RETAMA REAL ESTATE S.A. UNIPERSONAL having its registered seat in Madrid, Spain, established a branch in Athens on 12.11.2020, under the General Commercial Registry no. 157102903001 with registered seat at 5, Angelou Pyrri str. Retama’s main business activities are providing real estate brokerage and property management services.

RETAMA REAL ESTATE S.A. UNIPERSONAL Greek Branch (hereinafter “Retama”), as data controller or processor, as such terms are defined in the General Data Protection Regulation (EU) 2016/679 (GDPR), commits to protect personal data and apply the GDPR and the national legislation for the protection of personal data. This policy is addressed to all natural persons, who enter into transactions with Retama under any capacity (clients, partners, suppliers etc). This policy is also addressed to the natural persons entering the Retama premises for any reason (hereinafter “Data Subjects”).

COLLECTION AND PROCESSING OF PERSONAL DATA

Retama collects and processes different types of personal data, only to the extent necessary depending on the purpose of the processing and for the time required in each case. Personal Data are collected from the Data Subjects and from third parties allowing access to personal data based on the consent of the Data Subjects or on any other legal basis.

More specifically, Retama collects and processes the following categories of personal data:

a) identification data: full name, name of father, police or other identity card or passport, TIN and competent Tax Office, date of birth, gender, etc.;

b) contact details: home and/or phone address, phone numbers, email address, etc.;

c) economic, financial, property and family situation data: occupation, salary, marital status, E1 and E9 forms, tax assessment, creditworthiness data, e.g. debts to banks, payment orders, seizures, etc.;

d) data on the properties: data of the property’s owner and in particular the data referred to in the aforementioned points (a) and (b), asset encumbrances, loans secured by the relevant property, correspondence and in general, communications between the properties’ owners or partners of Retama real estate agents or notaries, seizures, judicial documents, etc.;

e) data of images recorded by video surveillance systems (CCTV) installed in Retama’s premises;

f) visitors’ identification data entering into Retama’s premises for any reason.

Retama collects the above data from:

a) the Data Subjects directly;

b) Its clients, natural or legal persons that they assign to Retama the promotion of their properties;

c) real estate agents collaborating with Retama or any other providers of services relating to real estate management;

d) publicly accessible sources such as courts, land registries, cadastral offices, etc., media, internet, commercial registries, e-auction platform, provided that this data are necessary for the purposes of the processing;

e) receivables servicing companies operating under law 4354/2015, lawyers, law firms, court bailiffs, notaries;

f) third parties (natural or legal persons), acting on behalf of or related to data subjects.

Retama collects and processes personal data:

a) for the execution of contracts with its clients and the fulfilment of Retama’s obligations towards them and for the purposes of execution of agreements referring to the purchase or management of properties under its brokerage/ management;

b) in order to monitor and execute the agreements between Retama and cooperating real estate agents in order to comply with its obligations towards them;

c) for Retama’s compliance with its legal obligations such as (i) the prevention and suppression of money laundering and terrorist financing, as well as the prevention, detection and suppression of fraud against the company or other customers, (ii) the Retama’s compliance with the obligations imposed by the applicable regulatory framework, as well as the decisions of any public authorities etc. or courts;

d) for the purposes of the legitimate interests of Retama, including:

i) the business development of the company including the investigation of the degree of customer satisfaction with the services provided, with a view to improving them and in general with the overall business relationship with them;

ii) the achievement of the company’s scope, which include services of a real estate agent and services relating to properties management;

iii) the judicial defence of Retama’s interests;

iv) compliance with Retama’s internal policies and procedures;

v) the protection of Retama’s people, assets and premises.

PROFILING or AUTOMATED DECISION-MAKING

Retama does not make decisions solely on the basis of automated processing, including profiling.

RECIPIENTS OF PERSONAL DATA

For the purposes of personal data processing, the following persons are likely to obtain access to personal data; such persons have either contractually undertaken to keep confidential and protect the personal data or are under a confidentiality obligation by way of law pursuant to the national and European legislative framework, as applicable from time to time.

In particular, the list of the recipients may indicatively include:

a) employees and officers of Retama and of other companies of the same group;

b) owners of properties, which are managed or promoted by Retama, and their legal or other advisors and their employees or officers in case the owner of the property is a legal person;

c) other real estate agents, natural or legal persons;

d) law firms and / or legal advisors, engineers, notaries, court bailiffs;

e) financial or business consultants;

f) chartered accountants and audit firms;

g) real estate appraisers;

h) archiving, storage and file management companies;

i) systems for support, processing and storage in the computing “cloud”;

j) insurance companies;

k) website design and support companies;

l) third parties providing their services to Retama;

m) other recipients to whom the transfer or notification is required by the applicable regulatory, legislative and generally regulatory framework or court decision (e.g. supervisory or judicial authorities, tax authorities, supervisory bodies, mediators). It is noted that Retama will also provide more specific information to the Data Subjects regarding any transfer of their data to the above recipients, provided that there is a relevant provision in the applicable legislation.

Retama’s authorised employees shall be recipients of the image data recorded by the CCTV of the company, in the course of the performance of their duties. Police and judicial authorities may also be recipients, in case of an incident falling under their remits, as well as a third party with a relevant legal interest (e.g. victim of an illegal act).

It is stated that, in case the owner of a property promoted by Retama is a legal person, such legal person implements its own personal data policy and, therefore, the Data Subjects should be informed about such policy by consulting the website of the property’s owner. Retama shall assist by all means in informing the Data Subjects in cooperation with the property’s owner.

PERIOD OF RETENTION OF PERSONAL DATA

The personal data processed by Retama must be retained for as long as the purpose for which they are processed and / or the current legal and regulatory framework imposes and in any case for a period of five (5) years from last calendar day of the year when the respective transaction relationship with Retama or the owners of the properties has ended. In case of a legal dispute, the data are kept for a longer period of time, until the issuance of a final court decision ending the judicial proceedings. Retama may retain personal data for less than the abovementioned period provided that there is no particular reason for retaining the personal data.

Moreover, the image data from the security cameras are maintained for fifteen (15) days, after the lapse of such period they are safely deleted. In case an incident is detected during this period, the specific data shall be isolated and maintained for up to one (1) month, in order to investigate the incident and the potential scenario of initiating any legal proceedings in order to defend the legal interests of the company. In case the incident concerns a third party, the data are maintained for up to three (3) more months.

It is noted that Retama may retain the data even after there is no reason for processing, if it is not allowed to delete them for legal or regulatory reasons.

TRANSMISSIONOFPERSONALDATAOUTSIDETHEEEA (EUROPEANECONOMICAREA)

Personal data are not, in principal, transmitted to third countries (i.e. to countries outside the European Economic Area). In case there is such necessity, Retama shall forward the personal data by complying with the relevant provisions of the regulatory framework.

RIGHTS OF DATA SUBJECTSIN CONNECTION WITH THE PERSONALDATA

Data Subjects have the following rights:

Right of access to the personal data that are being processed by Retama as controller, including the purpose of the processing, the data categories and the recipients or the categories of the recipients;

Right to rectification of inaccurate and right to complete any missing data;

Right to erasure of personal data, subject to Retama’s obligations and legal rights for their retention in accordance with the applicable regulatory framework;

Right of restricting the processing of personal data, provided that their accuracy is contested, or the processing is illegal, or the purpose of their processing has ceased and provided that there is not a legal ground for their retention;

Right to portability of personal data in a structured, commonly used and machine readable format, to another controller provided that the processing is based on consent and the personal data are processed by automated means. Satisfaction of this right remains subject to Retama’s legal rights and obligations referring to the data retention in accordance with the regulatory framework;

Right to object in case there are reasons relating to the Data Subjects’ particular situation. In such case, Retama will refrain from the processing, unless Retama demonstrates compelling legitimate grounds, which override the Data Subjects’ interests and rights. The same applies in case legal claims need to be established, exercised or defenced.

Right to withdraw consent for the personal data processing, provided that such processing is based on the Data Subjects’ consent.

In the light of the aforementioned rights, Retama ensures development of internal procedures in order to respond in a timely and efficient manner to the Data Subjects requests.

To exercise any of the aforementioned rights, the Data Subjects may contact the Retama’s Data Protection Officer by mail to the following address: 5, Angelou Pyrri str. 11527, Athens or by phone at the telephone number (+30) 2107491850 or by email to the following email address dpolms@uci.com. In addition, if Data Subjects consider that their rights are infringed, they may appeal before the Hellenic Data Protection Authority, through the web address: https://www.dpa.gr/en/individuals/complaint-to-the-hellenic-dpa

INFORMATION WITH REGARDS TO ANY AMENDMENTS TO THIS POLICY

Retama will update this policy whenever necessary. If there are significant changes to the policy or the way Retama uses your personal data, Retama will publish a relevant notification easily visible on its website, before the changes take effect. In any case, the Data Subjects are encouraged to review this Policy periodically to be aware of the way their personal data are protected.

Last update: June 2021