With the following notice, OPAP S.A. having its registered seat at Leoforos Athinon 112 in Athens (hereinafter “OPAP S.A.”) and acting as personal data controller with regard to the mobile application available under the name “Contribution Squad OPAP” (hereinafter “CSR app”), intends to provide information on personal data collected by visitors/users while using CSR app. This information refers to the nature of personal data, the means and purposes of collection, any third parties with which this data is being shared, as well as the rights that you have, according to Regulation 2016/679 of the European Union [General Data Protection Regulation] and any applicable data protection legislation.
OPAP employs the UUID (Universally Unique IDentifier) system/technology, which ascribes a unique number to each visitor/user when downloading CSR app. You have the possibility to either remain anonymous when using CSR app or login with your Facebook or Google account. Only the option of logging with your Facebook/Google account enables the use of all functionalities of CSR app, such as the ability to join or create “teams”.
All data collected via CSR app (listed below) is linked to the UUID of a given visitor/user. If you log in with your Facebook/Google account at first use or later, all data already collected and linked to the UUID will be linked also to your Facebook/Google account. In case you uninstall CSR app, the UUID will lapse as well and in case of reinstallation, the data can be assembled again under a different UUID that will be ascribed anew upon reinstallation.
Which Personal Data we Collect
Personal data, as provided by you via CSR app is processed by the responsible and authorized employees of OPAP. Specifically, OPAP:
- collects and processes the following personal data of yours, generated while using CSR app:
- Behavioral data (e.g. average time spent, sessions, screen viewed, actions and clicks etc.),
- Points collected and interaction with “teams”,
- may collect and process, under your specific consent indicated by choosing the relevant optional fields at CSR app or your device settings, the following personal data of yours:
- Data related to your Facebook account and specifically Email address and Facebook account name, if you choose to login using your Facebook account,
- Data related to your Google account and specifically Email address and Google account name, if you choose to login using your Google account,
- E-mail address, if you choose to receive newsletters by OPAP Group companies,
- Pictures, if you choose to upload any inside the application
Why We Collect It
By installing and using CSR app, as well as by specifically choosing the relevant options, you consent in the processing of personal data listed above for the purpose of enjoying CSR app’s full user experience, including provision of personalized content in the application.
OPAP creates your user profile, by analyzing aspects of your navigation in CSR app and specifically the average time you spend per session, your actions and clicks inside the application. The purpose of such processing is to generate anonymized statistics on the usage of CSR app in order to improve the overall user experience and user engagement.
You can withdraw your consent for the processing of your personal data via CSR app by uninstalling the application from your device. In case we need to process your personal data for purposes other than the ones described above, we will notify you accordingly and in advance and will seek for your consent.
With Whom We Share It
We would also like to inform you that, in the context of providing the full functionalities of CSR app, potential recipients of your personal data are technology vendors, as well as any other administrative, judicial or other public authority, or generally any legal or natural person to which this data shall or may be disclosed, pursuant to applicable legislation or a judicial decision.
If you decide to login using your Facebook/Google account, your personal data (name, points collected, teams joined, pictures uploaded, score achieved) will be visible by other users/visitors of CSR app.
How Long We Keep It
Your personal data is retained for as long as required by applicable legislation or for as long as required to pursue our legitimate interests. In any case, your personal data shall be deleted 3 years after the uninstallation takes place.
In any case, we wish to inform you that, according to applicable legislation and in the context of using CSR app, you have and can exercise the following rights:
- right of access to your personal data, as well as to the information relating to their processing,
- right to rectification of inaccurate or incomplete personal data,
- right to erasure,
- right to restriction of the processing of your personal data, where explicitly provided for by legislation,
- right to data portability in a structured, commonly used and machine-readable format (e.g. CD-ROM),
- right to have your data (directly) transmitted to another controller,
- right to object to the processing of your behavioral data for profiling purposes, as well as
- right to withdraw any consent given at any time and with no cost.
In case you exercise the rights of rectification, erasure or restriction of your personal data, these requests will be communicated to any third party recipients to whom this data has been disclosed in the context of CSR app’s functioning and provision of full user experience.
You can exercise any of the abovementioned rights by submitting a written request to OPAP. The relevant request/application must be accompanied with supporting documents proving your identity. However, it must be noted that certain functions of the CSR app application are controlled by you. Therefore, the most direct and appropriate way to exercise certain rights, is to define the relevant settings through the application. Indicatively, if you have chosen the optional log-in via your Facebook account, you will need to make the relevant changes through CSR app in order to disconnect your Facebook account from the CSR app application. In any case, if you choose to submit a relevant written request, we will contact you in order to provide appropriate guidance to ensure that you effectively exercise your rights. You can expect a reply to such a request within one (1) month following its receipt by OPAP. This period may be extended by two (2) additional months, if the complexity of your request or in general the number of requests received, so requires.
CSR app may contain links to other websites that are under the responsibility of third parties. In this case, OPAP is not responsible for the protection of personal data terms, which these websites follow. The personal data protection terms provided with the present notice may be updated at any given moment. In such case, you will be notified accordingly with a push notification or with a dialogue box when opening CSR app.
In order to reassure the minimization, accuracy and completeness of your personal data, OPAP undertakes to periodically review the data, in order to rectify it or safely delete the data that is no longer necessary for the purposes of CSR app’s functioning and provision of full user experience. OPAP reassures that it has taken all adequate technical and organizational measures, according to current technological standards and applicable laws and regulations, so as to guarantee that the processing of your personal data (by OPAP or by any third parties on behalf of OPAP) is lawful, adequate and secure against any unauthorized or accidental access, disclosure, processing, erasure, modification or other use.
For any request regarding the processing of your data and in case you find that we have not complied with the principles included in the present privacy notice, please contact the Data Protection Officer of OPAP S.A. as soon as possible, using the following contact details:
Address: 112 Leoforos Athinon, P.C. 10442 Athens
Phone: +30 210 5498888
In case you consider that the protection of your personal data is violated in any way whatsoever, you may lodge a complaint with the Hellenic Data Protection Authority, using the following details: Website: www.dpa.gr
Address: 1-3 Kifisias Ave., 115 23, Athens
Call Center: +30 210 6475600 | Fax: +30 210 6475628
Last update: May 25th 2018