Personal Data Protection
- Concepts and Definitions
- Principles Governing Data Processing
- Maintenance and Destruction of Data
- Links to Third-party Websites
- Electronic (Online) Ticketing
- Your Rights
- Violation of Personal Data
- Not Sure?
The User is hereby informed about the conditions for the collection and processing of his/her personal data by the Eugenides Foundation (EF), which is the beneficiary of all rights relating to the Website www.eef.edu.gr and is the entity responsible for processing such personal data.
The EF, acting as the Data Controller in accordance to General Regulation 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 for the protection of individuals with regard to the processing of personal data and on the free circulation of such data and the repealing of Directive 95/46/EC (General Data Protection Regulation, hereafter also referred to as ‘GDPR’ or ‘Regulation’) with effect from 25 May 2018, maintains a personal details database in full compliance with applicable law.
Protecting your privacy and personal data is a priority for the EF. The Foundation is in this sense committed that, when it retains your personal details, these will be safeguarded by taking all the appropriate organizational and technical measures so that it fully complies with GDPR requirements.
The EF respects privacy and confidentiality and is committed to taking all reasonable steps to ensure that your personal data is protected and at the same time informing you of their use.
Concepts and Definitions
– Personal Data: Any information relating to an identified or identifiable individual, that is, any person whose identity may be ascertained directly or indirectly.
– Processing: Any operation or set of operations carried out with or without the use of automated means in personal data, such as collection, recording, organization, storage, alteration, recovery, use, transmission, dissemination, association, restriction, erasure or destruction.
– Data Subject: The individual whose personal details are being processed, that is, you, the User.
– Data Controller: A natural person or legal entity, a public authority, a service or other entity that defines the purposes and manner of processing personal data, that is, us, the EF.
– Data Processor: Any third-party affiliate to whom the EF may have delegated the processing of personal data on its behalf.
– Supervisory Authority: The Hellenic Data Protection Authority.
– Principles Governing Data Processing
At the EF, any processing of personal data is performed in accordance with the basic principles established by the Regulation:
– Legality, Integrity and Transparency: Personal data is treated lawfully and fairly and are processed in a transparent manner.
– Limited Scope: Personal data is collected for specified, explicit and legitimate purposes and is not further processed in an incompatible or abusive manner.
– Minimization: Personal data is appropriate, relevant and circumscribed to the extent necessary to achieve the purposes of processing.
– Accuracy: We make sure your personal information is accurate and up-to-date.
– Limited Storage: Personal data is retained only for the time required for the processing of personal data or for a longer period of time if this is expressly allowed by applicable law.
– Integrity and Confidentiality: Personal data is processed in a manner that guarantees its security and protection against unauthorized or unlawful processing, as well as accidental loss or destruction.
Your personal data collected and processed by the EF is confined to data deemed absolutely necessary for effectively carrying out its public service purpose.
More specifically, the kind of personal data that we may ask of you depends on the nature of the processing each time. The Eugenides Foundation, in fulfilling its public purpose and performing its activities, may request the following:
* Contact details (full name, telephone number, email address, etc.).
* Unique identity elements (e.g. ID/passport number).
* Information about your visit to the Foundation’s premises or to our Website (IP address, browser type, etc.).
* For emails sent: The data that the User usually completes when sending an email (indicatively, email address and his/her full name).
* Regarding the data provided when subscribing to our newsletter: the personal data entered at the specific point of our Website (email address).
- a) Facilitating the User in his/her navigation on our Website; b) Informing the User about news, programmes, events and in general the various EF activities; c) Presentations and reviews of the EF’s charitable work in the context of its public benefaction purpose; d) Safeguarding the interests of the EF and fulfilling its obligations under the law; and e) fulfilling its public benefaction purpose and performing its activities.
Each data subject, after being informed of the purpose of collection and processing and the way in which data is protected, provides a statement giving his/her consent to the Eugenides Foundation for the collection, maintenance and general processing of his/her personal data.
Consent may be withdrawn at any time through a relevant statement from the data subject without prior notification to the Eugenides Foundation.
Maintenance and Destruction of Data
The Eugenides Foundation will retain your personal data only for as long as is necessary to fulfil the purposes of processing, the fulfilment of its public service purpose and as proof of fulfilment of its purpose towards State or other competent Authorities. However, there may be times when, due to legal requirements that need to be complied with, the EF will have to store your personal data for longer periods.
Keeping your personal data for longer than is really necessary is contrary to the principles of minimization and necessity. Therefore, your personal data will be deleted as soon as processing is completed or the statutory retention period has expired.
Please bear in mind that when personal data or confidential documents are deleted a document shredder (a device that turns paper into small, unreadable tracks) is used so as to preserve confidentiality even at the data destruction stage.
Personal data collected and processed by the Eugenides Foundation is not revealed or in any way disclosed to third parties unless such disclosure is expressly required by law.
In the context of the EF’s compliance with the principle of transparency and in order for the Foundation to fulfil its public service purpose effectively, it may be necessary to transfer your personal data to third-party partners. Such transmission will only take place after you have been informed of it and after giving your consent.
Links to Third-party Websites
The EF is not responsible for the content and privacy policies of third-party websites for which links are contained in our Website. You should check the privacy policies of these websites prior to submitting your personal information.
Electronic (Online) Ticketing
The User may use the online ticket service on our Website (www.eef.edu.gr) by using: a) credit, debit and prepaid Visa, MasterCard, American Express and Diners cards; and b) the electronic wallet MasterPass.
For electronic (online) ticketing, Terms apply.
For all payments that are made using cards, the User’s personal data (card/account number) are processed through Alpha Bank’s Alpha e-Commerce electronic payment platform, which uses TLS 1.1 encryption with 128-bit Secure Sockets Layer (SSL) encryption protocol. This protocol ensures the security of communications over the Internet in such a way as to prevent the theft, falsification or deletion of data. When navigating the Website and issuing online tickets, the browser must inform the User that he/she is connected to a secured website.
The EF maintains User contact information only in order to send updates about its activities and send tickets, confirmations and receipts.
– Right of Access
You have the right to ask for assurance that your personal data is being processed or not and in this case you have the right to access and to make a copy of your records.
– Right to Rectification
You have the right to request the correction of any inaccurate personal data concerning you.
– Right to Erasure
You have the right to request for your personal data to be deleted. The EF will respond to your request and will appropriately delete your personal details when any of the following applies:
* Your personal data is no longer necessary for processing purposes.
* You have withdrawn your consent.
* You are opposed to data processing and there are no longer any legitimate reasons permitting such processing.
* Your personal data have been unlawfully processed.
* Your personal data must be deleted in compliance to a legal obligation.
Please note, however, that there may be cases where the EF cannot meet your request because your data must be kept due to a legal obligation. In this case, your data cannot be deleted until the conflicting legal requirement has been complied with or removed.
– Right to Restrict Processing
You have the right to request the limitation of processing when:
* The integrity of personal data is being questioned.
* Processing is illegal and you refuse erasure.
* The EF no longer requires your personal data for processing purposes.
– Right to Data Portability
You have the right to receive your personal data from the EF in a structured, commonly used and machine-readable way. You also have the right to request that your data are transferred to another data controller when your consent for such processing has been granted.
– Right to Object
Without prejudice to any other administrative or legal remedy provided by law, the data subject may file a report with the Hellenic Data Protection Authority if he/she considers that the processing of his/her personal data has violated any of his/her rights or freedoms.
Violation of Personal Data
In the event of a violation of the security or the integrity of your personal data, the EF will consider the following factors:
* Assessment of the risk and the impact of this breach on your rights and freedoms.
* Implementing the necessary steps and actions to contain the violation.
* The timely and where appropriate disclosure of the violation to the Hellenic Data Protection Authority.
* Applying appropriate measures to avoid recurrence.
In case of any violation, our Foundation’s actions will be aimed at protecting your rights and freedoms. Where appropriate, the EF will consult with the Hellenic Data Protection Authority on the most effective way to deal with the incident.
Name: Eugenides Foundation
Headquarters: 387 Syngrou Avenue, Paleo Faliro, Athens 17564
tax number: 09003404
tel.: (+30) 210-9469642
fax: (+30) 210-9417372