Privacy Policy

The European Cultural Centre of Delphi (E.C.C.D.) (hereinafter referred to as “Delphic Centre or Centre”) is a corporate body under private law. It was founded in 1977 and operates under the supervision of the Hellenic Ministry of Culture and the auspices of the Council of Europe. The Center is based in Athens (Frynichou 9, Plaka, P.C. 105 58, tel: 210 3312781-5, email: [email protected]) with activity in Athens and Delphi, where the Delphi Conference Centre hosts conventions and operates a guest house. 

According to its founding law, the Center aims to “serve international cultural interests” and “develop common cultural principles that will unite the peoples of Europe” through the “publication of studies on European culture, the organization of cultural meetings and other artistic activities. Within the framework of its activity, the Center may grant the use of its premises to third-party event organizers for rent. 

The Center is bound to protect the data processing activities and the personal data it collects and uses according to this Privacy Policy, the General Data Protection Regulation/G.D.P.R. (E.U.) 2016/679, the Greek legislation for the protection of personal data (L. 4624/2019) and the protection of the privacy of electronic communications (L. 3471/2006). 

1. SCOPE

With this Privacy Policy, the Center, as Personal Data Controller, informs about the way and purpose of collecting, processing, and storing personal data, about the retention time, the conditions for the transfer to third recipients, and about how it protects personal data under the General Data Protection Regulation and the applicable Greek legislation.  

Personal Data is collected and processed lawfully and fairly in a transparent manner and for specific purposes. The Center collects only appropriate, relevant, and necessary information for its purposes, accurate and, where necessary, updated. The Center does not further process personal data in a manner incompatible with the original purposes and takes reasonable steps to delete or correct inaccurate personal data promptly. For the security of processing, it takes appropriate technical and organizational measures to protect personal data from unauthorized or unlawful processing and accidental loss, destruction, or damage. 

This Policy applies to every information relating to:

(i) Natural persons in the context of the provision of services. 

(ii) Personal Data of suppliers/subcontractors in the context of cooperation, provision of services, or evaluation before entering into an agreement

(iii) Candidate employee during the recruitment process.

iv) Visitors of https://www.eccd.gr/ website  (hereinafter referred to as the “Website“).

(v) The provision of services and complaint registration procedure.

vi) Visitors of the Conference Centre and the guest house in Delphi.

The provision of services and complaint registration procedure.

vi) Visitors of the Conference Centre and the guest house in Delphi.

The Center is committed to protecting the privacy of natural persons and complying with the applicable data protection legislation, applying the principles governing the processing of personal data and set out in the G.D.P.R. (lawfulness, fairness, and transparency; purpose limitation; data minimization; accuracy; storage limitation; integrity and confidentiality; accountability). The above applies without any restriction to all processing activities.

2. PURPOSE OF COLLECTION AND PROCESSING

The Center collects, processes, and stores personal data required for its activities as provided in Law 645/1977 and any other applicable rule of law. Specifically:

  • For the submission of proposals by artists and institutions  
  • For assisting the participation in events and conferences 
  • For conducting surveys about services and before agreeing with suppliers/subcontractors/third parties
  • For assessing the suitability of job applicants and monitoring the employment relationships
  • For monitoring contracts and payments
  • For providing information about the Centre’s activities through electronic updates or printed communication 
  • For registrations to events  
  • For the creation of content regarding events and conferences 
  • For responding to queries, applications, and requests 
  • For notifying about disruptions of services
  • To comply with legal and regulatory obligations 
  • For establishing, exercising, and defending its legal rights 
  • For responding to data subjects’ rights 

3. CATEGORIES OF DATA SUBJECTS AND PERSONAL DATA AND LEGAL BASIS OF PROCESSING

The Center collects and processes the following data, indicatively but not restrictively, per category of natural persons. 

Event Contributorsfull name, identification data, contact details, curriculum vitae, synopsis of the artistic proposal, photos of performances, financial data (VAT number), payment data (bank accounts)

Legal Basis of Processing  

  • Consent according to Article 6 (1) (a) GDPR during future/possible cooperation.  
  • The performance of services, a contract, or an agreement according to Article 6 (1)(b) GDPR

Participants/Visitors/Guestsfull name, identification details, contact details, financial information (VAT number), payment data (bank accounts) 

Legal Basis of Processing  

  • The performance of services, a contract, or an agreement according to Article 6 (1)(b) GDPR

Partners and suppliers  name, identification data, contact details (telephone number, email address, fax, registered office address), details of legal representatives, professional capacity, payment data (bank accounts), and billing details.

Legal Basis of Processing  

  • The performance of services, a contract, or an agreement according to Article 6 (1)(b) GDPR 
  • Compliance with a legal obligation according to Article 6 (1)(c) GDPR 

Employees* Name, identification data, contact details, financial and payment data (bank accounts, salary, extra earnings), marital status, social security data (AMKA, AMA, EFKA), studies (degrees and vocational training), letters of recommendation, work history/work experience, health data if required by labor and insurance legislation. 

The relevant ASEP notice defines the supporting documents submitted. 

* Employees include natural persons with any employment relationship, work or service contract, and former employees. 

Legal Basis of Processing  

  • The performance of services, a contract, or an agreement according to Article 6 (1)(b) GDPR and Article 27 of the Greek Law 4624/2019.
  • Compliance with a legal obligation according to Article 6 (1)(c) GDPR.

Job applicants: Full name, email, contact phone. The candidate shall provide the supporting documents specified in each relevant notice issued by ASEP. 

  • Legal Basis of Processing  
  • Consent according to Article 6 (1) (a) GDPR, Article 27 (2) of the Greek Law 4624/2019. 

 Recipients of electronic communicationsfull name, email. 

Legal Basis of Processing  

  • Consent according to Article 6 (1) (a) GDPR and Article 11 (1) of the Greek Law 3471/2006 for the protection of personal data and privacy in electronic communication. 
  • The legitimate interests pursued by SYMVOLI or by a third party, according to Article 6 (1)(f) GDPR and Article 11 (3) of the Greek Law 3471/2006

Users of website services by filling in an online formfull name, email, telephone number

Legal Basis of Processing  

  • Consent according to Article 6 (1) (a) GDPR and Article 11 (1) of the Greek Law 3471/2006 for the protection of personal data and privacy in electronic communication.

The Center may collect or process special categories of personal data of employees if required by regulation and legislation under the conditions of the General Data Protection Regulation (Article 9, paragraph 2), Article 27 (3) of the Greek Law 4624/2019, and ASEP Notices.

The Center may collect or process special categories of personal data regarding health situations such as mobility problems to inform about the accessibility of a venue or to facilitate access and transportation to accommodations and sites. Additionally, it may collect personal information about food allergies and dietary habits to protect guests’ health during their hospitality at the guest house of Delphi. 

This information is temporarily recorded and not stored.  

The Center may collect feedback, comments, and questions in service-related communication and activities.

Information may also be used for targeted advertisements, messages, or content through remarketing and retargeting action on Facebook, Instagram, Google, and other platforms.

4. NOTICE ON VIDEO SURVEILLANCE SYSTEM (CCTV)

To protect the safety of persons, property, and goods, the Center has installed a video surveillance system with notification to the Personal Data Protection Authority.

The installation and operation of the system derive from the obligation and legitimate interest of the Center to protect the premises and goods from illegal acts while ensuring the safety of life, physical integrity, health, and property of individuals and third parties in the supervised area. Accordingly, the system operates under the Directive of the Personal Data Protection Authority 1/2011.

Cameras collect and record image data (moving and static). The Center has placed video surveillance signs in areas where individuals can easily see them.

The cameras do not take images of side streets or spaces.

Image data are retained for 15 working days without prejudice to more specific provisions of the applicable legislation in case of illegal acts. The Center may retain the recordings for extended periods and lawfully transfer data to the competent judicial, prosecutorial, and police authorities in the context of exercising their duties or in cases of criminal offenses.

In any other case, data transfer from the video surveillance system is permitted with the data subject’s prior consent.

The Center takes all appropriate organizational and technical measures to safeguard the confidentiality and security of personal data and to protect them from any form of unlawful processing.

You can find more information on the video surveillance system and the exercise of the rights of natural persons here.

5. USE OF COOKIES AND SIMILAR TECHNOLOGIES 

The Center uses cookies and other relevant technologies to give the user the best possible experience, navigate the website efficiently, perform certain functions, analyze traffic, and optimize its services.

This information may include browser information, IP address, name of the Internet Service Provider, type of device, operating system, navigation information, and other relevant identifications of the computer used to access the website.

Cookies and relevant technologies allow the modification of the website following the needs of the user to identify and prevent threats against security and abuse.

6. CONDITIONS OF CONSENT

When the legal processing is based on the consent of the individual, this should consider the requirements of the valid consent and its withdrawal. The individuals have the right to withdraw their consent at any time, without prejudice to the lawfulness of the consent-based processing before the withdrawal in question.

The receipt of consent will be obtained after informing the natural persons and will be evidenced through a special Consent Form, in electronic or printed form.

The recipients of electronic communications (e.g., newsletters) shall have the right to withdraw their consent by choosing the unsubscribing option, which will be available to every newsletter or electronic communication they receive.

7. PHOTOS AND AUDIOVISUAL MATERIAL NOTICE

Considering the open and public nature of the Center’s activities and its cultural purpose, participants should be aware that photographs and audiovisual material are taken during the events and that an event may be partially or fully videotaped/recorded. 

The Center reserves the right to use such material for informational and promotional purposes on social media, websites, online platforms, and print and electronic publications without asking for prior consent.

The material is stored in the databases of the Center for archiving purposes and for informing the public, the press, and the supervising and collaborating bodies. In addition, the material may be published on the official website, online social media pages, printed publications, and Press Releases. 

In addition, the Center may post real-time photos and videos to its social media feed and use photographs and audiovisual material for marketing, promotional purposes, and any other lawful purpose in its business context. 

  • If you do not wish to be photographed or videotaped during an event, please notify the Center by email: [email protected]. The Center shall take reasonable measures to fulfill your request. 

The use and processing of the photographs and audiovisual material are based on the legitimate interest of the Center for promoting and informing the public of its activities within the framework of its statutory purpose. 

If the conditions, purposes, and uses of the photographic and audiovisual material require prior notification and individuals’ consent, the Center shall notify appropriately and seek permission where necessary. 

8. POINTS OF COLLECTION

The Center collects personal data from the data subject’s interaction through correspondence, phone, mail, email, printed and online contact forms, social media, or through its website. It may also collect data from openly accessible directories or published data on the Internet. Indicatively:

  • From the General Electronic Commercial Registry (G.E.MI. website) 
  • When we communicate with you via mail, email, social media, internet-based communication platforms (Viber, WhatsApp, Messenger, etc.), and video calls.
  • When you fill and submit forms in print or electronically 
  • From third parties to whom you have consented to transfer your data to us.
  • From the device or the browser you access our website and social media pages.  
  • From the video surveillance system 

9. DATA RETENTION PERIOD   

The Center collects, uses, and stores personal data as long as necessary to fulfill the collection and processing purpose. The retention period is defined by the applicable legislation (tax, insurance, labor), by the nature of the interaction of the natural person with the Center, by the need to respond to requests, to resolve any problems, to fulfill legal obligations as provided for by applicable law, and/or because of any legal claims/complaints, as well as for security purposes. If the personal data are no longer necessary in relation to the purposes, they will be deleted or destroyed securely.

The retention period of personal data also depends on the legal basis for the processing, as defined below, unless otherwise provided by applicable law:

  • If the legal basis of the processing is the legitimate interest, the processing and retention of personal data will be carried out for as long as it is necessary to achieve the intended purpose of the Center and as for as long as it is still required until the limitation period of any relevant claims expires.
  • If the legal basis of the processing is the consent (e.g., for receiving electronic updates), the personal data is retained until the withdrawal of the consent and for as long as it is still required until the limitation period of any relevant claims expires.
  • If the legal basis for the processing is the performance of a contract, the personal data are stored, in paper and/or electronic format, for as long as the contractual relationship is in force or for as long as it is still required until the limitation period of any relevant claims (civil, tax) has expired.
  • If the legal basis for the processing is compliance with a legal obligation (Article 6 (c) of the GDPR), the retention period is determined based on the requirements of the legislation and the period during which the competent authorities can carry out controls.
  • For individuals who have consented to receive electronic information through their subscription to an electronic newsletter, the e-mail data are retained until the recipients unsubscribe. 

The Center may keep data for statistical purposes, but the personal data will be anonymized in this case.

If the data retention period has expired, the Center may notify the individuals via electronic communication, phone message, or any other proper means (e.g., an announcement to the Press) that it will proceed to delete or destroy the specific files. In addition, the persons have the right to receive a copy of their files.

The information can be provided by telephone, e-mail, or other appropriate means (e.g., press release). 

You can be informed about the specific retention times of personal data by submitting a relevant request under the procedure provided for in this policy.

10. DISCLOSURE/TRANSFER OF PERSONAL DATA TO THIRD RECIPIENTS 

The Center reserves the right to disclose or transfer personal data to third-party recipients to the extent necessary for the purposes set out in this Policy.

According to the legislation governing the operation of the Center, all decisions and acts of the Center are posted on the “Diavgeia” Program; contracts exceeding the value of €2,500 are posted on the Greek National Public e-Procurement System “Prometheus.” In addition, the Center notifies the ASEP (Supreme Council for Civil Personnel Selection) and competent ministries of recruitment resulting from the ASEP’s selection process.

The Center may assign the processing of the personal data to third parties, sub-contractors, and other associated organizations which provide services on its behalf as hotels for hosting delegates, – providers of accounting services, IT services, web hosting providers, and cloud hosting providers for storing and maintaining data. The Center, as Data Controller, shall use only Data Processors who provide sufficient guarantees to implement appropriate technical and organizational measures so that processing will meet the legislation requirements and ensure the protection of the data subject’s rights.

The data transfer will be under Article 28 of GDPR, which sets the data processors’ responsibilities. The data processors are bound to provide sufficient guarantees to implement appropriate technical and organizational measures in such a manner that processing will meet the requirements of this Regulation and ensure the protection of the rights of the data subject. If the sub-contractor processes Personal Data outside the EU/EEA area, such processing must be under the provisions and conditions of the GDPR, including the EU Standard Contractual Clauses for transfer to third countries or another specifically stated lawful basis for the transfer of personal data to a third country.

Personal data relating to invoicing may be transmitted and made accessible to banking institutions to process payments.

The Center may transfer personal data to public authorities if required by law or a statutory obligation and if the transfer is necessary to protect its rights and comply with legal or judicial procedures and court decisions.

The personal data of the individuals are transferred to the internal departments of the Center, which are responsible for the continuity and the uninterrupted provision of its services, as well as for the benefit of natural persons in the context of the evaluation/management of their complaints/requests.

In any other case, the Center does not disclose or transfer personal information with any third parties without prior notice and receiving the data subject’s consent when required.

11. DATA SUBJECTS RIGHTS 

The data subject shall have 

  • The right to be informed about the collection and use of your data, the purpose of processing, the security measures, and the data retention period. (Right to be Informed).
  • The right to access your data. (Right of Access). 
  • The right to obtain the rectification of inaccurate or out-of-date personal data. (Right to Rectification).
  • The right to request the deletion of your data. The Center shall delete the personal data unless Law prohibits the deletion or the personal data are necessary to exercise a legal right. (Right to Erasure). 
  • The right to restrict the processing of personal data if the provisions of Article 18 GDPR apply. In some cases, the restriction of processing may prohibit the Center from providing its services (Right to Restriction of Processing). 
  • The right to withdraw your consent at any time, without prejudice to the lawfulness of the consent-based processing. 
  • The right to request that the Center as Data Controller pass on personal data directly (in a portable format) to another data controller when the processing is based on consent or contract. (Right to Data Portability)
  • The right to object to the processing if the data processing has been based on legitimate interest and/or direct marketing. (Right to Object)
  • The right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning or significantly affects the individuals. This shall not apply if the decision is necessary for entering into or performing a contract if authorized by Law and if the individual has provided explicit consent.  
  • The right to be informed in case of a data breach if the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons.
  • The right to be informed if the Company transfers personal data to a third country or an international organization outside the EEA (European Economic Area)

The exercise of these rights is subject to restrictions set in the G.D.P.R. and the relevant Greek legislation.

The requests must include all the appropriate information, related data processing activities, and the format the users wish to receive the information.

The Center shall provide information on action taken on a request without undue delay and, in any event, within one month of receipt. That period may be extended by two further months where necessary, considering the complexity and number of the requests. The Center shall inform the data subject of any extension within one month of receipt of the request and the reasons for the delay.

Where the data subject requests by electronic form mean, the information shall be provided by electronic means where possible, unless otherwise requested by the data subject.

If the Center does not act on the request or the request cannot be satisfied, it shall inform the individual, without delay and at the latest, within one month of receipt of the request, of the reasons for not acting or the reasons why the demand cannot be met.

The information shall be provided free of charge. However, where requests from a data subject are manifestly unfounded or excessive, mainly because of their repetitive character, the Center may charge a reasonable fee considering the administrative costs of providing the information or communication or taking action requested; or refuse to act on the request.

You can exercise your rights by sending an e-mail to [email protected]  address or a letter to our postal address Frynichou 9, P.C. 105 58, Athens.

If you believe that processing your data violates Regulation (E.U.) 2016/679 or the national legislation, you have the right to complain to a supervisory authority. The competent supervisory authority for Greece is the Hellenic Data Protection Authority, Kifisias 1-3, 115 23, Athens, https://www.dpa.gr/, tel. 2106475600.

12. SECURITY OF THE PROCESSING

The Center implements appropriate technical and organizational measures to ensure the necessary level of personal data protection against risks, misuse, or unauthorized access to them, under Article 32 of the G.D.P.R. (General Data Protection Regulation (E.U.) 679/2016) to ensure the appropriate level of security against these risks.

These measures include, as appropriate: a) the implementation of encryption protocols b) the ability to ensure the confidentiality, integrity, availability, and reliability of processing systems and services on an ongoing basis (Article 32 of the General Data Protection Regulation (E.U.) 679/2016), c) the ability to restore the availability and access to personal data promptly in the event of a physical or technical incident,  (d) the procedure for regular monitoring, evaluation, and evaluation of the effectiveness of technical and organizational measures to ensure the security of processing.

Additionally, the Center shall take measures to ensure that any natural person acting under the authority of the controller, who has access to personal data, will not process such data except under the instructions of the data controller and will restrict access to your personal information only to authorized personnel.

13. CONTACT FOR REQUEST/COMPLAINT

You can exercise your rights by sending an email to [email protected]  address or a letter to our postal address Frynichou 9, P.C. 105 58, Athens.

If you believe that processing your data violates Regulation (E.U.) 2016/679 or the national legislation, you have the right to complain to a supervisory authority. The competent supervisory authority for Greece is the Hellenic Data Protection Authority, Kifisias 1-3, 115 23, Athens, https://www.dpa.gr/, tel. 2106475600.

14. UPDATES 

The Center reserves the right to amend this Privacy Policy at any time due to amendments to the relevant legislation. The latest version will always be posted on this website. The Center may inform about possible changes or updates to the Privacy Policy by email or notification on its website.

Latest Update, March 2023