Πολιτική Προστασίας Δεδομένων

Privacy Statement regarding the protection of personal data in the context of GRNET newsletter

Controller details:

Α public limited company  (societe anonyme) under the corporate name “National Infrastructures for Technology and Research S.A.” and the distinctive title “GRNET S.A.”

Competent Processing Project:

Marketing & Communication Department

Controller’s Contact Details:

marcomms@grnet.gr

Processor:

«Moosend Ltd»

More detailed information for each application from the other, the Terms of Use and Protection of the required applications in its application: https://moosend.com/trust/privacy-policy/

 

Scope of this Privacy Statement:

National Infrastructures for Technology and Research S.A. (hereinafter referred to as “GRNET SA”) is bound by European Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation – hereinafter referred to as “the GDPR”) and Law 4624/2019 (Government Gazette 137/A/2019) on “Data Protection Authority, measures for the implementation of  Regulation(EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and  for the  incorporation into national law of Directive(EU) 2016/680 of the European Parliament and of the Council of 27 April 2016 and other provisions”, as in force at any  time (hereinafter referred to as “the Law”). This Privacy Statement details all information necessary for the processing of personal data for the newsletter, as well as the policies and procedures implemented by GRNET SA for the protection of the GRNET’s users privacy. This Privacy Statement sets out  the criteria  as well as the terms and conditions under which GRNET SA collects, processes, uses, stores and transmits the personal data of the project users, how it ensures the confidentiality of such information, including any law and/or regulation implemented or enacted in accordance with Union and national laws on personal data protection and electronic privacy, as well as any law and/or regulation amending,  replacing,  issuing or consolidating any of the latter, including any other applicable Union and national laws on the processing of personal data and privacy, which may exist in accordance with applicable law.

For the purposes of this Privacy Statement, the terms “processor”, “controller”, “third party”, “supervising authority”, “personal data”, “processing”, “data subject” shall have the meaning ascribed to them by applicable legislation on the protection of personal data.

In addition, for the purposes of the present, the following definitions shall also apply:

“Website” – the website accessible via domain names https://grnet.gr/ , including the entirety if the web pages thereof.

 “User”– the GRNET website user, whom the data refer to, whose identity is known or may be verified, namely it may be directly or indirectly determined.

  1. Purpose/s for processing the data collected:
  2. GRNET SA– as controller- within the framework of the GRNET newsletter list collects and processes the personal data of the persons who give their consent for newsletter mentioned below, for the following purpose / purposes:
  • To contact those who registered in the newsletter list of GRNET in order to receive information material from GRNET SA. related to the project, such as News / Announcements, Services and Events.
  • For the implementation of the sending of messages and the technical support of the project by the executor “Moosend Ltd”.:

GRNET SA collects and processes “users” personal data in the context of providing the GRNET newsletter solely for the abovementioned purposes and only to the extent strictly necessary to effectively serve such purposes. These data shall be relevant, appropriate and not more than those required in view of the aforementioned purposes. They shall also be accurate and, if necessary, updated.

Furthermore, the aforementioned data shall be retained only during the period required as mentioned hereinabove, in order to accomplish the purposes of their collection and processing and shall be deleted after the end thereof (see below “Retention period of personal data”).

  1. Categories of personal data processed:

In the context of newsletter, the personal data that are being processed are:

  1. A) Mandatory:
  • Name
  • Last name
  • Email address,
  • Sector (selection from drop down menu: University / Research, Government, Small and Medium Enterprises / Industry, Other)
  • Industry (selection from drop down menu: Computer Science, Engineering, Construction, Health Sciences, Positive Sciences, Chemistry / Materials, Other)
  1. B) Optional:
  • Organization / Company
  • History of invitations that have been sent
  • Responses to participating in accepted events

As part of the technical support from the processing team of the processor, the personal data being processed are:

  • Name
  • Last name
  • Email address
  • Sector (selection from drop down menu: University / Research, Government, Small and Medium Enterprises / Industry, Other)
  • Industry (selection from drop down menu: Computer Science, Engineering, Construction, Health Sciences, Positive Sciences, Chemistry / Materials, Other)
  • Organization / Company
  • History of invitations that have been sent
  • Responses to participating in accepted events
  • History of emails that have been sent
  1. Legal bases for processing

The processing of “users” personal data is based on the provision of the data subject’s consent, as required by Article 6 par. 1 par. A of GDPR.

  1. Access to personal data:

For the implementation of the dispatch and processing of the newsletter in the framework of the GRNET newsletter, access to the personal data of the “users” is provided to the following:

  • In the marketing management team of GRNET SA, which consists of staff that maintains a contractual relationship of project leasing and provision of services with GRNET SA. “Associates of GRNET SA”, who are bound by a private confidentiality agreement with GRNET SA
  • To staff of the company “Moosend Ltd” in case of technical support.

The processing of the c “users” personal data by the aforementioned, is carried out under the supervision and only at the request of GRNET SA, within the scope of the mission and the role of each associate. Such associates undertake to comply with the same privacy and personal data requirements as GRNET SA itself in accordance to the present Privacy Statement.

  1. Recipients of collected personal data:

GRNET SA shall in no way transmit or in any way disclose the newsletter list of GRNET’s “users” personal data to any third-party entities, private businesses, natural persons or legal entities, public authorities, agencies or other organizations, other than as expressly set out herein.

The newsletter list of GRNET’s “users” personal data may be disclosed or transmitted to governmental authorities and/or law enforcement officials, only if necessary for the abovementioned purposes, in the context of enforcement of a court decision or a provision of law or if necessary to secure the legitimate interests of GRNET SA in its capacity as processor, in compliance with the terms and conditions of applicable law.

  1. Rights of data subject

As regards  the data processed  in the context of providing the newsletter list, GRNET  as controller – takes all necessary action, pursuant to the terms of this Privacy Statement, both during the collection as well as  in every  subsequent stage of processing of newsletter list of GRNET’s “users” personal data,  so that every “user” may exercise his/her rights, as laid out in applicable legislation on the protection of personal data, namely the rights of Access, Rectification, Erasure, Restriction of Processing, data  Portability, as detailed hereinbelow and in accordance with the terms and conditions of applicable law:

Right of Access: The data subject is entitled to request and obtain from GRNET SA, a confirmation on whether or not his/her personal data are processed and, if so, to exercise the right to access such personal data pursuant to applicable legislation. The data subject may also request a copy of the personal data undergoing processing, as described in this Privacy Statement, by sending an email to the following email address: marcomms@grnet.gr

Finally, it should be noted that the right to obtain a copy of the personal data undergoing processing shall not adversely affect the rights and freedoms of others in accordance with applicable law.

  • Right of Rectification: The data subject shall have the right to request GRNET SA to rectify any inaccurate personal data concerning him/her. Considering the purposes of the processing, the data subject shall have the right to request that any incomplete personal data be completed, including by means of providing a supplementary statement, in accordance with applicable legislation.
  • Right of Erasure: The data subject has the right to delete all his / her personal data that have been collected and processed in the context of his / her participation in the GRNET newsletter in accordance with the terms of the current legislation and the terms of this.
  • Right to restriction of processing: The data subject is entitled to ensure that GRNET SA restricts the processing of his/her data, if any of the conditions laid down by applicable legislation on the protection of personal data, is met.
  • Right to data portability: The data subject has the right to obtain any personal data concerning him/her, which he/she has provided to GRNET SA in a structured, commonly used and machine-readable format, as well as the right to transmit such data to another processor  without any objection from the processor to which the personal data have been provided, in accordance with the provisions of the applicable legislation on personal data.

To exercise any of the above rights, the “user” may contact the GRNET Team at the following email address:

The aforementioned rights of the data subjects are subject to restrictions in accordance with the applicable legislation.

  1. Personal data retention periods

The personal data collected and processed in the context of registering on the newsletter for the GRNET project, based on the consent of the subjects, will be kept until the withdrawal of their consent or until the request for deletion is exercised. The option to withdraw consent and exercise the deletion request will be provided without exception to any GRNET electronic communication.

  1. Privacy and Security of Information:

The processing of personal data by GRNET SA is carried out in such a way as to ensure its confidentiality and security. Specifically, it is carried out exclusively by authorized associates of GRNET SA, while all appropriate organizational and technical measures are taken for data security and protection against accidental or unlawful destruction, accidental loss, alteration, prohibited dissemination or access and any other form of unfair treatment.

The processor maintains its servers in a data center within the European Union. Takes all appropriate organizational and technical measures for the security of the data and their protection against accidental or unlawful destruction, accidental loss, alteration, prohibited dissemination or access and any other form of unfair processing. For more information see here: https://moosend.com/privacy-policy/

  1. Contact:

For any questions or clarifications regarding the present Privacy Statement and as well as in the event of any violation related to personal data issues, “users” may contact the Competent Department of GRNET SA at the e-mail address mentioned hereinabove.

They may also contact the Data Protection Officer (DPO) of GRNET S.A., Ms. Vera Meleti, and/or the deputy DPO, Ms. Vasiliki Konstantinopoulou at the e-mail address: dpo@grnet.gr.

  1. K. Recourse/Complaint

In the event that any GRNET “user” request is not satisfied by the processor,  the  “user” may at any time address to/ file recourse with the Competent Supervisory Authority, namely the Data Protection Authority  https://www.dpa.gr .