Data Protection Notice
The National Hellenic Research Foundation (“NHRF”), with registered seat at Leof. Vasileos Konstantinou 48, Tel. +30 210.72.73.516, Email. grammateia@eie.gr, acting in its capacity as a Data Controller in the processing of your personal data, hereby wishes to inform you about the data processing activities carried out as part of the website to which you have access.
Definitions
For the purposes of the present Data Protection Notice, the following terms shall have the meaning set out below:
- ‘Personal Data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
- ‘Processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
- ‘Controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law. For the purposes of this Notice, NHRF acts in its capacity as a Data Controller;
- ‘Applicable Law’ means the relevant national and Union legislation on the protection of personal data and in particular Regulation (EU) 2016/679 (hereinafter referred to as the “GDPR”), Hellenic Law 4624/2019, Hellenic Law 3471/2006, the jurisprudence of the Court of Justice of the European Union (CJEU) as well as the Decisions, Guidelines and Opinions of the European Data Protection Board (hereinafter referred to as the “EDPB”) and the Hellenic Data Protection Authority (hereinafter referred to as the “HDPA”).
Personal data collected by NHRF via this website
Registration
| Personal Data Categories | Purpose | Legal Basis | Retention Period | Recipients |
| Identification data (i.e. name/surname, profession) | Registration as a member | Article 6(1)(b) GDPR – Contract | Until the expiry of the prescribed limitation period, upon the closure of your account | Data Processors:
• IT system support service providers, • cloud service providers. |
| Contact data(i.e. email address) | ||||
| Credentials (i.e. username, password) |
Processing a data subject request
| Personal Data Categories | Purpose | Legal Basis | Retention Period | Recipients |
| To process your request | Article 6(1)(c) GDPR and Articles 15 or 17 GDPR | Until the expiry of the prescribed limitation period. | Data Processors:
• IT system support service providers, • cloud service providers. |
Data automatically collected
When you use our website, we collect certain information automatically, including information that may constitute personal data. The following categories of personal data are collected automatically: language settings, IP address, location, device settings, device operating system, activity details, time of use, redirect URL, status report, user information (information about browser version), operating system, browsing result (simple visitor or registered customer), browsing history. We may also collect data through cookies. For information on the use of cookies, see our Cookie Notice. Data collected automatically will be processed to ensure the delivery of the website service to you as a user. The legal basis for the use of cookies necessary for the operation of the website is legitimate interest (Article 6(1)(f) GDPR) and for all other categories of cookies, processing is based on your consent.
Transfer of Data Outside the EEA and/or to International Organizations
In general, NHRF does not transfer your personal data to third countries and/or International Organizations. In the event of a transfer of your personal data to a country outside the European Economic Area (EEA) or an International Organization, NHRF shall first ensure that one of the legal bases of Article 6 of the GDPR is complied with cumulatively to the following:
a) the Commission has issued an adequacy decision for the third country or International Organization to which the transfer is to be made (Article 45 of the GDPR); or
(b) appropriate safeguards in accordance with the GDPR are in place for the transfer of such data (Article 46 of the GDPR); or
(c) for occasional processing, one of the exceptions provided for in Article 49 of the GDPR must apply (e.g. the explicit consent of the subject upon having been informed of the risks of such transfer, the transfer is necessary for the performance of a contract at the request of the data subject, the transfer is necessary for important reasons of public interest, the transfer is necessary for the establishment, exercise or defense of legal claims or for the protection of vital interests of the data subject, etc.).
Your Rights as a Data Subject
NHRF ensures that it can respond promptly to the requests of data subjects with regards to the exercise of their rights in accordance with the Applicable Law.
In particular, each data subject shall have the following rights:
| Portability | Rectification |
| Erasure | Restriction |
| Access | |
If you wish to exercise any of your rights or acquire any information concerning the processing of your personal data, you can contact the Data Protection Officer (DPO) via email at dpo@eie.gr, and NHRF will respond promptly [in any case within thirty (30) days of the request], notifying you in writing of the progress of the request.
If you have any complaints regarding this Notice or any data protection concerns, and if we fail to comply with your request, you may contact the Hellenic Data Protection Authority, www.dpa.gr.