Skip to main content
Home / Personal Data Protection Policy

Personal Data Protection Policy

At Alpha Bank SA (hereinafter the “Bank”) we recognise the importance of the personal data (hereinafter the “data”) of website visitors. The protection of your personal data, always in compliance with the applicable regulatory framework on the protection of personal data, constitutes a commitment for us. 

This Personal Data Protection Policy applies to It aims to provide information regarding the collection, storage, use and any other form of processing of visitor data by the Bank, in its capacity as Data Controller, as well as regarding your rights pursuant to the applicable provisions. 

1.1 Data required to fill in the application form to participate in the educational programmes of, to subscribe to the newsletter, to contact us and to shop from the e-shop:

  • Identification data, e.g. full name.
  • Contact data, e.g., postal and email address, landline and/or mobile phone number.
  • Data sent via email (comments, requests, etc.).
  • Especially when submitting comments, requests, etc., you must be extremely careful not to mention data that belong to special data categories, such as racial or ethnic origin, political, religious or philosophical views, participation in trade unions, health data, sex or sexual orientation, etc.

1.2. Cookies and other technologies

As described in detail in the Cookies Policy, we collect information using cookies and other similar technologies, such as web beacons and social plugins.

1.3 Device data

When you visit our website, we receive the URL address of the website you accessed prior to visiting our site, the date and time of your visit, the operation system of the device and the browser used, as well as the IP address of your device.

1.4 Location data

When you visit using a computer, tablet or cell phone, we collect data regarding your exact location, based on your device settings. In any case, keep in mind that your consent will be requested before using location and GPS services.

We collect information that you disclose to us when you visit and/or browse through, when you fill out an application form for the educational programmes of, subscribe to a newsletter or shop from the e-shop. Furthermore, we may collect information from third parties (persons or legal entities), e.g. IT and technology companies and social media platforms.

The Bank collects and processes only the data required to pursue the following purposes. In particular:

3.1. We may process your data in the context of the contractual relationship between us:

  • To identify and contact you.
  • To review the application form you submitted for one of our educational programmes.
  • To allow you to buy products through the e-shop and process your order.

3.2. We may process your data in order to pursue our legitimate interests, provided that they do not exceed the rights and freedoms of the visitors to our websites, e.g.:

  • To ensure the proper and more efficient operation and management of our website.
  • To investigate and resolve technical issues in the context of providing our services (e.g. coding errors).
  • To ensure the security of the website or to investigate possible fraud or other violations of the Terms of Use of our website or this Policy.
  • To conduct studies and research in order to evaluate and improve our products and services or to develop new products and services.
  • To contact you to inform you about the use of our products or services, their capabilities, their features as well as any new developments/applications.
  • To investigate the degree of satisfaction from the service offered and the services of our Bank and/or your further needs or wishes.

3.3. We may process your data if you have previously expressly given your consent, e.g.:

  • To understand how you use and interact with the content of our website, through the use of cookies.
  • To improve the services offered through, in order to meet your personal needs and choices.
  • To improve and measure the effectiveness and deliverability of our advertisements appearing on third-party websites.
  • To display advertisements related to products, offers and other services in general.
  • To send newsletters.

In any case, the Bank may process your data for purposes of compliance with the obligations imposed by the applicable legal and regulatory framework from time to time, the supervisory authorities, as well as the decisions of competent authorities or courts.

Apart from the Bank employees responsible for processing requests, and managing comments, complaints and questions you submit through, provided that the applicable statutory conditions are met, we may disclose your data to the competent employees of our Group companies, in the context of their activities, as well as to third parties (natural persons and legal entities, to whom the Bank assigns the performance of certain tasks on its behalf from time to time), under the condition they maintain professional secrecy and confidentiality at all times, e.g.:

  • Advertising and marketing agencies for the products and services of the Bank.
  • Database and website management companies.
  • Providers of innovative solutions for payment technologies and services, providers of postal services, development services, maintenance, customisation of IT solutions, email services, hosting as well as cloud services.
  • Telephone support / information companies (call centres).
  • Market research companies, in order to conduct surveys related to the Bank’s products and services.

In any case, the Bank guarantees that it will not transfer, disclose, provide, etc. your data to third parties for any purpose or use, other than those expressly disclosed in this Policy. However, we reserve the right to disclose information related to you, if we are obligated by the law or if said disclosure is required by the competent supervisory, audit, independent, judicial, public and/or other authorities. Furthermore, keep in mind that the Bank may transfer the data it collects from to countries outside the European Union or to an international organisation in the following cases:

  1. If the European Commission has issued an act regarding the sufficient protection of personal data in that specific country or international organisation.
  2. If you have been specifically informed and you have expressly given your consent to the Bank, and the other conditions of the legal framework are met.
  3. If the transfer is necessary for carrying out a contract, e.g. if the transfer is necessary for executing payment orders to a credit institution in a third country or in case of a transfer or executing an order to conclude a financial instrument transaction.
  4. If the transfer is necessary for establishing, exercising or supporting legal claims, or defending the Bank’s rights.
  5. If there is a relative obligation arising from a statutory provision or a transnational/international convention.
  6. In the context of the Bank’s compliance to the rules of automatic exchange of tax information, as derived from the regulatory and legislative framework.

The Bank takes appropriate technical and organisational measures to ensure the confidentiality, integrity and availability of the information on a permanent basis, so it is protected against incidental or unlawful destruction, loss, alteration, prohibited dissemination or access and any other form of unlawful processing.

Pursuant to the established procedures, the Bank audits the compliance with the Group’s Information Security Framework, conducts special security audits (penetration tests and vulnerability assessments), trains and educates its personnel on security matters and continuously assesses the elevated information security level, taking further measures to address new threats and the associated risks, as this is deemed appropriate.

These measures contain, but are not limited to, special, multilevel security mechanisms for the protection of the services provided via the internet and the entire infrastructure of the Bank, mechanisms for data loss prevention (DLP), recording of access, protection of systems, central management of user access control based on their operational duties, as well as encryption and pseudonymisation of information, when required.

However, it is your responsibility to ensure that the equipment (e.g. personal computer), software, telecommunication equipment that you use is sufficiently secure and protected against malware (e.g. viruses). Keep in mind that by not using sufficient security measures (e.g. secure settings on your browser, updated malware protection software, avoidance of using software and hardware of dubious provenance, etc.) entails the risk that the data, as well as the passwords you use, may be disclosed to unauthorised third parties.

6.1. We will keep your data for as long as you are a Bank customer and for a period of up to 20 years after the expiration of the relevant agreement, when this is required by law.

6.2. If you are not a Bank customer, we may keep the data collected from our websites for a period of up to 5 years after their collection.

6.3. The period for which data collected using cookies and similar technologies is kept is specified in detail in the Cookies Policy.

6.4. We keep your personal data for as long as you remain registered in the newsletter recipient list.

6.5. After the retention period has elapsed, the Bank will ensure the secure destruction and/or deletion of your data.

You have the following rights regarding the data we keep for you:

  • Right of access: You may request to receive information regarding the processing of your data (e.g. the categories of data, the purposes of processing, etc.).
  • Right to rectification: You may ask us to rectify or supplement your data, if they are incomplete or contain inaccuracies.
  • Right to erasure: In some cases, you may request the erasure of all or part of your data (e.g. if the data are no longer required for the purposes for which they were collected).
  • Right to restrict processing: You may request the restriction of the processing of your data, where specified by law.
  • Right to object: You may object, at any time, to the processing of your data, as carried out in the context of pursuing our legitimate interests, as specified above.
  • Right to data portability: You may ask us to receive or transfer to a third provider some of the information you have provided to us, in electronic format.

If you wish to exercise one of the aforementioned rights, you may submit your request, by sending us the form for exercising your rights (only available in Greek) and sending it to:

  • For the Art Collection – 41 Panepistimiou Street, 105 64 Athens, Tel. +302103262484 and +302103262457,
  • For the Numismatic Collection – 1 Panepistimiou Street, 105 64 Athens, Tel. +302103262460 and +302103262461,
  • For the Historical Archives – 11 Sofokleous Street (Ground floor), 105 59 Athens, Tel. +302103262450 and +302103262451,
  • For the Library – 16 Pesmazoglou Street, 105 64 Athens, Tel. +302103262440 and +302103262446,
  • For the Banknote Museum of Ionian Bank – Agiou Spyridonos Square (Iroon Kypriakou Agona Square), 491 00 Corfu, Tel. +302661041552,
  • For the e-shop – 12-14 Pesmazoglou Street, 10564 Athens - Greece, +302103262465,

If you submit a request to exercise your rights, the Bank shall respond to your relevant request within 1 month from its submission. Said time limit may be extended by 2 months, following your prior notification, taking into consideration the complexity of the request and the number or requests being processed.

Keep in mind that our response to your aforementioned request is provided free of charge. However, if your request is obviously inadmissible, excessive or repeated, we may charge a reasonable fee, after notifying you in advance or refusing to respond to your request.

If you believe that your rights have been infringed in any manner whatsoever, you may also submit a complaint to the competent Supervising Authority:

Hellenic Data Protection Authority
Address: 1-3 Kifisias Avenue, 11523 Athens, Greece
Call Centre: +302106475600

9.1. The Bank does not collect nor gains access, in any manner whatsoever, to special (“sensitive”) categories of personal data through the website. Visitors are obliged to refrain from providing such data, related to themselves or third parties. Otherwise, the data shall be promptly deleted as soon as we become aware of them. The Bank shall not be held liable by any visitors or third parties for the provision and/or processing of such data, caused by their acts or omissions in breach of the aforementioned obligation.

9.2. Our website may contain links to other websites that are not controlled by the Bank but by other third parties (e.g. social media websites, Greek and European Supervising Authorities, other services, etc.).

This Policy does not apply to said websites and we recommend visiting them directly in order to be informed about their data protection policies.

9.3. We may amend this Policy from time to time, in order to always comply with the statutory requirements and how we conduct our business activities. If we decide to replace this Policy or introduce very important changes, we will notify you accordingly. To be informed about the latest version of this Policy, we recommend you visit this page regularly.

If you have any questions or complaints regarding this Policy, you may contact us using the following information:

Data controller
Alpha Bank SA
Address: 40 Stadiou Street, 10252 Athens, Greece
Contact number: +302103260000

Data protection officer
Address: 105 Athinon Avenue, 10447 Athens, Greece
Contact number: +302103266953