The website https://www.enexgroup.gr/ (hereinafter website) provides a wide range of information for the Energy Exchange Group, which consists of “EnΕx Clearing House S.A. (EnExClear S.A.)” and the Company “Hellenic Energy Exchange S.A. (HEnEx S.A.)” both located in 110 Athinon Ave., P.C. 10 442 Athens, Greece, Tel.: (+30) 210-336-6400. These Companies are Joint Controllers of your data, which are processed under it.
This Personal Data Protection Policy, which concerns the website https://www.enexgroup.gr/ (hereinafter the "Data Protection Policy" or the "Policy") defines the terms and conditions that are followed by the Data Controller (each company of the Energy Exchange Group) for the processing and protection of the personal data (hereinafter referred to as "Personal Data" or "Data") as mentioned below.
The Policy shall be updated whenever is necessary. If there are significant changes in the Policy or the way we use your Personal Data, we shall notify you either by posting a notice in a prominent place before the changes take effect or by any other appropriate means. We encourage you to read this Policy regularly to know how your Data is protected. The last review of our policy took place on 12/03 /2021.
Please take some time to read carefully the terms of the Policy.
2. Our Website
The website https://www.enexgroup.gr/ is the website of the Energy Exchange Group. The content of the website is mainly informative, as it hosts a wide range of information regarding the services of the Group Companies, the decisions concerning their operation, their regulatory framework and their human resources.
3. What kind of Personal data do we process?
When browsing our website, your connectivity data are automatically collected through the cookies that are installed on our website, such as IP, preferences data, visit time and navigation data.
When filling out the online contact form, we collect the name, the company you represent and your email address.
When you access the Membership area of the Companies of the Energy Exchange Group you will have to enter your email and password. Please note that access to this area is available only to authorized employees of our Group Members.
In the context of the operation of our website, only the necessary data are collected in accordance with this policy and legislation. No data of special categories are collected, ie indicative information that reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, as well as processing of genetic data, biometric data for the purpose of uniquely identifying, health data or data relating to sex life of a natural person or sexual orientation.
4. Purpose of Processing Personal Data
The Group Companies and/or third parties, acting, at the behest and on behalf of the Companies as Data Processors, process your personal data for the purpose of better operation of the website and the improvement of navigation on it, as well as to maintain security at a desired level, using cookies.
Group Companies also process your personal data to communicate with you, upon your relevant request, through the contact form.
In addition, the Group Companies process personal data of employees of their Members that are necessary for access to publications and content that can serve them in their daily work.
Your data is processed exclusively for the above purposes or as appropriate for purposes of legislative/regulatory compliance of the Companies or for the support of their legal claims.
The processing of your personal data is carried out in compliance with the basic principles for the protection of personal data, in accordance with the General Personal Data Protection Regulation (GDPR) (EU/2016/679), ie lawfulness, fairness and transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity and confidentiality and, finally, accountability as well as of all the provisions of the General Personal Data Protection Regulation.
5. Legal basis of the processing
Regarding the data collected through the unnecessary cookies of our website, their processing is based on the explicit consent of the website visitors. For the personal data collected when you fill in the contact form, the processing is based on the fact that it is necessary for the purpose of safeguarding the legitimate interests of our Group Companies, and in particular maintaining the necessary channels of communication with our existing and potential customers and processing their relevant communication requests. For the personal data collected during your entry into the Membership area of the Companies of Energy Exchange Group, the processing is based on safeguarding the legitimate interests of the Group which is the improvement of the services offered to its Members by providing specific forms and information in order to facilitate their daily work.
6. Who has access to your personal data?
Access to your personal data has exclusively the necessary, in any case, personnel of the Company, who have received the appropriate information for the safe processing of your personal data.
In addition, the companies that corporate with us - data processors, can also have access, which support the operation of our website (e.g. ATHEX S.A.) after the relevant assignment of the processing to them, by the Company. The processing of personal data by the processors is carried out under our explicit orders and under the guarantee of taking all appropriate technical and organizational measures to protect your data.
Third parties who may have access to your data are government and regulatory bodies (e.g. prosecution authorities, supervisory authorities etc.), when we are called to comply with the law, when the transmission is deemed necessary for important reasons of public interest, as well as for the establishment, exercise or support of legal claims.
7. Transmission of personal data outside the EEA
Your Personal Data is stored and processed only within the EEA.
8. Do we use automated decision-making/including profiling when processing your Data?
9. The period of keeping your personal data
Your personal data is kept only for the period of time required by the nature of the data processing. Indicatively, you can be informed about the retention time of your collected data through the cookies of our website, by reading our Cookies Policy, here. Your data collected by filling in the contact form is kept for as long as it is required to process your request, while the data of the employees of the Members of the Group Companies is kept for as long as the contractual relationship of the Members with the Group lasts.
10. Linking to third - party websites
The possible connection of this site to another third party website through special links, hyperlinks, banners, etc., does not imply any responsibility on our part for the content of this website, the quality and completeness of any products or the services presented on it or its policy on the protection and processing of personal data.
The natural person should make sure that he / she is informed about the protection and processing of his / her data from the above websites and that he / she reads the respective personal data policies that are followed by them.
11. Data security
We pledge that we have taken appropriate organizational and technical measures to secure and protect your Data from any form of accidental or unlawful processing. Our specially authorized personnel who process your personal data, have received the appropriate guidance and information. The measures we take are reviewed and amended when deemed necessary.
12. Your rights as data subject
As Data Subject you have the following rights:
Right to access to personal data
This means that you have the right to be informed by us if we process your Data. If we process your Data you may ask to be informed about the purpose of the processing, the categories of your Data we keep, recipients of your Data, where possible the period for which the data will be stored, if automated decisions are made, but also about your other rights, such as rectification, erasure, restriction of processing and submission of a complaint to the Personal Data Protection Authority.
Right to rectification of inaccurate personal data
If you find out that there is a mistake in your Data, you may submit your request to correct it (e.g. name correction or phone number change update).
Right to erasure/ right to be forgotten
You may ask us to erase your data if it is no longer necessary for the above mentioned processing purpose or you wish to withdraw your consent if this is the only legitimate basis.
Right to data portability
You may ask us to receive in readable form the Data you have provided or ask us to transmit it to another data controller.
Right to restriction of processing
You may ask us to restrict the processing of your Data for as long as your objections to our processing are pending.
Right to object to the processing of your Data
You may object to the processing of your Data, if the conditions of the General Personal Data Protection Regulation are met and we shall stop processing your Data unless there are other imperative and legitimate reasons that override your rights.
Right to withdraw consent
You may revoke your consent at any time to the extent that the processing has been carried out on that basis.
13. How can you exercise your rights?
- If you wish to receive further information regarding the processing of your personal data or to exercise any of the above rights, you can contact the designated person for both companies of the Group, Data Protection Officer, at the postal address 110 Athens Ave., Athens, P.C. 10442, Greece or at the e-mail address DataProtectionOfficer@athexgroup.gr, making a description of your Request and we will make sure to review it and respond to you as soon as possible.
- Our response to your request shall take place within (1) one month of receipt and does not involve any cost to you. The above deadline can be extended for a period of two (2) additional months due to the complexity or the number of requests, in which case you will be informed of the extension as soon as possible and no later than one month from the receipt of the request. In the latter case we will inform you about the delay and its reasons.
- In cases where the request is deemed manifestly unfounded or excessive we can either refuse to process it, or request the payment of a reasonable fee for processing it, taking into account the administrative costs of providing the information or performing the requested action.
- In case: a. you consider that your request has not been sufficiently and legally granted or b. you consider that the right to the protection of your personal data is infringed by some processing we perform, we remind you of your right to contact the Personal Data Protection Authority (postal address 1-3 Kifissias Ave., P.C. 115 23, Athens, Greece, tel. (+30) 210.6475600 and at e-mail address: firstname.lastname@example.org.