The WAIZ App is an Account Information Service application (“the App”) owned by NATIONAL BANK OF GREECE S.A (hereinafter “WAIZ”, “NBG” “we”, “us”, “our”) that allows you to overview all your online banking accounts in one secure app, and analyses your account information to help you manage your money simply and more efficiently. For more information regarding the function of the App please read our Terms and Conditions of Use for the App (which can be found here).

The purpose of this privacy statement is to provide information to you as a potential and/or existing user of the WAIZ App regarding the processing of your personal data by NBG as the data controller, pursuant to the provisions of the General Data Protection Regulation 2016/679 (GDPR), when using the WAIZ App or visiting our website.

WAIZ acknowledges and gives top priority to its requirement to comply with the applicable regulatory and legal framework on banking secrecy and on the protection of individuals with regard to the processing of their personal data.


1. Who we are

NATIONAL BANK OF GREECE S.A., a public limited banking company, registered in the General Commercial Registry (GEMI), with the GEMI Νο. 237901000, website, headquartered in 86, Eolou street, 102 32, Athens, has the full copyrights on the App. Please note that for your personal data related to the bank accounts you add to the WAIZ App, each bank you are a client to acts also as an independent data controller of the said data and therefore for more information, please be informed their respective


2. What personal can be processed

Personal data is any data relating to a person who is identified or who can be identified (such as a name, an identification number, or an online identifier).

Personal data you provide

You may give us personal data about you by registering to WAIZ and using our Services, interacting with the App or our website, or by corresponding with us via email, phone or otherwise. Examples of personal data you may provide us include:

It is noted that you are required to inform WAIZ timely for any possible change on the aforementioned data.


Personal data from connected banks

If you connect one of your banks to our App, we will automatically collect some financial information from your connected banks, such as:

Personal data we collect from you

When you use the App or our website we may collect information such as:


3. Purposes of processing your personal data



Legal Basis

We process your personal data in order to organise, and to enable you to take part in, competitions, draws and other reward programmes related to the use of the App in order to enable us to check the validity of participating entries, to contact winners, and give out the prizes.

The processing of your personal data is necessary to meet the obligations we undertake to you by accepting the terms and conditions of participation in competitions, prize draws, and other reward programmes.

In addition, we process your personal data for the following purposes:

•    tailor the content and the services that you’re offered through the App,

•    send you notifications about weekly or monthly reports, spending and balance alerts, challenges, new features of the App,

•    give you relevant Smart Insights and suggest relevant Actions for you

•  providing updates to make the most out of the App’s products and/or services (e.g. updates about new features or functionalities or ways to make better use of them, and information about, or regarding your participation in, reward programmes, prize draws, competitions, and so on).

•    improve your experience and make the App services better for you,

•    assess how you use the App and the website and analyse that data,

•    make a secure connection between your device and the App,

•    take action if we need to defend our legal rights under the App Terms and Conditions of Use if you would breach any laws or regulations or our App Terms and Conditions of Use,

•    resolve potential requests/complaints of yours,

•    perform research and trend analysis to optimise your experience,

•    create content using some personal data will enable us to engage with you in a more direct way,

•    improve WAIZ’s products and services according to your interests, your preferences and your overall transactional activity.

The processing of your personal data lies with the legitimate business interest of WAIZ to constantly shield and continuously improve its products and services to meet the needs of its customers.

We also process your personal data in compliance with the obligations of the national legal and regulatory environment, in particular the 2nd Payment Services Directive (PSD2), incorporated into the Greek legislation with Law 4537/2018.

The processing of your personal data is necessary for WAIZ to comply with the applicable legal and regulatory framework.

Finally, to the extent that a legal ground described above would not apply to processing of your personal information by us, we will seek your consent for such specific purpose in accordance with applicable law.

The processing of your personal data may be based on your explicit and up-to-date consent.


4. Recipients with whom your data can be shared

Recipients of the data that WAIZ is obliged or entitled to disclose, by law or regulation or court order or in the context of lawful operation of the data subjects’ business and contractual relationship with WAIZ, may be third parties (natural or legal persons), public authorities, services or other bodies, such as:

In the event of data being transferred to third parties within the scope of data processing activities, then such third parties are obliged to adhere to the applicable legal and regulatory framework including the General Data Protection Regulation (2016/679) and have been contractually obliged to comply with all legal and regulatory requirements.


5. Provisions in the event of any personal data transmission to third countries (cross-border transmission)

In the context of WAIZ’s operations your personal data is not transferred outside of the European Economic Area (EEA). However, if necessary, the said transfer is effected in accordance with the provisions of European legislation on Companies registered in member states within the European Economic Area (EEA) or with the local legal framework as regards Companies registered outside the European Economic Area (EEA). Personal data may only be disclosed to third countries outside the European Economic Area (EEA), if the foreign law provides for an adequate level of data protection. In case the foreign law does not provide an adequate level of data protection, personal data may only be transferred to such country if either the data subject has explicitly consented to the transfer, or if data protection is provided for by an adequate data transfer agreement (i.e. if you, as the data subject, have explicitly given your consent for this transfer). WAIZ ensures, through appropriate procedures, that the required procedures are carried out by the local authorities, as well as that each third party involved ensures the safe processing of personal data transmitted.


6. Data retention period

WAIZ processes your personal data as long as you retain your account with WAIZ. In particular, your data is not being processed beyond the necessary period of time for the purposes described here.

If you delete your WAIZ account or invoke your right to be forgotten, we will use reasonable endeavors to no longer process your data.

We may retain your personal data for a longer period as necessary to:


7. Action taken when the data retention period has expired

In the event that the data retention period has expired, WAIZ pays special attention to how this data is destroyed. For this purpose, WAIZ has established and implemented a relevant procedure applied after having examined that it is not necessary to keep archives material for compliance with legal and regulatory requirements or for the protection of WAIZ's interests and is based on the instructions of the Hellenic Data Protection Authority. WAIZ shall ensure that the above process of file destruction containing personal data also binds third parties providing services in the name and on behalf of it and any other persons with whom it cooperates in the context of outsourcing or other kind of agreements.


8. Yours rights on the protection of your personal data

Following the verification of your identity, you, as a Data Subject, have the following rights:

Right to Information

WAIZ must provide you with any information in relation to the processing of your personal data, including what data WAIZ processes, for which purpose, for how long WAIZ keeps them, in a concise, understandable and easily accessible form, using clear and simple wording.

Right of Access

You have the right to obtain from WAIZ confirmation as to whether or not personal data of yours are being processed, and, if so, you have the right to access to the personal data.

Right to Rectification

You have the right to obtain from WAIZ the rectification of inaccurate or incomplete personal data of yours and the right to have incomplete personal data completed.

Right to Erasure

You have the right to obtain from WAIZ the erasure of your personal data, which can be met if certain conditions are met.

Right to Restriction

You have the right to obtain from WAIZ restriction of processing under certain conditions.

Right to Object

You have the right to object, at any time, to processing of personal data concerning you. WAIZ shall then no longer process your Personal Data unless it demonstrates compelling legitimate grounds for the processing, which override the interests, rights and freedoms of yours or for the establishment, exercise or defense of legal claims.

Right to Obtain Human Intervention

You have the right to ask from WAIZ not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

Right to Portability

You have the right to ask from WAIZ and receive your Personal Data that you have provided in a structured, commonly-used and machine-readable format or to ask WAIZ to transmit those data to another controller.


In order to further facilitate the exercise of your relevant rights, WAIZ ensures the development of internal procedures so as to respond timely and effectively to your relevant requests.

For issues concerning the processing of your personal data, you may contact the Data Protection Officer (DPO) in writing by mail or email (National Bank, Data Protection Officer, Aeolou 93, 10551, Athens,

In case that you consider that the protection of your data is in any way affected, you may also lodge a complaint with the Data Protection Authority using the following contact details:

Address: 1-3 Kifissias Avenue, 115 23, Athens
Tel: +30 210 6475600
Fax: +30 210 6475628


9. Cookies

WAIZ may collect data identification for visitors/users of its website by using relevant technologies such as cookies and/or Internet Protocol (IP) address tracking. Cookies are small text files that are stored on the hard drive of each visitor/user and do not access any document or file from someone’s computer. They are used to facilitate visitor/user’s access to the use of specific services and/or site pages for statistical purposes and in order to determine the areas that are useful or popular, as well as to assess the effectiveness of the site and to improve the performance of the site. These data may also include the type of browser used by the visitor/user, the type of computer, its operating system, Internet service providers and other information of this kind. In addition, the site's information system automatically collects information about the visitor/user's site and about the links to third-party websites he may choose through the use of WAIZ's website.

The visitor/user of the website may be informed in detail about the categories of cookies used on WAIZ's website through the relevant explanatory screen. Please note that cookies that are technically necessary to make the connection and navigation on the site or to provide the service cannot be deactivated. For the rest categories of cookies, which are optional, the visitor/user of the website should choose whether they wish to activate them and, if so, provide their consent

If the visitor/user of the website does not allow the use of optional cookies, then he may lose some additional information/functionality as mentioned in the cookie setup page.

By using optional cookies, WAIZ can leverage the capabilities provided by Google Analytics, including Display Advertising, utilizing the remarketing features to promote its products and/or services in Internet. In particular, third-party vendors, including Google, display advertising messages from WAIZ on various websites on the Internet. WAIZ and third-party vendors, including Google, use cookies (such as the Google Analytics cookie) or third-party cookies (such as DoubleClick cookie) jointly to update, optimize, and serve promotional messages based on previous visits of someone on WAIZ’s website. Our website visitors/users may declare that they do not wish to receive relevant messages and be excluded from future actions in Display Advertising and adjust Google Display Network ads using Ads Settings or activate, if they so wish, the Google Analytics opt-out browser add-on via the link link (looking for a further subscription at the hl = en).

The visitor/user of the WAIZ website may delete the cookies and disable their use by selecting the browser he uses below and following the instructions:

If another browser is used, the user/visitor of the WAIZ website should refer to the relevant information of its provider.

For more information and to customize your cookie preferences, please press the "C" icon, located on the bottom right corner of our website.


10. Update-amendment of the said statement on personal data privacy

WAIZ may update, supplement and/or amend this Privacy Statement in accordance with the applicable regulatory and legislative framework. In this case, the updated Statement will be posted on the WAIZ’s website.