Investor Protection

SOLIDUS Securities ΑΕΠΕΥ

Investor Protection

Privacy Policy

DATA PROTECTION POLICY

The management and protection of all personal data of visitors/users of the www.solidus.gr website, which is the property of SOLIDUS SECURITIES ISF, is subject to the terms hereof and to the relevant provisions of Greek law (L. 2472/1997), the decisions of the Data Protection Authority and European law (Directive 2002/58/EC and GDPR 679/2016). The processing of personal data on behalf of the Company is in line with the law and its Data Protection Policy described below. Where there are links to other websites controlled by third parties - individuals or legal entities, SOLIDUS SECURITIES ISF is not responsible for their personal data management and protection terms. SOLIDUS SECURITIES ISF reserves the right to modify the terms of the Data Protection Policy upon notifying the visitors/users of its website, always within the applicable legal framework. SOLIDUS SECURITIES ISF 's website visitors/users enjoy the right to access, rectification, erasure, restriction of processing, portability and to object, in relation to any of their personal data being processed. For this purpose, they are kindly asked to address the Company in writing at SOLIDUS SECURITIES ISF, 64 str. Louizis Riankour, Apollon Tower, 17th floor, 115 23, Athens or via email to DPOfficer@solidus.gr.

1. Purpose, Scope

SOLIDUS SECURITIES ISF and its tight agents, are complying with the law concerning Personal Data Protection. This policy sets out the basic principles under which the SOLIDUS SECURITIES ISF network processes personal data of customers, employees, suppliers, partners and others. This Policy is applied within SOLIDUS SECURITIES ISF and its and its tight agents. All persons employed under a definite or indefinite term employment agreement, and all associate franchisees, agents or even subcontractors working on behalf of SOLIDUS SECURITIES ISF are bound by this Policy.

2. Main Definitions

Below follow the main definitions of the terms used in this document, as set out in Article 4 of the General Data Protection Regulation, to enable data subjects to become familiar with GDPR terminology:

Personal Data any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

Special categories of Personal Data: personal data which are, by their nature, particularly sensitive in relation to fundamental rights and freedoms merit specific protection as the context of their processing could create significant risks to the fundamental rights and freedoms. Those personal data should include personal data revealing racial or ethnic origin, political opinion, religion or beliefs, trade union membership, and the processing of genetic data, biometric data for the purpose of unique identification of a person, data concerning the genetic or health status of a natural person or sexual orientation.

Data Controller: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

Processor: a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Processing: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Authority: The Data Protection Authority.

3. Basic principles concerning Personal Data Processing

As data controller, SOLIDUS SECURITIES ISF invariably observes the data protection principles provided in Article 5 of the General Data Protection Regulation.

3.1. Lawfulness, Fairness and Transparency

SOLIDUS SECURITIES ISF processes personal data lawfully, fairly and transparently towards data subjects.

3.2. Purpose Limitation

Personal data are collected for specified, explicit and legitimate purposes and are not further processed for any other purpose.

3.3. Data minimization

SOLIDUS SECURITIES ISF keeps accurate personal data of the data subjects, limited to what is necessary in relation to the purposes for which they are processed, At the same time implementing appropriate technical measures for effecting the above objectives.

3.4. Accuracy

The personal data kept by SOLIDUS SECURITIES ISF are accurate and up to date. Every reasonable step is taken to ensure that personal data that are inaccurate, having regard to the puro for which they are processed, are erased or rectified without delay.

3.5. Storage limitation

Personal data are kept for no longer than is necessary for the purposes for which SOLIDUS SECURITIES ISF processes them.

3.6. Integrity and confidentiality

Taking into consideration the technological level and other available security measures, the cost of implementation and the possibility and seriousness of the risks involved for personal data, SOLIDUS SECURITIES ISF uses adequate technical or organizational measures to process Personal Data in a manner that ensures appropriate security of the personal data, including protection against accidental loss, destruction, damage, unauthorized or illegal processing.

3.7. Accountability

SOLIDUS SECURITIES ISF is responsible for, and able to demonstrate compliance with the General Data Protection Regulation to the competent Data Protection Authority.

4. Privacy Notice, Consent and Rights of Data Subjects

4.1. Notification to Data Subjects

Prior to or on collecting personal data for any processing activity undertaken by SOLIDUS SECURITIES ISF, including among other things the sale of products, services or marketing activities, SOLIDUS SECURITIES ISF provides adequate information to data subjects and, in particular, information about the types of personal data collected, the purposes of processing, the processing methods, the rights of data subjects in relation to their personal data, the length of retaining same, any international transfers, if the personal data are provided to third parties in the framework of co-operation, and the security measures implemented by SOLIDUS SECURITIES ISF to protect personal data. This information is provided through the Privacy Notice.

4.2. Consent

Where the legal grounds for collecting personal data is the data subject's consent, SOLIDUS SECURITIES ISF is responsible to ensure that data subjects provide their consent freely, by affirmative action, explicitly, and having been informed of the content of the document to which they consent. SOLIDUS SECURITIES ISF gives data subjects the opportunity to revoke their consent at any time. Where personal data of children under 16 years of age are collected, SOLIDUS SECURITIES ISF ensures that the Parent's consent has been obtained beforehand. Personal data must be processed only for the purpose for which they were originally collected. If SOLIDUS SECURITIES ISF wishes to process personal data for any other purpose, it must obtain the data subjects' consent in an explicit and specific form in writing. Any such request must contain the purpose for which the data were originally collected, and any new or additional purpose(s).

4.3. Collection

SOLIDUS SECURITIES ISF makes every effort to keep the number of personal data collected to a minimum. If the personal data are collected by a third party, SOLIDUS SECURITIES ISF ensures that these data are legitimately collected.

4.4. Relation of SOLIDUS SECURITIES ISF with Third Parties

Where SOLIDUS SECURITIES ISF has retained a third party to provide a service to its customers, or even uses a third party - supplier or commercial partner to process personal data on its behalf, SOLIDUS SECURITIES ISF ensures that the processor will provide adequate measures for the security and protection of the personal data in order to deal with any potential risks. SOLIDUS SECURITIES ISF makes every effort to ensure that its suppliers or commercial partners will only process personal data in the course of their contractual obligations towards SOLIDUS SECURITIES ISF, always in accordance with its instructions and for no other purpose.

4.5. Data Subjects' Rights of Access

As Data Controller, SOLIDUS SECURITIES ISF is responsible for providing data subjects with a mechanism for accessing their personal data which allows them to review, rectify, erase or transfer them. For the reason, you may use the form "APPLICATION OF DATA SUBJECT FOR ACCESS, RECTIFICATION, ERASURE, PROCESSING RESTRICTION, PORTABILITY AND OBJECTION TO DATA PROCESSING".

4.6. Data Portability

Data Subjects are entitled to obtain, at their request, a copy of the data they have provided to SOLIDUS SECURITIES ISF in a structured form, and transfer these data to another data controller. SOLIDUS SECURITIES ISF is responsible to ensure that such requests will be satisfied within one month, provided that they are not manifestly unfounded. When exercising the right to data portability, a data subject is entitled to request that the personal data be transferred directly from one data controller to another, if this is technically feasible.

4.7. Right to Erasure

Upon request, and under certain conditions, Data Subjects are entitled to ask SOLIDUS SECURITIES ISF to erase their personal data. SOLIDUS SECURITIES ISF will immediately take all action required to satisfy the request (including any technical steps), provided that such action is not in conflict with applicable laws, and will ensure the same for any third parties using or processing personal data on its behalf.

5. Responding to Personal Data Breaches

If SOLIDUS SECURITIES ISF is informed of a potential or actual breach of personal data, it will immediately conduct an internal inspection and take all appropriate remedies within reasonable time, in accordance with the Personal Data Breach Policy. If there is any risk to the rights and freedoms of data subjects, SOLIDUS SECURITIES ISF shall report the incident to the Authority without undue delay and, in any case, within 72 hours.

6. Communication

If you still have any questions or need any clarification in relation to the processing of your personal data by SOLIDUS SECURITIES ISF, please send an e-mail to DPOfficer@solidus.gr and SOLIDUS SECURITIES ISF will be pleased to serve you.