PERSONAL DATA PROTECTION POLICY

Information on Personal Data Protection in accordance with Regulation (EU) 2016/679

Since 25.5.2018 the General Data Protection Regulation (EU) 2016/679, also known as GDPR, is being implemented, which strengthens the framework for the protection of data subjects with regard to the processing of personal data in the European Union. NKUA with respect to personal data, complies with the GDPR in the context of its activity and scope and takes the respective technical and organizational measures for the effective protection of personal data, in accordance with the GDPR.

 

1.  Processor – Contact Details

NKUA is considered as processor with the following contact details:

Address:        30 Panepistimiou, Athens, Postal Code 10679

E – mail:        dpo@uoa.gr

 

2.  What personal data is NKUA processing and how?

The personal data collected and processed by NKUA are limited to those necessary for the specific and clearly defined purpose and the specific legal basis, for each circumstance.

In this context, the processing that takes place concerns the personal data you provide to NKUA when you visit our official web sites, when using our services or interact with us, for example by sending a contact form.

Such personal data is:

  • Identification data (e.g., User ID, Full Name, Father’s & Mother's Name, Photo, Identity or Passport Number, etc.)
  • Communication data (e.g. postal address, phones numbers, e-mail address, etc.)
  • Demographic data (e.g., Nationality, Citizenship, Religion, Date of Birth, Place of Birth, Country of Birth etc.)
  • Health Data (e.g. Medical opinions, Medical Certificates, etc.)
  • Curriculum Vitae (CV)

In the event that processing is based on consent, NKUA follows all the relevant procedures provided by the GDPR.

 

3.  Purpose and Lawfulness of processing

Personal information is collected in accordance with the GDPR and the applicable legislation, either at the beginning of your relationship with the University or later, and are processed on a legal basis:

  • consent to the processing of your personal data for one or more specific purposes
  • for the performance of a contract
  • for compliance with our legal obligations
  • in order to protect your or another natural person’s vital interests
  • for the performance of a task carried out in the public interest
  • for the purposes of our legitimate interests

NKUA might process your personal data for the following purposes by legal basis:

1.  Consent to the processing of your personal data for one or more specific purposes

  • To identify and communicate with you

2.  For the performance of a contract

  • For communication during pre-contract or contract performance

3.  For compliance with our legal obligations

  • To fulfill our obligations, imposed by current legislation, on our students, our staff and our external collaborators.
  • To fulfill our obligations under applicable law on disclosure to Public Authorities.

4.  In order to protect your or another natural person’s vital interests

5.  For the performance of a task carried out in the public interest

6.  For the purposes of our legitimate interests, such as:

  • To develop and improve our services through your activities and interests.
  • Complaints management
  • For the protection and security of our IT systems
  • For the protection and safety of our facilities
  • To manage risks from breaching the obligations arising from sponsorship contracts.

 

4.  Who are the recipients of my personal data?

The staff of NKUA has access to your personal data, in the course of performing the duties assigned to them by the University as a controller.

NKUA may be required or entitled to disclose your personal data to a number of third parties such as:

  • Public authorities
  • Independent authorities

provided that privacy and confidentiality is always respected.

NKUA does not share information with other third parties unless it has obtained your consent.

 

5.  How long is my data retained?

NKUA retains your personal data for a period defined by the applicable legal and regulatory framework in each case.

 

6. Recording of data on our website

Cookies

In some instances, our website and its pages use so-called cookies. Cookies do not cause any damage to your computer and do not contain viruses. The purpose of cookies is to make our website more user friendly, effective and more secure. Cookies are small text files that are placed on your computer and stored by your browser.

Most of the cookies we use are so-called “session cookies.” They are automatically deleted after your leave our site. Other cookies will remain archived on your device until you delete them. These cookies enable us to recognise your browser the next time you visit our website.

You can adjust the settings of your browser to make sure that you are notified every time cookies are placed and to enable you to accept cookies only in specific cases or to exclude the acceptance of cookies for specific situations or in general and to activate the automatic deletion of cookies when you close your browser. If you deactivate cookies, the functions of this website may be limited.

Cookies that are required for the performance of the electronic communications transaction are stored on the basis of Art. 6 Sect. 1 lit. f GDPR. The website operator has a legitimate interest in storing cookies to ensure the technically error free and optimised provision of the operator’s services. If other cookies (e.g. cookies for the analysis of your browsing patterns) should be stored, they are addressed separately in this Data Protection Declaration.

More details on Cookies Policy

Server log files

The provider of this website and its pages automatically collects and stores information in so-called server log files, which your browser communicates to us automatically. The information comprises:

  • The type and version of browser used
  • The used operating system
  • Referrer URL
  • The hostname of the accessing computer
  • The time of the server inquiry
  • The IP address

This data is not merged with other data sources.

This data is recorded on the basis of Art. 6 Sect. 1 lit. f GDPR. The operator of the website has a legitimate interest in the technically error free depiction and the optimization of the operator’s website. In order to achieve this, server log files must be recorded.

 

7. Analysis tools and advertising

Matomo (formerly called Piwik)

This website uses the open source web analysis service Matomo. Matomo uses so-called “cookies,” which are text files that are stored on your computer and that make it possible to analyse your use of this website. In conjunction with this, the information about the use of this website generated by the cookie will be archived on our server.

Matomo cookies will remain on your device until you delete them.

The storage of Matomo cookies and the use of this analysis tool are based on Art. 6 Sect. 1 lit. f GDPR. The website operator has a legitimate interest in the analysis of user patterns, in order to optimize the operator’s web offerings and advertising.

The information generated by cookies concerning the use of this website shall not be shared with any third parties. You may prevent the storage of cookies at any time by making pertinent changes to your browser software settings; however, we have to point out that in this case you may not be able to use all of the functions of this website to their fullest extent.

If you do not consent to the storage and use of your data, you have the option to deactivate the storage and use of such data here. In this case, an opt out cookie will be placed in our browser, which prevent the storage of usage data by Matomo. If you delete your cookies, this will also result in the deletion of the Matomo opt out cookie. Hence, you will have to reactivate the opt out when you return to visit our website.

 

8.  How is my data protected?

At NKUA we work daily to ensure that the personal data we receive:

  • Are processed in a legal, fair and transparent manner
  • Are collected solely for specific and legitimate purposes
  • Are adequate, they are related to the purpose for which we collect them and are limited to what is necessary
  • Are accurate and up-to-date
  • Are maintained exclusively within the specified timeframe and no longer
  • Are processed in a way as to ensure the necessary security of personal data

 

9.  My rights as a data subject

  • Access

You may at any time be informed by us of and access to your personal data we hold.

  • Correction

You have the right to contact us to correct the data that is inaccurate or incomplete.

  • Erasure

If we are not obliged by law to maintain the data we hold and relate to you, you can ask for your personal data to be deleted.

  • Data Portability

You can ask us to forward your data to another authority.

  • The right to oppose and limit processing

In case you disagree with the way we process your personal data, you can request the interruption or limitation of the processing

  • The right to withdraw consent

You have the right to withdraw your consent to process your data at any time.

NKUA will make every effort to respond to your request without delay and in any case within one month of receiving it. This period is extended for a further two months if it is necessary taking into account the complexity of the request and the number of requests. NKUA will inform you of this extension within one month of receipt of the request and of the reasons for the delay. If you have submitted the request by electronic means, the update is provided, if possible, by electronic means, unless you request otherwise.

In case NKUA satisfies your request (a) to limit the processing of your data; or (b) to terminate the processing of your data; or (c) to delete your data from the University’s records and if they are necessary for the preparation or continuation and performance of a contract, then either the termination by you of the relevant agreement or the inability to process your request is automatically implied.

NKUA is in any case entitled to refuse the satisfaction of your request to restrict the processing or deletion of your personal data if such processing is necessary for the foundation, exercise or support of its legitimate rights or the fulfillment of its obligations.

The above services are provided free of charge. However, if your claims are manifestly unfounded, excessive or recurrent, NKUA may either impose a reasonable end, inform you or refuse to respond to them.

To exercise your rights click here

 

10.  Consent withdrawal

You have the right to withdraw your consent at any time. The withdrawal of your consent does not affect the legitimacy of the processing that was previously based on it and was made prior to its revocation.

 

11.  Questions about Data Protection 

The data protection officer is provided by:
Space Hellas S.A
Contact Person: Nadia Liapi
Director Governance, Risk & Compliance Services
302 Messogion Ave., 155 62 Holargos Athens Greece
Tel: +30 210 6504 100
Email: dpo[at]uoa[dot]gr

 

12.  Personal Data Protection Authority

You have the right to file a complaint to the Personal Data Protection Authority (www.dpa.gr) which is the competent supervisory authority for the protection of the fundamental rights and freedoms of natural persons with regard to the processing of their personal data if you believe that your rights are being infringed in any way.

We encourage you to read our Personal Data Protection Policy