Privacy Policy

This policy-notice (hereinafter Policy) of the Data Controller with details:



21 Tatoiou Street, Kifissia
Postal Code 14561
Athens, Greece
Tel.: 210 62 89 100,


is addressed to natural persons (data subjects) and provides information and information regarding the collection, use, transfer and protection of personal data (hereinafter also referred to as data) as well as the rights of data subjects, as derived from national legislation and from the General Regulation for Data Protection (GDPR) of the European Union (EU)

  1. Collection and processing of personal data

 Personal data is considered as any information relating to an identified or identifiable natural person and may lead either directly or in combination with other data to the recognition/identification of the natural person. Therefore, an identifiable natural person is one whose identity can be ascertained, directly or indirectly, in particular by reference to an identifier, such as name, identity card number, e-mail address, location data, online identifier, etc., as well as any other information that allows identification according to the provisions of GDPR, the Greek legislation in force and the decisions of Hellenic Data Protection Authority.

ALPHA TRUST HOLDINGS S.A (hereinafter Alpha Trust or Company) collects and process personal data as Data Controller:
  • In the context of concluding a contract regarding investment products or services.
  • When you collaborate with the Company in the context of its business activities.
  • When you participate as shareholder or shareholder representative in the Company’s general assemblies.
  • When you send us your CV in order to fill a job position in the Company.
  • When you submit requests-queries, complaints, comments, reviews or generally contact us about any issue.
  • When you subscribe to our newsletter service.
  • When you visit or navigate the Company’s website. We use cookies to collect information about how you use our website. In this way, we can adapt to your interests and needs, via recording details that will allow us to recognize you the next time you visit our website (for further details please see our Cookies Policy).


The information we collect about you is absolutely necessary for the processing and implementation of the contract between us as well as for informing you about the products and services of Alpha Trust to which you have subscribed or contractually concern you. The information we collect includes the following:

  • Name, surface address, electronic address (e-mail), telephone, Tax identification number, identity card details (as well as copy of the documents required for your identification).
  • Your financial information and necessary supporting documents related to the provision of investment products or services (e.g., bank account information), as required by the applicable legislation on the provision of investment services as well as the provisions regarding the prevention of money laundering activities (Law 4557/2018).
  • Your preferences for specific products or services.
  • Communication data (such as call recording in our call center, e-mails, letters or any other form of communication you make).
  • Information about the investment products that concern you in the context of your best and most complete information.
  • In addition, we collect information about how you use our products and services, such as the details of third parties you have registered in the context of concluding a contract regarding investment products or services (co–beneficiaries), or information related to the use of our websites from your mobile phone or your computer.


When you visit Company’s facilities, we collect CCTV data for the protection of persons and property, for facilities security and for crime prevention. 


  1. Purpose and legal basis of Processing

 We process your personal data for one or more of the following purposes:

  • Το carry-out transactions and offer the products and services for which there is a contract with you as well as to inform you in the context of an existing contract.
  • To comply with our regulatory and legal obligations.
  • For invoicing our customers in the context of providing our investment products and services.
  • To inform you in general about our services on the basis of your consent (unless you have chosen not to receive promotional messages), events and financial studies of our Company as well as to respond to your questions or requests.
  • To defend and secure the legal interests of the Company.


  1. Data Retention

 We will keep your data for as long as your relationship with the Company lasts and after its termination for as long as the relevant legislation requires or until the statute of limitations for relevant claims has expired. In any case, this time does not exceed twenty (20) years. In particular, we delete personal data immediately, when there is no legal basis for the processing. It is specially pointed out that the resumes that you may send to us in order to fill a job position in the Company are kept in the Company’s file for a period of six (6) months from the time they are sent to the Company, at which point they are deleted. After the expiry of the above period, the data is destroyed.

 In cases where the retention of personal data is necessary for the exercise or defense/exercise of the Company’s legal rights before judicial or other authorities foreseen by the current legislation, the above deadline is extended until the end of the period in which such data is no longer necessary for the above purposes.


  1. Transfer of personal data outside the EU/EEA

 Your personal data may be transferred to third countries (i.e., to countries outside EU/EEA) in order to enable us to provide the services you have requested. In this case, the transfer is made either on the basis of EU adequacy decisions or based on appropriate guarantees for the protection and security of your personal data or based on the derogations for special situations in accordance with the provisions of GDPR. The Company may use Microsoft Azure cloud computing services on servers in EU member states. Microsoft’s contractual commitments regarding GDPR can be found in the Microsoft Products and Services Data Protection Addendum, posted on Microsoft website.


  1. Recipients of personal data

The Company guarantees that it will not transmit or disclose in any way your data to third parties, except the recipients mentioned herein, for any purpose or use, unless it is mandatory under the applicable law or required by public / prosecutorial / judicial services / authorities.

 In fulfilling our contractual and legal/regulatory obligations, your personal data may be disclosed to:

  • Supervisory authorities, administrative bodies, judicial or other public authorities to the extent we are legally bound to provide this information or they are authorized by law to request it.
  • Service providers-subcontractors of the Company (data processors).
  • Third parties authorized by you.
  • Authorized external legal advisors.

In addition, access to your data is given to the Company’s absolutely necessary personnel, who are bound by confidentiality and have been properly trained.

Finally, we will process and disclose data if this is deemed necessary to protect against fraud, to defend our rights or to protect our customers.


  1. Automated decision making – profiling

 As a rule, we do not use automated decision-making processes when conducting our business activities. We may automatically process some of your data for the purpose of evaluating certain aspects (limited profiling), in order to propose, conclude or perform a contract with you after you have been properly informed and given your consent.


  1. Security of personal data

In Alpha Trust, we recognize the importance of data protection and constantly review and improve our safeguards (technical and organizational measures) against unauthorized access and use, accidental loss, dissemination or destruction of your data. Every employee of the Company who has access to the above information, uses it to exclusively serve the purposes of processing.

 Also in cases where an organization, a company or an external partner provides services to us or on our behalf that include the processing of personal data, we ensure that appropriate protection measures (technical and organizational measures) are applied and the data is processed in accordance with Company’s instructions. These organizations-partners cannot process your data for their own purposes, and are bound, by contract to ensure the confidentiality, integrity, availability and in general protection of personal data in accordance with national data protection legislation and the GDPR. 


  1. Your Rights

 You can contact us to inform you about what data is retained by us and how we process it. In addition, you can at any time request a copy of your personal data. To obtain a relevant copy, you can fill out the form that you can download here and send it to us signed with the authentication of your signature by a competent authority (GDPR art. 15, under reservation to the provisions of art. 33 of Law 4624/2019).

 If you think that your personal data are incomplete or inaccurate, please contact us to proceed with the appropriate rectification (GDPR art. 16).

 In the event that you consider that your data is not subject to processing for a specific and legal purpose, you can ask us to proceed with its deletion, after consultation with us (GDPR art. 17, under reservation to the provisions of art. 34 of Hellenic Law 4624/2019).

You can ask us to suspend or object to the processing of your personal data for reasons relating to your particular situation. If you submit such a relevant request, we will no longer process your personal data, unless we demonstrate compelling and legitimate reasons for the processing, which override your interests, rights and freedoms or to establish, exercise or support legal claims (GDPR art. 21, under reservation to the provisions of art. 35 of Hellenic Law 4624/2019).

 You can opt-out of all promotional activities or choose to opt-out of certain forms of commercial communication (such as e.g., e-mail, telephone, etc.). In case you no longer wish to receive promotional messages via e-mail, you can unsubscribe from our list.

 You may request to receive a copy of your personal data in a structured, commonly used and machine-readable format, in order to transmit that data to other organizations. You also have the right to request that your personal data be transmitted directly by us to other organizations that you will name (right to data portability, GDPR art. 20).

You can withdraw at any time the consent (GDPR art. 7) you have given to the processing of your personal data, in cases where the processing takes place on a consent basis and without any other legal basis. In this case, data processing by us will be stopped, without this affecting the legality of the processing that has already taken place until the withdrawal of your consent.

 You can request the restriction of processing of your personal data, only for specific purposes, including in the case of questioning the correctness of the data or unlawful processing (GDPR art. 18).

You can ask us to satisfy any of your rights by completing and sending the form found here to:



21 Tatoiou Street, Kifissia
Postal Code 14561
Athens, Greece

 or at the electronic address (e-mail):  

Alpha Trust is committed to respond to your request within one month following its receipt. However, if it is not possible for us to satisfy your request within the period of one month, we will inform you of the reasons for the delay.

Alpha Trust shares your concern about your personal data. For any information you can contact us at:


  1. Right to submit a complaint

 If you have exercised some or all of your rights regarding data protection and you still feel that your concerns about the way we process your personal data have not been duly addressed by the Company, you have the right to submit a complaint to the Hellenic Data Protection Authority, Kifissias 1-3, PC 115 23, Athens. On the relevant website ( ) you will find information on how to submit complaints.


  1. Changes to this policy

We may change or amend this Policy from time to time, and we will accordingly amend the revision date indicated at the end of this notice. We recommend that you review this Policy periodically so that you are always aware of the way we process and protect your personal data.


Date of latest revision: Dec 27th, 2023.