The term "personal data," as used in this Policy, refers to information about natural persons, such as VAT number, ID card number, passport /other official identification document number, full name, father's name, country of issuance, category of financial behavior, which can be used to identify the identity of a subscriber-customer of one or more Providers, hereinafter referred to as "Personal Data" or "Data."

Processing of Personal Data is the collection, recording, organization, storage, adaptation, alteration, retrieval, information search, use, transmission to third parties, dissemination, correlation, combination, restriction, erasure, and destruction of personal data about natural persons. In the case of TELEGNOUS, the Processing of Data is limited to the following information: VAT number, ID card number, passport /other official identification document number, full name, father's name, country of issuance, category of financial behavior, which can be used to identify the identity of a subscriber-customer of one or more Providers.

The Information Exchange System / Common Information Database / Common File (hereinafter "Common Database") is an information system in which Providers record data related to the financial behavior (insolvency) of subscribers-customers.

If you belong to:

• Category "a," meaning active subscribers of mobile communication companies with debts equal to or greater than two hundred (200) euros, which have been overdue for more than ninety (90) days. These are active subscribers who continue to be active on one of the mobile networks, and their inclusion in the Common Database aims to inform the other Providers, in case a specific subscriber attempts to activate connections on other networks (one and/or more). For the relevant entry the debts from all contracts of the same subscriber (same VAT number) with the same Provider are taken into account.
• Category "b," meaning subscribers who have been disconnected from the network or have been transferred to another network through number portability, and have an overdue debt regardless of the amount, have not settled any account, nor have they made any arrangements to settle their debt. The inclusion of these subscribers in the Common Database aims to inform the other Providers in case a specific subscriber attempts to activate connections on one or more mobile networks or if they attempt to transfer to another network through the portability process.

Your Provider records the following information in the Common Database:

• VAT number or ID card number if you are a Greek national
• VAT number or passport number or other official identification document number and issuing country if you are a foreign national
• Full name, including first name and surname
• Category of financial behavior (i.e., "a" or "b")

The Common Database contains only subscribers’ Data whose debts to the Provider fall into one of the "a" or "b" categories.

We may receive the above-mentioned data (VAT number or ID card number if you are a Greek national, VAT number or passport number or other official identification document number and issuing country if you are a foreign national, full name including first name and surname), as well as your Mailing Address (street, number, postal code) and contact details (phone, fax, email address) directly from you in case you submit a request for exercising a right/query/complaint.

We do not collect special categories of data or data regarding minors.

Providers enter the Data into the Common Database. When you request to activate a connection to a mobile network or transfer your portable connection number to another Provider, the Provider, in order to verify your creditworthiness, performs an electronic search in the Common Database using a combination of the VAT number and the candidate subscriber’s full name or the issuing country and passport number or any other official identification document number in the case of a foreign subscriber as the search key.

The information returned by the system is "Yes/No". In particular:

• If you have debts to the Provider, the indication “Yes” appears, along with a marking (flag) of “a” or “b,” depending on the category to which your debts belong.
• If you do not have debts to the Provider or your debts do not belong to the “a” or “b” categories, the indication “No” appears without any marking (flag).

The processing of insolvency Data is permissible as it is necessary to fulfill the purpose of an effective pre-contractual credit check by Providers. This purpose of processing is lawful as it constitutes an overriding legitimate interest pursued by this specific business sector (mobile telecommunications companies), in accordance with:

• Decision 28/2017 of the Hellenic Data Protection Authority (HDPA),
• Opinion 1/2015 of the Hellenic Data Protection Authority (HDPA),
• Article 6(1)(f) of the GDPR.

Your Data provided for the exercise of your rights is processed in the context of the legal obligation of TELEGNOUS to manage, respond to, and satisfy your requests.

Your Data provided for the submission of inquiries/complaints is collected to answer to you, resolve your complaint, and draw conclusions regarding the smooth operation of TELEGNOUS under TELEGNOUS's legitimate interest.

No, TELEGNOUS does not use your Data for other purposes.

The recipients of the Data, through access to the Common Database, are only the Providers.

We may share or disclose your Data:The recipients of the Data, through access to the Common Database, are only the Providers.

• When you explicitly request it;
• When access to the Common Database is required by a Processor who is acting on our behalf for the operation/ maintenance of the Common Database, and the provision of technical support services for software-related issues (e.g., Kyndryl);
• When you submit inquiries/complaints to the TELEGNOUS call center, which is managed by Kyndryl.

The company "Kyndryl Hellas Information Processing Systems S.A." (hereinafter “Kyndryl”) acts as the Processor on behalf of TELEGNOUS, and according to the corresponding agreement with TELEGNOUS, Kyndryl is responsible for the development of the Common Database, the provision of telephone customer services to the Provider’s subscribers, and internal/administrative support to TELEGNOUS. In this context, Kyndryl has access to the Common Database and the Data solely for the purpose of executing our agreement.

• Kyndryl has agreed to and is bound by the terms of its agreement with TELEGNOUS:
• To maintain confidentiality;
• Not to disclose Data to third parties without TELEGNOUS permission;
• To implement appropriate technical and organizational measures;
• To comply with the legal framework for the protection of personal data, especially the GDPR.

TELEGNOUS (or third parties authorized by TELEGNOUS) conducts audit checks to verify Kyndryl's compliance with the aforementioned commitments.

Your Personal Data is stored and processed exclusively within the European Union (EU).

TELEGNOUS retains your Data for five (5) years from the creation date of the debt. If you settle or reach an agreement on your debt with the Provider, your Data is immediately deleted. Providers, as Recipients, may retain your Data for as long as necessary for the conclusion of the requested contract but no longer than five (5) days.

Requests for the exercise of your rights are kept for 5 years, except for the requests for the exercise of Objection rights and the withdrawal of the objection right, which are retained indefinitely.

Data provided for inquiries/complaints, which do not constitute the exercise of a right, are kept for one year.

• TELEGNOUS is committed to safeguarding your Personal Data. We have implemented appropriate organizational and technical measures for the security and protection of the Common Database Data against any accidental or unlawful processing, as well as for the secure transmission of Data during their registration by the Providers into the Common Database, and the receipt of responses from it. We have taken the measures specified in Opinion 1/2015 of the Hellenic Data Protection Authority. Specifically, we maintain a log file for every access made to the Common Database, recording:
• Access and processing time
• The unique personalized code of the user who accessed or performed the processing
• The reason for access
• The processed Data

Any processing of Common Database Data is only permitted by authorized individuals. These measures are reviewed and modified when deemed necessary.

If your debts fall under categories "a" or "b", your Provider, after providing you with a reasonable deadline to settle your debts, informs you (e.g., through an account statement or letter or/and written message) about his right to enter your Data in the Common Database of TELEGNOUS.

Furthermore, TELEGNOUS ensures that Providers cannot access the Data in the Common Database without prior notification to you (e.g., by providing relevant information in your Application-Contract with the Provider of your choice regarding their right to search information about you in the Common Database of TELEGNOUS).

If you do not make arrangements to settle your debt due to the existence of a legitimate reason (for example, if you dispute the debt), your Data will not be registered in the Common Database of TELEGNOUS unless your Provider sends you a written letter that rejects your dispute with reasons and specific facts, and the dispute has not been referred to court.

If you consider that the processing of your Personal Data violates the current national and regulatory framework for the protection of personal data, you have the right to lodge a complaint before the Hellenic Data Protection Authority (postal address: Kifisias 1-3, Postal Code 115 23, Athens, telephone: 210-6475600, email address: contact@dpa.gr).

No decisions are made by TELEGNOUS or Providers based on automated processing of your Data through the Common Database. The Common Database of TELEGNOUS is used by Providers as an advisory tool, and any decision made by the Provider requires human intervention (e.g., possibly the Provider may recommend a different telecommunications product that better suits your financial capabilities or request a guarantee).

No "cookies" are used on our website.

The processing of personal data by TELEGNOUS is governed by a) the General Data Protection Regulation 2016/679/EU, b) Opinion No. 1/2015, and c) Decision No. 28/2017 of the Hellenic Data Protection Authority, as well as the applicable national and European laws for the protection of personal data.

We will update this Policy whenever we consider it’s necessary. If there are significant changes to the Policy or the way we use your Personal Data, we will notify you either by posting a notice in a prominent place before the amendments take effect or by any other suitable means. We encourage you to regularly read this Policy to understand how your Data is protected.