In case the Visitor / User wishes to subscribe to the services of www.heron.gr as a User / Member, he / she agrees to: a] provide true, accurate, valid and complete information about the details required by www.heron.gr in the requests for access to its content / services and b] maintain and diligently update his / her subscription information so that they are held true, accurate, valid, up-to-date and complete.
With the exception of cases explicitly stated herein [copyright of third parties, associates and entities], all content of www.heron.gr, including images, graphics, photographs, drawings, texts, services provided, and generally all archives on this website, constitute intellectual property, registered trademarks and service marks of www.heron.gr and the Company and are protected by the relevant provisions of Greek law, European law and international conventions and treaties. Therefore, none of the above items may be wholly or partially sold, copied, modified, reproduced, republished or uploaded, transmitted or distributed in any way. An exception includes the case of individual storage of a single copy of the contents on a single personal computer for personal use only, excluding public or commercial use, as well as the deletion of origin indication of www.heron.gr, in order to protect the relevant intellectual and industrial property rights of www.heron.gr and the Company in any way. The remaining products or services listed on the webpages of this website with the trademarks of the corresponding organizations, companies, collaborating bodies, unions or versions constitute their own intellectual and industrial property and, therefore, these bodies are responsible for the use of the above services. The Visitor / User and User / Member understands and accepts that they are not entitled to reproduce, copy, sell, resell and / or use all or part of the content of www.heron.gr in any way.
Due to the nature and volume of the Internet, the website www.heron.gr shall not, under any condition including the event of negligence, be held liable for any damage caused to the Visitor / User and User / Member of the pages, services, options and content of www.heron.gr , which he / she accesses on his / her own initiative. The content of www.heron.gr is provided “as is” with no guarantee, expressed or implied guarantee whatsoever. To the fullest extent and in accordance with the law, www.heron.gr disclaims all guarantees, expressed or implied, including, but not limited to, those that imply marketability and appropriateness for a particular purpose.
The site www.heron.gr does not guarantee that the pages, services, options and content will be provided without interruption and / or errors and that those errors will be rectified. Additionally, www.heron.gr does not guarantee that the site and / or any affiliated site or servers through which the above sites are made available to Visitors / Users and Users / Members do not contain viruses or any other harmful component. Under no circumstances does www.heron.gr guarantee the accuracy, completeness or availability of their content, pages, services, options or results. The cost of any rectification or services is borne by the Visitor / User and User / Member and not by www.heron.gr and / or the Company in any event.
The content and information included in www.heron.gr are an offer to the Visitor / User and User / Member of www.heron.gr and to the community of Internet users and under no circumstances may the above content and information be construed as valid information and / or advice, nor do they imply any suggestion to undertake or refrain from certain actions. The site www.heron.gr undertakes the collection, editing and distribution of its content, but under no circumstances does it guarantee its thoroughness, completeness, adequacy and generally its appropriateness and the absence of any errors, mainly due to the significant size of its volume, as well as the participation of third parties [natural or legal persons] during its primary production and collection. By using its services on their own initiative, the Visitors / Users and Users / Members of www.heron.gr also assume the relevant responsibility to cross-check all provided information.
The site www.heron.gr does not control the availability, content, personal data protection policy, quality and completeness of the services of other websites and pages to which it refers through links, hyperlinks or banner ads. Therefore, for any occurring problem during their visit / use, the Visitor / User and / or User / Member shall contact the relevant websites and pages directly, which bear full responsibility for the provision of their services. Under no circumstances shall it be considered that www.heron.gr adopts or accepts the content or services of the websites and pages to which it provides links and connections.
The User / Member understands and accepts that www.heron.gr may adopt new terms for the provision of its services including the time limits that www.heron.gr maintains e-mails, forums, user pages and / or any other content that the User / Member posts. Additionally, www.heron.gr reserves the right to modify the permitted limits regarding the size and number of e-mails that a User / Member may send from his / her account, messages and any other content posted by the User / Member on the services of www.heron.gr. The site www.heron.gr reserves the right to modify storage limits for content provided through its services to Users / Members at any time and without notice. The Users / Members understand and accept that www.heron.gr reserves the right to deactivate e-mail accounts that remain inactive by Users / Members for a long amount of time [over six (6) months].
The site www.heron.gr may provide Visitors / Users and / or Users / Members with the possibility to form their own “Message Board”, allowing them to participate in the conversation of a “Message Board” created by other users by sending text messages. In case the above possibility is provided, Visitors / Users and / or Users / Members of www.heron.gr are required to comply with rules of conduct and avoid the use of illegal or immoral language. The site www.heron.gr reserves the right to prohibit or interrupt the display of any text message in the event of a breach of the above terms. Under no circumstances shall it be considered that www.heron.gr adopts or accepts personal views / opinions expressed in the above message boards. Visitors / Users and / or Users / Members of these services reserve the right of intellectual property in the opinions expressed in their messages. In the event that www.heron.gr is notified that the content of any / some messages posted by Visitors / Users and / or Users / Members is offensive to third parties, it reserves the right to immediately delete the message or even the account of the User who posted that message.
The above terms and conditions of use of www.heron.gr, as well as any modification thereof, are governed by and supplemented by Greek law, European Union law and relevant international treaties. Should any provision of the above terms be contrary to law, it shall cease to apply and is repealed without prejudice to the validity of the other terms. These terms constitute the overall agreement between www.heron.gr and the Visitor / User and / or User / Member of its pages and services and are binding only to the latter. No modification of these terms will be taken into consideration and shall not constitute part of this Agreement unless it has been expressed in writing and incorporated therein.
We would like to assure you that for the company with the trade name “HERON SOCIÉTÉ ANONYME ENERGY SERVICES” / “HERON ΙΙ THERMOILEKTRIKOS STATHMOS VIOTIAS SOCIÉTÉ ANONYME” and the Distinctive Title “HERON ENERGY S.A.” / “HERON II VIOTIAS S.A.” (hereinafter referred to as the “Company”), member of GEK TERNA Group, the protection of personal data of the natural persons who are in any way involved with the Company, is of paramount important. That is why we are taking appropriate steps in order to protect the personal data of persons that we process and to ensure that personal data is always processed in accordance with the obligations laid down by the legal framework, both by the Company itself and by third parties who process personal data on behalf of the Company.
Data Controller – Data Protection Officer (DPO)
The company “HERON SOCIÉTÉ ANONYME ENERGY SERVICES” / “HERON ΙΙ THERMOILEKTRIKOS STATHMOS VIOTIAS SOCIÉTÉ ANONYME”, headquartered in the Municipality of Athens, 85 Mesogeion Avenue, operating offices in Athens, 124, Kifissias Avenue, Postal Code 11526, and two (2) Thermal Power stations in Thebes, Viotia in the 4th km PEO Thebes - Eleusis, Postal Code 32200, email: firstname.lastname@example.org, website: http://www.heron.gr, informs that, in the context of its business activities, it processes the personal data of the data subjects, natural persons concerned (such as its customers, suppliers, shareholders, and potential personnel), in accordance with the applicable national legislation and the Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation, hereinafter referred to as the “Regulation”) as currently in force.
For any matter concerning the processing of personal data, please contact directly the Data Protection Officer (DPO), i.e. the Law Firm “PISTIOLIS - TRIANTAFYLLOS & ASSOCIATES LAW FIRM” at the following email address: email@example.com, tel: 213 033 3000
What personal data do we process?
We process the personal data that you provide us with [such as, your name and surname, home address, email address, phone number and FAX number if available, identity card number (ID-Card no.) and issuing authority, tax registration number and competent Tax Office, gender and date of birth, etc., as well as your supply account number, photographs of the reconciliation bill for electricity or natural gas that your supplier provides you with], only when we have a legitimate reason to do so.
What are the legitimate reasons for processing your personal data?
The legitimate reasons for processing your personal data include the following:
(a) the performance of the existing contract between you and the Company, as well as the preparatory actions required within the scope of the contract that is to be drafted between you and the Company, such as, a contract for the supply of electricity or natural gas to our customers, satisfying our customer’s requests / complaints in the context of proper provision of our services, executing project contracts with our collaborating contractors or providing our services through our partners throughout Greece, in order to fulfill our contractual obligations in the above context.
(b) the safeguarding and the protection of both your legitimate interest and ours. Therefore, we use closed-circuit television (CCTV) and security cameras in order to protect the safety of natural persons, materials and other facilities of the Company. Additionally, we record details of our visitors and collaborators entering the facilities of the Company in order for them to be served or in order to execute the relevant works that we have been assigned, etc. and to be able to provide access cards for the facilities of the Company.
(c) compliance with an obligation imposed by law, such as the disclosure of acts and information of a société anonyme (including details of natural persons, such as shareholders, members of the Board of Directors or Company executives), pursuant to Art. 7b of Law 2190/1920, as amended, the disclosure of transactions of obliged persons to the Stock Exchange, the management of claims for damages caused by accidents while carrying out a project, the management of litigation cases, etc.
(d) the consent you provide us with under the specific conditions set by the legal framework.
(e) the manifest disclosure by the subject of the data and the processing which is necessary to protect the data subject's or other natural person's vital interests (in case the data subject is physically or legally incapable to give his/her consent) are the legitimate reasons for which we process any information related to health data.
How and why do we use your personal data?
To properly comply with our contractual obligations and to maintain the quality of our provided services.
We collect and use the information required for the smooth cooperation with you whether it includes a supply contract, a contract for service provision to our customers, a contract for the execution of works by our contractors / subcontractors, etc., or the processing of personal data in the context of actions required at a pre-contractual stage.
Specific examples where the processing of our customers' personal information (as detailed above) is required include the following:
Provision of authorization of the customer to the Company for the cessation of the Meter Representation & disconnection of power supply
Certification of meter readings and general tariff parameters for Bill amendment
Tariff dispute on behalf of our customer
Customer request for the amendment of tariff category
Customer request for VAT exemption
Request to amend the existing supply contract
Request to withdraw a direct debit for the settlement of bills via credit card
Contract termination by our customer
Activation of direct debit for the settlement of bills via credit card
Withdrawing statement of our customer
Submission of requests / complaints by our customer or a third party
Provision of authorization of the customer to the Company for the cessation of the customer’s Meter Representation by another supplier by 100% and the termination of the contract
Submission of customer request for a new supply representation
Submission of customer expression of interest in an exhibition of our Company
For the purpose of contacting you and optimizing our support.
We may need to contact you by email or telephone for administrative purposes, such as informing you about the status of our cooperation, arranging a professional meeting with potential staff, managing your further requests or complaints, etc.
To comply with our legal obligations.
In case we publish, for example, information on our website or on the website of the General Electronic Commercial Registry (GEMH) and / or the Board of Directors of the Company (including details of natural persons), we use provide authorizations to designate and notify third party natural persons as representatives of the Company in order to conduct actions within the scope of the Company’s business activities.
To protect our legitimate interests, individuals and premises
Within the above scope we use closed-circuit television (CCTV) and security cameras to ensure the safety of individuals, materials and premises of the Company.
For newsletters subscription purposes and in order to send information on our new offers
We ask for your consent first, and then your email address, so that you may receive newsletters from our Company about our latest news and offers.
With your consent and subsequent subscription, you will be able to stay informed about our new services and offers that we send via emails and text messages or Instant messaging through related services (for example SMS, Viber, Push Notifications etc.).
To create a Member Account
In case you wish to create a Member Account, you will need to provide us with your email address and set your own personal passwords.
For the provision of information regarding the benefits available to you by concluding a contract for the provision of electricity or natural gas with our Company
In order to inform you about how much you would pay in case you were a customer of our Company, you are kindly requested to send us photographs of the reconciliation bill for electricity or natural gas that your supplier provides you with for processing purposes, and your phone number, so that we may contact you through viber.
For a customized communication (profiling)
In order to provide you with the best possible experience, all personal data collected under our contractual relationship may be used to send personalized news / updates provided you have given your consent under specific conditions set by the legal framework.
Who do we disclose your personal data to?
The Company discloses your personal data to the following recipient categories:
To our Company employees, who are responsible for the evaluation and realization of your requests, the provision of information at a pre-contractual stage, and in case you express your interest in the conclusion of a customer relationship with the company, the proper execution of your contract with the company, as well as the fulfillment of obligations provided by the contract or by Law.
Your personal data are treated with the strictest confidentiality, since our employees processing your personal data possess an adequate and significant level of knowledge on personal data protection and are either bound by a confidentiality clause or obliged to comply with the confidentiality clause.
State authorities, law enforcement Bodies
Personal data is disclosed whenever necessary for verification (e.g. by the Regulatory Authority for Energy, Hellenic Consumer’s Ombudsman, Hellenic Data Protection Authority, etc.) and in accordance with statutory procedures.
Collaborators of our Company (partners, subcontractors, banks, insurance companies, auditing company etc.)
The Company works with collaborators to whom our Company assigns personal data processing on its behalf (e.g. cooperation agreements with call centers which are assigned with the promotion of products and services of our company) subcontracting, banking transactions, audit of a transfer of shares by a statutory auditor, product promotion or market research companies, financial institutions, companies such as TIRESIAS S.A., in order to verify your credit standing, debtor notification companies, auditors, accountants, notaries, lawyers, bailiffs or other financial or professional consultants). In the above cases the Company remains the controller of the processing of your personal data and sets out the details of the processing, signing a specific contract with the third parties assigned with processing activities, in order to ensure that the processing is carried out in accordance with the applicable legal framework and that any individual may freely and without hindrance exercise the rights conferred on him/her by the legal framework.
In addition, the Company may also transfer data to other affiliated companies, as well as collaborating companies (e.g. to joint venture members or company associations) with the purpose to provide a report on the Company’s status provided that consent has been given by the natural person, as mentioned above and that the above provision on written assignment of processing applies.
Duration of Data Storage
The duration of data storage is defined according to the following specific criteria, as appropriate:
In case the processing is required by provisions of the applicable legal framework, your personal data will be stored for as long as the relevant provisions require.
In case the processing is performed on a contractual basis, your personal data will be stored for as long as necessary for the execution of the contract and for the basis, exercise, and / or support of legal claims under the contract.
What are your rights in relation to your personal data?
Any natural person whose data is processed by the Company is entitled to the following rights:
Right of access
You have the right to be aware and to verify the legality of the processing. Therefore, you have the right to access the data and receive additional information about data processing.
Right to Rectification
You have the right to read, rectify, update or modify your personal data by contacting the Data Protection Officer (DPO) with the above contact details.
Right to Erasure
You have the right to request the erasure of your personal data in case we process it with your consent or in order to protect our legitimate interests. In any other case (such as in the context of performance of contract in effect, obligation to process personal data required by law, public interest, etc.), this right is subject to specific restrictions or does not exist on a case-by-case basis.
Right to Restriction of Processing
You have the right to obtain from us restriction on the processing of your personal data where one of the following applies:
(a) the accuracy of the personal data is contested and until such accuracy is verified;
(b) you oppose the erasure of your personal data and request (instead of erasure) the restriction of their use;
(c) personal data are not needed for the purposes of processing, but they are, however, required for the establishment, exercise or defense of legal claims; and
(d) you object the processing pending the verification whether our legitimate grounds override those of yours.
Right to Object
You have the right to object to the processing of your personal data at any time where, as described above, such processing is necessary for the purposes of legitimate interests we seek as controllers.
The Right to Data Portability
You have the right to receive your personal data free of charge in a format that allows you to access, use, and edit them, using commonly used editing methods. You also have the right to ask us, if technically feasible, to transmit the data directly to another controller. This right concerns the data you have provided to us and their processing is carried out in a commonly used format based on your consent or in order to perform a contract.
The Right to Withdraw Consent
Where processing is based on your consent, you have the right to withdraw it. The withdrawal of your consent shall not affect the lawfulness of the processing based on consent before its withdrawal.
In order to exercise any of the above rights, please contact the Data Protection Officer (DPO), i.e. the Law Firm “PISTIOLIS - TRIANTAFYLLOS & ASSOCIATES LAW FIRM”, address: 103 Vasilissis Sofias, Athens, email address: firstname.lastname@example.org ,tel: 213 033 3000
Right to lodge a complaint with the Hellenic Data Protection Authority
You have the right to file a complaint with the Hellenic Data Protection Authority (www.dpa.gr): Telephone: +30 210 6475600, Fax: +30 210 6475628, email: email@example.com
Personal Data Safety
The Company implements appropriate technical and organizational measures aimed at the safe processing of personal data and the prevention of accidental loss or destruction and/or unauthorized access to, use, modification or disclosure thereof. In any case, the way in which the internet operates and the fact that it is free to anyone cannot guarantee that unauthorized third parties will never be able to violate the applicable technical and organizational measures by gaining access and possibly using personal data for unauthorized and/or unfair purposes.
Information on the processing of personal data through a video surveillance system
HERON SOCIÉTÉ ANONYME ENERGY SERVICES, headquartered in the Municipality of Athens, 85 Mesogeion Avenue, operating offices in Athens, 124 Kifisias Avenue, Postal Code 11526, email firstname.lastname@example.org, telephone number 18228.
Purpose of the processing and legal basis:
We use closed-circuit television (CCTV) in order to protect natural persons and premises. The processing is necessary for the purposes of the legitimate interests we pursue as a controller (article 6 para. 1. (f) GDPR).
Our legal interest is the need to protect our premises and the materials in it from illegal actions, such as theft. We also need to ensure life safety, physical integrity, health as well as the property of our staff and of third parties legally located in the area under surveillance. We only collect image data and limit the surveillance to places where we have previously assessed that there is an increased possibility of perpetration of illegal actions e.g. theft, for instance, in cash desk and/or the entrance, without focusing on places where privacy of the persons being photographed may be severely restricted, including their right to respect of their personal data.
The material held is accessible only by our competent / authorized personnel and cooperating security company who are in charge of security of the premises. This material shall not be disclosed to other third parties without the consent of the data subject, except in the following cases: (a) to the competent judicial, prosecutorial and police authorities when it contains information necessary to investigate a criminal offense involving persons or property of the controller; (b) to the competent judicial, prosecutorial and police authorities when lawfully requesting data in the performance of their duties, and (c) to the victim or perpetrator of a criminal offense, in the case of data which may constitute evidence of the offense
We keep the data for fourteen (14) days, after which they are automatically deleted. In the event that during this period we find an incident, we isolate part of the video and keep it for another (1) month, in order to investigate the incident and initiate legal proceedings to defend our legal interests, while if the incident concerns third parties, we will keep the video for up to three (3) more months.
Data subjects’ rights
Data subjects have the following rights:
You may exercise your rights by sending an e-mail to herondpo@gr.AndersenLegal.com or a letter to our postal address or by submitting the request to us in person, at the address of the company. To examine a request related to your image, you should tell us when you were within the range of the cameras and give us a picture of you to make it easier for us to locate your data and hide the data of third parties pictured. Alternatively, we give you the possibility to come to our facilities to show you the images in which you appear. Moreover, we would like you to note that exercising the right to object or the right to erasure does not imply the immediate erasure of data or the modification of the processing. In any case, we will answer you in detail as soon as possible, within the deadlines set by the GDPR.
Right to lodge a complaint
In case you consider that the processing of your data violates Regulation (EU) 2016/679, you have the right to lodge a complaint with the competent supervisory authority.
The competent supervisory authority in Greece is the Hellenic Data Protection Authority, Kifisias Avenue 1-3, 11523, Athens, https://www.dpa.gr/, telephone number +302106475600.