In accordance with the legislation governing the processing of personal data [EU General Data Protection Regulation 2016/679 (hereinafter the Regulation) and national legislation, Law 2472/1997, as in force] and for the purposes of this document, the basic concepts used are understood as:

"Personal Data»: means any information relating to an identified or identifiable natural person

«Data subject»: means an identifiable natural person whose identity can be established, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or one or more factors specific to the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person

«Processing»: means any operation or set of operations which is performed, whether or not by automated means, on personal data or on sets of personal data, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction

«Controller»: means the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for his or her appointment may be provided for by Union or Member State law

«Processor»: means the natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller,

«Subcontractor (processor)»: means the natural or legal person who is entrusted by or on behalf of the processor to process personal data on behalf of the controller under the main contract

«Personal data breach»: means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access of personal data transmitted, stored or otherwise processed

«Main contract»: (where reference is made in this/this to a main contract): one or more contracts signed or planned to be signed in the future between the controller and the processor, the object of which is to entrust the processor with the provision of services which have as their object, involve or entail the processing of personal data.

Eunice Trading S.A. uses personal data for the purposes of providing the services selected and requested by the users and only to the extent necessary for the provision of these services and the fulfilment of mutual obligations. It also processes personal data if it is necessary to fulfill an obligation by law and/or to comply with a legal obligation.

Eunice Trading S.A. implements appropriate technical and organizational measures in order to ensure the safe keeping and processing of personal data and to prevent accidental or intentional loss or destruction and unauthorized and/or unlawful access, use, modification or disclosure to unauthorized persons.

1.Processing of personal data related to your business relationship with the Company.

Categories of personal data and sources:

• The Company during the contractual period of cooperation with customers or at the stage of preparing and submitting the offer to prospective customers may process the following categories of personal data:
• Identity data, name, full name, VAT number, tax office, address, telephone number, mobile phone number, fax number, e-mail address, which are provided to us for communication with them. We may also be provided with information on their inclusion in privileged and special categories of customers, e.g. vulnerable customers.
• In some categories of professional customers or prospective customers it is possible that the company may process data with the type of activity (CDR), certificates of commencement of professional activity, etc.
• Other data processed by the company by the nature of the cooperation and relating to the meter number, the address of the supplier's premises, details of leases of the premises, copies of mortgage portions, details of account numbers that customers notify the company of, monthly energy consumption, bills of previous or existing accounts, data relating to the communication of potential or existing customers with the Customer Service Department with the company (including requests, e.g.

2. Purposes of processing

• Management of the contractual relationship i.e., collections, payments, audits, especially for the energy sector, operational and computer services, contract execution, support and monitoring, fulfilment of contractual obligations, etc.
• Measuring customer satisfaction through research tools, organising advertising campaigns, carrying out energy analyses of promotional activities.
• Compliance of the Company with legal obligations (tax, insurance, customs, accounting, etc.).
• Energy profiling for the benefit of customers (e.g. price differentiation, savings advice, etc.)

3. Data Retention Time

The company retains personal data for the period necessary to fulfil this policy, the existing contractual relationship unless the relevant legislation requires a specific retention period (e.g. copies of invoices) and in any case for the duration of the contractual relationship.

The company shall retain personal data for as long as the applicable legislation provides for (e.g. copies of invoices).

4. Notifications

The company may transfer personal data :

To judicial, administrative, tax, customs, arbitration or other public authorities, regulatory bodies and lawyers if this is necessary to comply with the law or to establish, exercise or defend legal claims
to the Company's partners for the performance of postal services, computer support services, record keeping services
For the assessment of the customer's creditworthiness and ability to perform its contractual obligations by competent organisations
To debtors' information companies, for the purpose of informing the customer on the basis of the Law of the Republic of Cyprus on the information of debtors. 3758/2009, as amended and in force (their directors and employees), to lawyers and law firms
In all the above cases, the company ensures through contractual terms, commitments and controls that the applicable legislation for their protection is complied with in each case.

5. Right to withdraw consent

Consent to the processing of personal data is subject to revocation.

In the case of withdrawal, processing is limited to personal data in the case of a specific legal ground.

6. Right of access

Customers have the right to be informed about whether the company processes personal data and even the right to access and clarify information on the processing.

7. Right to erasure

The company's customers have the right to request erasure and the company will respond except in cases where there is a legal reason to retain the data.

8. Right to restrict processing

You have the right to request restriction of the processing of your personal data in the following cases: (a) when you contest the accuracy of the personal data and until it is verified; (b) when you oppose the erasure of personal data and request the restriction of their use instead of erasure; (c) when the personal data are not necessary for the purposes of processing, but are necessary for the establishment, exercise, support of legal claims; and (d) when you object to the processing and until it is verified that there is no personal data.

9. Right to object to processing

You have the right to object at any time to the processing of your personal data where it is based on a legal basis (Article 6 (1) (e) or (f) of the General Regulation) which will be met unless the Company demonstrates compelling legitimate grounds for the processing.

10. Right to Portability

You have the right to receive your personal data free of charge in a structured, commonly used and machine-readable format or to request, if technically feasible, that we transmit the data directly to another controller.

11. Right to object to a decision based on automated processing

You have the right to request your opt-out from decision-making based on automated processing, including profiling.

12. Right of appeal to the Authority

The competent authority is the Greek Personal Data Protection Authority. You have the right to appeal to the Personal Data Protection Authority for issues related to the processing of your personal data. There must have been a previous attempt on your part to exercise your rights with the Company before appealing to the competent Authority. For the Authority's competence and how to submit a complaint, you can visit its website (www.dpa.gr > My rights > Submit a complaint), where detailed information is available.