myDATAapp: Privacy policy

 

1. Data Controller

 

The Independent Authority for Public Revenue (hereinafter referred to as IAPR) is the controller of personal data collected and processed through the myDATAapp.

The Data Controller’s contact details are:

Postal Address: 180 Peiraios Street, P.C. 17778, Tavros

Contact number: +30 213 162 1000

 

2. Personal Data we process

 

The personal data of natural persons that are processed during the operation of the myDATAapp are as follows:

 

I. Through the myDATAapp application, the following data is requested for user login:

  • Username, Password

 

II. Through the myDATAapp application, the following data for the business is displayed

  • Business name, Business activity, Business address, Business telephone number, Business TIN

 

III. Through the myDATAapp application, the following statistical data is displayed:

  • Revenue / Expenses: Value of revenue/expenses, VAT, Other Charges and Total for current/previous month and current year, Balance: Difference between revenue and expenses for current/previous month and current year, Customers & Suppliers: Number of customers, suppliers and documents for current/previous month and current year, Important Customers: Top 5 customers and their transaction amounts for current/previous month and current year, Important Suppliers: Top 5 suppliers and their transaction amounts for current/previous month and current year

 

IV.hrough the myDATAapp application, the following data is displayed for New Customer registration:

  • Customer Type, Customer Country, Code, TIN (Tax Registration Number): The customer's TIN is registered and checked based on the standards of the tax authority. For domestic businesses, the company's data is cross-checked through the Business Registry Basic Data Search service. In order to achieve the cross-check, the company's TIN is required to be entered. In the case of a valid TIN, the fields Name, Address and City are automatically filled in by the system according to the data in the TAXIS registry.
  • Name, Occupation / Activity, City, Address, Postal Code, Tax Office, Email, Telephone-1, Telephone-2.

New Customers created through the myDATAapp application are registered in the company's account in the myData infrastructure and their data is stored encrypted in the company's share....

 

V. Through the myDATAapp application, the company's Customers are displayed in a list with the following data:

  • Customer Code, Name, TIN, City, Address, Occupation / Activity

 

VI. Through the myDATAapp application, the following customer management options are available:

  • Edit Customer, Delete Customer (with confirmation process). In Edit Customer, certain fields cannot be modified, such as the customer code and, where applicable (see Domestic business), the Company Name, the City, etc

Changes to customer details made through the myDATAapp application are stored encrypted in the business's MyData account

 

VII. Through the myDATAapp application, the following data is requested for the issuance of a document:

  • General Document details: Document Type, Series, Issue Date, Branch, Payment Method, Related Document, Customer Details (Name, TIN, etc.) and in the case of Transportation, the corresponding details (Vehicle Number, Shipment Date, Loading Place and Delivery Place Details)
  • Document Options: Movement Note, Self-Invoicing, VAT Payment Suspension
  • Document Options: Movement Note, Self-Invoicing, VAT Payment Suspension

Documents issued through the myDATAapp application are stored encrypted in the company's account on the MyData infrastructure.

 

VIII. Through the myDATAapp application, the user can send the document:

The myDATAapp application allows the user to send the document they issue, via email, to their customer. The personal data used to send the document include:

  • Customer Email Address: The email address entered in the corresponding field (customer tab).
  • Document Details: All data included in the document (e.g. type, product description, amounts, taxes) and which are sent via email.

The document is sent using secure email servers and, where necessary, encryption techniques are used to protect data during transmission.

 

IX. Through the myDATAapp application, the following document data is displayed:

  • MARK, Issuer Name, Issue Date, Amount, Display of QR Code

Each document is accompanied by a unique QR Code. When the user scans the QR code, information about the document that has been issued is displayed, such as Document Type, MARK, Issuer Name, Issue Date, Amount and other relevant information.

The user can view and search for their documents using filters (e.g., Date: "Today", "Previous Week", "Current Month", "Previous Month"), however, this data is not allowed to be stored or processed outside of the application.

 

X. Through the myDATAapp application, the following data is displayed for document viewing:

  • General Document details: Document Type, Series, Issue Date, Branch, Payment Method, Related Document, Customer Details (Name, TIN, etc.) and in the case of Transportation, the corresponding details (Vehicle Number, Shipment Date, Loading Place and Delivery Place Details)
  • Document Options: Movement Note, Self-Invoicing, VAT Payment Suspension
  • Other Document Details: Other Related TINs, Goods / Services, Miscellaneous Taxes, Comments / Observations, Totals

 

XI. Through the myDATAapp application, the user can choose to download additional applications:

The user can choose to download the Appodixi application or the myAADEapp application through the corresponding icons. After choosing to download one of these applications, he will be automatically redirected to the corresponding Google Play Store (for Android devices) or Apple App Store (for iOS devices), where he can proceed to download and install the application for his device. In case he has already installed it, he can select Open.

The myDATAapp application does not collect personal data during the redirection process to the Play Store or the App Store. However, these platforms may collect and process personal data in accordance with their own privacy policies. The user is advised to carefully read the privacy policies and terms of use of the respective app store before downloading or installing the application.

 

XII. XII. The following data is stored through the myDATAapp application:

  • Authentication information: The 4-digit PIN code created by the user to access the application is stored encrypted. The application never stores the PIN in clear text and it is only accessible through the authentication process. For security reasons, every 15 days, the user is asked to verify his identity by re-entering the username and password in the application.
  • Biometric data: When the user activates the biometric authentication feature (fingerprint or facial recognition), the biometric data is not stored on the application server or in the cloud. Instead, it remains on the user's device and is only used to authenticate access to the application.
  • PIN Change: When the user decides to change the 4-digit PIN, the new PIN value is stored encrypted and protected by the application's security systems.
  • Language Change: The application allows the language to be changed between Greek and English. The language data selected by the user is stored locally on the device, in order to adapt the application language according to the user's preferences.
  • Statistics: The application stores the user's statistical data, as displayed on the Dashboard. This data is encrypted before being stored in the system, has a lifespan of 8 hours, and is then deleted or refreshed.

Data Deletion: The user can delete all of the above data (e.g. PIN, biometric data, language, statistics) by deleting the application from their device. All data related to the use of the application is automatically deleted and is not stored on external servers after uninstallation.

The above data is stored on your mobile device and the IAPR does not gain access to it.

 

XIII. Through the myDATAapp, the following data is recorded:

  • Application errors: Logging of any errors or failures during application operation.
  • Exception information: Recording of exceptions that may occur during the execution of application functions (e.g., errors when communicating with external servers or API calls).

Exception information: Recording of exceptions that may occur during the execution of application functions (e.g., errors when communicating with external servers or API calls).

The myDATAapp application does not collect data from your mobile phone. Depending on the operating system (Apple iOS, Google Android or similar) on which the myDATAapp application is installed, it may request access to data and functions of your mobile device in order to activate your biometric data.

 

3.Data security

 

The IAPR takes all necessary technical and organizational measures to ensure the integrity, availability and confidentiality of the data it processes.

 

4. Purpose and Legal Basis

 

The purpose of processing personal data carried out through the application is to provide digital public services for the optimal service of taxpayers [article 6(1e) GDPR].

5. Data retention period

The data stored in the myDATAapp is deleted after the application is deleted from the user's mobile device.

 

6. Recipients of the data

 

Only authorized personnel of IAPR have access to the personal data of the myDATAapp.

 

7. Transfers to third countries

 

ΤPersonal data processed during the operation of the myDATAapp are not transferred to third countries or international organizations.

 

8. Data Subject Rights

 

Under the data protection legislation, when we process your personal data you have certain rights of which we must inform you. Specifically, you have the rights to access your data, to rectify it if it is inaccurate or incomplete, to erase it in certain cases (you can read more about the right to erase it here), to object and to restrict processing under certain conditions.

To exercise your rights or for any other reason regarding the processing of your personal data, you can contact the Independent Data Protection Officer Support Department of the IAPR as follows:

α) Electronically: If you are a registered user of the IAPR's electronic services, you can submit your request through the myAADE portal (option Questions to IAPR) by selecting "Personal Data Protection-GDPR" as the subject category. If you are not a registered user, you can submit your question through the IAPR website (www.aade.gr/en/) in the Contact section where you will find a Request Submission Form, in which you must select "Personal Data Protection-GDPR" as the subject category.

b) By telephone at the numbers: +302131410058, +302131410055, +302131410049, +302131410073 and +302131410053.

c) By post to the address: IAPR, Independent Data Protection Officer Support Department, 180 Peiraios Street, P.C. 17778, Tavros.

 

9. Right to complain to the supervisory authority

 

You have the right to appeal to the Hellenic Data Protection Authority (HDPA) for issues concerning the processing of your personal data. To find out about the competence of the HDPA and how to submit a complaint, you can visit its website www.dpa.gr), where detailed information is available.