Privacy Policy

Thank you for visiting reinvest.gr. The company with trade name “REInvest Greece S.A.”, located in Athens, Greece, 8 Xenofontos Street, P.C. 10557 (hereinafter "REINVEST" or "we") is the owner of the website reinvest.gr (hereinafter the "website").

REINVEST offers Property Management, Valuations and Real Estate Agency services for a varied range of properties.

This privacy policy (hereinafter referred to as the "policy") applies to natural persons (“data subjects”, collectively referred to as “users” in this policy) who:

  • Visit and use our website & subscribe to our Newsletter (see detailed information in section B below).
  • Call to our call centre (see detailed information in section C below).
  • Take actions in order to become our client or start business with us and become our client (see detailed information in section D below).
  • Contact us via email or through our website contact forms (see detailed information in section E below).

Please read this policy carefully which applies to all users in order to obtain information about how we collect, use, protect or otherwise process your personal data.

A. General Information

1. Introduction

REINVEST may act as a Data Controller or as a Data Processor, depending on the processing procedure.

This policy provides you with the required information regarding the processing of personal data by REINVEST. Section A provides general information about the principles relating to processing of personal data, the data subject rights etc., while sections B, C, D, E, F provide specific information, according to each specific data processing activity.

REINVEST collects and processes personal data for the purposes described in this policy in accordance with the General Data Protection Regulation ("GDPR") and the applicable data protection legislation, while taking the appropriate technical and organizational measures to protect personal data.

I. REINVEST as a Data Controller

REINVEST is the Data Controller of your personal data when:

  • We directly provide to you our services, namely as a Real Estate Agency.
  • You visit and use our website.
  • You contact us via telephone, via email or through our website contact forms.
  • You subscribe to our Newsletters.
  • During your visits to our premises.
  • While you take actions in order to become our client, or when you start business with us and become our client.

II. REINVEST as a Data Processor

Please note that in some cases REINVEST collects and processes personal data at the request and under the instructions of its partners. In this context, REINVEST acts as a Data Processor on behalf of a Data Controller (see detailed information in section F below).

2. Definitions

The following terms have the following meanings when used in this policy:

  • Applicable data protection legislation” means any applicable data protection laws, regulations, directives and any associated regulations or instruments, including GDPR and the applicable Greek legislation (Laws 4624/2019, 3471/2006 etc.).
  • Personal Data” means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
  • Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
  • Data Controller” means an entity that determines the purposes and means of the processing of personal data.
  • Data Processor” means an entity that processes personal data on behalf of the controller.
  • Recipient” means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not.
  • Third party” means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
  • Consent” of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

3. Principles of data processing

REINVEST respects your privacy and is committed to protecting your personal data, as well as in general keeping all information collected confidential. Personal data shall be:

  • Processed lawfully, fairly and in a transparent manner in relation to the data subject.
  • Processed for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
  • Adequate, relevant and limited to what is necessary in relation to the purposes that we have set.
  • Accurate and kept up to date.
  • Kept for no longer necessary in relation to the purposes for which they are collected and in accordance with the applicable data protection legislation.

4. What information do we collect about you

The data that we collect in the course of our business activity and operation of REINVEST varies according to the service requested each time by the user or our partners, as defined in sections B, C, D, E, F.

It is important that the personal data we hold about you is accurate and current. We would be grateful if you would keep us informed if your personal data changes during your relationship with us.

5. How we collect your personal data

  • Directly from you: We collect personal data directly from you:
    • When you visit our website, seek information, make a request, or contact us for any reason via telephone, via email, through our website contact forms or when you subscribe to our Newsletters.
    • By submitting your CV to apply for a job in REINVEST. We collect personal data included in your CV as well as other information you may submit according to our Candidate Employees’ Privacy Notice.
    • When you visit our premises.
    • When you provide personal information to us in view of becoming our client and starting a business with us.
  • When using the website: When you visit our website, we may collect data from you based on your browsing and using our services. This data may include search history, IP address, screen resolution, type of browser used, operating system and settings, access times and URL reference as well as data collected through cookies (See Cookie Policy).
  • From third parties: If you choose to visit our website or interact with us via third parties such as Facebook, Instagram and LinkedIn, these parties may transfer data to us such as, your name, email address and social media profile information on that platform. This information varies and is contractual set by the third-party service in question (social network), but you can adjust it through your privacy settings on that service. We encourage you to read the privacy policy and terms and conditions of use of each third-party application you visit and use, in order to be aware of how your personal data is processed by each application, as we are not responsible for the policies and practices of third-party application providers.

6. Purposes of data processing

In general, the purposes of data processing will be:

  • To inform users about our services.
  • To support, promote and perform our contractual relationship with the users, our partners and our clients.
  • To carry out our business.
  • To communicate with the users and send informational messages concerning the stages of the contract/processing.
  • To provide information on services for which you have expressed interest and in general to respond to users’ requests.
  • To provide smooth access and use of our website and enforce the website’s terms and conditions and other policies.
  • To comply with legal or regulatory obligations, for example in order to comply with KYC/AML checks.
  • To conduct a general analysis and evaluation and improve the provided services through our website to tailor our web presence to your needs, making our website easier and more efficient to use.
  • To communicate with users for direct marketing purposes.

REINVEST does not apply any automated decision-making process. No automated processing of certain data for the purposes of evaluating certain aspects (limited profiling) is done without human intervention.

The purposes of each specific data processing activity are defined in sections B, C, D, E, and F below.

7. Legal basis for processing

Your personal data is being processed lawfully and only to the extent that at least one legal basis applies, as defined in sections B, C, D, E, and F below.

8. Data retention

We only retain your personal data for as long as necessary in relation to the purposes for which they are collected, for compliance with a legal obligation or for the establishment, exercise, or defence of legal claims. Upon the expiration of each necessary timeframe, we ensure the secure deletion or anonymization of personal data for statistical or historical purposes.

However, some necessary personal data regarding your contractual relationship with REINVEST as well as information concerning your notification on the processing of your data and your consent, where applicable, may be retained so as to establish the lawfulness of processing of user data by REINVEST and our legal claims.

See detailed information for each specific data processing activity in sections B, C, D, E, and F below.

9. Recipients of personal data

For REINVEST to fulfil the above-mentioned purposes, it may disclose some personal data to the extent this is absolutely necessary to its employees, business partners (real estate agents and associates) or third-party recipients. For more information about the data recipients, please refer to sections B, C, D, E.

Regarding the safeguards taken when disclosing personal data, we wish to inform you that:

  • We share data only as far as legally permitted to do so and only as strictly necessary.
  • We require from all our employees and third parties to respect the security of all personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

In the future we may choose to sell, transfer, or merge parts of our business or our assets. We may seek to acquire other businesses or merge with them. In such case, we may share your information with such new owners (third parties). Should such a change happen to our business, then we will ensure the new owners use your personal data in the same way as set out in this privacy policy.

10. International transfers

The personal data we collect is stored in our secure servers in European Union. REINVEST does not transfer personal data to any third countries outside the European Economic Area and international organizations where there is no adequate level of protection. However, in exceptional cases, REINVEST may transfer personal data outside the EEA provided that such transfer is required by the applicable regulatory or legislative framework or REINVEST deems it as necessary for the performance of its contractual obligations, such as via processors who may use. In this case we will ensure that there is an appropriate level of protection corresponding to the level of protection of personal data in the EEA and that the transfer in question is lawful on condition that there is an adequacy decision of the European Commission or the required guarantees of Articles 44-50 of the GDPR are provided, such as adoption of European Commission's Binding Corporate Rules or Standard Contractual Clauses.

11. Your rights

Under the GDPR (articles 12-22), you have the following rights depending on the certain legal basis and processing procedure:

  • Right of Access: You can request access to your personal data we hold about you. This enables you to receive a free copy of the personal data we hold about you.
  • Right to Rectification: You can request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
  • Right to Erasure: You can request erasure of your personal data under specific conditions. This enables you to ask us to delete or remove personal data where there is no reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing or you have withdrawn your consent.
  • Right to object: You can object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms.
  • Where personal data are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
  • Right to Restriction of Processing: You can request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful; (c) where we no longer need the personal data for the purposes of the processing, exercise or defend legal claims; or (d) you have objected to automated processing.
  • Right to Data Portability: You can request the transfer of your personal data to you or to another data controller. We will provide your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
  • Right to Withdraw Consent: You can withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent.
  • Right to be informed / transparency: You have also the right to submit a request to REINVEST inquiring on how we process and protect your personal data.

The abovementioned rights can be exercised by submitting a request:

  • via email at: dpo@res-cep.com or
  • by post at the following address: Attention to Data Protection Officer, REInvest Greece S.A., 8 Xenofontos Street, Athens, P.C. 10557, Greece.

In order for the rights to be validly exercised, you may be asked to properly identify yourself, for the purpose of verifying that the personal data indeed belong to the natural person exercising its rights.

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we reserve the right to charge a reasonable fee if your request is clearly repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

REIVEST will take all possible measures to respond to all legitimate requests within 30 days from their receipt except for exceptional cases, where the above-mentioned period may be extended for two (2) more months, if necessary, considering the complexity of the request and/or the number of requests. In this case, REINVEST will inform you about any extension within the month of the delivery of the request, as well as about the reasons for such delay.

If you consider that your rights are infringed, you have the right to make a complaint about the way in which we handle your personal data at any time to the Hellenic Data Protection Authority at contact@dpa.gr (1-3 Kifissias Avenue, Ampelokipi, www.dpa.gr, +30 2106475600).

We would, however, appreciate the chance to deal with your concerns before you approach the HDPA, so please contact us in the first instance.

12. Data security

REINVEST implements appropriate technical and organizational security measures to ensure the best protection of personal data against any unlawful processing, as well as to guarantee the possibility of restoring the availability and access to them. These measures aim to ensure a level of security that corresponds to the risk, considering the nature, scope, context, and purposes of processing as well as the risks of varying likelihood and severity for the rights and freedoms of natural persons, while applying procedures for the regular testing, monitoring and evaluation of the effectiveness of said technical and organisational measures. Such measures include but are not limited to 1. Encryption, 2. Measures for ensuring ongoing confidentiality, integrity, availability and resilience of processing systems and services, 3. Measures for ensuring the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident, 4. Processes for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures in order to ensure the security of the processing, 5. Measures for user identification and authorization, 6. Measures for the protection of data during transmission, 7. Measures for the protection of data during storage, 8. Measures for ensuring physical security of locations at which personal data are processed, 9. Measures for ensuring events logging, 10. Measures for ensuring system configuration, including default configuration, 11. Measures for internal IT and IT security governance and management, 12. Measures for ensuring limited data retention, 13. Measures for ensuring accountability, and 14. Measures for allowing data portability and ensuring erasure.

We ensure that all our partners and third-party providers are subject to a duty of confidentiality and have in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.

13. Third-party links

Our website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. You should be informed about how these third parties process your personal data by their relevant privacy policies.

14. Social media

We appear on:

  • Facebook
  • LinkedIn
  • Instagram

You can visit these networks by clicking on the Social Plug-ins Buttons on our website. These buttons link to third-party websites that collect and process personal data in accordance with their own policies. We are not responsible for the content or data processing performed by these websites, and it is your responsibility to be informed about their own privacy policies.

B. Information regarding the collection and processing of personal data when you visit and use our website and subscribe to our Newsletter.

When you visit and use our website, the following data may be collected:

  • Personal and contact information such as first name, last name, email address, telephone number.
  • Website navigation data: This data may include your search history, IP address, screen resolution, the browser you used, the operating system and settings, access times, URL reference, as well as data collected through cookies (See Cookie Policy). If you're using a mobile device, we may also collect data that identifies your device, settings, and location.
  • If you choose to visit our website or interact with us via third parties such as Facebook, Instagram and LinkedIn, these parties may transfer to us data such as, your name, email address and social media profile information on that platform. This information varies and is contractual set by the third-party service in question (social network), but you can adjust it through your privacy settings on that service.

We will process the data for the following purposes:

  • To provide smooth access and use of our website and enforce the website’s terms and conditions and other policies.
  • To conduct a general analysis and evaluation and improve the provided services through our website, to tailor our web presence to your needs, as well as to make our website easier and more efficient to use.
  • To communicate with users for direct marketing purposes.

The legal basis for processing of personal data collected in accordance with the above is:

  • Processing is necessary for the purposes of the legitimate interests (article 6§1 f’ of GDPR) pursued by REINVEST, such as for the purposes of promoting REINVEST's image and its services, ensuring the security of networks and information. REINVEST will always balance your rights and interests in the protection of your personal data against REINVEST’s rights and interests or those of the third party. We consider it as our legitimate interest to appear on social media and information society services trying to promote our services by giving the opportunity to users of these networks to participate in promotional actions, click the “like” button on our page and post comments about our services.
  • Your prior consent (article 6§1 a’ of GDPR), in order to process your personal data for direct marketing purposes, to send newsletters and updates, to provide personalized offers and to use non-essential cookies on our website or any other specific purposes where consent is required under the applicable data protection legislation.

Recipients of personal data

To the extent that this is necessary for the provision of the webiste services and satisfaction of your requests, your data may be transmitted to external providers, such as internet companies and software companies, IT providers and service providers in order to provide IT and system administration services.

Data Retention

  • If you subscribe to our newsletter, your personal data is retained for as long as you wish to receive the newsletters and you do not object to your personal data processing for such marketing purposes.
  • The website navigation data is retained according to the Cookie Policy.

C. Information regarding the collection and processing of personal data when you contact us via calling to our call center.

During the phone calls, we may collect the following data:

  • Personal information such as first name, last name.
  • Contact information such as email address, telephone number(s), physical address.
  • Communication metadata, such as date and time of call.
  • Any information you provide to us during our communication, in particular your request or interest in property acquisition.

We will process these data by transcribing the communications, for the following purposes:

  • To provide information on services or properties for which you have expressed interest.
  • To communicate with you about the stages of your request / a contract, respond to your requests.
  • To provide evidence of a commercial transaction or of any other business communication.
  • To communicate with you for direct marketing purposes.

The legal basis for the processing of personal data collected during the phone call is:

  • Processing is necessary in order to take appropriate measures at your request before entering into a possible contract with REINVEST (article 6§1 b’ of GDPR).
  • Processing is necessary for the purposes of the legitimate interests (article 6§1 f’ of GDPR) pursued by REINVEST, such as for the purposes of promoting REINVEST's image, brand and its services and providing evidence of business communications and commercial transactions.
  • Your prior consent (article 6§1 a’ of GDPR), in order to process your personal data for direct marketing purposes, to send newsletters and updates, to provide personalized offers or for any other specific purposes where consent is required under the applicable data protection legislation.

Recipients of personal data

Our external provider who operates the call center has access to the personal data you provide during the calls. Our provider processes these data exclusively under our instructions and only for the purposes of providing the call center services.

We may also transmit your personal data to our business partners, owners of the real estate assets, or third-party real estate agents assigned to handle matters related to specific real estate assets.

Data Retention

The communication information will be erased after 12 months, subject to the following:
The necessary communication information will be retained:

  • for as long as it is required for fulfilling your request and till the end of the period during which the transaction can be lawfully challenged,
  • for compliance with a legal obligation or for the establishment, exercise, or defence of legal claims,
  • to be able to demonstrate the lawfulness of data processing by REINVEST (article 5§2 of GDPR). Your contact details will be retained for the purpose of sending promotional/marketing communications for as long as you have not objected to your personal data processing for such marketing purposes.

D. Information regarding the collection and processing of personal data when you take actions in order to become our client or when you start business with us and become our client:

The data that we collect varies according to the service requested each time by the user and may include the following:

  • Personal information such as first name, last name
  • Contact information such as email address, telephone number(s)
  • KYC/AML documents as per our AML policy

We will process these data for the following purposes:

  • To inform you about our services.
  • To support, promote and perform our contractual relationship.
  • To communicate with you about the stages of your request / a contract.
  • To respond to your requests.
  • To provide information on services or properties for which you have expressed interest.
  • To carry out our business.
  • To comply with legal or regulatory obligations, for example in order to comply with KYC/AML checks.
  • To communicate with you for direct marketing purposes.

The legal basis for processing of personal data collected in accordance with the above is:

  • Processing is necessary in order to take appropriate measures at your request before entering into a possible contract with REINVEST or for the performance of our contractual relationship (i.e. to provide the services and/or information requested) (article 6§1 b’ of GDPR).
  • Processing is necessary for the purposes of the legitimate interests (article 6§1 f’ of GDPR) pursued by REINVEST, such as for the purposes of promoting REINVEST's image and its services.
  • Processing is necessary for compliance with a legal obligation (article 6§1 c’ of GDPR) to which REINVEST is subject (for example in order to comply with KYC/AML checks).
  • REINVEST also reserves the right to regularly communicate with its clients by telephone, email, SMS, OTT services (such as Viber etc.) or any other means of communication, using the contact information which has been obtained lawfully, within the context of a previous contractual relationship or transaction with the client (article 11§3 of Law 3471/2006), provided that the data subject has not opposed this communication. This communication may include newsletters and updates, direct marketing of similar services by REINVEST or serve similar purposes and other promotional activities.
  • When a previous contractual relationship or transaction with you does not exist then we shall need your prior consent (article 6§1 a’ of GDPR), in order to process your personal data for direct marketing purposes, to send newsletters and updates, to provide personalized offers or for any other specific purposes where consent is required under the applicable data protection legislation.

Recipients of personal data

  • The authorized REINVEST’s personnel, on a strictly need to know basis and only as far as legally justifiable. Within REINVEST your information is processed and accessed only by specific individuals who provide sales, IT and system administration services and also undertake leadership reporting, as well as the partners and other senior members of REINVEST.
  • To the extent that this is necessary for the fulfilment of our contractual and legal obligations, provision of services and satisfaction of your requests, your data may be transmitted to external providers, such as internet companies and software companies, IT providers and service providers in order to provide IT, system administration services and call centre services.
  • Our business partners, owners of the real estate assets, or third-party real estate agents assigned to handle matters related to specific real estate assets.
  • Our appointed professional advisers including auditors, accountants, lawyers, bankers, insurers who provide consultancy, banking, legal, insurance and accounting services, to the extent that they may require access to the information to provide advice.
  • Tax and regulatory authorities based in Greece who require reporting of processing activities in certain circumstances.
  • If required to do so to meet applicable law, the order of a Court or market rules and codes of practice applicable to the circumstances at the time.
  • Relevant authorities to investigate or prevent fraud or activities believed to be illegal or otherwise in breach of applicable law.

Data Retention

Your data as a client of REINVEST is kept up to 20 years subject to the following:

  • To the extent required by law (for example, in order to comply with tax legislation, KYC/AML checks etc.)
  • In order to comply with court proceedings (any ongoing or future court proceedings).
  • To establish, exercise or defend our legal rights and legal claims.

In the context of sending promotional/marketing communications, your contact details is kept for as long as your consent to receive such communications is into force until it is revoked or until you exercise your right to object.

E. Information regarding the collection and processing of personal data when you contact us via email or through our website contact forms.

When you contact us for any reason, we may collect the following data:

  • Personal information such as first name, last name.
  • Contact information such as email address, telephone number(s).
  • Any information you provide to us during our communication, in particular your request or interest in property acquisition or any of our services.

We will process the communication data for the following purposes:

  • To provide information on services or properties for which you have expressed interest.
  • To communicate with you about the stages of your request / a contract, respond to your requests.
  • To communicate with you for direct marketing purposes.

The legal basis for the processing of personal data collected during the communication is:

  • Processing is necessary in order to takes appropriate measures at your request before entering into a possible contract with REINVEST (article 6§1 b’ of GDPR).
  • Processing is necessary for the purposes of the legitimate interests (article 6§1 f’ of GDPR pursued by REINVEST, such as for the purposes of promoting REINVEST's image and its services.
  • Your prior consent (article 6§1 a’ of GDPR), in order to process your personal data for direct marketing purposes, to send newsletters and updates as well as to provide personalized offers.

Recipients of personal data

We may also transmit your personal data to our business partners owners of the real estate assets, or third-party real estate agents assigned to handle matters related to specific real estate assets.

Data Retention

The communication information will be erased after 12 months, subject to the following:
The necessary communication information will be retained:

  • for as long as it is required for fulfilling your request and till the end of the period during which the transaction can be lawfully challenged,
  • for compliance with a legal obligation or for the establishment, exercise, or defence of legal claims,
  • to be able to demonstrate the lawfulness of data processing by REINVEST (article 5§2 of GDPR).

Your contact details will be retained for the purpose of sending promotional/marketing communications for as long as you have not objected to your personal data processing for such marketing purposes.

F. Information regarding the processing of personal data as a Data Processor.

In the context of providing a wide range of services in the real estate field, we cooperate with several partners, to whom we provide our services.

We may collect and process personal data at the request, under the instructions and on behalf of a partner, who determines the purposes of the processing, acting as a Data Controller.

As a Data Processor, we collect and process personal data provided by you in compliance with the instructions received by the Data Controller, which may include but are not limited to personal information such as first name, last name, contact information (email address, telephone number), KYC/AML documents as well as any information you provide to us during our communications, in particular your request or interest in property acquisition. Such data may also be transferred to business partners owners of the real estate assets, or third-party real estate agents assigned to handle matters related to specific real estate assets.

Where REINVEST acts as a Data Processor, we store the data for as long as we are instructed by the Data Controller.

Please note that as the Data Processor, we will forward in a timely manner your request to the Data Controller. While we will cooperate to the greatest extent necessary to assist the Data Controller to respond to your request, please be advised that the Data Controller is exclusively responsible for responding and satisfying your requests. You may also contact and submit a request to the Data Controller directly, following the instructions laid out in each Data Controller’s privacy policy.

G. Contact us

If you have any questions about this Policy and how we process your personal data, you may contact us via:

  • Telephone: +30 210 325 4147
  • E-mail: dpo@res-cep.com

H. Changes to this Privacy Policy

We may update this privacy policy from time to time. Every revision will be implemented as soon as we publish the revised policy, so you are strongly advised to check this policy regularly.

Contact