Privacy Policy

Information on the Processing of Personal Data

Introduction

We would like to assure you that for the company “HERON SOCIÉTÉ ANONYME ENERGY SERVICES” (hereinafter the “Company”), with its registered office in the Municipality of Athens, at no. 85, Mesogeion Ave., with offices in Athens, at no. 124 Kifissias Ave., PC 11526  email: info@heron.gr,  website: https://www.myheron.gr, the protection of customers’ personal data is a priority.

We, therefore, take the necessary measures to protect the personal data we process and to ensure that personal data processing is always carried out in compliance with statutory obligations, both by the Company itself and by third parties processing personal data on behalf of the Company.

Data Controller – Data Protection Officer (DPO)

The company “HERON SOCIÉTÉ ANONYME ENERGY SERVICES” with registered office in the Municipality of Athens, at no. 85, Mesogeion Ave., with offices in Athens, at no. 124 Kifissias Ave., PC 11526, email: email: info@heron.gr,  website: https://www.myheron.gr, hereby states that, for the purposes of exercising its business activities, it processes its clients’ personal data in accordance with both current Greek laws and EU Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data and the free flow of such data (the General Data Protection Regulation, hereinafter called the “Regulation”), as in force.

For any issue regarding personal data processing, you can directly contact the Data Protection Officer (DPO), namely the Law Firm “ANDERSEN LEGAL, PISTIOLIS – TRIANTAFYLLOS & ASSOCIATES LAW FIRM” at the email address: herondpo@gr.andersenlegal.com, telephone: 210-3626971, fax: 210-3626974 and the Company’s Director of Legal Services, Mr. Panagiotis Alexandrakis, 124 Kiffisias Ave. 11526 Athens, Tel. 213 0075211, fax: 213 0075499 Email: palexandrakis@heron.gr).

What is the purpose of data processing and how do we use your personal data?

We only process the personal data you disclose to us when you use the myHERON platform [eg your full name, your email address, your telephone number, address, identity card number] when we have legitimate grounds to do so.

Legitimate grounds for the processing of your personal data are: 

(a) the provision of the services you wish to receive from us as a user of the myHERON digital platform, such as submitting an online application for gas or electricity supplies, making an electronic payment of your gas or electricity bill or completing and submitting the electronic contact form to the Customer Service Department with questions, requests, complaints, etc.

(b) the consent you provide us under the specific conditions set out in the legal framework so that you can receive updates on services, offers, etc. from the Company or any third party cooperating companies which process personal data in accordance with the applicable framework.

Period of storage

The period for which the personal data are stored is determined based on the following specific criteria depending on each case:

When the processing is carried out based on a contract, your personal data are stored for as long as is necessary for the implementation of the contract, and the establishment, exercise and/or support of legal claims based on the contract.

For the purposes of marketing activities, your personal data is stored until your consent is withdrawn.

You can withdraw your consent at any time. Withdrawal of consent does not affect the legality of consent-based processing in the period before this consent was withdrawn.

To withdraw your consent, you can contact the Data Protection Officer (DPO), namely the Law Firm “ANDERSEN LEGAL, PISTIOLIS – TRIANTAFYLLOS & ASSOCIATES LAW FIRM” directly at the email address: herondpo@gr.andersenlegal.com, telephone: 210-3626971, fax: 210-3626974 and the Company’s Director of Legal Services, Mr. Panagiotis Alexandrakis, 124 Kiffisias Ave. 11526 Athens, Tel. 213 0075211, fax: 213 0075499 Email: palexandrakis@heron.gr).

You can also use the subscription options by following (clicking on) the corresponding link which can be found in our electronic communications.

What are your rights as regards your personal data?

Any natural person whose data are processed by the Company enjoys the following rights:

Right of access:

You have the right to be aware of and verify the lawfulness of the processing. Thus, you have the right to have access to the data and receive additional information on the processing thereof.

Right to rectification

You have the right to examine, rectify, update, or modify your personal data, by contacting the Data Protection Officer at the above contact details.

Right to erasure

You have the right to lodge a request for erasure of your personal data when we process them with your consent or in order to protect our legitimate interests. In all other cases (such as when there is a contract, a statutory obligation for personal data processing, public interest), such right is subject to specific restrictions, or does not exist, depending on the case.

Right to restriction of processing

You have the right to request restriction of the processing of your personal data in the following cases: (a) when you contest the accuracy of the personal data, until verification is performed; (b) when you oppose the erasure of the personal data and request the restriction of their use instead; (c) when the personal data are no longer needed for the purposes of the processing, but they are necessary for the establishment, exercise or defense of legal claims; and (d) when you object to processing and until it is verified that there are legitimate grounds concerning us and that such grounds override those for which you object to processing.

Right to object to processing

You have the right to object at any time to the processing of your personal data in the cases where, as described above, it is necessary for purposes of the legitimate interests we pursue as data controllers, and you also have the right to object at any time to possessing for direct marketing purposes and for consumer profiling.

Right to data portability:

You have the right to receive your personal data free of charge in a format which allows you to access them, use them and process them with widely used processing methods. You also have the right to request us, if it is technically feasible, to transmit the data directly to another controller. This right involves the data you have provided us and which is processed by automated means, on the basis of your consent or in implementation of a relevant contract.

To exercise any of your above rights, you can contact the Data Protection Officer (DPO), namely the Law Firm “ANDERSEN LEGAL, PISTIOLIS – TRIANTAFYLLOS & ASSOCIATES LAW FIRM” directly at the email address: herondpo@gr.andersenlegal.com, telephone: 210-3626971, fax: 210-3626974 and the Company’s Director of Legal Services, Mr. Panagiotis Alexandrakis, 124 Kiffisias Ave. 11526 Athens, Tel. 213 0075211, fax: 213 0075499 Email: palexandrakis@heron.gr).

Right to lodge a complaint with the Data Protection Authority

You have the right to file a complaint with the Data Protection Authority (www.dpa.gr): Call Center: +30 210 6475600, Fax: +30 210 6475628, Email: contact@dpa.gr

Personal Data Security

The Company implements suitable technical and organisational measures aiming at secure processing of the personal data and prevention of accidental loss or destruction and unauthorised and/or unlawful access thereto, use, amendment, or disclosure thereof.

In any case, the way the Internet operates and the fact that it is freely accessible to anyone makes it impossible to provide guarantees that unauthorised third parties will never be able to breach the technical and organisational measures implemented and gain access to, and possibly use, personal data for unauthorised and/or unlawful purposes.