Privacy policy

PRIVACY POLICY

Scope of this Privacy Policy

Relational – The Financial Solutions Company (hereinafter referred to as “Relational“) with its registered office at Kalithea, Greece, Pisistratou 52, 17674, tel. +30 210 988 9300, in its role as Data Controller, collects and processes your personal data, only if absolutely necessary, for specified and legitimate purposes, in accordance with the General Data Protection Regulation (EU) 2016/679, the Greek Law 4624/2019 and the Greek Law 3471/2006 as applicable. This Privacy Policy aims to transparently inform you regarding the types of personal data we collect and how we use them, the purposes we process your personal data and the relevant legal basis of processing, and the rights related to your personal data.

You may always find out more information regarding the processing of your personal data or exercise your rights by contacting our Data Protection Officer at privacy@relationalfs.com.

Definitions

For the purposes of this Policy, the following terms have the following meanings:

• “Personal Data”: any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one whose identity can be verified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.
• “Special categories of personal data”: personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade-union membership, as well as the processing of genetic data, biometric data for the purpose of positive identification of a person, data concerning health or data concerning the sex life of a natural person or sexual orientation.
• “Processing”: any operation or set of operations which is performed, whether or not by automated means, on personal data or on sets of personal data, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
• “Anonymisation”: the processing of personal data in such a way that the data can no longer be attributed to a specific data subject.
• “Pseudonymisation”: the processing of personal data in such a way that the data can no longer be attributed to a specific data subject without the use of supplementary information, provided that such supplementary information is kept separately and is subject to technical and organisational measures to ensure that it cannot be attributed to an identified or identifiable natural person.
• “Data Controller”: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, or the specific criteria for their appointment may be provided for by Union or Member State law. For the purposes of this Policy, Relational shall act as a Data Controller.
• “Data Processor”: the natural or legal person, public authority, agency or other body that processes personal data on behalf of the Data Controller.
• “Data Subject”: the natural person whose personal data are processed.
• “Consent of the data subject”: any freely given, freely given, specific, explicit and informed indication of his or her wishes by which the data subject signifies his or her agreement, by a statement or by an explicit affirmative action, to the processing of personal data relating to him or her.
• “Data Breach”: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access of personal data transmitted, stored or otherwise processed.
• “Applicable Legislation”: the relevant national and EU legislation regarding the protection of personal data and in particular the General Data Protection Regulation (EU) 2016/679 (hereinafter referred to as “GDPR”), the Greek Law 4624/2019, the Greek Law 3671/2006, the case law of the Court of Justice of the European Union (hereinafter “CJEU”) as well as the Decisions, Directives and Opinions of the European Data Protection Board (hereinafter “EDPS”) and the Hellenic Data Protection Authority (hereinafter “HDPA”).

What Personal Data we collect and how we use them

1. Contact Us (“Get in touch”) Form

If you wish to communicate with us, we collect your name, surname, job title, business email, company name, phone number, job title, country, as well as anything further you wish to include in your message to us.

Purpose of processing and legal basis

We collect the abovementioned data:

• To communicate with you and answer your queries regarding our products and services. Our legal basis is our legitimate interest – to facilitating answering to your queries regarding our products and services.

2. Brochure Request Form

We collect your name, surname, job title, business email, company name.

Purpose of processing and legal basis

We collect the abovementioned data:

• To communicate with you and answer your queries regarding our products and services. Our legal basis is your consent.
• To inform you in relation to events, marketing material and matters concerning our Company in general. Our legal basis is your consent.
• Relational S.A. promotes its activities through its website (www.relationalfs.com), social media accounts, and third-party platforms, using digital material such as photographs and videos from its facilities and events. Any photographs or videos depicting you will only be used with your prior written consent, which you can withdraw at any time.

3. Job Application Form– Careers

If you wish to apply for a job vacancy, we collect your resume and employment application information, including your name, surname, email address, telephone number, postal address and LinkedIn profile, so that we can communicate with you during the job application process. We collect these data when you submit an application by using our recruitment platform bambooHR, as well as through the CV you enclose with your application.

We collect the abovementioned data:

• To assess your application. Our legal basis is our legitimate interest.
• To maintain your CV and assess its suitability for relevant vacancies in our Company. Our legal basis is our legitimate interest.

Data we collect automatically

When you use our website, we also collect information automatically, which may constitute personal data. This includes information such as language settings, IP address, location, device settings, device settings, device operating system, activity data, time of use, redirect URL, status report, user information (information about browser version), operating system, browsing result (single visitor or registered customer), browsing history, type of data viewed. We may also collect data through cookies. For information on the use of cookies, click here https://www.relationalfs.com/legal-information/cookies-consent/ Εδώ επειδή θα γίνει Cookies policy δες μήπως αλλάξει και το url.

Recipients

Relational may transfer the abovementioned personal data to third parties, to whom it has entrusted the processing of personal data and to collaborating institutions/companies. In particular, the data are transmitted to:

• Authorized external associates of Relational, to the extent that this transfer is necessary for the pursuance of our purposes.
• Public authorities (the police, prosecuting authorities, tax authorities etc.) upon relevant request.

In any case, the third parties to which data subjects’ data may be transferred are contractually bound to Relational by a confidentiality clause and are subject to all the obligations deriving from the Applicable Legislation for the protection of personal data.

At the same time, the personal data of the data subjects may be transferred to public authorities, independent authorities, etc. for the purposes of compliance with legal obligations of Relational.

Transfer of Personal Data outside the EEA

In principle, Relational does not transfer your personal data to third countries and/ or International Organisations. In the event of a transfer of your personal data to a country outside the European Economic Area (EEA) or an International Organisation, the Company previously ensures that one of the legal bases of Article 6 of the Regulation is respected and that the following are cumulatively true:

1. the Commission has issued an adequacy decision for the third country to which the transfer is to be made (Article 45 GDPR); or
2. appropriate safeguards in accordance with the GDPR are in place for the transfer of such data (Article 46 GDPR); or
3. For occasional processing, one of the exceptions provided for in Article 49 of the GDPR exists.

Otherwise, the transfer to a third country is prohibited and the Company will not transfer your personal data to that country, unless one of the specific exceptions provided for in the GDPR applies.

Rights of Data Subjects

Relational protects and respects your rights, as set forth by GDPR. In particular, you have the right:

• To be informed of the processing of your personal data and to request to obtain further information on the processing applied;
• To request the rectification of your personal data in case of inaccurate information;
• To request the deletion of your personal data if they are not necessary for the purposes for which they were collected and if their retention is not based on any legitimate interest of the Company;
• To request the limitation of the processing of your personal data;
• To request the portability of your personal data either to yourself or to third parties.
• To revoke at any time the consent given for the processing of your personal data;
• To object to further processing of your data.

In the event you exercise any of the abovementioned rights, the Company will respond promptly within thirty (30) days from the submission of your request, informing you in writing on the progress of its satisfaction.

For any complaint regarding this Privacy Policy or other privacy issues, if we do not satisfy your request, you may contact the Hellenic Data Protection Authority via the following link: www.dpa.gr.

Data Retention Period

Your personal data is retained for a predetermined and limited period depending on the purpose of processing, after the end of which, these personal data are deleted from our files. Where the processing is imposed as an obligation by provisions of the applicable legislation or a specific retention period is foreseen, your personal data will be stored for as long as the relevant provisions require.

Security of Personal Data

Taking into account the latest technological developments, the implementation costs and the nature, scope, context and purposes of the processing, as well as the risks of varying intensity and extent to the rights and freedoms of the data subjects arising from the processing of their personal data, Relational has taken all the necessary technical and organisational measures to protect the abovementioned personal data and rights. Although no method of transmission over the Internet or method of electronic storage is completely secure, the Company ensures that it has taken all necessary digital data security measures (e.g. antivirus) in compliance with its obligations under the Applicable Legislation.

Data Breach

In the event of a data breach incident, Relational shall apply its Data Breach Management Policy.

More specifically, Relational will take into account the following:

• Assessment of the risk and its impact on your rights and freedoms
• Steps needed to limit the breach
• Mitigation of the damage
• Breach notification to the Hellenic Data Protection Authority, if required
• Data Privacy Impact Assessment and appropriate measures to avoid recurrence of the breach.

In case of a breach, Relational’s actions will be guided by giving priority to your rights and freedoms. Where appropriate, Relational will consult with the Hellenic Data Protection Authority on how to best manage the incident.

If you become aware or suspect that a data breach may or has taken place, please inform the Company without delay at  privacy@relationalfs.com

Third – Party Website’s Disclaimer

We may provide hyperlinks to third – party websites as a convenience to our users. Relational does not control third – party websites and is not responsible for the content of any third – party websites or any hyperlink in those websites. We are not responsible for the privacy practices or content of third – party websites.

In particular, on this Website there are social media widgets (e.g. LinkedIn, Instagram). When the user logs in to these social networks, a special digital fingerprint is created, for which both the Company and the social network itself act as joint controllers.

The purpose of the processing of such data is to improve the functionality of the website and the services provided and to analyse its traffic. The lawful basis for processing is the legitimate interest of the Company and in particular the interoperability with applications used by the Company.

Relational does not control and is not liable for any subsequent processing carried out on them by the Joint Controllers.

For more information on the data processing policy and the configuration options of these networks, you can visit the following websites:

• https://www.instagram.com/
• https://www.linkedin.com/
• https://twitter.com/x

Updates to the Privacy Policy

This Privacy Policy may be amended/ revised in the future, in the context of the regulatory compliance of Relational as well as the optimization and upgrading of the website’s services. Updated versions will be uploaded to our website and date stamped so that you are always aware of when our Privacy Policy was last updated.

Revised:  December 2024