en
1077

Emergency Telephone Number

In accordance with the decision of the Hellenic Telecommunications and Post Commission (EETT) with No. 966/2 – Government Gazette 5266/Β/30-11-2020, we would like to inform you that calls to 1077 are subject to the Tariff Policy applied by each mobile and fixed telecommunications network operator. For further information, please visit the website of your network operator as well as the website of the Price Observatory for Telecommunication and Postal Retail Services of EETT.

2314 172750

Telephone Customer Service

Privacy Policy

Personal Data Protection

SUMMARY INFORMATION TABLE REGARDING THE PROCESSING OF PERSONAL DATA OF MOTORWAY SUBSCRIBERS AND USERS
This Personal Data Processing Policy (hereinafter the “Policy”) describes the manner in which your personal data are processed and the conditions for their collection, storage, and use by the Data Controllers.

Below you will find the content of the Policy first in a table format for convenience and subsequently in full text..
BASIC DEFINITIONS:

1. DATA CONTROLLER: Any entity that determines the purposes and means of processing personal data, such as a natural or legal person, public authority, agency, or any other body.
2. DATA PROTECTION OFFICER: The Data Protection Officer (DPO) facilitates the compliance of the data controller and the data processor with the provisions of the GDPR and acts as an intermediary between the various stakeholders.
3. DATA PROCESSOR: The natural or legal person, public authority, agency, or other body that processes personal data on behalf of the Data Controller.
4. DATA SUBJECT: The natural person to whom the data relate and whose identity is known or can be identified.
No REQUIRED INFORMATION
1 Identity and Contact Details of the Data Controllers DATA CONTROLLERS

1. NEA EGNATIA ODOS CONCESSION S.A.
GEMI No.: 175835504000
Registered Office: N. Kazantzakis 3G, 54628 Menemeni, Thessaloniki, Greece
Tax ID: 802408691
Email: Info@concession.neodos.gr

2. NEA EGNATIA ODOS OPERATION S.A.
GEMI No.: 176302605000
Registered Office: N. Kazantzakis 3G, 54628 Menemeni, Thessaloniki, Greece
Tax ID: 802435299
2 Contact Details of the Data Protection Officer
3 Collection of Personal Data Generally, we collect your data directly from you when you register for services (e.g., subscription account, issuance of cards) or when you communicate with us. Such data may include indicatively: Full name, Postal address, Email address, Telephone number, Tax Identification Number (TIN), Profession/status, Vehicle registration number, Record of subscriber crossings, Bank account number (IBAN), Transponder device number, Subscription account code. Additionally, we may collect image data in the event of an incident or when you pass through a toll lane, as well as special categories of personal data such as medical information where required (e.g., cases involving a traffic incident or accident with injuries). Telephone conversations with company representatives may also be recorded where indicated in a recorded message, for the purposes of security and proof of commercial transactions.
4 Cookies During your visit and browsing of our website, we may collect data through cookies that you have consented to be used. These are described in detail in the available on our website.
5 Purposes of Processing (i) Receiving requests / complaints / incidents (oral and written) from subscribers/users and responding to them.

(ii) Conclusion and management of applications / contracts for the provision of electronic toll services under the ratifying Law 5260/2025 (Government Gazette A 229) of the Concession Agreement dated 29.03.2024.

(iii) Interoperability of electronic toll systems.

(iv) Monthly (electronic and non-electronic) invoicing of subscribers in accordance with Law 4308/2014 (Government Gazette A 251), as amended and in force.

(v) Fulfillment of tax obligations (submission of tax declarations, etc.) under Law 4172/2013 (Government Gazette A 167), as amended and in force.

(vi) Invoicing and processing of subscriber requests / complaints within the framework of EU Directive 2019/520 as amended by EU Directive 2022/362.

(vii) Handling electronic correspondence with subscribers within the MyEgnatiaPass application available on the website www.neodos.gr.

(viii) Sending news and promotional communications (newsletters, printed materials, etc.).

(ix) Telephone subscriber satisfaction surveys.

(x) Recording through closed-circuit television (CCTV) for monitoring traffic flow along the motorway and ensuring the protection and security of transactions, personnel, and company facilities at Toll Stations and Toll Lanes, Subscriber Service Points, and the Traffic Management Center.

(xi) Roadside assistance for users of the Egnatia Motorway.

(xii) Notification of incidents to insurance companies for the exercise of rights and fulfillment of legal obligations of the Data Controllers.

(xiii) Toll violations.

(xiv) Management of traffic incidents.

(xv) Proof of transactions through the recording of telephone calls. Recording is carried out for the purpose of proving transactions and ensuring the interests of all parties in case of dispute.

(xvi) Issuance of a Permanent Resident Card for toll-free crossings.
6 Legal Basis for Processing Processing is carried out, as applicable:

a) For the performance of the contract between the Company and the subscribers.

b) For compliance with the legal obligations of the Data Controllers.

Fulfillment of legal obligations arising from: i) Law 5260/2025 ratifying the Concession Agreement dated 29.03.2024, ii) Law 4172/2013 – Income Tax Code, iii) Law 4308/2014 – Greek Accounting Standards, iv) EU Directive 2019/520 as amended by Directive 2022/362, v) Law 2251/1994 on Consumer Protection.

c) For the purposes of the legitimate interests pursued by the Data Controllers.

d) For the defense and legal protection of the Data Controllers, the protection of assets and property, and for statistical and historical purposes.

e) Based on the consent of the Data Subject, where applicable.
7 Access and Transfer of Your Personal Data

Categories of Personal Data Recipients:

 Access to your personal data is granted only to the strictly necessary authorized personnel of the Data Controllers and to cooperating companies that process your data as Data Processors on behalf of the Data Controllers and in accordance with their instructions.

Access may also be granted to companies providing technical support services for information systems.

Processors are contractually obliged to maintain confidentiality, not disclose data to third parties without authorization, implement appropriate security measures, and comply with the legal framework on personal data protection, particularly the GDPR.

Additionally, we may disclose your data when you have expressly requested it or when required by law.

Indicative categories of recipients include:

a) Competent police, prosecutorial, and tax authorities under Law 4172/2013.

b) Services of the Ministry of Infrastructure and Transport under Law 5260/2025.

c) Other toll road concession companies within the framework of interoperability (EU Directive 2019/520 as amended by Directive 2022/362).

d) IT and printing service providers responsible for printing, enveloping, and sending subscriber invoices.

e) Roadside assistance companies for passenger and heavy vehicles.

f) Telephone survey companies conducting subscriber satisfaction research.

g) Insurance companies due to obligations or rights arising from insurance coverage and third-party partners managing certain accident/complaint cases (e.g., experts).

h) Partner companies distributing the “EgnatiaPass” electronic transponder (e.g., banks).

i) Partner companies collecting prepayments or settlement amounts for electronic crossings (e.g., fuel stations, banks).

j) Partner companies providing remote contract/application services for subscriber registration in commercial programs (e.g., courier companies).

k) Companies providing digital design, digital marketing, and e-business services.
8 Transfer of Personal Data to Third Countries or International Organizations No such transfer takes place.
9 Personal Data Security Policy To maintain the security of your personal data, we apply an appropriate level of protection and have implemented reasonable physical, electronic, and administrative procedures to prevent accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access to personal data that are transmitted, stored, or otherwise processed. Our information security policies and procedures are regularly reviewed and updated as required to meet our business needs, technological changes, and regulatory data protection requirements.
10 Retention Period of Personal Data a) Personal data related to applications/contracts for electronic toll services are retained for the duration of the contract (which is of indefinite duration) and for five (5) years after its termination, according to Article 36(1) of Law 4987/2022 and Article 250 of the Greek Civil Code.

b) CCTV recordings are retained for three (3) days. If within this period a data subject informs us of an incident and the cameras have recorded it, the Company may isolate part of the video and retain it in a separate file for up to 30 days, or up to 3 months if the incident involves a third party. After this period, data may be retained for longer only in exceptional cases where further investigation is required. Traffic violations are not considered incidents within this meaning.

c) Telephone call recordings are retained for three (3) days and concern calls to and from the Call Center, Customer Telephone Service, emergency number 1077, and the Traffic Management Center.

d) When processing is required by law, personal data will be stored for the period specified by the relevant legal provisions.

e) When processing is based on consent, personal data will be retained until the consent is withdrawn. Withdrawal may be made at any time and does not affect the lawfulness of processing carried out before withdrawal.
11 Rights of Data Subjects As a data subject, you have specific legal rights regarding the personal data we collect from you. These include:

·  Right of access

· Right to rectification

· Right to erasure

· Right to object

· Right to restriction of processing

· Right to data portability

·  Right to withdraw consent

These rights may be exercised where the conditions of Regulation (EU) 2016/679 (GDPR) are met.

To exercise your rights, please contact dataprivacy@neodos.gr via email. We will attempt to respond within 30 days, although this period may be extended depending on the complexity of the request or the legal right involved. We may request proof of identity for verification purposes before responding to your request.
12 Right to Lodge a Complaint with a Supervisory Authority You have the right to lodge a complaint with the Hellenic Data Protection Authority (HDPA) through its online portal (https://eservices.dpa.gr).
13 Automated Decision-Making, Including Profiling No automated decision-making or profiling is carried out.
14 Provision of Personal Data by Data Subjects Providing personal data is a legal and contractual requirement for concluding an application/contract for electronic toll services, issuing invoices (electronic or paper) for subscriber crossings, fulfilling the Company’s tax obligations, complying with interoperability legislation for toll systems, and complying with consumer protection legislation.

If such personal data are not provided, it will be impossible to conclude the application/contract for electronic toll services.

Telephone calls are recorded for the purpose of proving transactions and safeguarding the interests of all parties in case of dispute.

 

Full Text of the Personal Data Protection Policy

The companies NEA EGNATIA ODOS CONCESSION S.A. and NEA EGNATIA ODOS OPERATION S.A. have adopted the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (hereinafter the “General Regulation”) and Law 4624/2019 for the protection of the personal data they maintain and fully comply with them.

Please study this Personal Data Protection Policy (hereinafter the “Policy”), the Summary Table of the Personal Data Processing Policy, and the , in order to learn more about the type and purpose of the data we collect about you and how we use this information.

  1. Collection and Use of Personal Data

The Companies NEA EGNATIA ODOS CONCESSION S.A. and NEA EGNATIA ODOS OPERATION S.A. (hereinafter also for the purposes of this Policy jointly referred to as the “Companies” or the “Data Controllers”), acting as joint controllers within the meaning of Article 26 of the General Regulation, collect only the strictly necessary data for each specific processing purpose. These data concern subscriber users and third parties and may include: full name, postal address, email, telephone number, Tax Identification Number (TIN), vehicle registration number, profession/status, record of subscriber crossings, bank account number (IBAN), subscription account code, transponder device number.

These data are provided by the Data Subjects themselves, either electronically, by fax, by completing the specific corporate forms, or by telephone for the conclusion of a subscription contract (Contract Application) or for submitting a request/complaint, or for incident management.

The provision of the personal data of each data subject constitutes a legal and contractual obligation for concluding the application/contract for the provision of electronic toll services, invoicing (electronic or paper) the electronic crossings of its subscribers, and fulfilling the legal obligations arising from legislation concerning interoperability of toll systems. If such personal data are not provided, the conclusion of the application/contract for the provision of electronic toll services becomes impossible.

Data of motorway users may also be recorded through Closed-Circuit Television (CCTV) along the motorway for traffic management, as well as at Toll Stations and Toll Lanes, at Subscriber Service Points, and at the Operation and Maintenance Center (OMC) for the security of transactions, the safety of personnel, and the protection of the facilities of Nea Egnatia Odos Concession S.A. and Nea Egnatia Odos Operation S.A. Personal data are also collected through CCTV during vehicle crossings that constitute toll violations. In this case, the vehicle registration number may be recorded for the management of violations by the Data Controllers and the imposition of an administrative fine by the competent Traffic Police department.

Personal data of subscribers, users, and third parties are also collected and recorded during their communication and conversations with representatives of the Data Controllers at the Call Center, the Customer Telephone Service, the emergency number 1077, communication with the Traffic Management Center, and in any other case mentioned in a recorded message.

Recording takes place in the context of the development of the specific transactional relationship, for the purpose of providing evidence of our communication, proving transactions, and simultaneously safeguarding the interests of all parties in case of dispute, for example: telephone renewal using credit cards, remote modification of customer details, response to incidents or complaints, etc.

Finally, data of motorway users may also be collected by authorized partners of the Data Controllers during the provision of roadside assistance services, or by our personnel during an incident (e.g., photographic material from a traffic incident, vehicle registration number and its geographic location, persons involved).

Any complaints, information, and requests from subscribers, users, and third parties are recorded in databases for quality and management purposes.

  1. Purposes of Processing

Your personal data are not used for any purposes other than those for which they were collected, which are described in detail in Article 5 of the Summary Table.

  1. Collection of Personal Data Due to Interoperability

Interoperability is the possibility of passing through toll stations using the Electronic Device of one Issuer through specially designated lanes of a motorway that bear special signage. The Company does not collect Personal Data of Subscribers and Users of other motorways, nor does it transmit the personal data of its subscribers and users to other Toll Management Bodies. However, Toll Management Bodies that have undertaken the operation and maintenance of road infrastructure (and/or the Operating Companies authorized by contract to act as their direct agents for toll collection) and the Issuers retain the right to transmit subscriber data between them for the purposes of investigating incidents, resolving problems, resolving subscriber complaints related to electronic crossings carried out through Interoperability, and only between the Issuer and the specific Management Body concerned by the case under investigation.

  1. Transfer of Personal Data to Third Parties

We maintain your personal data within the framework of fulfilling our contractual and operational obligations, in accordance with applicable legislation.

In certain cases, the Data Controllers may transmit the personal data they process to competent third-party authorities, services, and partners, as specifically described in Article 7 of the Summary Table.

Partners of the Data Controllers who process personal data on their behalf as described above are bound by confidentiality agreements and personal data protection agreements, in accordance with the provisions of the General Regulation.

  1. Consent & Rights of Data Subjects
  1. A) Consent and Right to Withdraw Consent

The Company may contact you at the email address or telephone number you have declared for purposes such as informing you about the use of your Electronic Device or the motorway, improving its services (satisfaction survey), sending electronic newsletters, promoting related goods and services, or for other related purposes, only if it has received your consent to do so. In this case, you have the right to withdraw your consent at any time by sending an email to the Data Protection Officer of the Data Controllers at: dataprivacy@neodos.gr.

  1. B) Rights of the Data Subject

Access: You have the right to be informed whether and how we process your personal data at any time and free of charge.

Rectification: You may request the correction or updating of personal data that are incomplete or inaccurate.

Erasure: You may request the deletion of your data if they are no longer necessary for the purposes for which they were originally collected or if you wish to withdraw your consent and there is no other legal basis for processing. The Right to Erasure is subject to conditions. It may therefore be restricted where the retention of data is mandatory in order to fulfill the legal obligations of our Company that may be based on provisions of specific laws such as the Civil Code, Penal Code, tax legislation, insurance legislation, etc., or on relevant instructions from the competent service of the Ministry of Infrastructure and Transport, which is the supervising authority of the Project.

Objection: You may object at any time to the processing of your personal data, which we will respect provided that no other lawful grounds for processing exist.

Restriction of Processing: You may request the restriction of the processing of your personal data if you contest their accuracy or the lawfulness of the processing.

Data Portability: You may request to receive the data you have provided in a readable format or request that we transfer them to another data controller.

Right to Withdraw Consent: Where processing is based on your consent, you have the right to withdraw that consent at any time, without affecting the legality of the processing carried out based on that consent before its withdrawal. The above rights may be exercised provided that the conditions of Regulation (EU) 2016/679 are met.

  1. Retention Period of Personal Data

The Companies retain your personal data for as long as required for the execution of our contractual relationship and in any case for the period defined by the applicable tax legislation, the specific provisions of the Concession Agreement, as well as the Greek Civil Code in case any contractual or financial claims or other disputes arise.

For the retention period of Personal Data, please refer in detail to Article 10 of the Summary Table.

  1. Data Security and Integrity

The Companies implement appropriate technical and organizational measures, policies, and procedures for the security of personal data and their protection against accidental or malicious loss, misuse, alteration, or destruction.

Furthermore, we strive to ensure that access to your personal data is limited only to Companies’ personnel, external partners, competent ministries and authorities acting within the scope of their duties. Persons who have access to the data are specifically authorized and bound by confidentiality and secrecy obligations.

  1. Cookies 

To ensure the proper functioning of their website, the Companies may use Cookies, i.e., small data files stored on users’ computers. Please consult the Companies’ and configure their use accordingly.

  1. Changes to this Policy

The Companies review this Policy frequently and may modify or revise it periodically at their discretion. We encourage you to review this Policy from time to time in order to check whether there are any changes in the way we manage your personal data.

  1. Contact Us

If you have any questions, comments, or requests regarding the processing of your personal data or wish to update your personal data or exercise any of your rights as a Data Subject, please contact us at: dataprivacy@neodos.gr.

 

NEA EGNATIA ODOS CONCESSION S.A. – GEMI No. 178847001000

NEA EGNATIA ODOS OPERATION S.A. – GEMI No. 178852001000