We would like to inform you about the protection of personal data and privacy, as well as about the adjustment we have made within the framework of our commitment to transparency as regards the way we handle personal data and we keep them safe. In particular, we have made modifications to comply with the new requirements introduced by the General Data Protection Regulation (GDPR). The present notice may be updated in accordance with any new recommendations of the regulatory authority of Greece (Data Protection Authority) or of the EU or the legislation each time in force.
The personal data protection notices define the way Aegean Motorway SA collects, stores and handles personal data, as well as the person’s rights regarding the processing of their personal data.
Aegean Motorway SA was exclusively established to implement the Concession Agreement for the design, financing, construction and operation of PATHE Motorway, Maliakos-Kleidi section.
|Corporate name:||Aegean Motorway societe anonyme for PATHE Motorway, Maliakos – Kleidi section|
|Tax Identification Number:||998790284|
|Registered office:||4, Anthimou Gazi Str. 41222, Larisa|
For more information, please contact us at the particulars you will find here: Contact us
Data collected on you & how are they collected
First, we point out that the collected data do not need to be “personal data” in accordance with the legislation (see Glossary below), since they may not identify, by themselves, the data subject. However, we proceed with the present notice also as regards these data for transparency and full information reasons.
The type of data kept by us may include, as the case may be, the following:
|Type of data||Subscribers only||Any motorway user|
|Name, home/professional address||√||√ (only in particular cases, i.e. toll violation or entitled to toll exemption, or involvement in road incident/accident or toll exemption for Disabled Badge holders)|
|Identification data, such as Identification Card number||√ (in particular cases of toll exemption applicable to Disabled Badge holders only)|
|Tax particulars (TIN, Tax Office)||√||√ (in particular cases of toll exemption applicable to Disabled Badge holders only)|
|Age or date of birth||√||√ (in particular cases of toll exemption applicable to Disabled Badge holders only)|
|Work particulars, if required||√ (only for subscription accounts of professionals)||√ (for toll exemptions applicable to Disabled Badge holders only)|
|Contact particulars, including e-mail and phone numbers||√||√ (only in particular cases, i.e. toll violation or toll exemption or involvement in road incident/accident or toll exemption for Disabled Badge holders)|
|Subscriber / motorway user’s vehicle license plate||√||√ (only in particular cases, i.e. toll violation or toll exemption or involvement in road incident/accident or toll exemption for Disabled Badge holders)|
|Material recorded through the CCTV system||√||√|
|Number of passages||√||√ (only in particular cases, i.e. toll violation or toll exemption or involvement in road incident/accident or toll exemption for Disabled Badge holders)|
|Special personal data categories, such as medical information, where required.||√ (only in particular cases, i.e. involvement in road incident/accident with injuries or toll exemption for Disabled Badge holders)|
The information we have about you are mainly provided by you when you contact us for the first time, and while you have a subscription with us. In some cases, we may collect information although you have entered into no agreement with us, but you just passed from the toll stations (e.g. because of accidents, violations etc.). You can provide us with your personal data at various points of time and through different communication channels, such as through a written or electronic form, telephone, e-mail, a member of our personnel or our agents, or we may collect your data, when for example you:
- Register to the “My easy way” platform to get access to your account, manage your information and submit relevant requests
- ask to contact one of our representatives;
- participate in any promotion or survey we conduct;
- the license plate of your vehicle is shown on recorded material, or
- file a request or complaint.
Moreover, we can be provided with the type of personal data mentioned hereinabove by:
- your employer, if you have a toll exemption card in your capacity as personnel of the Service entitled to an exemption under article 25.4 of the Concession Agreement (Law 3605/2007) or if we provide services to the employees of your company or group;
- a company managing the toll stations of another motorway, since they may transfer to us data on toll passages when, as our Subscriber, you make electronic toll passages from a toll station of another motorway participating in the Interoperability System.
In specific cases, personal data of other more sensitive categories may come to our notice, including data on your health, e.g. because you were involved in a road accident.
Wherever the law requires us to get your explicit consent to process such specific categories personal data, we will timely ask you for such consent. If you opt for not giving your consent, we may not be in a position to either meet your needs or to proceed with the performance of some of the tasks to be effected in order to provide you specific services.
In any other case, the legal grounds for the processing of personal data that do not fall within any personal data special category will depend on the reason for which we do process your data.
Why do we collect this information & how do we use your data?
Aegean Motorway SA processes your data for the following purposes:
- Hold - manage the company’s correspondence;
- Notify events to insurance companies as a result of an obligation or right arising from an existing insurance cover (e.g. third party liability of the Concession Project, vehicles’ insurance cover, etc.);
- View and record Videos taken by cameras, i.e.: (a) traffic management cameras within the Maliakos - Kleidi Motorway (toll plazas, tunnels and open road) and (b) safety cameras installed on buildings (in areas equipped with cameras, there are relevant signs to inform you);
- View and record Videos taken by the toll system and its cameras installed on the toll lanes (there are relevant signs to inform you);
- Keep an incident record and photos for incidents occurring within the concession project;
- Record incoming/outgoing phone calls as well as calls from the Emergency Roadside Telephone (ERT) installed along the motorway;
- Conclude an Eway* electronic tolls service agreement;
- Receive requests/complaints made by users or subscribers;
- Record passages exempted from tolls;
- Record special passages (disabled people);
- Monitor toll violations (passage without paying tolls);
As regards the above purposes, the processing legal grounds are the following depending on the case:
- Processing is our legal obligation (under the Concession Agreement L 3605/2007);
- Processing is required in order to enter into an agreement with you (e.g. for the eway services);
- Processing serves our business needs and lawful interests (e.g. fulfilment of our contractual, legal obligations etc., communication with third parties, defense - legal protection, protection of the Companies’ goods and property, statistic- historic purposes);
* The provision of such data and their processing by Aegean Motorway SA is a contractual requirement for concluding an agreement and any refusal to provide such data entails the failure of the controllers to enter into an agreement with you.
* In the event that we found the processing of your data on “legitimate interest”, we would like to inform you that we have first made an assessment for balancing our interests with your interests, rights and freedoms regarding your privacy and the protection of your data (“balance test”) and we have concluded that such processing is necessary and proportionate to our goal. For more information please contact us (Any questions? Contact us) or file a complaint to a supervisory authority.
*Note that the competent local Motorways Traffic Police Department has direct (parallel) and independent access to the toll violation data of the Toll System in order to certify the toll payment violation provided for in the Highway Code (article 29, para. 10 and article 104).
How do we read your personal data and transfer of data to third countries
We may use and share part or all your personal data, always by fully respecting them, with other companies that are our partners, or with supervisory authorities in order to:
- Manage the agreement concluded with you and handle claims and other transactions;
- In case you are an electronic toll services subscriber of another company and you have entered into an agreement with us within the framework of the toll interoperability, to send to the said company data on your passages from the toll stations of Aegean Motorway SA to ensure correct invoicing and/or settle any disputes;
- Confirm or correct the data we have about you;
- Conduct a survey to be internally used by our Company;
- Ensure the support of our associates for our systems;
- Comply with the law where, for example, we have to allow sharing your personal data with the services of the Police or other competent authority, where this is required to prevent any crimes;
- Be audited by competent Ministries, police or judicial authorities, tax authorities, etc.;
- Be assisted by our associates for printing/posting/sending files to you;
- Provide information about special offers and services that may be of your interest;
- Fulfill other business goals, such as product development and website management;
- Protect the rights, property and safety of the Company, our customers or third parties;
- Comply with a search warrant or Court decision/order/provision or act as required or allowed by the legislation in force, as for example when a third party has legitimate interest to and is entitled to get your data.
When we share your personal data with third parties who provide us with business services, we require them to take the appropriate measures to protect your personal data and to use such personal data only for providing these services.
Your personal data will never be transferred to other countries. The countries of the European Economic Area are considered to provide the same level of personal data protection as Greece. If, in the future, we will transfer your personal data or share them with others beyond the European Economic Area, first you will be promptly informed and second we will have ensured that we and these persons or companies to which the data are transferred undertake to protect the data from any inappropriate use or disclosure in accordance with the applicable European or national legislation on data protection, using standard clauses or other appropriate mechanisms.
Automated decision-making / profiling
We make no automated individual decision making and profiling.
For how long are your data kept?
Our present Personal Data Protection Policy complies with all laws in force as well as with the personal data legislation to which is subject. These laws define for how long we may keep all different kinds of data that we hold and are regularly controlled.
We safely destroy the data that we no longer need to hold, in accordance with the deadlines set in our policies.
When we continue to use data for statistics or surveys, we ensure that these data are anonymized and so you cannot be identified in any way whatsoever.
Modification of the present Privacy Notice.
We may modify this Personal Data Protection Policy at any time. If we proceed with any material modification in the way we collect your personal data or in the way we use or share them, we will post a clear notice with the relevant modifications. We propose you to frequently visit our site to read its last version.
How do we protect your data?
The personal data processing procedure is performed so as to ensure its confidentiality. In particular, processing is exclusively performed by the personnel authorized to that purpose, while all appropriate organizational and technical measures are taken to ensure the safety of the data and their protection from any accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, and any other type of unlawful processing.
In this section you may find more details about your rights regarding your personal data. The various rights are not absolute and are subject to some exemptions or reservations.
You are entitled to receive your personal data free of charge, except in the following cases, where we may charge a reasonable fee to cover our administrative costs for the provision of your personal data:
- Evidently unfounded or excessive/ repeated requests, or
- Additional copies of the same data.
Alternatively, we may have the right to refuse to act after the submission of your request.
We kindly ask you to carefully consider your request before submitting it. We will respond as soon as possible. In general, we will respond within a month from the receipt of your request, but if the examination of such request lasts more, you will be informed.
Bellow you will find a brief summary of your rights regarding your personal data.
|Your rights||What does this mean?|
||You have the right to obtain and we are bound to provide you with clear, transparent and easily understandable information about the way we use your personal data and about your relevant rights.|
||You have the right to obtain access to your personal data (if we process them) and to information regarding them, such as the purposes of the processing, the categories of personal data, their origin, and their possible recipients.|
||You have the right to correct your personal data if they are inaccurate or insufficient.|
||You have the right to request the erasure or removal of your personal data when there is no reason for us to keep using them. The right to erasure is not an absolute right. We may have the right or the obligation to hold the data in the event that we have a particular obligation to do so or we have another valid legal reason to keep them.|
||In some cases you have the right to “exclude” or cancel any further use of your data. When the processing is restricted, we may still store your data, but we are not allowed to make any further use of them. We maintain lists of people that have requested that further use of their data “is restricted” to ensure that this restriction will be complied with in the future.|
||You have the right to receive a copy of some of your personal data that keep and to reuse them or share them for your own purposes.|
||You have the right to object to some types of processing|
||The said right does not apply to our company.|
For any further information and advice on your rights or for submitting any complaint against the Controllers, you may contact the Hellenic Data Protection Authority - HDPA at +30 -210 6475600 289, website: http://www.dpa.gr/.
Any questions? Contact us
If you have any question about the present Notice, please contact us by e-mail, by fax or by phone at:
Moschochori Larisa, 41500 (att. to: Data Protection Officer)
Glossary & GDPR material
“Personal data”: means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
“Processing”: means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
“Restriction of processing”: means the marking of stored personal data with the aim of limiting their processing in the future;
“Profiling”: means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements;
“Controller”: means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
“Personal data breach”: means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.
For more information about the Regulation, visit: https://ec.europa.eu/commission/priorities/justice-and-fundamental-rights/data-protection/2018-reform-eu-data-protection-rules_en