Privacy policy

1. Field of Scope

This privacy notice lays out the way European Cultural Centre of Delphi (hereafter referred to as E.C.C.D.) based in 9, Frynihou str. 105 58 Athens, collects, uses, processes, stores, manages, and protects the personal data (hereafter referred to as “Personal Data”), of suppliers, outsourcers, sub contractors, guests, candidate employees and website visitors, so as to meet the data protection standards of the organisation and comply with the applicable law.

 

This privacy policy shall apply to all information (i) related to clients (hereafter referred to as the Client”) within the framework of service provision or public relations, (ii) related to the supplier's personal data in the context of its commercial cooperation or service provision or bid evaluation in the context of market research;

(iii) related to the data of candidate employees collected during the recruitment process;

iv) concerning visitors and customers of the website https://www.eccd.gr/ (hereinafter referred to as "Website"),

(v) related to customer data in the context of care process (complaint handling procedure);

vi) related to visitor data collected at the premises of the Conference Centre and the Guesthouse.

 

Our organisation is bound to protect the privacy of visitors’/clients’/suppliers’/candidate employees’ and of other data subjects and to adhere to the local and European Data Protection legislation currently in effect.

2. Categories & Types of Collected Data

Data Collected:

A. Candidate data evaluation process:  Full name, gender, date of birth, telephone number, address, e-mail, nationality, education, desired salary, ID, working experience

B. Client’s data obtained through the organisation’s activity

Full name, telephone number, address, e-mail, VAT number, bank account numbers

C. Suppliers’/Third party data obtained through the organisation’s activity

Full name, telephone number, address, e-mail, VAT number, social security number, bank account numbers, ID

D. Website visitor’s contact process

1) Cookies: data subject’s consent settings, usage data, behaviour and preferences data, browser data 2) Contact forms: full name, e-mail, country, 3. Contact form: full name, e-mail, telephone number

E. Visitor data (on premises) obtained through the use of CCTV

Image (moving and static)

Declaration regarding the processing of Personal Data By E.C.C.D. (by its capacity as Data Controller and Processor - in accordance with the General Data Protection Regulation EU 679/2016)

Data Processing Purposes -Legal Basis for the processing of Data

E.C.C.D.’s statutory purpose is inter alia, the contribution to the preservation and development of the common cultural elements that unite the peoples of Europe, which is achieved - indicatively - through organising conferences, carrying out studies and implementing all kinds of cultural activities.

The legal basis for the processing of personal data in this context, is the performance of the contract, the legitimate interest of the organisation (indicatively during the business opportunity research process, offer evaluation process or CCTV use) and in some cases the consent of data subjects (obtaining visitor data through the website, newsletter use).

In addition, we may collect personal data of candidate employees who are interested in working with E.C.C.D. for the sole purpose of examining the possibility of a future collaboration - employment. The legal basis for the aforementioned data collection is the consent of the data subject who provides the necessary information.

 

Information automatically collected when visiting and interacting in the Website:

 The Website uses a) necessary cookies b) statistics cookies c) marketing cookies that verify the user’s consent and collect information about the user's preferences and choices when browsing the Website.

For a full description of the cookies used and the type of data collected through them, please refer to section Cookies & other technologies.

The organisation does not manage, collect or process geolocation data, which are collected and processed exclusively by the companies providing operating systems for each device you use (in case of use of iOS-Apple Inc or in case of android - Google Inc). The organisation does not have access to the positioning refresh rate of GPS.

3. Data Collection Points

 

1) Business Registry - B,C

2) Sole proprietorship companies, clients - B,C

3) Sole proprietorship companies -suppliers - B, C

4) Candidate employees - Α

5) CCTV system - Ε

6) Website - D

4. Transfer of Data to Third Parties

The E.C.C.D. reserves the right to disclose the data subject’s personal data to other third parties, to the extent it is reasonably necessary for the purposes determined in this notice and in particular:

 

5. Personal Data Retention Period

The data retention period depends on the lawful basis of processing, as set out in detail below:

In any case, the exact data retention periods for each individual data processing process are recorded in the organization’s personal data retention registry in compliance with the provisions of GDPR. Additional information in relation to the exact data retention periods, may be provided by requesting access in accordance with the procedure set out in this policy.

6. Rights of the Data Subjects

You may exercise, as the case may be, the rights deriving from the applicable Greek Legislation and the General Data Protection Regulation (Regulation (EU) 2016/679) which are as follows: (a. the right of information (article 13), b. the right of access (article 15), c. the right to rectification (article 16), d. the right to erasure “right to be forgotten” (article 17), e. the right to restriction of processing (article 18), f. the right to data portability (to receive your personal data in a structured and commonly used format - article 20 where applicable) and g. the right to object (article 21) which applies to certain data processing activities.

- To Secretary Department (to the attention of Ms. Eleni Tsoureli) or contact us at: 9, Frynihou str. 105 58 Athens, +30 2103312 781-5 and e-mail: eccd@eccd.gr

In case however the aforementioned rights are exercised excessively and without good cause thus causing us administrative burden, we may charge you with the cost related to the exercise of the respective right

7. Data Processing by E.C.C.D.

The E.C.C.D. applies throughout the data processing procedure, the appropriate technical, physical, and administrative security measures for the protection and security of the personal data from loss, misuse, damage or modification, unauthorised access and disclosure, in compliance with article 32 of the GDPR 679/2016, in order to ensure the appropriate security level against those risks. Those include, among others, as the case may be: a) application of encryption protocols b) the ability to ensure confidentiality (article 90 GDPR 679/2016), integrity, availability, and resilience of processing systems and  services on an ongoing basis, c) the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident, d) a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.

Moreover, our organisation shall take measures so as to ensure that any natural person acting under the authority of the data controller, who has access to personal data, shall not process those data except on instructions from the data controller and limits access to your personal information to authorised employees.

Indicative security measures applied by E.C.C.D.  are as follows:

 A. Organisational Measures

  1. DPO appointment
  2. Employee management process  - assignment of roles to all individuals involved in data processing activities
  3. Information system management
  4. Employee training on the protection of personal data, information provided to all employees regarding the E.C.C.D. ‘s policies/processes
  5. Monitoring of data processors
  6. Setting up of a deletion/destruction of data process
  7. Monitoring of data breach incidents
  8. Monitoring of controls/security measures

 B. Technical Measures

  1. Access controls
  2. Backup data process
  3. Modification of workstations
  4. User log files, security incident logs
  5. Communications security
  6. Management and protection of portable data storage assets
  7. Software and applications safeguards
  8. Amendment controls

C. Environmental Security Measures

  1. Physical access controls
  2. Environmental security - protection from natural disasters
  3. Document exposure to threats
  4. Protection of portable data storage assets

 

8. Cookies

1.What is a cookie and why does E.C.C.D. uses them. A cookie is a small data file, often including a unique identifier, which consists of data and numbers, which is stored in the browser (Chrome, Mozilla Firefox etc) used by the user/client, allowing among other things the more efficient operation of the website. Cookies do not in any way harm users' computers or files stored on them. The information stored in cookies is used for identification purposes. This is how we manage to operate the Website efficiently.

2. Under no circumstances do the cookies store personal information or information which will allow any third party to contact the Website’s visitor through telephone, via e-mail etc. In addition, the use of cookies does not allow access to your computer files or documents.

3.What cookies do we use? The cookies described below may be stored in your browser. You can view and manage cookies in your browser (however mobile browsers may not offer this visibility). Of the different types of cookies available, E.C.C.D. uses the following:

 

Strictly Necessary (essential) cookies (Cookieconsent,

ASP.NET_SessionId)

 

These cookies are essential for browsing  the Website and for its operation as it stores the visitors consent during the browsing session. In addition they authenticate the visitors ID, his/her requests in relation to the browsing session as well as maintain secure connection with google accounts etc

Data retention:

Cookieconsent - 1 year (provider eccd.gr)

ASP.NET_SessionId - session cookie (provider eccd.gr)

 

Statistics Cookies

(_ga,_gat, _gid, collect)

These cookies contain statistical data related to the use of our Website (i.e which pages they visit most)

These cookies collect aggregate anonymized data which are exclusively used for the improvement of the performance of a website. These cookies remain stored in your browser for more than one session, allowing us to memorize the preferences or actions of the user throughout the Website

and to the user preferences (usage data, request rate data etc). Data retention:

_ga - 2 years (provider eccd.gr)

 _ga -1 day (provider eccd.gr)

 _gid -1 day (provider eccd.gr)

collect - session cookie (provider google-analytics.com)

Marketing Cookies:

(GPS, IDE, test_cookie, VISITOR_INFO1_LIVE, YSC yt-remote-cast-installed, yt-remote-connected-devices, yt-remote-device-id, yt-remote-fast-check-period, yt-remote-session-app, yt-remote-session-name)

These cookies are used to make ads more attractive to users and more useful to editors and advertised units. Some common cookie applications are ad selection based on relevant content for a user, reports’ improvement on a campaign's performance, and avoiding the appearance of ads that have already been displayed to a user.

Data retention:

GPS - 1 day (provider youtube.com)

IDE - 1 year (provider doubleclick.net)

test_cookie - 1 day (provider doubleclick.net)

VISITOR_INFO1_LIVE - 179 days

YSC - session cookie (provider youtube.com)

yt-remote-cast-installed - session cookie (provider youtube.com)

yt-remote-connected-devices - persistent (provider youtube.com)

yt-remote-device-id - persistent (provider youtube.com)

yt-remote-fast-check-period - session cookie (provider youtube.com)

yt-remote-session-app - session cookie (provider youtube.com)

 yt-remote-session-name - session cookie (provider youtube.com

 

 

4. The essential cookies are of primary importance for the proper operation of the Website, as they allow you to browse it and make use of its functions. These cookies do not reveal your identity. Without these cookies, we cannot property operate the Website

5. As long as the user/client accepts the use of cookies, the above described statistics, and marketing cookies will be activated. Mandatory acceptance of cookies is not a condition for entering our website. You can, in any case, navigate freely by controlling and accepting or not the cookies, either ours or those of third parties, the policy of which is determined exclusively by them, without our involvement and legal responsibility.

6. In case you do not wish to use cookies: You may activate, deactivate or delete cookies used by the organization through the settings menu of your browser. For instance, if you are using chrome, you may choose “Menu/Settings/Privacy/Content Settings” and opt to configure your cookie settings in accordance with your preferences. If you choose to deactivate cookies, certain parts of the Website or the application may not work properly.

7. You may also refer to the webpage www.allaboutcookies.org/ manage-cookies / index.html for all information related to the most frequently used browsers. Please be advised that in case you opt to deactivate cookies, certain Website applications may not function as intended

8. The Website software is designed to ensure the highest level of security and trust. All information contained in requests submitted through the Website is equally secure and confidential. Only authorized personnel who are trained in the handling of Client / Visitor personal data will have access to this information and only when necessary for the purposes of servicing them or performing contractual obligations.


9. Submission of Complaint - Appeal

10. Amendments

This policy may be renewed from time to time, due to amendments to the related legislation or change to the organization’s corporate structure. Thereby, we encourage the Clients to periodically visit this site so as to be informed regarding recent information of privacy practices. In any case, the Clients may be informed via e-mail or a notice in our Website regarding any amendments to this policy.