1. Controller

The Independent Authority for Public Revenue (hereinafter IAPR) is the controller of personal data processed through the appodixi application.

The contact details of the controller are:

Postal Address: 10 Karagiorgi Servias Street, Athens, T.K. 10184

Contact number: +30 213 162 1000

2. Personal data we process

A) when scanning the receipt and depending on the status of the receipt, the application generates the following messages, which it displays on the user's screen along with the following data:

- That the receipt has been transmitted to IAPR. In this case, the details of the receipt are also displayed, that is, the number of the cash register, the TIN of the enterprise, the number of the receipt, the date and time of issue of the receipt, the value of the transaction and VAT, and in transactions with service stations, the quantity and type of fuel.

- That the cash register is declared, but the receipt has not yet been transmitted to IAPR. In this case, the date and time beyond which the receipt should have been transmitted to the IAPR is also shown.

- That the QR code cannot be read or that the cash register is not declared or not active.

During the scanning of the receipt, the personal data of the user of the application or the company whose receipt is scanned are not transmitted to IAPR nor stored.

B) when submitting a report, the following information is transmitted through the application to the information system for the utilization of complaints of IAPR:

- Photo of the receipt, which usually shows the details of the enterprise (name, registered office, VAT number, competent tax office, telephone), date and time of transaction, transaction amount, payment method and the number of the receipt.

- The reason for submitting the report.

- The comments you enter in the relevant field.

- Your full name, if you choose to file a complaint by name
 

Purpose and legal basis

The purpose of the processing of personal data carried out through the application is to enhance the transparency of transactions and the effectiveness of tax audits, for the benefit of healthy business, the economy, and society as a whole (Article 6 par. 1 item e and Article 9 par. 2 item g GDPR).

Data retention time

The data transmitted through the application to the information system for the utilization of complaints of AADE are kept for the period strictly necessary for the needs of the tax audit.

Recipients of the data

Recipients of the personal data transmitted through the application in the information system for the utilization of complaints of IAPR are the services of IAPR. This personal data is not transmitted to any third party.

Rights of data subjects

In accordance with data protection law, when we process your personal data you have certain rights about which we must inform you. In particular, you have the rights to access your data, correct it if it is inaccurate or incomplete, delete it in some cases (you can read more about the right to delete  here), objection and restriction of processing under certain conditions.

To exercise your rights or for any other reason regarding the processing of your personal data, you can contact the Independent Data Protection Officer Support Department of IAPR as follows:

(a) Electronically: If you are a registered user of IAPR's online services, you can submit your request through the option " My Account/My TAXISnet "by selecting "Protection of Personal Data-GDPR" as the subject category. If you are not a registered user, you can submit your query through IAPR's website (www.aade.gr). Where you will find a request form, in which you must select as the subject category "Protection Of Personal Data-GDPR".

 B) By telephone to the numbers: (+30) 213-2113127,29, 213-2113130 and 213-2113132.

 (C) By post to the address: IAPR (AADE), Independent Department of Data Protection Officer Support, 20, Panepistimiou str. postal code 10672, Athens
 

Right to complain to the supervising authority

You have the right to appeal to the Personal Data Protection Authority for issues relating to the processing of your personal data. On the responsibility of the Hellenic Data Protection Authority and how to file a complaint, you can visit its website (www.dpa.gr), where detailed information is available.