This policy-notice (hereinafter Policy) of the Data Controller with details:
Alpha Trust Mutual Fund and Alternative Investment Fund management
21 Tatoiou Street, Kifissia
Postal Code 14561
Tel.: 210 62 89 100, 184.108.40.2060
is addressed to natural persons and presents how Alpha Trust Mutual Fund and Alternative Investment Fund management (hereinafter referred to as Alpha Trust or Company) collects and processes your personal data (hereinafter also referred to as Data) and informs you about your rights in accordance with national law and the General Data Protection Regulation of the EU 2016/679, also known as GDPR.
- Collection and processing of Personal Data
Personal data is considered as any information relating to an identified or identifiable natural person and may lead either directly or in combination with other data to the recognition/identification of the natural person. An identifiable natural person is one whose identity can be ascertained, directly or indirectly, in particular by reference to an identity identifier, such as name, identity card number, location data, online identifier, or one or more factors that characterize the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person, as well as any other information that allows your identification according to the provisions of GDPR, the Greek legislation in force and the decisions of Hellenic Data Protection Authority.
Alpha Trust collects and process personal data as Data Controller (GDPR art. 4(7)):
- In the context of concluding a contract regarding investment products or services.
- When you cooperate with the Company in the context of its business activities.
- When you participate as shareholder or shareholder representative in the Company's general assemblies.
- When you send us your CV in order to fill a job position in the Company.
- When you submit requests-queries, complaints, comments, reviews or generally contact us about any issue related to investment products via phone, e-mail, or surface mail.
- When you subscribe (via e-mail) to our newsletter service.
The information we collect about you is absolutely necessary for the processing and implementation of the contract between us as well as for informing you about the products and services of Alpha Trust to which you have subscribed or contractually concern you. The information we collect includes (but is not limited to) the following:
- Name, physical and electronic address (e-mail), telephone and address, identity, Tax identification number, (as well as other documents may be required for your identification, e.g., passport number).
- Your financial information and necessary supporting documents related to the provision of investment products or services (e.g., bank account information), as provided by the applicable legislation on the provision of investment services as well as the provisions regarding the prevention of money laundering activities (Law 4557/2018).
- Your preferences for specific products or services (on a consent basis).
- Communication data (such as call recording by our call centre, e-mail, letter, etc.).
- Information about the investment products that concern you in the context of your best and most complete information.
- In addition, we collect information about how you use our products and services, such as the details of third parties you have registered in the context of concluding a contract regarding investment products or services (co–beneficiaries), or information related to the use of our websites from your mobile phone or computer.
When you visit Company’s facilities, we collect (and maintain for as long as foreseen by the relevant legislation) CCTV data for the protection of persons and property, facilities security and crime prevention.
- Purpose and legal basis of Processing
We process your personal data in accordance with the GDPR and national data protection legislation for one or more of the following purposes:
- Το carry-out transactions and offer the products and services for which there is a contract with you as well as to inform you in the context of an existing contract.
- To comply with our regulatory and legal obligations.
- For invoicing our customers in the context of providing our investment products and services.
- To inform you in general about our services (unless you have chosen not to receive promotional messages), events and financial studies of our Company as well as to respond to your questions or requests.
- To defend and secure the legal interests of the Company.
In addition, the legal basis for the processing of your personal data can be your consent. If you have given your consent for specific purposes (e.g., receiving promotional messages, downloading-installing cookies, etc.), the purposes are obtained from the corresponding content of this consent. You can withdraw your consent at any time, without, however, affecting the lawfulness of the processing carried-out on the basis of consent until its withdrawal.
- Data Retention
We will keep your Data for as long as your relationship with the Company lasts and after its termination for as long as the relevant legislation requires or until the statute of limitations for relevant claims has expired. In any case, this time does not exceed twenty (20) years. It is specially pointed out that the CVs that you may send us in order to fill a job position in the Company, are kept in the Company's file for a period of six (6) months. In particular, we delete personal data immediately, when there is no legal basis for processing others, or if they are no longer necessary for the purpose of preparing and executing, among others, a concluded contract, and if there is no other specific legal basis, in case objection by others, unless further processing is permitted according to relevant provisions, if we are obliged to do so for other legitimate reasons, and in any case after twenty (20) years.
In cases where the retention of personal data is necessary for the exercise or defence of the Company's legal rights before judicial or other authorities provided for by the current legislation, the above deadline is extended until the end of the period in which such data is no longer necessary for the above purposes.
We make every effort to minimize the personal data we use over time, and to anonymize it so that it can no longer be associated with you or make you identifiable. In the case of anonymized data, we may use it without any further notice.
- Transfer of personal data outside the EU/EEA
Your personal data may be transferred at your request to third countries (i.e., to countries outside EU/EEA) in order to enable us to provide the services you have requested. In this case, the transfer is made either on the basis of EU adequacy decisions. or based on appropriate guarantees for the protection and security of your personal data or based on the derogations for special situations in accordance with the provisions of the EU General Data Protection Regulation (GDPR). The Company may use Microsoft Azure cloud computing services on servers of EU member states. Microsoft's contractual commitments regarding the General Data Protection Regulation (GDPR) can be found in the Microsoft Services Data Protection Annex, posted on the relevant Microsoft website.
- Recipients of your personal data
The Company warrants that it will not transmit or disclose in any way, without your prior written consent, your data to third parties (other than the recipients mentioned herein) for any purpose or use, unless required by applicable law or required by public / prosecutorial / judicial services / authorities.
In fulfilling our contractual and legal/regulatory obligations, your personal data may be disclosed to:
- Regulatory and public authorities, to the extent we are legally bound to provide this information, i.e., the prosecuting authorities.
- Service providers-subcontractors (data processors).
- Third parties authorized by you.
- Law Firms and / or legal counsellors.
Moreover, access to your Data is given to the Company's absolutely necessary personnel, who are committed to maintaining confidentiality and have been properly trained.
Finally, we will process and disclose data if this is deemed necessary to protect against fraud, to defend our rights or to protect our customers.
- Automated decision making
As a rule, we do not use automated decision-making processes when conducting our business activities. We may automatically process some of your data for the purpose of evaluating certain aspects (limited profiling), in order to propose, conclude or perform a contract with you after you have been properly informed and given your consent.
- Security of Data
In Alpha Trust, we recognize the importance of Data protection and constantly review and improve our safeguards (technical and organizational measures) against unauthorized access and use, accidental loss, dissemination or destruction of your Data. Every employee of the Company who has access to the above information, uses it to exclusively serve the purposes of processing.
Your personal data is not used for purposes other than those described in this Policy. Also in cases where an organization, a company or an external partner provides services to us or on our behalf that include the processing of personal data, we ensure that appropriate protection measures (technical and organizational measures) are applied and the Data is processed in accordance with the specified manner and Company’s instructions. These organizations cannot process your Data for their own purposes, and are bound, by contract (Data Processing Agreement), to ensure the confidentiality, integrity, availability and (in general) protection of Data in accordance with national data protection legislation and the General Data Protection Regulation (GDPR).
- Your Rights
You can contact us to inform you about what Data is retained by us and how we process it. In addition, you can at any time request a copy of your personal data. To obtain a relevant copy, you can fill out the form that you can download here and send it to us signed with the authentication of your signature by a competent authority (GDPR art. 15, under reservation to the provisions of art. 33 of Law 4624/2019).
If you think that your personal data are incomplete or inaccurate, please contact us to proceed with the appropriate rectification (GDPR art. 16). In the event that you consider that your Data is not subject to processing for a specific and legal purpose, you can ask us to proceed with its deletion, after consultation with us (GDPR art. 17, under reservation to the provisions of art. 34 of Hellenic Law 4624/2019).
You can ask us to suspend or object to the processing of your personal data for reasons relating to your particular situation. If you submit such a relevant request, we will no longer process your personal data, unless we demonstrate compelling and legitimate reasons for the processing, which override your interests, rights and freedoms or to establish, exercise or support legal claims (GDPR art. 21, under reservation to the provisions of art. 35 of Hellenic Law 4624/2019).
You can opt-out of all promotional activities or choose to opt-out of certain forms of commercial communication (such as e.g., e-mail, telephone, etc.). In case you no longer wish to receive promotional messages via e-mail, you can unsubscribe from our list.
You may request to receive a copy of your personal data in a structured, commonly used and machine-readable format, in order to transmit that Data to other organizations. You also have the right to request that your personal data be transmitted directly by us to other organizations that you will name (right to data portability, GDPR art. 20).
You can withdraw at any time the consent (GDPR art. 7) you have given to the processing of your personal data, in cases where the processing takes place following your consent and without any other legal basis. In this case, their processing by us will be stopped, without this affecting the legality of the processing that has already taken place until the withdrawal of your consent.
You can request the restriction of processing of your personal data, only for specific purposes, including in the case of questioning the correctness of the Data or unlawful processing (GDPR art. 18).
In order to exercise any of your rights or if you have any other questions regarding the process of your personal data by us, you may contact us or fill out the relevant form, which you can find it here and send it (via surface mail or via e-mail) to:
Alpha Trust Mutual Fund and Alternative Investment Fund management
21 Tatoiou Street, Kifissia
Postal Code 14561
Tel.: 210 62 89 100
Alpha Trust will respond to your request within one month following its receipt. If it is not possible for us to satisfy your request within the period of one month, we will inform you of the reasons for the delay.
Alpha Trust shares your concern about your personal data. For any information you can contact us at email@example.com.
- Right to submit a complaint
If you have exercised some or all of your rights regarding data protection and you still feel that your concerns about the way we process your personal data have not been duly addressed, you have the right to submit a complaint. You also have the right to submit a complaint with the Hellenic Data Protection Authority, Kifissias 1-3, PC 115 23, Athens. On the relevant website (http://www.dpa.gr) you will find information on how to submit complaints.
- Changes to this Policy
We may change or amend this Policy from time to time, and we will accordingly amend the revision date indicated at the end of this notice. We recommend that you review this Policy periodically so that you are always aware of the of the way we process and protect your personal data.
Note: This Policy was revised on January 26th, 2023.