PRIVACY POLICY
1. Introduction - Information for the Processor
The current policy of the societe anonyme with the name "NRG SUPPLY AND TRADING SINGLE MEMBER SOCIETE ANONYME" and the distinctive title "NRG SUPPLY AND TRADING S.A.", based in 168 Av, Kifissias Maroussi with Sophocleous Street, with TIN 998102480, Tax Office. FAE Athens, and number GEMI 008361601000 concerns the collection of personal data through the website www.nrg.gr, the application "mynrg" (https://www.mynrg.gr), the website https://drive.nrgincharge.gr/ , through internet in general and through telephone.
With this policy we want to explain to you as simply and understandably as possible:
- What data do we process for you.
- For what purposes and on what legal basis do we process them.
- How long do we keep them.
- Who are the recipients of your data and.
- What are your rights to your data and how can you exercise it.
Via:
- our website www.nrg.gr,
- our application "mynrg" (https://www.mynrg.gr),
- of ou facebook page https://www.facebook.com/pg/nrgprovider/about/?ref=page_internal,
- the use of your telephone bill payment service, telephone communications and
- of electronic promotions we collect certain information, which may lead to direct or indirect your identity. In accordance with European and national law, some of this information is personal data (eg name, postal address, contact telephone, e-mail address) and may identify you (hereinafter referred to as "Personal Data" or "Data")
You as users of our services and visitors of our websites are called "data subjects" while we are the "responsible" for the processing of your personal data.
"Processing of Personal Data" means any operation or series of transactions carried out with or without the use of automated means, in personal data or in personal data sets, such as the collection, registration, organization, structure, storage, adaptation or alteration, retrieval, retrieval of information, use, disclosure by transmission, dissemination or any other form of disposal, correlation or combination, restriction, deletion and destruction.
NRG SUPPLY AND TRADING ENERGEIAKI SA" is:
a) Holder of an Electricity Supply License pursuant to RAE Decision No. 541/2013 (15/11/2013), as amended in followed by the Decision No. 735/2019 of RAE (11/7/2019), registered in the Register of Participants kept by the Hellenic Energy Exchange (EXE) and by the Administrator of the electrical systems of the Interconnected Islands (HEDNO A. E.) as a Supplier with number 29XNRGTRADING — S as well as.
b) holder of a Natural Gas Supply License, pursuant to RAE Decision No. 356/2015 (2.10.2015) and is registered in the Register Users of the National Natural Gas System with number 51 pursuant to Decision No. 287 / 22-09-2016 of RAE.
Our company owns and manages the website www.nrg.gr and other websites. For any clarification or additional information on in connection with this privacy policy, as well as the exercise of your rights and European and national legislation, you can contact our Data Protection Officer at mail [email protected] or at the postal address L. Kifissias no. 168 Maroussi PC 15126, (in charge of Protection Officer Data).
2. Basic principles of processing your data
We process your data in a legal and transparent manner, in accordance with European legislation (General Data Protection Regulation 679/2016) and national legislation. We collect and process your data only for express, lawful and specified purposes and only what is necessary for the purposes for which we are processing it. We retain the data only for as long as necessary, in accordance with the laws, purposes and policies of the company, and we make sure that it is as accurate as possible.
We make every effort to ensure that your data is secure and protected from unauthorized processing, accidental or fraudulent loss and destruction, and unauthorized access. We have implemented a detailed information security program. We have adopted appropriate internal security policies and procedures, policies and technologies that ensure data security, and we have trained our executives and staff to comply with the rules of confidentiality and confidentiality of data.Our staff and third parties are committed to maintaining the confidentiality and confidentiality of the data to which they have access.
The website www.nrg.gr and https://drive.nrgincharge.gr/ uses the SSL (Secure Sockets Layer) protocol, which uses methods to encrypt the data exchanged between two devices (most commonly PCs), implementing a secure connection between them via the internet, which results in protection of your personal data. You can recognize that you are in a secure connection by looking at the https: // characters and by the lock symbol that appears in your browser's address bar.
3. Σκοπός και νομική βάση της επεξεργασίας των δεδομένων σας.
As a rule, our company collects and processes your data only when you provide it yourself directly and with your will, either through the website www.nrg.gr and https://drive.nrgincharge.gr/,, or by phone (eg by submitting a Login Request or filling out a contact form , in case you state that you wish to receive updates on the Company's products). However, this rule may not apply in two cases in the context of the operation of the Website:
- in certain data, which are automatically collected during your visit to our website
- in the data collected with the help of cookie files and similar technologies.
3.1. Automatic data collection when you visit the website www.nrg.gr, as well as the website https://drive.nrgincharge.gr/
When you visit our website www.nrg.gr, the website https://drive.nrgincharge.gr/ and when you use our application "mynrg" (https://www.mynrg.gr) we collect:
- The date and time of entry to the site.
- The volume of data sent in bytes.
- The browser and operating system that you used when you logged in to the site.
- Your IP address (Internet Protocol address), when you enter the site. The IP address is personal data, along with the date and time of your visit, although we can not personally identify you with this item.
The reason (legal basis and purpose) for which we collect your IP address and keep it in special files (log files) is on the one hand our legal interest to process this data, in order to ensure the security of networks, information and services from accidental events or illegal or malicious actions that endanger the availability, authenticity, integrity and confidentiality of the data stored or transmitted and on the other hand the legal obligation to provide a more secure environment for the processing of your personal data ( Article 6 (1) (f) and (c) of the GCC).
The data will not be transferred or used in any other way. However, we reserve the right to check server log files if specific indications of illegal use are found. Like most websites, we use cookies and similar technologies when accessing and browsing the Website www.nrg.gr and the website https://drive.nrgincharge.gr/, in order to make it as comfortable and effective.
Cookies are small text files that are stored on the hard drive of the computer or other electronic device with which the user accesses the website. Cookies are unique to each web browser (web browser, eg Google Chrome, Mozilla Firefox, Internet Explorer, Opera, etc.) and contain anonymous information about the websites you visit and the devices you use.
By continuing to use the website www.nrg.gr and / or https://drive.nrgincharge.gr/ without changing the settings, you agree to the use of "cookies".
For more information see our cookie policy here: https://www.nrg.gr/el/cookies-policy.
3.2. Collection of data during your registration on the website https://drive.nrgincharge.gr/ and / or the application "incharge" and when using them to receive electric services
For the purpose of your registration on our website https://drive.nrgincharge.gr/, and / or our application "incharge", as well as for the reception of electric services, we collect and process the personal data you give us, on a case by case basis. , depending on whether you are conducting the transaction as a registered user or visitor. Indicatively, we collect and store your following data:
A) Basic identification data (such as your name),
B) Contact details needed to provide our services (such as home address and email address, telephone number, etc.),
C) Any other information that you will provide to us through our above website, either during your registration or at any other time in the future (eg type of your vehicle).
On the contrary, we do not collect or store all of your credit card information. In this case, we automatically redirect you to the payment gateway of the online payment management platform (https://www.braintreepayments.com) in the secure environment where you complete your payment. More information about the policies of the above electronic payment management platform can be found at: https://www.braintreepayments.com/gr/legal?referrer=https%3A%2F%2Fwww.google.com%2F.
Our company collects and stores only some of the digits of your credit card number, your name and its expiration date, in order to be able to allow you, through its website, to freely detect and select the credit card , of any of the above registered in the above electronic payment platform, with which you wish to pay the price of the electric services you receive or to renew the balance of your account.
The purpose of the processing of your data that we collect through our above website is the provision of electrification services (article 6 par. 1 par. B GKPD).
In addition, our company reserves the right, either itself or through third parties cooperating with it to use unrecognizable - anonymous information related to the registration and / or use of the website https://drive.nrgincharge.gr/ or / and your incharge application for the purposes of: (i) analyzing market trends and using that analysis for business purposes; (ii) improving its services or products; (ii) researching, testing, developing, testing and; functions related to electric vehicle charging services. In any case, the above complementary activities will be provided solely on the condition that the data used in each case can not identify any person or their specific personal information, but focus on market trends.
3.3 Website Communication Forms - Telephone communication
In the context of communication between us through the website www.nrg.gr, the website https://drive.nrgincharge.gr/ and our other websites (via the special contact form, click2call or e-mail) but also by phone, we collect the personal data that you give us e.g. by filling out an online contact form (in case you declare that you wish to receive updates on the Company's products) or by participating in an online competition. This data is your name, telephone number, e-mail address and any other information you provide to us during our communication. This data is stored and used solely for the response to your request or for the contact and technical management by us. The legal basis for the processing of this personal data is your consent, according to article 6 par. 1 ed. α of ΓΚΠΔ. Your data will be deleted after the final processing of our communication. This will happen if the circumstances suggest that the purpose of the communication has been accomplished, provided that there are no legal requirements for the storage of such data.
3.4. Data processing by submitting an application for the supply of electricity and / or gas
You have the option, in order to contract with our company for the supply of electricity and / or natural gas, to submit, either on paper or electronically, in the special Application form for the supply of electricity and / or natural gas respectively all the necessary data for the conclusion of the relevant contract.
In this case we will collect the necessary data:
a) in order to evaluate your application,
b) possibly to contact you regarding the electricity supply application,
c) for the conclusion and execution of the relevant contract, ie the name, address, VAT number, Tax Office number, meter number, electricity supply number and / or ECASP, telephone numbers, e-mail address, fax, and in a few cases some extra information you will be asked.
The legal basis of the processing is the execution of a contract of which you are a party or to take measures at your request before the conclusion of the contract, (article 6 par. 1 par. B of the GCP). We keep this data for the entire duration of the contract and after its expiration, for as long as they impose any relevant (legislative, tax, etc.) provisions, and / or until the expiration of our legal claims under the contract.
3.5 Commercial communication
In case you give us your consent we can process data for additional purposes related to the activities of the Company, although it is not strictly necessary for the execution of the contract for the supply of electricity and / or gas, such as information, promotion and commercial communication of products and services, as well as surveys to assess the quality of services provided by various means even automated (via e-mail, SMS, MMS, fax, telephone).The legal basis for the processing is the consent, article 6 par.1 a of the General Regulation of Personal Data Protection (GDPR). You can revoke your consent at any time as well as in any subsequent communication with us.
3.6 Competitions and promotions
When you participate, via the internet or by phone, in a contest or other promotion, we process your personal data that you give us, such as your name, surname and contact details, in order to participate in the contest, to publish the results of the competition your communication and information in case you become the winner of it and in particular regarding the existence of a Prize, the realization of all the necessary actions for the delivery of this Prize. We store your data for the period until the end of the competition, the nomination of the winner and the sending of your prizes, ie usually for a period not exceeding six (6) months from the end of the competition. The legal basis for the elaboration is your consent but also the contract, with your acceptance of the terms of the tender (article 6 par. 1 ed. A and b GKPD).
3.7 Telephone ordering of products and telephone payment of their value using a credit / debit / prepaid card.
When you call our company, in order to order one or more products that we have for sale from our stores, then your order is processed by a strictly limited number of our employees, who have: (a) contractually committed, in order to maintain confidentiality and (b) have been specially trained to provide the service in question. In such a case, the employee who will serve you will collect only the data that are necessary for the conclusion and execution of the relevant contract, ie your name, address, your e-mail address, your telephone number ( landline and / or mobile phone) and in a few cases, some additional information that will be requested (eg VAT).
In case you declare to our respective employee that you wish to repay the value of the products you ordered using your credit or debit or prepaid card, then he will undertake all the necessary actions, using the appropriate technical equipment of our company, in order to enter your card details in a secure payment environment of Eurobank Ergasias SA, in order to complete the payment, at which time you will be informed directly about the successful or unsuccessful completion of the transaction. Please note that we will not keep any copies of your card details.
To execute this transaction, our employee will ask you to read only the following information: your credit / debit / prepaid card number, the name of the cardholder and its expiration date. Debiting a third party card is allowed, only after his written authorization and only if the authenticity of his signature is confirmed by a public authority.
The call that you will make for the purpose of telephone ordering products and / or payment of their value through your credit / debit / prepaid card will be recorded and kept encrypted, in a secure environment, for a period of ninety (90) days, at which time and will be deleted, unless there are legal claims to justify their further storage.
The legal basis of the processing is the execution of the contract of sale of which you are a contracting party (including the shipment of the products you order to the address you indicate to us), as well as the execution of the transaction for the purpose of paying the value of the above products (Article 6 par. 1 par. b of the GCP). We keep this data for the entire duration of the contract and after its expiration, for as long as they impose any relevant (legal, tax, etc.) provisions, and / or until the statute of limitations of our legal claims under the contract.
3.8 mynrg application
We offer a free application for mobile and desktop, through which we collect and process the personal data you give us in much the same way as our website and at the same time allows you to use additional services, mainly to inform us about the latest measurements of your meter. so that your bills are issued based on the metrics you enter, as well as paying your bill online.
The purpose of the processing of the data that you give us and collect through the application is the execution of the above mentioned additional services and in general the execution of your contract (article 6 par. 1 par. B GKPD). When you pay your bills online through the application we do not collect or store credit card details and other payment methods, but we automatically redirect you to the payment gateway of Eurobank Ergasias A.E. in the secure environment of which, as an independent website of the Bank, you complete the payment.
3.9 Facebook page
The Company maintains an official page on the social networking platform "Facebook" entitled "nrg (https://www.facebook.com/pg/nrgprovider/about/?ref=page_internal). You can contact us through our Facebook page in order to receive more information about our services in the following ways:
- via the "send message" option
- via the "call now" option
Our Company, in order to answer your relevant questions, collects and processes the username you have on Facebook, as well as other information that is publicly available through your profile (eg phone, email, etc.). The sending of a message for the purpose of communication between us, implies your consent to the above processing of your data, which is the legal basis of the processing (article 6 par. 1 a GCP). Access to and use of our site is subject to the present Privacy Policy of our company. In the case of a call, the provisions of paragraph 3.4 apply. "Contact Forms - Telephone Communication" of this policy.
In case you choose to click "LIKE" on the Company's page, this means that you give your consent in order to see the news and promotions (via newsfeed) carried out by the Company through its Facebook page. If you do not wish to receive such updates, you can press "UNLIKE" at any time.
The Company takes all necessary security measures (technical and organizational) for the security of data processing through Facebook, such as the restriction of people who have access to the management of its Facebook account.
Finally, we inform you that the Company is responsible only for the manner and means of processing your data for the above purposes (communication, information and promotions). Our Company is not responsible for the manner or means by which Facebook's social networking platform processes your data. You can learn about the processing of your data from the Facebook social networking platform through the following links:
https://el-gr.facebook.com/policy.php?CAT_VISITOR_SESSION=c7b73ebc78d1681ade25473632eae199
https://el-gr.facebook.com/business/GDPR
3.10 Use your telephone bill payment service
When you call our company in order to pay your electricity and / or gas bills, as well as in general every time you use the above service, your request is served by a strictly limited number of our employees, who on the one hand have specially trained to provide this service, on the other hand have signed all the necessary confidentiality agreements.
These people will act, in real time, all the necessary actions with the use of strictly and only suitable technical equipment of our company, entering your card details in a secure payment environment of Eurobank Ergasias A.E. through which the payment is completed, without keeping copies of your card details. For the successful or not completion of the relevant transaction you are informed directly by the above employee.
In order to execute the relevant transaction, the above-mentioned employee will ask you to read only the following information: the card number, the name of the cardholder and its expiration date. Also our employee will ask you for the amount you wish to pay each time. Debiting a third party card is allowed only after written authorization of the holder and only if the holder's signature is confirmed by a public authority.
The call you make for the purpose of using our service will be recorded and kept encrypted, in a secure environment, for a period of ninety (90) days, at which time it will be deleted, unless there are legal requirements that justify further their storage. The legal basis of the processing is the execution of the relevant transaction and in general the execution of the contract of which you are a party (article 6 par. 1 par. B of the GCP).
4. Who has access to your data - Transfers
The Data is accessible to the staff of the company who is absolutely necessary, depending on the request you submit each time, to be aware of it and at the same time has been authorized to respond to your requests. If required, the Data may be accessible to the staff of the company dealing with administrative and accounting matters, staff of the IT department and internal audits, as well as to any other authorized person who must process your data in the course of his work duties. In addition, for the operation of our websites, the processing of your requests, the execution of contracts, etc. we work with third party service providers, legal or natural persons, professionals, independent consultants who provide us with commercial, professional or technical services (e.g. provision of IT services) for the purposes mentioned above and for the support of the Company, in whole or in part, in the provision of the services you request. Where appropriate, these natural / legal persons will act as processors or persons authorized to process personal data, for the same purposes as above, with the same collateral and in accordance with applicable law.
Before the third party receives the Personal Data, we: (i) complete the legal privacy review to assess the privacy practices and risks associated with these third parties; (ii) we obtain contractual guarantees from these third parties that Personal Data will be processed in accordance with the instructions of our company, and in accordance with this Policy and existing Legislation, that they will inform our company in a timely manner of any Privacy Event, including any inability to comply with the standards set out in this Policy and existing legislation or Security Incident, that they will work together to promptly rectify any documented Incident, that they will assist us in responding to the individual rights of the subjects as defined below, and that they will enable our company to audit and supervise their practices during processing compliance with these requirements.
In some cases the data may be transferred to other affiliated companies with the "NRG SUPPLY AND TRADING SINGLE MEMBER ENERGEIAKI SOCIETE ANONYNME" within the meaning of article 99 of law 4548/2018, as amended and valid for purposes permitted by law or legal interest (administrative and accounting needs, legal claims, business development, etc.). Finally, the data can be further transmitted to institutions, authorities and public bodies for legitimate purposes.
With the exception of the above, the Data will not be disclosed to third parties, natural or legal persons, and will not be disseminated. Furthermore, in case our company needs to transfer Personal Data (eg for the use of Cloud services) this will be done with the terms and guarantees provided by articles 44 et seq.
5. Minority data
We do not process data or trade with persons under 18 years of age.
6. Your Rights
You can contact the Data Protection Officer of our Company at the e-mail address [email protected], or at the postal address L. Kifissias no. 168 Maroussi PC 15126, at any time, to exercise the rights in accordance with Articles 15-22 of the GCC, ie the rights of access, correction, deletion (where permitted), restriction of processing, notification, portability, as well as the right to withdraw consent in accordance with with Article 7 par. 3.
You can, for example, contact our Company Data Protection Officer for confirmation of the existence or non-existence of personal data related to you, to check their content, origin, correctness and location (also in relation to any third country), to request a copy, to request their correction and, in the cases provided for in the GDPR regulation, to request the restriction of their processing, their deletion, to oppose direct communication activities (sending a newsletter) by our company, as well as report comments on specific uses of your data that are considered incorrect or unjustified.
You can withdraw your consent at any time, without prejudice to the legality of the processing that took place prior to the withdrawal of your consent. However, we reserve the right to further processing if we prove compelling reasons for protection that outweigh your interests, fundamental rights and freedoms, or if the processing is used to pursue or defend legal claims.
Finally, you can submit complaints to the Personal Data Protection Authority, Kifissias 1-3, PC 115 23, Athens, Call Center: + 30-210 6475600 or at the electronic address http://www.dpa.gr/.
7. Changes to this policy
This policy for the protection of Personal Data may be amended at any time deemed necessary by the Company. Any imminent significant change in our policy will be posted on our website www.nrg.gr before the changes are implemented. Finally, you can request that we send you a copy of this by mail or telephone.
Marousi, October 2021
***********************************************************************************