Facebook Pixel

Personal data protection policy

2nd Edition (13.01.2021)

The “Greece 2021” Committee (hereinafter “the Committee”), established by article 114 of Law 4622/2019, with absolute respect to the fundamental right of privacy of every natural person, ensures that the protection of their personal data is in accordance with the European and Greek legislation (including General Data Protection Regulation (EU) 2016/679, Greek law 4624/2019 and any other relevant applicable legal provision).


CONTROLER OF PERSONAL DATA

Committee «Greece 2021»
Stratigou Kalari 50
154 52 Psychiko

PERSONAL DATA DEFINITION Articles 4(1) and 9(1) of GDPR

Any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is on who can be identified, directly or indirectly, reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person.

Specific categories of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of generic data, biometric data for the purpose of uniquely identifying a natural person, data on health, a natural person’s sex life or sexual orientation are considered as sensitive.

PRINCIPLES OF PROCESSING OF PERSONAL DATA

The Committee, acting, either as data controller or data processor strictly adheres to the data processing principles as defined by the GDPR.

LAWFULNESS, INTEGRITY AND TRANSPARENCY

In every case, we ensure that the personal data of data subjects is processed lawfully, fairly and in a transparent manner about the natural persons concerned.

SPECIFIED, EXPLICIT AND LEGITIMATE PURPOSES

We collect and process personal data only for explicit and lawful purposes and in no case do we process personal data for other purposes.

ADEQUATE, RELEVANT AND LIMITED PROCESSING (DATA MINIMIZATION)

When storing personal data, we ensure that the information is limited only to the minimum strictly necessary in relation to the purpose intended, using the appropriate procedures and technical measures.

ACCURATE AND UP TO DATE PROCESSING

We ensure that the personal information we maintain is accurate and up to date. Personal data that are inaccurate in relation to the purposes for which they are processed will be corrected or deleted within a reasonable period by the appropriate procedures.

TYPES OF PERSONAL DATA THAT WE PROCESS

In the course of its activities, the Committee may process personal data necessary for the specific purposes it pursues, on a case-by-case basis. The following are, but are not limited to, categories of personal data collected and processed by the Committee:

  • Personal identity data: e.g. first name, surname
  • Personal contact Information: e.g. telephone number, e-mail address
  • Personal data to fill a vacancy e.g. CV data, accompanying documents of CV data
  • Personal data for the termination of an employment relationship e.g. name, surname, VAT number,
  • Personal Data for the completion of the order: e.g. name, surname, delivery address, method of payment.
  • Data collected through the use of Cookies: e.g. IP address
  • Photos and videos published on the official social media pages of the Committee.

PURPOSE OF PROCESSING PERSONAL DATA

The Committee shall process personal data of natural persons in the context of the specific purpose it pursues. Depending on the case, the Committee may process the personal data for:

  • Staff Recruitment: The Committee, in the context of filling a vacancy, collects the candidates’ CVs in order to carry out the necessary suitability evaluation based on the candidate’s employment skills for the position offered, determine the right candidate and conclude the hiring contract.
  • E-shop: The Committee collects personal data from natural persons for the completion of their orders via the e-shop. Personal data that are collected are name, surname and contact details (electronic and mail address, telephone number) of the provider and the customer, as well as the payment details.
  • Formation of contracts: The Committee in the context of its actions collects the necessary personal data in order to formulate contracts falling within the full scope of its activities.
  • Communication purposes: The Committee collects personal data of natural persons in order to contact them and provide an answer to a relevant question as well as to satisfy their respective request.
  • In the context of its action, the Committee may publish photos and videos of events or interviews of natural persons on its official social media pages.
  • The Committee collects the personal data of natural persons who participate in the programme of volunteering in order to decide which individuals will join the team of volunteers who offer their services to the various actions of the Committee.
  • The Committee collects personal data in the context via the use by natural persons of owned platforms such the submission of offers platform and the e-shop.
  • The Committee collects personal data in the context of the submission of an event by the organizations through the website.

METHOD OF COLLECTING PERSONAL DATA

The Committee may collect personal data through the natural person themselves, through the platform where the natural person enters their proposals, through the contact form where the natural person enters their contact details and their corresponding query respectively, through the form on the website for the submission of an event, through the e-shop and through messages sent on the official social media accounts of the Committee.

MINORS

In the process of collecting information, the Committee shall take appropriate care to process the personal data of minors taking into account any age-specific access restrictions and parental consent obligations. In such cases, the provisions laid down in the European and national provisions shall apply in order to obtain the consent of the persons exercising parental responsibility in cases where this applies.

LEGAL BASIS OF PROCESSING PERSONAL DATA

The Committee may process your personal data if there is at least one of the legal bases set out below:

Consent: the data subject has given its explicit consent for the processing of their personal data for one or more specific purposes after having been fully and clearly informed of the processing and purpose in question. Such consent may be withdrawn at any time.

Legitimate interest: processing is necessary for the purposes of the legitimate interests pursued by the controller insofar as there is no serious impact on the fundamental rights and freedoms of data subjects.

Execution of a contract: personal data are processed for reasons supported under an existing legislative provision.

Legal obligation: in some cases, personal data are processed for reasons supported under an existing legislative provision.

Vital interests: the processing of personal data is necessary to protect the vital interests of the data subject or other natural persons.

Public interest: processing is necessary for the performance of a task performed in the public interest.

PROCESSING OF PERSONAL DATA IN THE CONTEXT OF SUBMISSION OF PROPOSALS THROUGH THE WEBSITE PLATFORM

More information on the specific processing of personal data in the context of proposals through the website can be found: https://apply.greece2021.gr/static/docs/privacy-policy.pdf

PROCESSING OF PERSONAL DATA IN THE CONTEXT OF THE DISTRIBUTION AND SALE OF ITEMS THROUGH THE E-SHOP OF THE COMMITTEE

The Committee has created an e-shop which facilitates the sale of collectible coins and collections of coins which operates through its website. The Committee collects retains and processes personal data through e-shop buyer registration and individual orders limited to the absolute necessary for processing and delivering the order.

Stated below are some categories of personal data which may be collected depending on the purpose:

- Personal data regarding communication: name, surname, telephone number, email of costumer

- Personal data regarding the completion of the order: payment details, delivery address

RECIPIENTS OF PERSONAL DATA

Personal data collected will be processed by the Committee internally by designated and absolute necessary personnel for this purpose, in compliance with any confidentiality obligations set.

If the Committee uses a third-party provider (subcontractor) or business partner who processes personal data on their behalf (e.g., specific courier company and its employees, supplier of payment services for the completion of the order), we will ensure that the third party processing on our behalf has adequate security and privacy measures in place, such as the law defines and processes the personal data only to fulfil its contractual obligations to us and always in accordance with the instructions we have given and for no other reason.

In some cases, your personal data may be transferred to the competent police or judicial authorities to defend our legal rights, and only in cases where this is required by applicable law or to full-fill the function of this e-shop and site.

RETENTION PERIOD OF PERSONAL DATA

The Committee may keep the personal data of natural persons for the period necessary to fulfil the processing of the respective purpose and to comply with its legal obligations.

The Committee may process the personal data only for the period necessary to fulfil the order unless there is a legal provision for their further storage or a need to cover and fulfil its legal requirements.

SECURITY OF PERSONAL DATA

The Committee shall ensure that all necessary technical and organizational measures and procedures are applied in order to protect personal data from illegal access, disclosure and misuse of personal data. The measures taken concern established technical and physical access mechanisms preventive security measures and regular privacy and security controls efficiency auditing.

TRANSFER OF PERSONAL DATA OUTSIDE THE EU/EEA

The data collected by the Committee are processed within the European Union. If your data is sent to non-EU/EEA countries, all necessary measures will be taken to ensure an adequate level of protection of personal data in accordance with applicable law.

SOCIAL MEDIA

The Committee runs its own social media pages (Facebook, Instagram, Twitter, YouTube). We would like to inform you that for the promotion of the persons depicted in the photos and videos we publish we have complied with all the obligations laid down by the respective legislative requirements.

Regardless of our team’s moderation efforts we would like to stress to you that those pages as well as YouTube platform, are open and publicly accessible and anyone can read any comment made by you, and may contain further personal information you may supply. For this reason, we strongly advise you to pay attention to the publication of your personal comments.

In addition, in the context of the operation of these social media accounts, we recommend that you seek information regarding your privacy rights through their privacy policy terms.

COOKIES

Cookies are small text files stored on your computer or mobile device when you visit a website.

The Cookie Policy provides further details on the use of cookies and informs you about how you can delete or prevent the storage of specific cookies on your computer or mobile device.

DATA SUBJECT’S RIGHTS

Any Natural Person has the following rights:

Right of access: You have the right of access so that you can verify the lawfulness of the processing. You have the right to be informed whether and how we process the personal data we have stored about you and receive additional information about the processing we have carried out.

Right of rectification: You have the right to request the rectification of inaccurate data or the completion of incomplete data.

Right to deletion: You have the right to request the deletion of your personal data. After evaluating the request, the Committee will immediately take all necessary measures to fulfill the individual's request by communicating with third parties (subcontractors) who use or process personal data on behalf of the Committee and request from them to do the same. Deletion of personal data has the appropriate restrictions where retention is required by law.

Right to data portability: You have the right to receive personal data that has been provided to a controller in a structured, commonly used and machine-readable format. You also have the right to request the controller to transmit this data directly to another controller.

Right to restriction of processing: You have the right to request to limit the processing of your personal data for the period during which any objections to the processing are pending.

Right to object to processing of personal data: You have the right to object at any time at the processing of personal data or to withdraw the consent.

EXERCISE OF RIGHTS

Your rights can be exercised at any time through the Data Subject Right Application. The Committee will respond to you within thirty (30) days of receipt and confirmation of your identity, unless the request is unusually large and complex, in which case the response may be delayed for an additional sixty (60) days after your notification.

In principle, your request is free of charge. However, if a request is clearly unfounded or excessive, a reasonable fee may be charged.

In any case, we would like to inform you that you have the right to complain to the Authority for the Protection of Personal Data if we do not respond satisfactorily to your request: 1-3 Kifissias, Athens / www.dpa.gr, Tel. 2106475600.

CONTACT

For any additional information or clarification regarding the processing of personal data by the Committee, you can contact us either by post at: Account of Data Protection Officer, Committee “Greece 2021”, General Kallaris 50, 154 52 Psychiko, or send an email at: [email protected].

POLICY UPDATING

The Committee has the right to change this statement, if it considers that it is necessary for legal, general, regulatory and technical reasons or due to changes in the services offered or the nature or layout of its services. Any change will be effective from the date of its publication on the Website.

PUBLICATION DATE: