The EU General Data Protection Regulation (GDPR) that came into effect on 25 May 2018 sets a new standard for the protection of personal data and seeks to strengthen the data protection rights of individuals in the EU, while also harmonizing data protection laws across the EU.

In order to meet the GDPR related transparency obligations, this Privacy Statement about personal data protection for data collected from Roots services and website use has been drafted providing important information to individuals regarding how and why we process their personal data, with whom we share their personal data, certain rights that they may have, and how they can contact ATHEXGROUP’s Data Protection Officer.

Roots is an initiative, offered by ATHEX that aims to accelerate the growth of innovative Greek SMEs and start-ups, and ensure they have the necessary knowledge and skills to effectively communicate their proposals to investors and access financing opportunities through the capital market. Roots provides access to an international network of experts, mentoring and training opportunities in order to facilitate SMEs to the point of investment-readiness.

1.    Who is responsible for your personal data and how can you contact them?

Athens Exchange (ATHEX) is the controller of your personal data. For more details you can contact our Data Protection Officer at or 110 Athinon Avenue, 104 42 Athens, Greece.

2.    Why do we process your personal data?

We process your personal data, as necessary to pursue our legitimate business and other interests, for the following reasons:

  • To communicate in order to provide information about Roots and the relevant developments (through newsletters etc.) as well as information about events, conferences, trainings and other actions organized by ATHEXGROUP.
  • To register Roots partners.
  • To operate Roots and in particular to administer and improve our business and client engagements.
  • For corporate marketing and business development purposes. In this context, we organize events where attendees may be photographed or videotaped. For these events and for other actions about Roots we inform you regularly;
  • To operate, maintain, develop, improve and customize our Website.
  • To protect the security, confidentiality and integrity of our Website, IT systems, hardware / networks, and information.
  • To respond to your inquiries and requests that are based on legal rights that you may have (e.g., individual rights under GDPR).
  • To comply with laws and regulations and as well as to pursue our legitimate interests in cooperating with our regulators and other authorities.
  • For any other purpose that we specifically tell you about when we obtain data about you.

When collecting your personal data by signing up for partners or receiving the newsletter, you will be asked to consent to your data management once you have read this statement.

We do not track your online activities across the Internet. We do not use your personal information for automated decision making, including profiling.

We do not sell or rent your personal information to third parties.

3.    Information you provide

You may provide us with personal information when you communicate with us through our Website:

Information you provide through our Website: You may provide us with personal information whenever you fill out a form on our Website, for example, to ask us a question, or request that we contact you about our products and services, research or events; to subscribe to our marketing, careers or investor relations emails; to download content; to register for events; or to submit a form based on legal rights that you may have (e.g., individual rights under GDPR). The information that you provide to us includes your contact details, and any other information collected on the form to allow us to fulfil the request.

Information you provide as a partner: When you log in to use our products or into our client support portal, you provide us with your username and password, and we log your product use.

Information we collect automatically: We use cookies to automatically collect information about you when you visit and take action on our Website, which may in some cases constitute personal information under applicable data protection law, including but not limited to your domain, your IP address, your date, time and duration of your visit, your browser type, your operating system, your page visits, information from third parties, other information about your computer or device, and Internet traffic.

4.    To whom do we disclose your personal data?

We disclose your personal data, for the reasons set out in Section 2, as follows:

  • To your organization in connection with the products and services that we provide to it if your organization is our client, or otherwise in connection with our dealings with your organization.
  • To ATHEXGROUP’s entities for the purpose of managing ATHEXGROUP's partners and clients.
  • To service providers of fraud monitoring, or hosting technology services.
  • To prospective buyers as part of a sale, merger or other disposal of any of our business or assets.

5.    How long do we keep your personal data?

We keep your personal data for as long as is necessary for the purposes of our relationship with you or your organization or complying with a legal or regulatory obligation.

6.    What are your rights in relation to personal data?

You can ask us to: (i) obtain confirmation as to whether or not your personal data are being processed, and access to the personal data and relevant information, (ii) provide you with a copy of your personal data; (iii) correct your personal data; (iv) erase your personal data, (v) restrict our processing of your personal data, (vi) object at any time to processing of personal data (including profiling), (vii) not to be subject to a decision based solely on automated processing (including profiling).

These rights will be limited in some situations; for example, where we are required to process your personal data by EU or EU member state law.
To exercise these rights or if you have questions about how we process your personal data, please contact us using the abovementioned contact details. You can also complain to the relevant data protection authorities in the EEA member state where you live or work or where the alleged infringement of data protection law occurred.

7.    Changes to this Privacy Statement

If we change this statement, to keep you fully aware of our processing of your personal data and related matters, we will post the new version to our website.



Sign up to receive Roots updates!