PRIVACY POLICY
1. Personal Data Protection
1. 1. The banking company with the name SNAPPI Banking Company Limited, headquartered in Ioannina ( 7A Krystalli Street , GEMI 164679129000, VAT number 801858330 - competent Greek supervisory authority: Bank of Greece or " BoG ", 21 Eleftheriou Venizelou Street, P.C. 102 50, Athens, hereinafter also the " Bank " or " Snappi ", or " We ") places great importance on the lawful processing, security and protection of your personal data. For this reason, we have established this Privacy Policy (the " Policy ") with the aim of informing you of the terms under which your personal data is processed by us. This Policy has been adopted in compliance with Regulation 2016/679/EU, i.e. the General Data Protection Regulation, also known as GDPR, as well as in accordance with all legislation governing data processing, such as, for example, Law 3471/2006 (on the processing of personal data for communication purposes), and the decisions and instructions of the competent Authorities.
1.2. This Policy is addressed to the following individuals:
- prospective or existing individual customers of ours
- natural persons associated with businesses that are our customers (e.g., legal representatives, beneficial owners, account operators of legal entities)
- anyone who has access to specific products and digital channels of the Bank
(hereinafter referred to as “You”, “Your”) and concerns the processing of data carried out both through Snappi's digital (and other remote) channels as well as through in-person interactions.
1.3. Below, you will find information regarding the terms under which your personal data is processed, and specifically you will be informed about:
- the types of data we process (i.e., collect, retain, use, and disclose)
- the purposes and legal bases for the processing
- the security measures we take to ensure the safe storage and processing of your data
- the recipients of your data
- your rights and how you can exercise them.
1.4. Snappi is the Data Controller of your personal data. For any issue related to personal data, you can call 2104838000 or send us an email at customer@snappibank.com . If you already use our application, you can submit your requests through it as well.
1.5. SNAPPI has appointed a Data Protection Officer ("DPO"), whom you can contact at the email address: dpo@snappibank.com for any matter related to the processing of your personal data and the exercise of your rights.
1.6. Please read this Policy carefully together with the Bank's General Terms and Conditions. When you use our products and services, our application and more generally when you transact with us, you declare that you have read and understand this Policy, based on which the processing of your personal data and information is carried out. If you do not agree with the practices described in this Policy, please refrain from communicating and transacting with us. In case you require any clarification or further information, please do not hesitate to contact us before taking any action involving the processing of your data. However, please note that any clarification provided to you in this regard does not constitute an amendment or replacement of this Policy and is provided solely for clarification purposes for your convenience.
1.7. Depending on the product or service you use, specific terms may apply, and specific information may be provided regarding the processing of your data, which will prevail. You should read this Policy in conjunction with the specific terms.
1.8. Snappi reserves the right to make amendments to this Policy, for example to comply with new requirements imposed by applicable laws, directives, or technical requirements or in the event of a review of procedures or practices it applies. In the event of significant changes, you will be informed in a timely and appropriate manner. If you continue to use Snappi's products and services, in particular the digital application, following such update, it is considered that you have been informed, understood and accept such changes to the Policy.
2. Personal Data and Data Processing
2.1. Personal data is considered, according to the General Data Protection Regulation 2016/679 (GDPR), any information that can lead, either directly or in combination with other information, to your identification as a natural person.
2.2. The processing of personal data consists of the collection, recording, organization, structuring, storage, alteration, retrieval, information search, use, transmission, restriction or deletion of personal data that have come to the knowledge of the Bank or will come to its attention.
2.3. The Bank processes your personal data, which you or your legal representatives have submitted or are going to submit to the Bank, and which are necessary for the initiation, maintenance and execution of your transactional relationships with the Bank, existing or future depending on the product or service provided and its applicable procedures and policies. Your personal data that you provide to the Bank must be complete, accurate and updated by your own diligence immediately, in any case of their change or whenever otherwise deemed necessary by the Bank for the maintenance of your transactional relationships or in fulfillment of an obligation of the Bank arising from the law and the applicable regulatory provisions.
2.4. Specifically, the data we collect about you includes:
- Identity data (name, identity number, VAT number, tax residence, date of birth, copies of documents certifying the above data)
- Demographic data (gender, marital status)
- Contact details (address, email, phone number)
- Application login data (login credentials e.g. username , password ). Please note that the Bank only keeps the customer's username intact. The password is kept encrypted solely for the purpose of confirming its authenticity when you wish to log in to the application and the Bank is not aware of the password itself.
- Biometric data (photo, image). It is noted that the Bank processes your biometric data only during the process of your identification and not during the use of the application. The Bank retains the above information about you for the purpose of remote electronic identification, in order to comply with the provisions of the regulatory framework for the prevention of money laundering and the financing of terrorism, as in force from time to time, and specifically, to comply with the regulatory framework of the Bank of Greece. The legal basis for processing is your explicit consent, which you may revoke at any time without affecting the lawfulness of the processing that took place prior to the withdrawal. The Bank assigns a partner to process the said data, which is retained for a period of five (5) years after the termination of our business relationship or the date of any occasional transaction. After this period, your data will be deleted, unless its retention is required by another law or regulation for a longer period. The Bank and its partner take appropriate measures to protect the confidentiality and security of personal data.
- Financial data, transaction data, and data related to banking services and products (such as information on banking products and services, e.g., card numbers, CVC/CVV, expiration date, bank account number and type, transaction and activity details, tokens you create when entering your card from a third-party financial institution into our app, and account numbers you hold at other banks when you disclose them to us, e.g., in the case of a wire transfer).
- It is noted that the Bank is aware of your account number and IBAN, but not your PIN: your PIN is stored in encrypted form exclusively for the purpose of verifying its authenticity when used, and the Bank does not have access to or knowledge of it.
- Data related to the receipt of credit products (e.g. BNPL ) which includes income data, age, professional or student status, transaction data related to the product in question such as basket products, purchase amount, merchant name, data related to your work and financial obligations relating to you or third parties related to you.
- Communication content (message content, including voice recording during a call to the call center).
- Technical data and cookies , including: type of device you use and its operating system, Internet Protocol address (IP address ), the ISP you use to connect your device to the internet , your time zone, screen resolution, device location, including specific geographic locations, information about application usage, application performance measurement data, application response time, download errors, duration of page visits, interaction information (such as scrolling, clicking and moving the mouse over certain elements), the methods used to access and exit pages, date/time and/or click data, the types of content you view or interact with, other websites and applications you have visited.
2.5. Your personal data is collected:
- Directly from you, such as:
-when you complete applications for expression of interest to acquire our products and services or to collaborate with us
-within the context of the transactional relationship you maintain with the Bank
-when you take part in promotions
-when you use our online and digital services
-when you contact us via email or phone by calling us contacting our call center or when you interact with us on social media.
- From third parties, such as:
-from sources of public bodies accessible to credit institutions and corresponding organizations (when searching for data resulting from sanctions lists, registers of beneficial owners, politically exposed persons - PEP, data received from eGovKYC ),
-in the context of information received by the Bank from third-party natural or legal persons or public sector bodies in the exercise of its legal rights (e.g. DIAS),
-when we receive information from other financial and payment institutions regarding your payments to us,
-when they submit a request to us concerning you (when a transaction is disputed, when a complaint is submitted),
-when you apply for credit products (e.g. BNPL), we may seek information about you from third-party credit rating agencies (regarding your creditworthiness, financial situation, previous and current debts), access relevant registers (including credit registers, registers containing income information, credit history, debts to third parties, addresses, invalid identity documents), search for information in the Interbank Information System of Tiresias, access your accounts held with other credit institutions / payment institutions, information held by tax authorities. It is noted that in the event that a third party submits a corresponding loan application, we may seek the above information about you, due to your existing relationship (e.g. marital).
-from our partners in the context of marketing campaigns (competitions, offers, customer satisfaction surveys, data analytics providers),
-from publicly accessible sources.
- By automated means, such as:
-when you use our digital application and other digital media
-using cookies , tracking signals or other similar technologies.
3. Purposes and Legal Basis of Processing
3.1. Snappi processes your data for specific legitimate purposes, which briefly include:
- your identification / confirmation of your identity
- evaluation of our cooperation
- providing our products and services, including our digital application, and communicating with you in your capacity as our customer
- taking measures to combat criminal acts
- communication with you when you submit a relevant request to the Bank, without being our customer (e.g. when you call our call center or contact us via our contact form)
- sending marketing material and carrying out promotional activities
- the proper functioning of our digital channels, mainly our application, and the improvement of our products and services provided
3.2. For the processing of your personal data, Snappi always relies on the appropriate legal basis that allows its processing based on the purpose that justifies its processing. The legal bases on which Snappi's processing is based include:
- The execution of a contract we have with you, when you accept our General Terms and Conditions and make use of our products and services.
- Your consent, when you voluntarily provide us with your data.
- Our legitimate interest, reasonably balanced against the protection of your privacy.
- Our compliance with our legal obligations, as dictated by relevant legislation.
3.3. The table below presents in detail the purposes for which we process your data, lists which of your data we use for each purpose and includes the relevant legal bases on which we rely for their processing.
Purpose | Data | Legal Basis |
Identification of a (prospective) individual customer We process your personal data that is necessary:
The processing of your data for the purpose of identification concerns both data provided in person and electronically (through our digital application or by other means) | Identity Data Contact Data Financial Data | Compliance with a legal obligation: As a Bank, we are obliged, before the start of our contractual relationship, to collect data that certifies your identity, in order
|
Biometric Data Financial Data
| Consent: If you choose to use your biometric data to complete the identification process (in particular, recognizing your face through taking a photo, voice or live image - liveselfie). If you provide us with your Financial Data to evaluate your application for a Snappi product. | |
Identification of natural persons related to business customers (legal entities) We process the personal data of legal representatives, beneficial owners or other persons who may (or will) manage the accounts of the legal entity - client, which are necessary to confirm the identity of the persons managing the respective legal entity (board of directors, partners, managers, legal representatives, etc. ) and to confirm the identities of the beneficial owners.
| Identity Data Contact Data Financial Data
* The processing of your data for the purpose of identification concerns both data provided in person and electronically (through our digital application or by other means) | Compliance with a legal obligation: As a Bank, we are obliged, before the commencement of our contractual relationship with legal entities, to collect data that certify the identity of the natural persons related to them, for reasons related to
|
Evaluation of the commencement of our business relationship We process the data of natural persons related to your business or your business itself (if it is a sole proprietorship) to evaluate the potential business cooperation between us and to provide you with the necessary pre-contractual information for your integration into our customer base (customer onboarding ). | Identity data Demographic data Contact details Financial / transactional / banking data | Contract execution (at pre-contractual stage): We process the personal data of the persons who manage (in a broad sense) the business in order to:
|
Provision of services and products We process your personal data to provide you with our services and products, including the features available through our digital application. We may record telephone communications after prior notification to you.
| Login Data Identity data Biometric Data Demographic data Contact details Financial / transactional / banking data
| Contract Execution:
Legitimate Interest: In some cases we may rely on our legitimate interest, as long as it is reasonably balanced against your expectations and rights, in order to make our products and services more functional and efficient. For example, we may use your transaction data to present you with aggregated data of your transactions and make it easier for you to access information.
Consent :
Legal Obligation:
For reasons of substantial public interest: Snappi processes your biometric data to authorize specific transactions in compliance with legal obligations (e.g. to prevent fraud and money laundering) |
Third party service We process the data you provide to us when you communicate with us regarding our products and services, without being a customer of the Bank. | Identity data Contact details Your communication content | Consent: If you are not already our customer and wish to contact us via our contact form or our call center, we will process the personal data you voluntarily provide to us to manage your request. Please do not provide us with more data than is necessary to respond to your request. When you provide us with third-party data as part of your request, you expressly state that you have received their relevant consent to transfer it to us, or that relevant consent is not required. |
Marketing We process your personal data to send you advertising communications when you provide your consent to this. In addition, we process the data you provide us when we ask you questions regarding your satisfaction with our services (market research) We process your personal data when you are already our customer in order to inform you about other, new similar services. | Identity data Contact details Transaction Data | Consent: If you have provided us with your consent, we will send you advertisements in the media in which you have indicated that you wish to receive relevant advertisements. If you have consented to receiving commercial communication based on profiling, we will send you promotional material tailored to your personal habits and preferences. During periods when we conduct market research to obtain feedback from you regarding our products and services, particularly our digital application, we will request your consent to process your data for this purpose. Legitimate Interest: We may use the contact information you have provided to us in the context of providing a service or product to contact you about related products and services, based on our legitimate interest in promoting our services, reasonably balanced against your rights to your personal data and privacy. We do not share your personal information with third parties so that they can send you relevant advertisements, unless you have previously expressly consented. |
Proper functioning of our digital channels, mainly our application, and the improvement of our products and services provided. We process your personal data to ensure the proper functioning of our digital channels, mainly our application, and to improve the products and services we provide to you, as well as to improve our digital channels. In addition, we process your data for our compliance with our legal obligations (e.g. to prevent fraud incidents).
|
Login Data Technical data and data via cookies | Contract Execution: We process your data within the framework of the contractual obligations we have undertaken towards you and in particular in order to provide you with an application that meets high quality and security standards (for example, we use electronic identification technologies that allow your unique identification to prevent unauthorized connection to your digital application by third parties). Legitimate Interest: We process your personal data in order to:
Compliance with Legal Obligation: We process your personal data to comply with our legal obligations related to:
|
3.4 Where the legal basis for the processing of your data is consent, you have the right to withdraw it, with effect for the future. You also have the possibility to withdraw your consent to receive commercial communication via e - mail at any time, by clicking on the unsubscribe button in the communication you will receive. Where the legal basis for the processing of your data is the legitimate interest of our Company, you have the right to object by contacting us at our contact details. In any case, you can adjust your communication preferences at any time, where possible, through the digital application or by calling the number 2104838000. We remind you that the deactivation of certain communication features is not possible due to a relevant obligation that the Bank has to inform you of.
3.5. We will process your personal data on the basis of our legitimate interest if required in the context of defending our rights, but also of the Bank's compliance with its legal obligation when we receive documents, requests, orders, petitions, warrants, etc. from third parties, legal authorities or bodies, such as supervisory, prosecutorial, judicial, tax authorities, supervisory bodies, for the investigation of crimes and your protection against fraud or the fight against any form of crime and infringement of legal assets.
4. Recipients of your data
4.1. To be able to provide you with all the services and products we offer, we maintain partnerships with third-party partners, to whom we transfer your data exclusively for these purposes. Specifically, we transfer your personal data to:
4.1.1. Providers of identification and certification services for natural persons,
4.1.2.providers who host and develop our digital channels, including our application, and maintain our information systems,
4.1.3. providers who support our operations through the execution and clearing of transactions, risk assessment and fraud detection, prevention of money laundering and terrorist financing,
4.1.4. Banking and financial services and payment networks, including Visa and Mastercard ,
4.1.5. Debt collection companies,
4.1.6. Customer service providers,
4.1.7. Courier services, e.g. for sending your physical card,
4.1.8. Communication services, for sending messages and Push notifications.
4.1.9. Advertisers and analytics service providers for the promotion and advertising of our products and services (advertising agencies, public relations agencies, research companies, search engines).
4.1.10. Public or private credit rating agencies, when the relevant information is requested for credit products you have applied for from other credit institutions. When processing and collecting direct debits or other payments due from you under a loan agreement, we may also share your personal data with third party payment service providers.
4.2. It is understood that we will transmit data concerning your transactions with third parties, legal or natural persons, to the persons to whom they relate, as well as to the credit institutions or payment institutions in which these third parties hold their banking products.
4.3. We will share your personal data with third parties if you instruct us to do so. For example, you may authorize third parties to act on your behalf (including your lawyers, accountants, relatives or third parties, based on a power of attorney). We reserve the right to request evidence of the relevant authorization of the third party to act validly on your behalf.
4.4. We may also transfer your personal data to third parties in the following cases:
4.4.1. at any time, when we are required by law, we may disclose information to the relevant supervisory authorities,
4.4.2. for the purposes of detecting, investigating and preventing fraud and generally contributing to our protection against fraudulent actions, to reduce credit risk,
4.4.3. to detect, investigate and prevent money laundering and terrorist financing activities,
4.4.4. in the event of non-performance or poor performance of your commitments, we may transfer data regarding your outstanding obligations to debt management service providers, credit bureaus and legal service providers.
4.4.5. When selling part of our business or transferring your obligations to us to third parties, we may also share your data.
4.5. The data we collect about you is not transferred outside the European Economic Area (EEA). If a transfer outside the EEA is required, we take all appropriate measures to ensure the security of your personal data in accordance with this Policy and applicable law.
5. Retention Time of your data
5.1. We retain your personal data for the required time frame, considering the purposes for which it was collected, in particular to fulfill our contractual relationships with you, to exercise our legitimate interests or to comply with legal retention periods. We may retain your personal data for a certain period after you have ceased to be a customer, in order to protect our legitimate interests in the event of disputes or as required by law.
6. Protecting your rights
6.1. You can exercise your rights arising from the protection of your personal data at the contact details of Snappi above. For your convenience, we provide below a detailed table with your rights:
6.2. Right of Access: You can ask us to confirm that the Bank is processing your personal data, to gain access to any data we process about you and to receive relevant information about its processing, such as: what data the Bank holds, why it uses it, to whom it transfers it, whether it transfers it to third countries, how it protects it, for how long it keeps it, what rights both you and the Bank have, where it collected it in the event that it did not collect it from you (unless the disclosure of such information is prohibited by law). You can request a copy of the information we process to check the information we have about you. The copy can be requested free of charge.
6.3. Right to rectification: You may request that we update, correct or delete your personal data at any time (to the extent permitted by applicable law and this does not affect the services we provide to you). If we are unable to carry out the relevant correction for technical or legal reasons, we will refer you to how you can correct any inaccuracy yourself. The Bank reserves the right to verify the accuracy of the data before proceeding with its correction and is obliged to inform the recipient to whom the personal data was disclosed, unless this proves to be impracticable or involves a disproportionate effort. Please note that we may reject requests that endanger the privacy of others whose data we store or are unreasonable, repetitive or would require a disproportionate effort on our part. We must also comply with certain legal obligations that prevent us from immediately deleting your personal data. Such obligations arise, for example, from the legislative framework for combating money laundering, tax legislation, consumer protection framework. In any case, where we cannot fulfill your request regarding your personal data, we will notify you in a timely manner. We remind you that you must inform us in case of a change in the data you have provided to us during the contract conclusion process or in our future cooperation, in particular if it is found that your personal data that we process are inaccurate.
6.4. Right to Erasure: You may request that your data be erased when (a) you have withdrawn your consent on which the processing is based (b) it is no longer needed for the purposes for which it was collected, (c) in the event that you establish that it is otherwise or unlawfully processed, (d) if you object to the processing. The Bank reserves the right to refuse the exercise of the above right if the processing of the data is necessary ( i ) for the purpose for which it was collected, ( ii ) for compliance with a legal obligation, ( iii ) for the establishment, exercise or defense of legal claims. When you terminate the contracts between us, you may request the erasure of your data. The erasure will only take place when the above conditions are met.
6.5. Right to restriction: You can ask the Bank to exercise the right to restrict processing, i.e. to retain but not use your personal data when (a) their accuracy is contested, so that you can verify their accuracy (b) the processing is unlawful but you do not wish them to be deleted (c) the processing of the data is no longer necessary for the purposes for which they were collected, but our company still needs them for the establishment, exercise or defence of legal claims, (d) you object to their processing and await verification of its result, i.e. whether our company's legitimate reasons prevail over your own legitimate claims.
6.6. Right to Portability : You have the right to request that the Bank provide you with your personal data in a structured format or you can request that they be transferred directly to another controller. The condition is that the data have been provided with consent or in the context of the performance of the contract and that the data are kept by automated means and not on paper. An additional condition is that the data have been provided by you and does not apply to the case in which the data have been inferred by us based on the data you have provided to us.
6.7. Right to human intervention: When you apply for credit products, we will perform automated credit and risk assessments to decide whether to grant a loan and to determine the relevant factors (e.g. its maximum amount). In the event of a fully automated decision, you have the right to object to the decision and request its review with human intervention.
6.8. True and accurate information: For us to be able to respond and/or satisfy your request accurately, you must always provide specific, accurate and true data and/or facts. Otherwise, the Bank shall not be liable for any errors. Furthermore, we have the right to reject requests that are unfounded, excessive, abusive, submitted in bad faith or are illegal. We may also request clarifications to understand your concerns and expectations in order to manage your request more effectively.
6.9. Identity verification: We have the right to ask you for proof of your identity to be able to satisfy your rights.
6.10. Cost: You will not have to pay to exercise your rights in relation to your personal data, unless otherwise provided by law or in cases where the request is unfounded or excessive. In such a case, we may charge a reasonable fee, which we will inform you of before we proceed with your request.
6.11. Timeframes: We aim to respond to all valid requests no later than ten (10) days from receipt, unless the request is extremely complex or the data subject has submitted multiple requests, in which case we aim to respond within three (3) months. In the event that we need more than one month to handle your request for the above reasons, we will inform you accordingly.
6.12. We strive to protect your personal data and ensure its secure processing and storage. However, if you believe that we have violated your rights, please contact us to resolve any issues and concerns. You have the right to submit a complaint to the local supervisory authority regarding our processing of your personal data. In Greece, the supervisory authority for data protection is the Personal Data Protection Authority – www.dpa.gr/ .
7. Application Security
7.1. Our app is only available on devices using the operating systems our app runs on. Our app does not work on jailbroken or rooted devices. Device registration is required.
7.2. We take appropriate technical and organizational measures to ensure the confidentiality, integrity and availability of your data, i.e. to ensure that your personal information is transmitted, stored and processed in accordance with appropriate technical information security standards and security procedures and in accordance with the terms of this Policy and applicable data protection laws.
7.3. We take steps and strive to protect you 24 hours a day, 7 days a week, using technology and safeguards that meet or exceed industry standards and averages, but you must also use our online banking services carefully and exercise due diligence. Being careful and exercising due diligence when using our services includes, for example:
7.4. Do everything you can and reasonably expect to do to keep your data (such as login credentials, PIN code and related information) secure, log out as soon as you complete the relevant actions, do not allow anyone else to access your account or your credentials, or to make transactions using them.
7.5. Please notify us as soon as possible if you believe that your information has been lost, stolen, destroyed or misused, or if you believe that someone may have accessed your accounts without your authorization or has discovered or disclosed your security information to third parties.
7.6. Perform regular virus and malware scans on your devices.
7.7. In malicious emails, website addresses may appear authentic at first glance, but a closer look may reveal a different web address than what it should or claims to be from. In our genuine emails, the link address includes the name of the person sending it to you or the relevant department the email belongs to ( e.g. info , jon . doe ) and always ends as: @ snappibank . com
7.8. If you receive an email claiming to be from Snappi and requesting personal information—such as passwords, credit/debit card numbers or PINs, passport numbers, national ID numbers, etc.—do not provide or enter any such information. These messages are fraudulent and should be disregarded immediately.
7.9. Snappi will not, under any circumstances, send emails requesting personal data from its customers. If you receive such emails and are unsure of the actions to take or for any other clarification you may need, do not hesitate to contact us at +302103848000 and at customer @ mailto:customer@snappibank.comsnappibank mailto:customer@snappibank.com. com . Our service operates 24 hours a day, 365 days a year.
This Policy was published by the Company on 24-07-2025 and is subject to periodic improvement and revision. Any changes to this Policy will apply to information collected from the date the revised version is published, as well as to existing information in our possession. Your use of the website after the publication of changes constitutes your acceptance of such changes.
Version 1.2
