DESFA’s Information Note regarding the processing of Personal Data in accordance with Regulation (EU) 2016/679 and existing Greek Legislation.
DESFA notifies you that, within the framework of its activities and obligations as these are defined by the European and Greek Legislation and its Articles of Association, processes Personal Data (hereinafter: Data) of its employees and natural persons, who represent its Counterparties such as suppliers, users of the NGTS, etc. (hereinafter referred to as: Data Subjects), as follows:
1. What kind of Data is processed by DESFA and where does DESFA collect them?
1.1. Data identifying the Data Subjects such as: name, father’s name, identification card number, VAT number, social security number, date of birth, sex, family status, etc. This data is collected by the Data Subjects (directly or through the companies or other organizations they represent).
1.2. Data Subjects communication data such as: postal and e-mail address, telephone, landline and mobile, etc. The Data is collected by the Data Subjects (directly or through the companies or other organizations they represent).
1.3. Data of the Data Subjects relating to: compliance with Tax Authorities, transactions with Credit Institutions, professional behavior and experience, knowledge and skills, etc. (directly or through the companies or other organizations they represent).
1.4. Image Data from the CCTV cameras in DESFA’s facilities and their perimeter, where warning signs exist.
1.5. Image data and audiovisual material from corporate events or Corporate Social Responsibility initiatives.
1.6. Data collected during navigation on our website, such as: Internet Protocol (IP) address, browsing data within the website, service preference information, transactional data executed. User-generated content.
1.7. Data within the scope of service provision, such as: order and transaction data, payment data, payment execution information, transaction tax details.
1.8. Any other Data other than the above Data, the processing of which is required by provisions of European and Greek Legislation.
2. Why DESFA is processing Data?
DESFA processes Data:
2.1. For the conclusion and performance of a contract in which DESFA is a contracting party.
2.2. To comply with the applicable Legal and Regulatory framework and decisions of public, supervisory, regulatory or judicial Authorities.
2.3. For the protection of the public interest, which consists of the secure and continuous provision of DESFA’s public utility services as the natural gas system operator of the country.
2.4. For the protection of its employees and counterparties, third parties, and property.
2.5. For the support of the mission and the Corporate Social Responsibility of DESFA, the promotion of its digital profile and the improvement of its reputation, including through the company website, as well as social media, the external communication management and the corporate event organization.
2.6. For the purposes of other legitimate interests pursued by DESFA or third parties, such as ensuring the resilience of the natural gas system, the physical security of facilities, the security of DESFA’s systems and information, the protection of individuals and property, the assessment of credit risk in transactions with third parties, and the exercise and support of legal claims.
2.7. For the purpose of promoting and marketing services and business and social activities, with the consent of the Data Subjects.
3. Who is processing the Data?
3.1. Authorized as appropriate: DESFA’s employees and/or DESFA’s agents.
3.2 Companies affiliated to DESFA.
3.3. Natural or legal persons, who provide services to DESFA, such as consultancy firms, lawyers, notaries, etc.
3.4. All public authorities and organizations within their responsibilities.
3.5. Third parties, collaborating entities, processing your personal data are under our control and only process it on our behalf and are subject to the same data protection policy or at least to a policy of the same level of protection as ours.
In cases where DESFA engages a third party to act as a processor on its behalf, DESFA ensures that the processing performed by the processor will be governed by a contract that will meet the terms of Article 28 of the GDPR, determining, inter alia, its subject and duration, the processing, the nature and purpose of the processing, the type of personal data and categories of data subjects, as well as the obligations and the rights of DESFA.
DESFA ensures that it cooperates with processors that provide adequate data protection guarantees and have taken appropriate technical and organizational measures to ensure compliance with GDPR requirements.
4. When does DESFA transfer Data to third countries (outside EU)?
DESFA shall not transfer Data to third countries. If a need arises for the transfer of Data to third countries, this will be conducted in accordance with Chapter V of the GDPR.
5. For how long is DESFA processing Data?
The period of time during which DESFA is processing Data varies according to the purposes for which the processing takes place and to its obligations under Law, Regulatory actions and contractual obligations.
Upon the expiration of the retention period, personal data is destroyed, in compliance with DESFA’s relevant policy and provided that their retention is no longer necessary to fulfill the purposes of processing.
6. What are the Data Subject’s Rights?
Your rights as Data Subject are set out in Chapter III of the GDPR. In particular, you are entitled to:
(a) To be informed in detail about your Data, its purpose of processing, their origin, recipients and processing time, and your related rights.
(b) To require the correction of any incorrect and/or incomplete Data.
(c) To request the deletion and/or restriction of processing of your Data, if you consider that the Data is not processed for a specific and legitimate purpose.
d) To oppose further processing of your Data.
(e) To request that your Data is forwarded to another controller, provided that the conditions laid down in the above Chapter of the GDPR are met.
You are also entitled to file a complaint to the Data Protection Authority, if you consider that any of your rights has being infringed.
DESFA establishes and implements appropriate procedures for the proper management of requests related to the exercise of the aforementioned rights submitted by Data Subjects. Specifically, through these procedures, DESFA ensures that:
- There are suitable means for Data Subjects to exercise their rights.
- The identity of Data Subjects submitting a request is adequately verified.
- Each request is effectively recorded and monitored.
- Proper management of each request takes place within the timeframes specified by the GDPR.
- Data Subjects are adequately informed about the progress of their requests, as well as the reasons if their request is not fulfilled.
7. How can you exercise your Rights (as per Article 6 hereof)?
In order to exercise your Rights, you may write to: “DESFA / Mesogion Aven.357-359 / PO 152 31 / Halandri Athens / cc DPO” or to the e-mail address: dpo@desfa.gr
Alternatively, you can submit a request to exercise your rights by clicking here.
DESFA will make every effort to respond to your request within the timeframes set by GDPR.
8. Data Protection Officer
You can contact DESFA’s Data Protection Officer (DPO) for issues related the processing of your Data at “DESFA / Mesogion Aven. 357-359 / PO 152 31 / Halandri Athens / cc DPO” or to the e-mail address: dpo@desfa.gr
9. How does DESFA protect the Data?
DESFA implements appropriate organizational and technical measures to ensure security of the Data, confidentiality, lawful processing and protection against accidental or unlawful destruction, accidental loss, alteration, prohibited dissemination or access and any other form of unfair processing.
10. Cookie Policy
DESFA (“Company” or “We”) follows a strict privacy policy to protect the privacy of the users of its website https://www.desfa.gr/ (“Website”). Company’s priority is to provide you with more information about the cookie types and how it uses them each time you visit our Website. This Cookie Policy (“Policy”) supplements our Data Protection Policy.
What are electronic cookies?
Cookies are small text files that are stored on the device you use through your browser each time you visit our Website. They are widely used for the function of websites, as well as to provide information to the website’s owners. Depending on their expiration dates, cookies are either “session” or “persistent”. In particular, session cookies are automatically erased whenever you close your browser, whereas persistent cookies remain stored until their expiration date, unless they are deleted by you prior to that date.
Does our Company use cookies?
Yes, cookies help us to improve the performance of our website according to our users’ needs, make it more user friendly and ensure enhanced user experience.
Cookies do not give access to information beyond what you agree – as described below – to share with us. Our Company does not engage in any sale or trading of your personal data collected in this way.
What kind of cookies do we use?
When you access and start browsing our Website, our Company uses “session cookies” for the following purposes:
- To store technical data that is necessary for “reading” visual or audio content, also known as flash cookies.
- To distribute the processing of server requests among a group of servers.
These cookies are absolutely necessary for the operation and basic function of our Website, and are therefore a necessary condition in order to navigate the website and use its features. With session cookies we can guarantee the efficient operation of the website or predict how our website will behave during your visit. According to applicable law, we can store this kind of cookies at your device without obtaining your prior consent, since they are necessary for the function of the website.
Also, at the point of your first access and during your browsing at our Website our Company uses the following cookies:
- Performance Cookies: These cookies provide us with data regarding website’s performance (such as the calculation of the visits and the source of the visitors. Their sole purpose is to improve our website’s functions.
- Targeting/Advertising Cookies: These cookies provide us with data in order to create profiles or personalize content which suits your preferences and interests. They can, for example, be used to send targeted advertising or measure an advertising campaign’s effectiveness. These cookies may present privacy risk to the website’s visitors.
More specifically:
| Types of Cookies | Purpose | Legal Basis | Retention Period | Cookis Names |
| Performance Cookies | Improvement of website’s functions and features | Consent | 6 months | Performance Cookies |
| Targeting Cookies | Better understanding of visitors’ interaction with our website | Consent | 6 months | Targeting Cookies |
As regards performance and targeting/advertising cookies, DESFA needs your prior consent (see below).
We do not use the following cookies:
- Functionality Cookies: These cookies allow the provision of enhanced functionality and personalization, such as videos and live chat.
- Statistics Cookies: These cookies allow the provision of statistical data regarding how you use our Website, such as which pages you visited, and which links you clicked on. This information cannot be used to identify you, since it is all aggregated and, therefore, anonymized.
- Social Media Cookies: These cookies allow the connection of the website to a third-party social media platform. These cookies retain your details after your sign-in to a social media account from the website.
How do you give your consent to the present Cookie Policy?
By entering our Website, you acknowledge the current notice about our use of cookies, which is easily found at the home page of our Website, and you are presented with your choices via an appropriate cookie banner and cookie settings.
If you do not wish to store the above persistent cookies of our Website, you are given the option to disable them (by clicking “Reject All”). In case you decide to opt for our cookies by either choosing your preferences through the relevant “Cookie Settings” or by clicking “Accept All”, you freely give your explicit and specific consent to their use during your browsing.
You are always free to change your preferences regarding cookies by clicking on Cookie Settings.
How can you deactivate cookies?
You can delete or disable our cookies by adjusting your browser settings. Please note that by deleting or disabling our cookies, your user experience may be affected, and you might not be able to take advantage of certain functions and the complete user experience of our Website.
We reserve the right to change this Cookie Policy at any time. DESFA urges you to check it regularly.
For any further detail or request regarding this Cookie Policy, you may contact our Data Protection Officer (DPO) via the following email dpo@desfa.gr