INFORMATION REGARDING THE PROCESSING OF CUSTOMERS' PERSONAL DATA THROUGH THE COSMOTE APP AND/OR THE MY COSMOTE HTTPS:// WWW.COSMOTE.GR/SELFCARE WEBSITE (DATA PRIVACY NOTICE)

OTE Group attaches great importance to the protection of its subscribers' personal data and adheres to the principle of transparency regarding their processing. Anyone wishing to obtain general information regarding the processing of customers' personal data by OTE is kindly requested to read the text of the General Data Privacy Notice, which can be found here.

With this text we wish to specifically inform you regarding the processing of customers' personal data when using the COSMOTE application (hereinafter the Application) and/or the My COSMOTE https://www.cosmote.gr/selfcare website (hereinafter referred to as "the Website"). Note that this is the specific informative text regarding the processing of personal data for the purpose of providing you with the Application and is always interpreted in conjunction with the General Data Privacy Notice.

1. WHAT IS THE IDENTITY AND CONTACT DETAILS OF THE PERSONAL DATA CONTROLLER?

The controller of personal data is the company HELLENIC TELECOMMUNICATIONS ORGANIZATION ("OTE") -hereinafter referred to as the Company- based in Maroussi, Attica (99 Kifissias Avenue) with contact number 13888 for residential customers or 13818 for corporate customers.

2. WHO CAN YOU CONTACT FOR CUSTOMER PRIVACY ISSUES?

For information on the protection of customers' personal data, you can contact Residential Customer Service at 13888 or Corporate Customer Service at 13818 or electronically through the contact form at www.cosmote.gr/contact_us.

3. WHAT CATEGORIES OF PERSONAL DATA DO WE PROCESS WHEN USING THE APP AND WEBSITE AND FOR WHAT PURPOSE?

The Application and the Website provide the user with the ability to manage telecommunications and other services provided to the OTE Group. Through them, he/she can, for example, gain access to the e-bill service, gain access to detailed information about his/her connections, electronically manage COSMOTE mobile and fixed connections, as well as other services provided by the Company (hereinafter collectively referred to as the Services).

Through the Application and/or the Website we collect and/or process:

1. Data necessary for the provision of the Services through the Application and/or the Website (Legal basis for processing: performance of a contract, Article 6(1)(b) of the General Data Protection Regulation (hereinafter GDPR). Specifically, we process:
• Data necessary for the registration and creation of a COSMOTE id user. COSMOTE Id provides Registered Users with the ability to access OTE Group websites and applications with the same password through the "single sign on" facility. To learn more about the processing of your data through COSMOTE ID connectivity, click here.
• Data necessary to gain access to information about the services available to the Company and in particular, active COSMOTE services, information on consumption, orders, fixed or mobile telephony & TV bills.
  • Data necessary to submit requests and orders through COSMOTE App and My COSMOTE. Specifically, the mobile telephony connection number (MSISDN), the mobile telephony subscriber ID (IMSI), the prepaid connection balance, the prepaid connection balance expiration date, the fixed and/or mobile contract bill expiration date, the date of last prepaid connection top-up, the available balances in MB/SMS/Minutes.
  • Data they provide us with for the payment of their mobile and/or fixed telephony and/or COSMOTE TV bills (Account Number, Customer Code, bill amount, payment date, automatic payment date).
  • Data they provide us for the Top-up of their prepaid connection (Mobile connection number, for which the user wishes to renew the talk time, top-up amount, renewal date, automatic monthly renewal day).
  • Data necessary for the router management functionality e.g. router model, connection speed, wifi name and wifi signal strength so that they can manage the router (restart, change wifi SSID/password). To learn more about the processing of your personal data, when using the Speed Measurement Tool through the COSMOTE App click here
  • Data they provide to us when reporting a fault (contact details, description of the fault).
  • Data they provide to us to trigger diversion, in particular the phone number to which the diversion will take place or data that the application accesses if they choose to do so. In particular, they give us access to their phone contacts in order to choose which of these telephone numbers to divert to.
  • Data necessary for connection control functionality, such as information whether there is an active debt block.
  • Data about their device (such as operating system, make and model of the device, version of the application they have installed, Device ID) to enable functionalities such as sending push notifications, upgrading application, etc.
  • Data depicting the value of the prizes earned from the use of the COSMOTE DEALS for YOU Plan (Program Code, Time of Redemption of the Plan Code, Partner of the Program where the Code was redeemed). To learn more about the processing of your data through the COSMOTE DEALS for YOU Plan click here and here.
  • Data resulting from the use of the Calling Tunes Service (type and name of subscription package, login name, connection time, active package, date and time of purchase, Calling Tunes they have added to their Collection, contact telephone numbers for which they specify Calling Tunes, Hours & Days of the Calling Tunes they have selected) for the purpose of checking its proper operation; evaluating and improving the services we offer them. To learn more about the processing of your data through the Calling Tunes Service click here
2. Data we collect after their explicit consent (Legal basis for processing: consent, Article 6(1)(a) GDPR). Specifically, we process:
   • Biometric data in the context of their electronic identification process, resulting from taking a photo and moving visual images with real-time sound (real time selfie and moving visual images recording) and facial features, to confirm the authenticity of the photo and the natural person. In particular, consent is requested for the use of these data through a special message that appears at the beginning of the identification process. Please note that the use of photography & animations with real-time sound enables (through technologies such as machine learning, artificial intelligence (AI) and biometrics combined with human criticism) to verify whether the person requesting a transaction is indeed the same as the person appearing on the presented identification document (identity card or passport, etc.) by providing security in our transactions. If consent is not given to the processing of biometric data, it will not be possible to complete the transaction electronically and another way of completing your request (e.g. in the branch network) will have to be followed.
   • Data that arises if they choose to fill in the section "My preferences" (this section can be found in "My Rewards") and specifically their interests, preferences or other information about themselves (if they are married, age, etc.). Based on these data, we will propose personalized gifts/benefits/discount coupons that will meet their needs
   • Data they provide to us if they choose to create a profile. They can find the detailed information on creating a profile here, as well as change any options they may have, from the section, "Profile" -> "Personal data" -> "Subscriber profile".
   • Data that arises if you fill in one of the questionnaires that appear from time to time in the COSMOTE app and are related to sustainability-awareness actions we carry out (Cosmote ID in pseudonymous form accompanied by your answers to the questionnaire) in order to show you the result on how sustainable your habits are
3. Data we process based on our legitimate interest for the purpose of advertising the Service taking into account subscriber preferences as well as marketing actions. (Legal basis for processing: legitimate interest, Art. 6(1)(f) GDPR). Specifically, we process:
   • Data relating to gifts/benefits/discount coupons (information about the gifts/rewards that have been awarded to them as well as which of them they have redeemed).
   • Contact details of subscribers (email, landline and mobile phone) in order to send updates through the App for changes, news or offers regarding fixed and/or mobile telephony and/or television products activated in OTE's network. In addition, their contact details will be used in order to participate, if they wish, in customer satisfaction surveys for our products.
   • Data that arises if they choose to Share Coupons to friends (Cosmote ID of friends and coupons shared with them).

This type of processing, based on our legitimate interest, is particularly important for us and the development of our products and services. However, they may at any time object to this type of processing. For the ways of exercising the right to object, please refer to paragraph 9 of this notice.

4. APPLICATION PERMISSIONS

The Application, depending on the operating system on which it is installed, may require or request optional access to the following data of the subscriber's terminal device in order to be installed and operate:

• Contact data for the purpose of using the subscriber's photo of each contact to be set as an Avatar Image as well as informing them which of their contacts are COSMOTE subscribers.
• SMS: Automatic reading of the code sent via SMS by COSMOTE.
• Camera: Use of the camera to scan the QR code for automated login to the application, scan the bar-code of the SIM card to activate the service, take a photo to be set as an Avatar image, take a photo for the electronic identification process.
• Storage: Access is required to select a photo from the device's photo library to change the Avatar image or save the subscriber's photo if a photo is taken through the app. This access is also required to store bill PDFs, contract renewals and proof of payment.
• Internet: The application requires internet access in order to communicate with OTE systems and display information about subscribers (e.g. login details, account details, etc.).
• SIM card details: Α Identification of the mobile telephony connection number (MSISDN) used by the subscriber's device, in order to automatically fill in the number in the login field.
• Location data (GPS) for the purpose of displaying your location on the map, as well as informing you about which stores are near you. (Section "Find Quickly/stores").

5. PUSH NOTIFICATIONS

The App sends notifications to the subscriber's device in order to be informed about issues related to the services he/she has with COSMOTE, such as the issuance of his/her bill or functionalities related to the Application, e.g. making a change to his/her wifi name upon his/her request.

In addition, in case he/she has given his/her consent to the creation of a personalized profile, as described in point 7, he/she may receive personalized offers/gifts/benefits/discount coupons and/or advertisements in the form of notifications.

If they do not wish to receive notifications, they can disable this feature in their device settings.

6. HOW LONG DO WE KEEP CUSTOMERS' PERSONAL DATA?

As stated in the terms of use of COSMOTE App and My COSMOTE, users who register as non-subscribers of the Company are registered as "Registered Users", while subscribers of the Company who register and are identified are registered as "Identified Users".

The personal data of Registered Users necessary for the operation and use of the Application are retained for as long as the account of the Registered User is active.

To learn more about the retention of Identified User data click here.

In addition, the data of the electronic account (e-bill) remains available for 12 months from the termination / expiration of the contract, unless the cancellation of the account is requested.

To learn more about COSMOTE DEALS for YOU data retention click here.

Biometric data for the purpose of identification are retained for 30 days from the submission of the customer's request and then permanently deleted without the possibility of recovery. However, we retain the result of the processing of his/her biometric data (i.e. whether there was identification based on their use or not) for as long as he/she is our subscriber and for an additional 14 months after the termination of our services.

The subscriber's contact data, for the purpose of using the photo of each contact to be set as an Avatar Image, as well as informing him which of his contacts are COSMOTE subscribers, are retained for as long as he is an active user in the application or for up to 100 days from the last use of the application.

The data resulting from questionnaires from sustainability actions are retained until the end of the action.

7. WILL OTE PROCESS CUSTOMERS' PERSONAL DATA FOR OTHER PURPOSES?

The Company will not process customers' personal data for purposes other than those mentioned above. In particular, OTE processes the data mentioned above in section 3 and requests access to them, as mentioned in section 4, for the purpose of operating the App and serving you through the Website.

In case we wish to use the personal data of subscribers for other purposes, we will first inform them accordingly and make sure to obtain their consent.

They can change their options regarding the above from the "Update Settings" menu. In addition, if they have given us their consent, OTE may collect their data through the App in order to create subscriber profiles in order to provide personalized offers and products based on their personal needs and preferences. The relevant information text with which the relevant consent is provided can be found here.

8. WHO ARE THE RECIPIENTS AND FOR WHAT PURPOSE ARE PERSONAL DATA TRANSMITTED TO THEM?

Recipients of OTE customers' personal data may be:

• Financial institutions through which electronic purchases of products and/or services.
• Third party companies with whom we cooperate for the purposes of developing, supporting and providing the services, namely:
  • the company "Desquared S.A.", which supports the Service and is based in Greece.
  • the company "UPSTREAM TELECOMMUNICATIONS AND SOFTWARE SYSTEMS S.A.", based in Greece.
  • the company "MoEngage Inc." with processing in Germany, which transmits data to a sub-processor in India, which follows the processing rules and security requirements set by OTE.
  • he company "ARX.NET Internet Services & Businesses Societe Anonyme", which is based in Greece.
  • the company "Accenture S.A.", which is based in Greece.
  • the company "Cognity Société Anonyme for the Development, Support and Marketing of Hardware, Software, Telecommunication, Multimedia, and Related Products and the Provision of Related Services", which is based in Greece.
  • the company "Intrasoft International S.A.", which is based in Greece.
  • the company "Intelli Solution S.A.", which is based in Greece.
  • the company "INTRACOM S.A. TELECOM SOLUTIONS", based in Greece.
  • the company "Technopolis S.A.", which is based in Greece.
  • the company "Right On Single Member Limited Private Company", which is based in Greece.
  • the company "NIOBIUM LAMBS MOBILE APPLICATIONS SINGLE MEMBER LIMITED LIABILITY COMPANY", which is based in Greece.
  • the société anonyme under the name "COSMOTE PAYMENTS ELECTRONIC MONEY SERVICES SA" through which your transactions are cleared when you make online purchases of products and/or services using a credit or debit card. COSMOTE Payments, in its capacity as a licensed electronic payment financial institution, acts as an Independent Controller of personal data related to your transaction.

These third-party companies and financial institutions are "Processors" on behalf of OTE, i.e. OTE partners, who undertake the execution of a specific project following the instructions and applying the strict procedures of the OTE Group regarding the processing of customers' personal data. In these cases, OTE remains responsible for the processing of customers' personal data as Data Controllers.

The processing of subscribers' personal data for the above purposes by OTE's partners takes place mainly within Greece and the European Union (EU). In the event that, in the OTE Group, we cooperate with companies outside the EU, they will process the data of subscribers only upon order of OTE and in case there is an adequacy decision of the European Commission or if appropriate clauses are agreed to ensure a high level of security in relation to the processing of personal data.

Apart from the above companies, OTE does not process or disclose customers' personal data to third parties, except in cases where their disclosure/transmission is required by applicable law.

9. WHAT ARE THE CUSTOMER'S RIGHTS AS A USER OF THE APPLICATION, REGARDING THE PROCESSING OF THEIR PERSONAL DATA?

The rights they can exercise include:

• Right of access: They have the right to receive information about their personal data we process (e.g. the purposes of the processing, the types of data, the recipients to whom they are disclosed, the period for which they are kept) and to provide them with copies thereof.
• Right to rectification: They have the right to request the correction of their data (e.g. correction of address, contact details, ID number).
• Right to erasure: They have the right to request the deletion of their personal data in case they are no longer necessary in relation to the purposes for which they were processed or in case they revoke the consent based on which we collected and processed them.
• Right to restriction of processing: They have the right to request the restriction of processing for a specific purpose (e.g. I do not want to receive email updates for marketing purposes).
• Right to data portability: They have the right to receive their personal data that they have provided to the company, in a structured, commonly used format that has a readable format (e.g. receipt of data that exists in the Cloud).
• Right to object to the processing of their personal data in cases where they do not wish their personal data to be processed.

In order to exercise their rights, they may:

• send an e-mail to customerprivacy@cosmote.gr, or
• fax to 2102511888 or
• letter to COSMOTE Customer Service, 99 Kifissias Avenue, 15124, Maroussi, Greece on "Exercise of personal data rights",

In case customers consider that we have not adequately satisfied their request and the protection of their personal data is affected in any way, they may submit a complaint through a special web portal to the Personal Data Protection Authority (Athens, 1-3 Kifissias Avenue, PC 115 23 | tel: +30 210 6475600). Detailed instructions for filing a complaint can be found on the Authority' website

OTE will respond to their requests free of charge, without delay, within one month of receipt of the request. In exceptional cases, this deadline may be extended by two (2) months if required due to the complexity of their request. In any case, we will inform them of this extension and of the reason for the delay.

If we consider that the subscriber's request is manifestly unfounded or excessive, we reserve the right to request the payment of a reasonable fee for its satisfaction, taking into account the administrative costs for its execution, or even to refuse to respond to your request.

10. WHAT KIND OF MEASURES ARE IN PLACE TO PROTECT CUSTOMERS' PERSONAL DATA?

OTE takes appropriate organizational and technical measures for data security and protection against accidental or unlawful destruction, accidental loss, alteration, unauthorized disclosure or access and any other form of unlawful processing.

More information on this subject can be found in the General Data Privacy Notice.

This Policy was last modified on 1/4/2024