to send information on our new offers
We ask for your consent first, and then your email address, so that you may receive newsletters from our Company about our latest news and offers.
With your consent and subsequent subscription, you will be able to stay informed about our new services and offers that we send via emails and text messages or Instant messaging through related services (for example SMS, Viber, Push Notifications etc.).
To create a Member Account
In case you wish to create a Member Account, you will need to provide us with your email address and set your own personal passwords.
For the provision of information regarding the benefits available to you by concluding a contract for the provision of electricity or natural gas with our Company
In order to inform you about how much you would pay in case you were a customer of our Company, you are kindly requested to send us photographs of the reconciliation bill for electricity or natural gas that your supplier provides you with for processing purposes, and your phone number, so that we may contact you through viber.
For a customized communication (profiling)
In order to provide you with the best possible experience, all personal data collected under our contractual relationship may be used to send personalized news / updates provided you have given your consent under specific conditions set by the legal framework.
Who do we disclose your personal data to?
The Company discloses your personal data to the following recipient categories:
To our Company employees, who are responsible for the evaluation and realization of your requests, the provision of information at a pre-contractual stage, and in case you express your interest in the conclusion of a customer relationship with the company, the proper execution of your contract with the company, as well as the fulfillment of obligations provided by the contract or by Law.
Your personal data are treated with the strictest confidentiality, since our employees processing your personal data possess an adequate and significant level of knowledge on personal data protection and are either bound by a confidentiality clause or obliged to comply with the confidentiality clause.
State authorities, law enforcement Bodies
Personal data is disclosed whenever necessary for verification (e.g. by the Regulatory Authority for Energy, Hellenic Consumer’s Ombudsman, Hellenic Data Protection Authority, etc.) and in accordance with statutory procedures.
Collaborators of our Company (partners, subcontractors, banks, insurance companies, auditing company etc.)
The Company works with collaborators to whom our Company assigns personal data processing on its behalf (e.g. cooperation agreements with call centers which are assigned with the promotion of products and services of our company) subcontracting, banking transactions, audit of a transfer of shares by a statutory auditor, product promotion or market research companies, financial institutions, companies such as TIRESIAS S.A., in order to verify your credit standing, debtor notification companies, auditors, accountants, notaries, lawyers, bailiffs or other financial or professional consultants). In the above cases the Company remains the controller of the processing of your personal data and sets out the details of the processing, signing a specific contract with the third parties assigned with processing activities, in order to ensure that the processing is carried out in accordance with the applicable legal framework and that any individual may freely and without hindrance exercise the rights conferred on him/her by the legal framework.
In addition, the Company may also transfer data to other affiliated companies, as well as collaborating companies (e.g. to joint venture members or company associations) with the purpose to provide a report on the Company’s status provided that consent has been given by the natural person, as mentioned above and that the above provision on written assignment of processing applies.
Duration of Data Storage
The duration of data storage is defined according to the following specific criteria, as appropriate:
In case the processing is required by provisions of the applicable legal framework, your personal data will be stored for as long as the relevant provisions require.
In case the processing is performed on a contractual basis, your personal data will be stored for as long as necessary for the execution of the contract and for the basis, exercise, and / or support of legal claims under the contract.
What are your rights in relation to your personal data?
Any natural person whose data is processed by the Company is entitled to the following rights:
Right of access
You have the right to be aware and to verify the legality of the processing. Therefore, you have the right to access the data and receive additional information about data processing.
Right to Rectification
You have the right to read, rectify, update or modify your personal data by contacting the Data Protection Officer (DPO) with the above contact details.
Right to Erasure
You have the right to request the erasure of your personal data in case we process it with your consent or in order to protect our legitimate interests. In any other case (such as in the context of performance of contract in effect, obligation to process personal data required by law, public interest, etc.), this right is subject to specific restrictions or does not exist on a case-by-case basis.
Right to Restriction of Processing
You have the right to obtain from us restriction on the processing of your personal data where one of the following applies:
(a) the accuracy of the personal data is contested and until such accuracy is verified;
(b) you oppose the erasure of your personal data and request (instead of erasure) the restriction of their use;
(c) personal data are not needed for the purposes of processing, but they are, however, required for the establishment, exercise or defense of legal claims; and
(d) you object the processing pending the verification whether our legitimate grounds override those of yours.
Right to Object
You have the right to object to the processing of your personal data at any time where, as described above, such processing is necessary for the purposes of legitimate interests we seek as controllers.
The Right to Data Portability
You have the right to receive your personal data free of charge in a format that allows you to access, use, and edit them, using commonly used editing methods. You also have the right to ask us, if technically feasible, to transmit the data directly to another controller. This right concerns the data you have provided to us and their processing is carried out in a commonly used format based on your consent or in order to perform a contract.
The Right to Withdraw Consent
Where processing is based on your consent, you have the right to withdraw it. The withdrawal of your consent shall not affect the lawfulness of the processing based on consent before its withdrawal.
In order to exercise any of the above rights, please contact the Data Protection Officer (DPO), i.e. the Law Firm “PISTIOLIS - TRIANTAFYLLOS & ASSOCIATES LAW FIRM”, address: 103 Vasilissis Sofias, Athens, email address: firstname.lastname@example.org ,tel: 213 033 3000
Right to lodge a complaint with the Hellenic Data Protection Authority
You have the right to file a complaint with the Hellenic Data Protection Authority (www.dpa.gr): Telephone: +30 210 6475600, Fax: +30 210 6475628, email: email@example.com
Personal Data Safety
The Company implements appropriate technical and organizational measures aimed at the safe processing of personal data and the prevention of accidental loss or destruction and/or unauthorized access to, use, modification or disclosure thereof. In any case, the way in which the internet operates and the fact that it is free to anyone cannot guarantee that unauthorized third parties will never be able to violate the applicable technical and organizational measures by gaining access and possibly using personal data for unauthorized and/or unfair purposes.
Information on the processing of personal data through a video surveillance system
HERON SOCIÉTÉ ANONYME ENERGY SERVICES, headquartered in the Municipality of Athens, 85 Mesogeion Avenue, operating offices in Athens, 124 Kifisias Avenue, Postal Code 11526, email firstname.lastname@example.org, telephone number 18228.
Purpose of the processing and legal basis:
We use closed-circuit television (CCTV) in order to protect natural persons and premises. The processing is necessary for the purposes of the legitimate interests we pursue as a controller (article 6 para. 1. (f) GDPR).
Our legal interest is the need to protect our premises and the materials in it from illegal actions, such as theft. We also need to ensure life safety, physical integrity, health as well as the property of our staff and of third parties legally located in the area under surveillance. We only collect image data and limit the surveillance to places where we have previously assessed that there is an increased possibility of perpetration of illegal actions e.g. theft, for instance, in cash desk and/or the entrance, without focusing on places where privacy of the persons being photographed may be severely restricted, including their right to respect of their personal data.
The material held is accessible only by our competent / authorized personnel and cooperating security company who are in charge of security of the premises. This material shall not be disclosed to other third parties without the consent of the data subject, except in the following cases: (a) to the competent judicial, prosecutorial and police authorities when it contains information necessary to investigate a criminal offense involving persons or property of the controller; (b) to the competent judicial, prosecutorial and police authorities when lawfully requesting data in the performance of their duties, and (c) to the victim or perpetrator of a criminal offense, in the case of data which may constitute evidence of the offense
We keep the data for fourteen (14) days, after which they are automatically deleted. In the event that during this period we find an incident, we isolate part of the video and keep it for another (1) month, in order to investigate the incident and initiate legal proceedings to defend our legal interests, while if the incident concerns third parties, we will keep the video for up to three (3) more months.
Data subjects’ rights
Data subjects have the following rights:
- Right of access: you have the right to be aware whether we process your images and if so, to receive a copy of them.
- Right to restriction of processing: you have the right to request us to restrict processing, for example, you may ask us not to delete data that you deem necessary to establish, exercise or support legal claims.
- Right to object: you have the right to object to the processing.
- Right to erasure: you have the right to request that we erase your personal data.
You may exercise your rights by sending an e-mail to herondpo@gr.AndersenLegal.com or a letter to our postal address or by submitting the request to us in person, at the address of the company. To examine a request related to your image, you should tell us when you were within the range of the cameras and give us a picture of you to make it easier for us to locate your data and hide the data of third parties pictured. Alternatively, we give you the possibility to come to our facilities to show you the images in which you appear. Moreover, we would like you to note that exercising the right to object or the right to erasure does not imply the immediate erasure of data or the modification of the processing. In any case, we will answer you in detail as soon as possible, within the deadlines set by the GDPR.
Right to lodge a complaint
In case you consider that the processing of your data violates Regulation (EU) 2016/679, you have the right to lodge a complaint with the competent supervisory authority.
The competent supervisory authority in Greece is the Hellenic Data Protection Authority, Kifisias Avenue 1-3, 11523, Athens, https://www.dpa.gr/, telephone number +302106475600.