Privacy Notice

Update on 03/01/2024

We would like to inform you about the protection of personal data and privacy, as well as about the modifications we have made as part of our commitment to transparency as regards the way we handle personal data and we keep them safe. In particular, we have made modifications to comply with the new requirements introduced by the General Data Protection Regulation (GDPR). The present notice may be updated in accordance with any new recommendations of the regulatory authority of Greece (Data Protection Authority) or of the EU or the legislation each time in force.

The personal data protection notices define the way Olympia Odos SA (the “Concessionaire”) and Olympia Odos Operation SA (the “Operator) jointly collect, store and handle personal data, as well as the rights of the data subjects regarding the processing of their personal data. 

About us

OLYMPIA ODOS S.A. was exclusively established to implement the Concession Agreement for the design, financing, construction and operation of Elefsina-Korinthos-Patras-Pyrgos-Tsakona Motorway (hereinafter the “Concession Project”). OLYMPIA ODOS OPERATION S.A. is the operator who undertook from OLYMPIA ODOS S.A. and for its account, to provide toll collection services, to serve the customers, to manage the traffic and to implement the routine maintenance of the motorway. The relation between the two companies pertaining to the provision of services regarding the concession of the project are mainly defined in Law 3621/2007 as amended by Law 4219/2013.

Companies’ particulars:

The above two companies (hereinafter “We”, the “Companies”, the “Controllers”) are jointly responsible for processing the information on personal data.

For more information, please contact us at the particulars you will find here:  Any questions? Contact us

Data collected on you & how are they collected

First, we point out that the collected data do not need to be “personal data” in accordance with the legislation (see Glossary below), since they may not identify, by themselves, the data subject. However, we proceed with the present notice also as regards these data for transparency and full information reasons.

The type of data kept by us may include, as the case may be, the following:

The information we have about you are mainly provided by you when you contact us for the first time, and while you have a subscription to us. In some cases, we may collect information although you have entered into no agreement with us, but you just passed from the toll stations (e.g. because of accidents, violations etc.). You can provide us with  your personal data at various points of time and through different communication channels, such as through a written or electronic form, telephone, e-mail, a member of our personnel or our agents, or we may collect your data, when for example you:

• request information or submit a request through our website;
• register in the online O-pass service and check any information for your account
• ask to contact one of our representatives;
• participate in any promotion or survey we conduct;
• the license plate of your vehicle is shown on recorded material, or
• file a request or complaint.

Moreover, we can be provided with the type of personal data mentioned hereinabove by:

• your employer, if you have a toll exemption card in your capacity as personnel of the Service entitled to an exemption under article 24.4.2 of the Concession Agreement (Law 3621/2007) or if we provide services to the employees of your company or group;
• a company managing the toll stations of another motorway, since they may transfer to us data on toll passages when, as our Subscriber, you make electronic toll passages from a toll station of another motorway participating in the Interoperability System.

In specific cases, personal data of other more sensitive categories may come to our notice, including data on your health, e.g. because you were involved in a road accident.

Wherever the law requires us to get your explicit consent to process such specific categories personal data, we will timely ask you for such consent. If you opt for not giving your consent, we may not be in a position to either meet your needs or to proceed with the performance of some of the tasks to be effected in order to provide you some services.

In any other case, the legal grounds for the processing of personal data that do not fall within any personal data special category, will depend on the reason for which we do process your data.

Why do we collect this information & how do we use your data?

We process your data on the following purposes:

• Hold - manage the company’s correspondence;
• Notify events to insurance companies as a result of an obligation or right arising from an existing insurance cover (e.g.  third party liability of the Concession Project, vehicles’ insurance cover, etc.);
• View and record Videos recorded through cameras, i.e.:  (a) traffic management cameras within the Elefsina-Patras Motorway (toll plazas, tunnels and open road) and (b) safety cameras installed on buildings (in areas equipped with cameras, there are relevant signs to inform you);
• View and record Videos recorded the Toll System and its cameras installed on the toll lanes (there are relevant signs to inform you);
• Keep an OO Incident Record and photos;
• Record incoming/outgoing phone calls as well as calls from the Emergency Roadside Telephone (ERT) installed along the Road;
• Conclude an Olympia Pass* Electronic Tolls Service Agreement;
• Receive requests/complaints made by users or subscribers;
• Record passages exempted from tolls;
• Record special passages (disabled people);
• Monitor toll violations (passage without paying tolls);
• Send marketing information / newsletters.

As regards the above purposes, the processing legal grounds are the following depending on the case:

• Processing is our legal obligation (under the Concession Agreement);
• Processing is required in order to enter into an agreement with you (e.g. for the O-pass services);
• Processing serves our business needs and interests (e.g. fulfilment of our (contractual, legal, etc.) obligations, communication with third parties, defense - legal protection, protection of the Companies’ goods and property, statistic- historic purposes, promotion of our services);
• We have been given your prior, explicit, written, specific and informed consent to process the data such consent concerns (e.g. marketing).

* The provision of such data and their processing by Us is a contractual requirement for concluding an agreement and any refusal to provide such data entails the failure of the Controllers to enter into an agreement with you.

* In the event that We found the processing of your data on “legitimate interest”, we would like to inform you that we have first made an assessment for balancing our interests with your interests, rights and freedoms regarding your privacy and the protection of your data (“balance test”) and we have concluded that such processing is necessary and proportionate to our goal. For more information please contact us (Any questions? Contact us) or file a complaint to a supervisory authority.

*Note that the competent local Motorways Traffic Police Department has direct (parallel) and independent access to the toll violation data of the Toll System in order to certify the toll payment violation provided for in the Highway Code (article 29, para. 10 and article 104). 

How do we read your personal data and transfer of data to third countries

We may use and share part or all your personal data, always by fully respecting them, with other companies that are our partners, or with supervisory authorities in order to:

• Manage the agreement concluded with you and handle claims and other transactions;
• In case you are an electronic toll services subscriber of another company and you have entered into an agreement with us within the framework of the toll interoperability, to send to the said company data on your passages from the toll stations of Olympia Odos to ensure correct invoicing and/or settle any disputes;
• Confirm or correct the data we have about you;
• Conduct a survey to be internally used by our Company;
• Ensure the support of our associates for our systems;
• Comply with the law where, for example, we have to allow sharing your personal data with the services of the Police or other competent authority, where this is required to prevent any crimes;
• Be audited by competent Ministries, police or judicial authorities, tax authorities, etc.;
• Be assisted by our associates for printing/posting/sending files to you;
• Provide information about special offers and services that may be of your interest;
• Fulfill other business goals, such as product development and website management;
• Protect the rights, property and safety of the Company, our customers or third parties;
• Comply with a search warrant or Court decision/order/provision or act as required or allowed by the legislation in force, as for example when a third party has legitimate interest to and is entitled to get your data.

When we share your personal data with third parties who provide us with business services, we require them to take the appropriate measures to protect your personal data and to use such personal data only for providing these services.

Your personal data will never be transferred to other countries. The countries of the European Economic Area are considered to provide the same level of personal data protection as Greece. If, in the future, we will transfer your personal data or share them with others beyond the European Economic Area, first you will be promptly informed and second we will have ensured that we and these persons or companies to which the data are transferred undertake to protect the data from any inappropriate use or disclosure in accordance with the applicable European or national legislation on data protection, using standard clauses or other appropriate mechanisms.

Automated decision-making / profiling

We make no automated individual decision making and profiling. 

For how long are your data kept?

Our present Personal Data Protection Policy complies with all laws in force as well as with the personal data legislation to which is subject. These laws define for how long we may keep all different kinds of data that we hold and are regularly controlled.

We safely destroy the data that we no longer need to hold, in accordance with the deadlines set in our policies.

When we continue to use data for statistics or surveys, we ensure that these data are anonymized and so you cannot be identified in any way whatsoever.

Modification of the present Privacy Notice.

We may modify this Personal Data Protection Policy at any time. If we proceed with any material modification in the way we collect your personal data or in the way we use or share them, we will post a clear notice with the relevant modifications in our website. We propose you to frequently visit our site to read its last version.

Direct marketing

We offer you the possibility, upon your prior consent, to receive marketing notifications by us regarding special offers or services that we believe that may be of your interest. We will normally send direct notifications using the means of communication you have indicated when you concluded our cooperation agreement.

If you want us to stop sending you such marketing notifications, we propose simple ways to do so. Each time you receive a marketing direct notification, we will notify you of the way you can unsubscribe from them.

If when you subscribed to our website, applications or services you gave your consent to receive marketing messages, you may inform us at any time that you no longer wish to receive them and submit the relevant request by sending email info@olympiaodos.gr .

How do we protect your data?

The personal data processing procedure is performed so as to ensure its confidentiality. In particular, processing is exclusively performed by the personnel authorized to that purpose, while all appropriate organizational and technical measures are taken to ensure the safety of the data and their protection from any accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, and any other type of unlawful processing.

Your rights

In this section you may find more details about your rights regarding your personal data. The various rights are not absolute and are subject to some exemptions or reservations.

You are entitled to receive your personal data free of charge, except in the following cases, where we may charge a reasonable fee to cover our administrative costs for the provision of your personal data:                                        

• Evidently unfounded or excessive/ repeated requests, or

• Additional copies of the same data.

Alternatively, we may have the right to refuse to act after the submission of your request.

We kindly ask you to carefully consider your request before submitting it. We will respond as soon as possible. In general, we will respond within a month from the receipt of your request, but if the examination of such request lasts more, you will be informed.

Bellow you will find a brief summary of your rights regarding your personal data.

1. Right of information
You have the right to obtain and we are bound to provide you with clear, transparent and easily understandable information about the way we use your personal data and about your relevant rights.

2. Right of access
You have the right to obtain access to your personal data (if we process them) and to information regarding them, such as the purposes of the processing, the categories of personal data, their origin, and their possible recipients.

3. Right to rectification
You have the right to correct your personal data if they are inaccurate or insufficient.

4. Right to erasure
You have the right to request the erasure or removal of your personal data when they are no longer needed for the purposes for which they were collected or there is no legal reason for us to keep using them. The right to erasure is not an absolute right.  We may have the right or the obligation to hold the data in the event that we have a particular obligation to do so or we have another valid legal reason to keep them.

5. Right to restriction of processing
In some cases you have the right to “exclude” or cancel any further use of your data. When the processing is restricted, we may still store your data, but we are not allowed to make any further use of them.

6. Right to data portability
You have the right to receive a copy of some of your personal data that keep and to reuse them or share them for your own purposes.

7. Right to object
You have the right to object to some types of processing, including the processing for direct marketing (which we make only with your consent).

8. Automated individual decision-making and profiling rights
The said right does not apply to Us.
 

For any further information and advice on your rights or for submitting any complaint against the Controllers, you may contact the Hellenic Data Protection Authority - HDPA at +30 -210 6475600 289, website: http://www.dpa.gr/.

To exercise any of the above rights, you may submit your relevant request by sending an email at the contacts below.

Any questions? Contact us

If you have any question about the present Notice, please contact, by e-mail, our Personal Data Protection Officer at gdpr.compliance@olympiaodos.gr and the Officer of Olympia Odos Operation SA at dpo@olympiaoperation.gr

Glossary & GDPR material

“Personal data”: means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

“Processing”: means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

“Restriction of processing”: means the marking of stored personal data with the aim of limiting their processing in the future;

“Profiling”:  means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements;

“Controller”: means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;

“Personal data breach”: means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.

For more information about the Regulation, visit: https://ec.europa.eu/commission/priorities/justice-and-fundamental-rights/data-protection/2018-reform-eu-data-protection-rules_en

In the event of any discrepancy between any post or link in our present website and the Greek and European Legislation, the provisions of the Greek and European legislation in force are applied.