PRIVACY AND PERSONAL DATA PROTECTION POLICY
Centre for Research and Technology Hellas (CERTH) pays special attention to the privacy and personal data protection of the visitors/users of its website. CERTH respects your privacy and recognizes the importance of personal information security. For this reason, this Policy is in place and defines the way of processing and protection of your personal data.
It is noted that according to applicable data protection legislation (General Data Protection Regulation 2016/679/EU, Greek Law 4624/2019), personal data means any information relating to an identified - in particular by reference to an identifier -, or identifiable natural person (‘data subject’). Information concerning legal persons and groups of persons or statistics, from which there is no possibility to identify a specific natural person, does not fall into this notion and is excluded from the scope of the relevant legislation.
This Privacy and Personal Data Protection Policy is compliant with the General European Regulation on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereafter ‘GDPR’) and Greek Legislation (Law 4624/2019) and aims to inform you about how CERTH collects and processes your personal information when you use and navigate through its website.
CERTH may modify this policy at any time without notice by announcing any such modification through its website.
By navigating and using the CERTH’s website, users / visitors acknowledge that they have read, understood and unconditionally accepted this Privacy and Personal Data Protection Policy.
Data Controller
The data controller of this website is:
CENTRE FOR RESEARCH AND TECHNOLOGY HELLAS (CERTH)
6th Km Charilaou - Thermi Road
57001, Thessaloniki, Greece
In the following terms you will find important information regarding the type, purpose of personal data processing, the data protection, and your rights as data subjects.
For any further explanation, you may contact the Data Protection Officer (DPO) of CERTH by sending an e-mail to dpo@certh.gr.
Personal data processed by CERTH
You are not required to provide your personal information when you visit the CERTH’s website.
The only case where your personal information is requested is when you wish to contact CERTH, by filling the online contact form available on its website, when you express your interest in receiving CERTH’s Newsletter, or when you filling the registration form for CERTH’s conferences/events.
Namely:
- When filling in the online contact form, you optionally provide the following information: first name, surname, and e-mail address. In this case, CERTH may collect and process any other personal information that you voluntarily provide through the free text of the contact form.
- When filling in the newsletter form, CERTH collects and processes your first name, surname, and e-mail address.
- When filling in the registration form for CERTH’s conferences/events, you have to provide information such as your first name and surname, your university or institution affiliation, and your contact details, i.e. address, city, postal/zip code, and email. Optionally, you may provide your current position and your telephone number.
- During your visit at our website, certain information may be automatically collected, such as the IP address of your computer and Cookies information. For more details, please see the relevant Cookies Policy of CERTH.
It is highlighted that this website are not intended for minors. In case a minor gets in contact with us, through the contact form, his/her personal data will be deleted immediately.
Purpose and principles of personal data processing
CERTH collects and processes the personal data of its website’s visitors/users only in the fulfillment of its purposes. Please note that for the submission of the contact form, the completion of the aforementioned data is optional. However, this completion is suggested for purposes of a correct submission, since it allows CERTH to respond completely to your message/request. In any case, the data processing is limited to personal data that is necessary and appropriate for the fulfillment of purposes and operations of the website.
The processing is subject to the rules and fundamental data protection principles of the General Data Protection Regulation, the Greek legislation and the relevant international treaties and conventions.
Legal basis for the processing
One of the main data protection principles is the lawfulness of personal data processing. Regarding the personal data collected by CERTH when you fill in the contact form, the processing is necessary for the purposes of the legitimate interests pursued by CERTH (article 6 (1f) GDPR), and in particular for communication with the users/visitors of its website, and the information of the scientific community and public about the research center’s work and scientific results.
Regarding the personal data that you provide to us by subscribing to our Newsletter recipient list or by filling in the registration form for CERTH’s conferences/events, the processing is based on your previous explicit consent for this specific processing purpose (article 6 (1a΄) GDPR).
The retention period for personal data
Your personal data is kept by CERTH only for the reasonable period of time required by the nature of the processing and only for as long as it is required to achieve the above purposes of processing, unless a longer retention period is required by law or for the establishment, exercise or defense of legal claims.
Recipients/Transfers of data
The collected personal data may be disclosed to third parties, if this is required for the fulfillment of our legal obligations or is necessary for the fulfillment of the above data processing purposes, in compliance with the applicable legal framework. Such disclosure could be made to official government and supervising bodies, public authorities, and organizations, courts and CERTH’s partners, such as natural or legal persons who have undertaken the execution of certain services and functions of the website on behalf of CERTH (data processors). The processing of the personal data by the data processors is made under the explicit instructions of CERTH and after it is contractually guaranteed that all the necessary technical and organizational measures have been implemented.
CERTH will never transfer, sell, rent or exchange your personal data to third parties for marketing purposes.
It is also highlighted that CERTH does not transfer your personal data outside the European Union (EU) or the European Economic Area (EEA).
Data security
The personal data collected by CERTH through its website are strictly confidential. CERTH implements appropriate technical and organizational measures to ensure an appropriate level of protection against the risks arising from processing, such as accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access.
Your rights
According to GDPR, you have the following rights:
- Right to access: You have the right to request access to your personal data in accordance with article 15 GDPR. By exercising this right, you can be informed if we process your personal data, about the purpose and way of their processing, their security, as well as about your rights. You can also request a free-of-charge copy of your personal data undergoing processing.
- Right to rectification: If you believe that your personal data is inaccurate or needs an update, you have the right to request the rectification of the inaccurate information and the completion of the incomplete data, in accordance with Article 16 GDPR.
- Right to restriction of processing: If you consider that your data is inaccurate, or that the processing is unlawful, or that we no longer need your data, or that you have objections to automated processing, you have the right to request the restriction of processing, under the Article 18 GDPR requirements.
- Right to object to processing: You have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data, unless there are compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise, or defense of legal claims.
- Right to erasure (“right to be forgotten”): When you no longer wish the processing and retention of your personal data, you have the right to obtain their erasure, unless the processing is necessary for a specific legal purpose in accordance with Article 17 GDPR.
- Right to portability: you have the right to receive or transmit your personal data in a structured, commonly used and machine-readable format to another controller, in accordance with Article 20 GDPR.
- Right to withdraw your consent: You have the right to withdraw your consent at any time. Where your consent is the only legal basis for processing, e.g. Newsletter, we will stop processing your data after its withdrawal. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
Please note that the aforementioned rights may be restricted in the light of the GDPR or other applicable data protection legislation.
How to exercise your rights
To exercise your rights, you can contact us by sending an e-mail to dpo@certh.gr. We will reply to your request within (1) one month after receiving it and without any cost for you. The above time period might be extended for two (2) more months, due to the complexity or the number of the requests. In such a case you will be informed for the time extension and the reasons for it, as soon as possible.
In case your request is considered obviously unfounded or excessive, CERTH may refuse to respond to it or to impose a reasonable fee.
Finally, if you believe that your request has not been sufficiently satisfied or the protection of your personal data has been violated by CERTH’s processing, you have the right to lodge a complaint with the Hellenic Data Protection Authority.
Change of this Policy
The current policy is likely to change, without any notice, whenever it is required and in compliance with applicable national and European laws. For this reason, you should visit this website on a regular basis. By navigating and using CERTH’s website, users / visitors acknowledge that they have read, understood and unconditionally accepted this Privacy and Personal Data Protection Policy.
Contact
For any question that may arise regarding this policy or if you believe that there are ambiguities and incompatibility of CERTH with this policy, you may contact the CERTH’s Data Protection Officer at dpo@certh.gr.