RETAMA REAL ESTATE S.A. UNIPERSONAL having its registered seat in Madrid, Spain, established a branch in Athens on 12.11.2020, under the General Commercial Registry no. 157102903001 with registered seat at 5, Angelou Pyrri str. Retama’s main business activities are providing real-estate agency services and managing properties.

RETAMA REAL ESTATE S.A. UNIPERSONAL Greek Branch (hereinafter “Retama”), as controller or processor, as such terms are defined in the General Data Protection Regulation (EU) 2016/679 (GDPR), commits to protect personal data and apply the GDPR and the national legislation for the protection of personal data as well. This policy is addressed to all natural persons, who enter into transactions with Retama under any capacity (clients, partners, suppliers etc). This policy is also addressed to the natural persons entering the Retama premises for any reason (hereinafter “Data Subjects”).

COLLECTION AND PROCESSING OF PERSONAL DATA

Retama collects and processes different types of personal data, only to the extent necessary depending on the purpose of the processing and the time required in each case. Personal Data are received from the Data Subjects themselves and from third parties that allow the access grounded on the consent of the Data Subjects or any other legal reason.

More specifically, Retama collects and processes the following categories of personal data: 

1. identification data: full name, father’s name, police or other identity card or passport, TIN and competent Tax Office, date of birth, gender, etc.;
2. contact details: home and/or phone address, phone numbers, email address, etc.;
3. economic, financial, property and family situation data: occupation, salary, marital status, E1 and E9 tax forms, tax liability assessments, creditworthiness data, e.g. debts to banks, payment orders, seizures, etc.;
4. data on the properties that it manages or the management of which it assigns to third parties or with respect to which it provides services to its clients: data of the property’s owner and in particular the data referred to in the aforementioned points (a) and (b), as well as asset encumbrances, loans secured by the relevant property, guarantors of the aforementioned loans, letters and in general, correspondence between the properties’ owners or partners of Retama (real-estate agents, lawyers, notaries, court bailiffs other service providers), seizures, judicial documents, etc.;
5. data of images recorded by video surveillance systems (CCTV) installed in Retama’s premises.;
6. visitors’ identification data entering into Retama’s premises for any reason.

Retama collects the above data from:

1. Data Subjects directly;
2. Its clients, natural or legal persons that they assign to Retama the promotion of their properties;
3. Collaborating with Retama real-estate agents or any other providers of services relating to the management, promotion, valuation, repair or exploitation of properties;
4. publicly accessible sources such as courts, land registries, cadastral offices, etc., media, internet, commercial registries, e-auction platform, provided that this data are necessary for the purposes of the processing;
5. receivables servicing companies operating under law 4354/2015, lawyers, law firms, court bailiffs, notaries;
6. third parties (natural or legal persons), acting on behalf of or related to data subjects.

Retama collects and processes personal data:

1. for the execution of its contracts with the clients and the fulfilment of Retama’s obligations towards them and for the purposes of executing the contractual agreements referring to the purchase or the management of the properties;
2. in order to monitor and execute the contractual agreements between Retama and its real-estate agents and other service providers with whom Retama collaborates, and in order to comply with its obligations towards them;
3. for Retama’s compliance with its legal obligations such as (i) the prevention and suppression of money laundering and terrorist financing, as well as the prevention, detection and suppression of fraud against the company or other customers, (ii) the Retama’s compliance with the obligations imposed by the applicable regulatory framework, as well as the decisions of any public authorities etc. or courts.;
4.  for the purposes of the legitimate interests of Retama, including: 

1. the business development of the company including the investigation of the degree of customer satisfaction with the services provided, with a view to improving them and in general with the general business relationship with them;
2. the achievement of the company’s goals, which include the services of a real-estate agent and the services relating to the properties management;
3. the judicial defense of Retama’s interests;
4. compliance with Retama’s internal policies and procedures; 
5. the protection of Retama’s people, assets and premises. 

PROFILING or AUTOMATED DECISION-MAKING

Retama does not make decisions solely on the basis of automated processing, including the profiling. 

RECIPIENTS OF PERSONAL DATA DISCLOSURE

For the purposes of personal data processing, it is likely to obtain access to personal data people, who have undertaken contractually to keep confidential and protect the personal data or are imposed by the law to keep the personal data confidential, pursuant to the national and european legislative framework, as applicable from time to time.

In particular, the list of the recipients may indicatively include:

1. employees and officers of Retama and any other company belonging to the same group with Retama,
2. owners of properties, which are managed or promoted by Retama, and their legal or any other counsels and their employees or officers in case the owner of the property is a legal person,
3. other real-estate agents, natural or legal persons,
4.  law firms and / or legal advisors, engineers, notaries, court bailiffs,
5. financial or business consultants,
6. chartered accountants and auditing companies,
7. real estate appraisers,
8. archiving, storage and file management companies,
9.  systems for support, processing and storage in the computing cloud “cloud”,
10. insurance companies,
11. web design and support companies,
12. third parties providing their services to Retama,
13. other recipients to whom the transmission or notification is required by the applicable regulatory, legislative and generally regulatory framework or court decision (e.g. supervisory or judicial authorities, tax authorities, supervisory bodies, intermediaries). It is noted that Retama will also provide more specific information to the data subjects regarding any transfer of their data to the above recipients, provided that there is a relevant provision in the applicable legislation.  

Retama’s authorised employees are recipients of the data image recorded by the video surveillance system of the company, in the connection with the performance of their duties. Police and judicial authorities may also become recipients, in the event of an incident that falls within their remit, as well as a third party with a relevant legal interest (e.g. victim of an illegal act).

It is stated that, in case the owner of the property, which is promoted by Retama, is a legal person, such legal person implements its personal data policy and, therefore, the Data Subjects must be informed about this policy by consulting the website of the property’s owner. Retama shall assist by all means in informing the Data Subjects in cooperation with the property’s owner.

PERIOD OF RETENTION OF PERSONAL DATA

The personal data processed by Retama must be retained for as long as the purpose for which they are processed and / or the current legal and regulatory framework imposes and in any case for a period of five (5) years from last calendar day of the year when the respective transaction relationship with Retama or the owners of the properties has ended. In case of a legal dispute, the data are kept for a longer period of time, until the issuance of a final court decision ending the judicial proceedings. Retama may retain personal data for less than the abovementioned period provided that there is no particular reason for retaining the personal data. In any case, their processing is limited to whatsoever strictly necessary according to its purpose (e.g. storage).

Moreover, the image data from the security cameras are maintained for fifteen (15) days, after the lapse of such period they are safely deleted. In case an incident is detected during this period, the specific data are isolated and are maintained for up to one (1) month, in order to investigate the incident and the potential scenario of initiating any legal proceedings in order to defend the legal interests of the company. In case the incident concerns a third party, these data are maintained for up to three (3) more months.

 It is noted that Retama may retain the data even after there is no reason for processing, if it is not allowed to delete them for legal or regulatory reasons.

TRANSMISSION OF PERSONAL DATA OUTSIDE THE EEA (EUROPEAN ECONOMIC AREA)

Personal data are not, in principal, transmitted to third countries (i.e. to countries outside the European Economic Area). In case there is such necessity, Retama shall forward the personal data by complying with the relevant provisions of the regulatory framework.

RIGHTS OF DATA SUBJECTS IN CONNECTION WITH THE PERSONAL DATA

Data Subjects have the following rights:

Right of access to the personal data that are being processed by Retama as controller, including the purpose of the processing, the data categories and the recipients or the categories of the recipients;

Right to rectification of inaccurate and right to complete any missing data;

Right to deletion of personal data, subject to Retama’s obligations and legal rights for their retention in accordance with the applicable institutional framework;

Right of restricting the processing of personal data, provided that their accuracy is questioned, or the processing is illegal, or there is no particular reason for their processing, and provided that there is no particular reason imposed by law for their retention;  

Right to portability of personal data, which are available in a structured, commonly used and machine-readable format, or to forward it to another controller provided that the processing is based on consent and the personal data are processed by automated means.  The satisfaction of this right remains subject to Retama’s legal rights and obligations referring to the data retention for the cases regulated in the institutional framework;

Right to object in case there are reasons relating to the Data Subjects’ particular situation. In such case, Retama will refrain from the processing, unless Retama evidences any compelling and lawful reasons, which supersede the interests and the rights of Data Subjects’ personal data. The same applies in case legal claims need to be grounded, exercised or supported.

Right to withdraw consent for the personal data processing, provided that such processing is based on the Data Subjects’ consent.

In the light of the aforementioned rights, Retama ensures the development of internal procedures in order to respond in a timely and efficient manner to the relevant requests.

To exercise any of the aforementioned rights, the Data Subjects may contact the Retama’s Data Protection Officer by postal mail at the following address: 5, Angelou Pyrri str. 11527, Athens or by phone at the telephone number 2107491850 or by email at the following email address dpolms@uci.com. In addition, if Data Subjects consider that their rights are infringed, they may appeal before the Hellenic Data Protection Authority, through the web address: https://www.dpa.gr/el/polites/katagelia_stin_arxi.

INFORMATION WITH REGARDS TO ANY AMENDMENTS TO THIS POLICY

Retama will update this policy whenever necessary. If there are significant changes to the policy or the way Retama uses your personal data, Retama will publish a relevant notification in a place easily visible on its website, before the changes take effect. In any case, the Data Subjects are encouraged to review this Policy periodically to be aware of the way their personal data are protected.

Last update: November 2022