Share

Privacy Policy

Data Protection Privacy Statement for the website application that operates through the hyperlink www.findbiz.gr

27th of November 2018

  1. Scope of the web-based application (www.findbiz.gr) – General Information
  2. Field of Scope
  3. Categories & Types of Collected Data
    • Data Collected:
    • Declaration Regarding the Processing of Personal Data by ICAP (by its capacity as Data Controller and Processor - in accordance with the General Data Protection Regulation EU 679/2016)
    • Why will you process my Personal Data (PD)?
  4. Data Collection Points
  5. Transfer of Data to Third Parties
  6. Personal Data Retention Period
  7. Legitimate Interest - Intended Purpose - Lawful Basis for Data Processing
  8. Rights of the Data Subjects
  9. Data Processing by ICAP
  10. Profiling
  11. Submission of Complaint - Appeal
  12. Amendments

1. Scope of the web-based application (www.findbiz.gr) – General Information
Findbiz, is the largest online database in Greece, containing data for over 1,000,000 companies in 4 countries.

Findbiz services are provided by ICAP through its website www.findbiz.gr.
Using findbiz, the user can: 
(a) have annual access to business information described in detail below,
(b) export marketing data
(c) purchase sector studies of financial environment,
(d) promote company and products with banners’s functionality in findbiz pages
All website’s users have a limited access to services provided through wwww.findbiz.gr. Especially, all users can be informed about the content of the services provided and receive some of them, free of any charge.

Full access and use of business information services is available to any user who have paid annual subscription. Furthermore, right of access and use of sector studies is provided only to those users, who will have paid the additional fee of the sector study’s purchase.

2. Field of Scope
This privacy policy lays out the way ICAP S.A. as the owner of the website www.finbiz.gr (hereinafter referred to as “ICAP”) collects, uses, processes, stores, manages, and protects the commercial and financial information regarding entities and individuals through the website and the Services provided through the above mentioned site (hereinafter referred to as “Personal Data”), so as to meet the data protection standards of the company and comply with the applicable law.

This privacy policy shall apply to all information (i) to whom any third party may have access (hereinafter referred to as the “User or Client”) during the use of the Services (ii) that relates to the products and services (hereinafter referred to as “Services”) provided through the website www.findbiz.gr, described in detail below in paragraph 3 (iii) pertaining to visitors and clients of the website https://www.findbiz.gr  (hereinafter referred to as the “Website”). ICAP is bound to protect the privacy of Visitors/Clients, individuals and other data subjects and adhere to the Data Protection legislation currently in effect.

This policy shall not apply to information collected through any other website, services, products, platforms or for practices of companies that we do not control. We are not responsible for any personal data protection practices pertaining to websites, services, products, platforms of other companies.

3. Categories & Types of Collected Data
Data Collected:
A) When a user requests to be subscribed, to have full access to Business information services provided through the www.findbiz.gr, the following applies:

All users are subject to an advantageous annual fee. After the payment of the fee, they are granted unlimited access and use of our products, available through our website, for one year. During their annual subscription, the supplied business information is renewed, updated and enriched so that our clients could have direct, easy and economic access to current commercial and financial information that includes the following types of information:
- Information for more than 1,000,000 Greek and East Europe companies (Romania, Bulgaria and Serbia) such as: corporate name, company’s identification data (i.e.: - name, Tax Registration No., registered address, sector, legal form, date of establishment) communication data, history, premises, staff number, activity, imports & exports information, clientele, suppliers, represented firms, other commercial relationships, participations in other legal entities, net sales figures, shareholder/partner structure, administration structure, management, business plans, documents submitted to tax authorities, trial balance, trademarks, corporate e-mails, other contact information such as telephone number, fax number.]
Ιn addition through the web-based platform that operates through the Website the User has access to a database, which comprises information and profiles for companies in various legal forms, such as SA (AE), LTD (EPE), General (OE) & Limited Partnerships (EE) etc. This database enables the Client to use combined search criteria on the companies, such as zip code, group of activity and sales, so as you are able to create your own lists of companies following the Client’s personal style and choice.
- Published SA (AE) and LTD (EPE) Balance Sheets since 1997.
- This Service is available only for Greek companies and includes:
a) The Balance Sheets and Accounting Statements of all SA (AE) and LTD (EPE) companies,
b) The Consolidated Balance Sheets and Accounting Statements of Groups of Companies.
B) When a user requests to be subscribed, to have full access to Sector Studies services provided through the Website can access and review Studies of financial environment per section, which analyze the structure, the developments and the prospects on various sections of Greek economy.
C) Website Visitor/Client Data:  internet protocol address (ΙΡ), browser type and the operating system.

Declaration Regarding the Processing of Personal Data by ICAP (by its capacity as Data Controller and Processor - in accordance with the General Data Protection Regulation EU 679/2016)

Why will you process my Personal Data (PD)?
ICAP provides products and services containing commercial and financial information about legal entities, sole proprietorships and individuals based on the intended purpose, such as described in paragraph 6 hereof. Their contents vary depending on the type and purpose of the provided service of ICAP.
Information automatically collected when visiting and interacting in the Website: We inform you that your personal data and information that are collected and processed when you manage your account in the Website are appropriate to the purpose for which they are collected and are required for the processing of your inquiries, applications and the use of ICAP Services.
When visiting and interacting with the Website, certain information may be automatically collected, such as:
● your computer’s Internet protocol address (ΙΡ)
● the type of browser and the operating system
ICAP does not manage, collect or process geolocation data, which are collected and processed exclusively by the companies providing operating systems for each device you use (in case of use of iOS-Apple Inc or in case of android - Google Inc). ICAP does not have access to the positioning refresh rate of GPS.
 
4. Data Collection Points
Greece
1) General Commercial Registry Site of General Commercial Registry)
2) Internet (corporate sites)
3) Athens Stock Exchange Website
4) Teiresias S.A
5) Chambers of Commerce and Industry
6) General Secretariat of Information Systems (GSIS)
7) Corporates - Members of ICAP Trade Exchange Program
8) Google research (websites)
9) Social Media
10) Companies - Sole Proprietorships (existing clients)
11) Financial Press
12) The Website

Romania
1) National Trade Registry Office
2) Internet (corporate sites)
3) Ministry of Finance
4) National Agency of Fiscal Administration
5) National Bank of Romania

Bulgaria
1) Trade Registry
2) Internet (incl. corporate sites)
3) Bulgarian Stock Exchange 
4) National Social Security Institute

5. Transfer of Data to Third Parties
ICAP reserves the right to disclose your personal data to any member of its group of companies (parent company and its subsidiaries) to the extent it is reasonably necessary for the purposes determined in this policy and in particular:
● Your data will be transmitted to ICAP’s business units that are competent for the smooth and trouble-free operation of the Website services
● Your data may be transmitted and become accessible by legal entities with which, we have entered from time to time into agreements for the purpose of fulfilling our company’s goal (provision of credit rating evaluation services) in a correct and within our contractual terms framework.
● Your data may be transmitted, become accessible and processed by subsidiaries of our group within the European union, which apply the appropriate technical, physical and administrative security measures for protecting data from loss, misuse, damage or amendment, unauthorized access and disclosure, as provided by article 32 of the GDPR 679/2016.
● During all transmissions, we always take all measures to ensure that the transmitted data are the minimum required and that the conditions for legitimate and lawful processing will always be met.
 
6. Personal Data Retention Period
The data retention period depends on the lawful basis of processing, as set out in detail below:
● In case the lawful basis for processing is the exercise of legitimate interest, the processing of personal data is carried out for as long as it is considered necessary, for the achievement of ICAP’s intended purpose and for the time still required until the limitation period of any related claims has expired.
● In case the personal data of the user/ client (Account Information) are provided on the basis of the user/client’s own consent within the framework of the user/client’s registration in the services of the Website or/and the application “ICAP On the Go”, we shall retain your data for as long as we maintain our contractual relationship with them both in hard copy and in electronic form or until the granted consent by the data subject is withdrawn. In case this is interrupted for any reason, we shall retain such data for as long as it is required until the limitation period of any related claims expires.
● In case the lawful basis for processing is the execution of the contract, we shall retain your data for as long as you have the contractual relationship with us both in hard copy and in electronic form or we shall retain them for as long as it is required until the limitation period of any related claims expires.

7. Legitimate Interest - Intended Purpose - Lawful Basis for Data Processing
ΙCAP S.A. operates as Credit Rating Agency since the 7th of July 2011, in accordance with the approval it received from the Hellenic Capital Market Commission and the European Securities & Markets Authority (ESMA).
 
ΙCAP within the framework of its general business activity according to the above and while pursuing of its statutory objectives, which include the collection, management, and provision of commercial and financial information (business information), which concern the credit risk evaluation of entities and the promotion of its business activity for the evaluation of credit risks and the resolution of transactions, has created and maintains a database, which is daily updated with financial and commercial information of entities. ICAP processes and stores the said data within the E.U.  
 
Moreover, the Clients/ Users of the Website will be subject to certain personal data processing that may be required when registering on the Website”, in case such processing is deemed necessary for the conclusion of a contract with ICAP, as well as for the use of the aforementioned Websites and applications.
 
8. Rights of the Data Subjects
You may exercise, as the case may be, the rights deriving from the applicable Greek Legislation and the General Data Protection Regulation (Regulation (EU) 2016/679) which are as follows:
a. the right of information (article 13),
b. the right of access (article 15),
c. the right to rectification (article 16),
d. the right to erasure “right to be forgotten” (article 17),
e. the right to restriction of processing (article 18),
f. the right to data portability (to receive your personal data in a structured and commonly used format - article 20 where applicable) and
g. the right to object (article 21). 
● These rights shall be exercised free of charge for you by sending a relevant letter to the Data Protection Officer (DPO) of ICAP: 2 Eleftheriou Venizelou street, Kallithea, or via e-mail to privacy@icap.gr, unless they are repetitive and due to their volume, they cause us administrative charges. In that case you shall undertake the cost related to the exercise of the respective right.
● In case you exercise any of your rights, we will take all measures available for the satisfaction of your request within thirty (30) days following the receipt of the relevant request. We may either inform you of the acceptance of your request or any objective grounds that hinder its satisfaction.
● Notwithstanding the above, you may at any time object to the processing of your Personal Data, by withdrawing your consent (article 7, par. 3 of the GDPR 679/2016).

9. Data Processing by ICAP
In some cases, our clients provide us with their business data, such as customer, supplier or third parties’ data - which may contain personal data (who may be individuals or companies) - within the framework of provision of our services. In such cases, ICAP shall operate as the “Processor” of the personal data, which are included in the said business data. Consequently, in such case different provisions of the GDPR 679/2016 shall apply, with which we comply.

Additionally, ICAP applies throughout the data processing procedure, the appropriate technical, physical, and administrative security measures for protecting the data from loss, misuse, damage or modification, unauthorized access and disclosure, as it is provided under article 32 of the GDPR 679/2016 in order to ensure appropriate security level against risks, including, among others, as the case may be:
a) encryption of personal data
b) the ability to ensure confidentiality (article 90 GDPR 679/2016), the integrity, availability, and resilience of processing systems and services on an ongoing basis,
c) the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident,
d) a process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing.

Moreover, ICAP shall take measures so as to ensure that any physical person acting under the authority of the controller or of the processor, who has access to personal data, shall not process those data except on instructions from the controller and limits access to your personal information to authorized employees. ICAP servers are hosted at IBM data centre (hosting provider) in Athens.

10. Profiling
We use the information we obtain to produce scores and ratings such as scores for payment consistency, the level of maximum credit etc. We may also carry out customized profiles for our customers. We use highly developed scoring models and algorithms, which are based on previous similar circumstances, adverse events and economic forecasts to produce a score.
We recommend to our customers how to interpret and use our scores. Our customers may choose to use our scores alone or combine the scores with other information available to them. Their decision making will be based around whether to insure or market to, extend credit, acquire, trade or partner with a business. Our scores predict whether a business is likely to continue trading, pay its bills on time, receive credit, whether they would be likely to purchase a product or service, where they benchmark within their industry or whether they are subject to any specific risks. We do not make any decisions about an organization – we do not hold blacklists and we do not encourage our customers whether to trade with an organization.

11. Submission of Complaint - Appeal
● For any issue regarding your data processing, you may contact us via e-mail at customercare@icap.gr (for Greece & Cyprus), privacy@icap.ro (for Romania), privacy@icap.bg (for Bulgaria).
● Moreover, you are always entitled to contact the 

  • Hellenic Data Protection Authority, which may accept the submission of relevant complaints in writing at its offices at 1-3, Kifisias Street, Postal Code 115 23, Athens or via e-mail (contact@dpa.gr) in accordance with the instructions indicated on its website.
  • Romanian National Authority for the Supervision of Personal Data Processing, which may accept the submission of relevant complaints in writing at its offices at B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, Postal Code 010336, Bucharest, Romania or via e-mail (anspdcp@dataprotection.ro) in accordance with the instructions indicated on its website www.dataprotection.ro.
  • Bulgarian Commission for Personal Data Protection, which may accept the submission of relevant complaints in writing at its protocol in its offices 2 Prof. Tsvetan Lazarov Blvd., Sofia 1592 or by e-mail (dpo@cpdp.bg) in accordance with the instructions indicated on its website.

12. Amendments
This policy may be renewed from time to time, due to amendments to the related legislation or change of ICAP’s corporate structure. Thereby, we encourage the Clients/ Users to periodically check this site to be informed regarding recent information on privacy practices. In any case, the Clients/ Users will be informed via e-mail or a notice on our Website regarding any amendments to this policy.