1. Field of Scope
This privacy notice lays out the way European Cultural Centre of Delphi (hereafter referred to as E.C.C.D.) based in 9, Frynihou str. 105 58 Athens, collects, uses, processes, stores, manages, and protects the personal data (hereafter referred to as “Personal Data”), of suppliers, outsourcers, sub contractors, guests, candidate employees and website visitors, so as to meet the data protection standards of the organisation and comply with the applicable law.
(iii) related to the data of candidate employees collected during the recruitment process;
iv) concerning visitors and customers of the website https://www.eccd.gr/ (hereinafter referred to as "Website"),
(v) related to customer data in the context of care process (complaint handling procedure);
vi) related to visitor data collected at the premises of the Conference Centre and the Guesthouse.
Our organisation is bound to protect the privacy of visitors’/clients’/suppliers’/candidate employees’ and of other data subjects and to adhere to the local and European Data Protection legislation currently in effect.
2. Categories & Types of Collected Data
A. Candidate data evaluation process: Full name, gender, date of birth, telephone number, address, e-mail, nationality, education, desired salary, ID, working experience
B. Client’s data obtained through the organisation’s activity
Full name, telephone number, address, e-mail, VAT number, bank account numbers
C. Suppliers’/Third party data obtained through the organisation’s activity
Full name, telephone number, address, e-mail, VAT number, social security number, bank account numbers, ID
D. Website visitor’s contact process
1) Cookies: data subject’s consent settings, usage data, behaviour and preferences data, browser data 2) Contact forms: full name, e-mail, country, 3. Contact form: full name, e-mail, telephone number
E. Visitor data (on premises) obtained through the use of CCTV
Image (moving and static)
Declaration regarding the processing of Personal Data By E.C.C.D. (by its capacity as Data Controller and Processor - in accordance with the General Data Protection Regulation EU 679/2016)
Data Processing Purposes -Legal Basis for the processing of Data
E.C.C.D.’s statutory purpose is inter alia, the contribution to the preservation and development of the common cultural elements that unite the peoples of Europe, which is achieved - indicatively - through organising conferences, carrying out studies and implementing all kinds of cultural activities.
The legal basis for the processing of personal data in this context, is the performance of the contract, the legitimate interest of the organisation (indicatively during the business opportunity research process, offer evaluation process or CCTV use) and in some cases the consent of data subjects (obtaining visitor data through the website, newsletter use).
In addition, we may collect personal data of candidate employees who are interested in working with E.C.C.D. for the sole purpose of examining the possibility of a future collaboration - employment. The legal basis for the aforementioned data collection is the consent of the data subject who provides the necessary information.
Information automatically collected when visiting and interacting in the Website:
The Website uses a) necessary cookies b) statistics cookies c) marketing cookies that verify the user’s consent and collect information about the user's preferences and choices when browsing the Website.
For a full description of the cookies used and the type of data collected through them, please refer to section Cookies & other technologies.
The organisation does not manage, collect or process geolocation data, which are collected and processed exclusively by the companies providing operating systems for each device you use (in case of use of iOS-Apple Inc or in case of android - Google Inc). The organisation does not have access to the positioning refresh rate of GPS.
3. Data Collection Points
1) Business Registry - B,C
2) Sole proprietorship companies, clients - B,C
3) Sole proprietorship companies -suppliers - B, C
4) Candidate employees - Α
5) CCTV system - Ε
6) Website - D
4. Transfer of Data to Third Parties
The E.C.C.D. reserves the right to disclose the data subject’s personal data to other third parties, to the extent it is reasonably necessary for the purposes determined in this notice and in particular:
- Data subject’s data will be transferred to the E.C.C.D.’s departments that are competent for the smooth and trouble-free provision of services, the operation of the Website as well as for the provision of customer services (evaluation and management of customer complaints/requests)
- Data subject’s data may be transmitted and become accessible by legal entities (suppliers, subcontractors, etc) with which we have entered from time to time into contractual agreements for the purpose of fulfilling our statutory purpose on the basis of our legitimate interest
- Personal data related to the invoicing processes, may be transmitted and become accessed by bank institutions with which we cooperate in order to process our employees and suppliers’ payments, as well as to the competent state authorities in compliance with legal obligations.
- Data subject’s personal data may be disclosed to cloud hosting providers for the purpose of storing and safeguarding the data with the appropriate technical and security measures
- During all data transfers, we always take all appropriate measures so as to ensure that the transmitted data are the minimum required for the intended processing purpose and that the conditions for legitimate and lawful processing will always be met. E.C.C.D.'s partners to whom the personal data may be transferred, have signed the necessary data processing agreements or have made specific guarantees around transfers of personal data by implementing in their agreements Standard Contractual Clauses (Model Clauses).
5. Personal Data Retention Period
The data retention period depends on the lawful basis of processing, as set out in detail below:
- In case the lawful basis for processing is the exercise of legitimate interest, the processing of personal data is carried out for as long as it is considered necessary for the achievement of E.C.C.D. ’s intended statutory purpose and until such time the limitation period of any related claims has expired.
- In case the personal data of the Client Information are provided under their own consent such as in the case of candidate employee process or during the use of the contact form on the Website, we shall retain their data until the granted consent by the data subject has been withdrawn. In case the consent is withdrawn for any valid reason, we shall retain them for as long as it is required until the limitation period of any related claims expires.
- In case the lawful basis for processing is the performance of the contract, we shall retain your data for as long as you retain the contractual relationship with us in hard copy and in electronic form or we shall retain them for as long as it is required until the limitation period of any related claims expires.
- In case where the processing of the personal data is based on a legal obligation (Article 6 of GDPR), the data retention period is set in accordance with the pertinent legislation and the limitation period for any inspections that may be performed by competent authorities.
In any case, the exact data retention periods for each individual data processing process are recorded in the organization’s personal data retention registry in compliance with the provisions of GDPR. Additional information in relation to the exact data retention periods, may be provided by requesting access in accordance with the procedure set out in this policy.
6. Rights of the Data Subjects
You may exercise, as the case may be, the rights deriving from the applicable Greek Legislation and the General Data Protection Regulation (Regulation (EU) 2016/679) which are as follows: (a. the right of information (article 13), b. the right of access (article 15), c. the right to rectification (article 16), d. the right to erasure “right to be forgotten” (article 17), e. the right to restriction of processing (article 18), f. the right to data portability (to receive your personal data in a structured and commonly used format - article 20 where applicable) and g. the right to object (article 21) which applies to certain data processing activities.
- These rights may be exercised only in cases where E.C.C.D. acts as a controller, and in particular: (a) the processing of personal data of prospective employees for the purpose of assessing the likelihood of possible professional cooperation; (b) the processing of personal data relating to pursuit of its intended statutory purposes (service provision); (c) processing of data of existing customers in the course of processing complaints / requests (d) processing the data of suppliers/subcontractors for invoicing purposes e) processing the personal data of Website visitors f) processing CCTV data
- These rights shall be exercised free of charge for you by sending a relevant letter to our Data Protection Officer (DPO): Latsoudis + Associates Law Firm, tel: 210-2205950, e-mail: email@example.com, 3 Akti Miaouli, Piraeus 18535. Alternatively you may submit your request in writing by sending it :
- To Secretary Department (to the attention of Ms. Eleni Tsoureli) or contact us at: 9, Frynihou str. 105 58 Athens, +30 2103312 781-5 and e-mail: firstname.lastname@example.org
In case however the aforementioned rights are exercised excessively and without good cause thus causing us administrative burden, we may charge you with the cost related to the exercise of the respective right
- In case you exercise any of your rights, we will take all appropriate measures available for the satisfaction of your request within thirty (30) days following the receipt of the relevant request. We may either inform you on the acceptance of your request or on any objective grounds that hinder the processing of your request.
- Notwithstanding the above, you may at any time object to the processing of your Personal Data, by withdrawing your consent (article 7, par. 3 of the GDPR 679/2016) by sending a letter to our Data Protection Officer (DPO): Latsoudis + Associates Law Firm, tel: 210-2205950, e-mail: email@example.com, 3 Akti Miaouli, Piraeus 18535. This right applies onlyin cases where the lawful basis for the data processing is the consent of the Data Subject.
7. Data Processing by E.C.C.D.
The E.C.C.D. applies throughout the data processing procedure, the appropriate technical, physical, and administrative security measures for the protection and security of the personal data from loss, misuse, damage or modification, unauthorised access and disclosure, in compliance with article 32 of the GDPR 679/2016, in order to ensure the appropriate security level against those risks. Those include, among others, as the case may be: a) application of encryption protocols b) the ability to ensure confidentiality (article 90 GDPR 679/2016), integrity, availability, and resilience of processing systems and services on an ongoing basis, c) the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident, d) a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.
Moreover, our organisation shall take measures so as to ensure that any natural person acting under the authority of the data controller, who has access to personal data, shall not process those data except on instructions from the data controller and limits access to your personal information to authorised employees.
Indicative security measures applied by E.C.C.D. are as follows:
A. Organisational Measures
- DPO appointment
- Employee management process - assignment of roles to all individuals involved in data processing activities
- Information system management
- Employee training on the protection of personal data, information provided to all employees regarding the E.C.C.D. ‘s policies/processes
- Monitoring of data processors
- Setting up of a deletion/destruction of data process
- Monitoring of data breach incidents
- Monitoring of controls/security measures
B. Technical Measures
- Access controls
- Backup data process
- Modification of workstations
- User log files, security incident logs
- Communications security
- Management and protection of portable data storage assets
- Software and applications safeguards
- Amendment controls
C. Environmental Security Measures
- Physical access controls
- Environmental security - protection from natural disasters
- Document exposure to threats
- Protection of portable data storage assets
1.What is a cookie and why does E.C.C.D. uses them. A cookie is a small data file, often including a unique identifier, which consists of data and numbers, which is stored in the browser (Chrome, Mozilla Firefox etc) used by the user/client, allowing among other things the more efficient operation of the website. Cookies do not in any way harm users' computers or files stored on them. The information stored in cookies is used for identification purposes. This is how we manage to operate the Website efficiently.
3.What cookies do we use? The cookies described below may be stored in your browser. You can view and manage cookies in your browser (however mobile browsers may not offer this visibility). Of the different types of cookies available, E.C.C.D. uses the following:
Strictly Necessary (essential) cookies (Cookieconsent,
These cookies are essential for browsing the Website and for its operation as it stores the visitors consent during the browsing session. In addition they authenticate the visitors ID, his/her requests in relation to the browsing session as well as maintain secure connection with google accounts etc
Cookieconsent - 1 year (provider eccd.gr)
ASP.NET_SessionId - session cookie (provider eccd.gr)
(_ga,_gat, _gid, collect)
These cookies contain statistical data related to the use of our Website (i.e which pages they visit most)
These cookies collect aggregate anonymized data which are exclusively used for the improvement of the performance of a website. These cookies remain stored in your browser for more than one session, allowing us to memorize the preferences or actions of the user throughout the Website
and to the user preferences (usage data, request rate data etc). Data retention:
_ga - 2 years (provider eccd.gr)
_ga -1 day (provider eccd.gr)
_gid -1 day (provider eccd.gr)
collect - session cookie (provider google-analytics.com)
(GPS, IDE, test_cookie, VISITOR_INFO1_LIVE, YSC yt-remote-cast-installed, yt-remote-connected-devices, yt-remote-device-id, yt-remote-fast-check-period, yt-remote-session-app, yt-remote-session-name)
These cookies are used to make ads more attractive to users and more useful to editors and advertised units. Some common cookie applications are ad selection based on relevant content for a user, reports’ improvement on a campaign's performance, and avoiding the appearance of ads that have already been displayed to a user.
GPS - 1 day (provider youtube.com)
IDE - 1 year (provider doubleclick.net)
test_cookie - 1 day (provider doubleclick.net)
VISITOR_INFO1_LIVE - 179 days
YSC - session cookie (provider youtube.com)
yt-remote-cast-installed - session cookie (provider youtube.com)
yt-remote-connected-devices - persistent (provider youtube.com)
yt-remote-device-id - persistent (provider youtube.com)
yt-remote-fast-check-period - session cookie (provider youtube.com)
yt-remote-session-app - session cookie (provider youtube.com)
yt-remote-session-name - session cookie (provider youtube.com
4. The essential cookies are of primary importance for the proper operation of the Website, as they allow you to browse it and make use of its functions. These cookies do not reveal your identity. Without these cookies, we cannot property operate the Website
7. You may also refer to the webpage www.allaboutcookies.org/ manage-cookies / index.html for all information related to the most frequently used browsers. Please be advised that in case you opt to deactivate cookies, certain Website applications may not function as intended
8. The Website software is designed to ensure the highest level of security and trust. All information contained in requests submitted through the Website is equally secure and confidential. Only authorized personnel who are trained in the handling of Client / Visitor personal data will have access to this information and only when necessary for the purposes of servicing them or performing contractual obligations.
9. Submission of Complaint - Appeal
- For any issue regarding the processing of your personal data, you may contact us via e-mail at firstname.lastname@example.org.
- Moreover, you shall always be entitled to contact the Hellenic Data Protection Authority, which may accept the submission of relevant complaints in writing at its protocol in its offices at 1-3, Kifisias Street, Postal Code 115 23, Athens or by e-mail (email@example.com) in accordance with the instructions indicated on its website.
This policy may be renewed from time to time, due to amendments to the related legislation or change to the organization’s corporate structure. Thereby, we encourage the Clients to periodically visit this site so as to be informed regarding recent information of privacy practices. In any case, the Clients may be informed via e-mail or a notice in our Website regarding any amendments to this policy.