Thank you for visiting the Website “Water Matters” of the Legal Entity under Public Law “INSTITUTE OF MARINE BIOLOGICAL RESOURCES AND INLAND WATERS”, with the distinctive title “IMBRIW “, with Tax Identification Number 999355106 Tax Office of Koropi, which is located at 46th km Souniou Avenue, in Anavyssos, Attica.
Before using our service, please read this Personal Data Protection Policy carefully.
Introduction
“Water Matters” the controller informs you about how information about you is collected and processed.
Personal Data is any information that refers to individuals whose identities are known or can be verified.
The protection of your Personal Data is very important for “Water Matters” . We process Personal Data in accordance with data protection legislation and ensure that our staff is aware of their obligations when processing Personal Data on behalf of the Organisation. The aim of this policy is to ensure that the processing of Personal Data by “Water Matters” complies with the requirements of data protection legislation and that its staff is aware of the rights of the subjects and the obligations of the Organisation when processing Personal Data. As described in the Terms of Use and the Cookies Policy, the services provided through the website are aimed at the public, do not target minors and do not process Personal Data for minors under 16 years of age.
The Policy applies to all members of the Organisation and to all Personal Data that are
processed on behalf of “Water Matters” by any means and in any form.
Definitions
“Personal Data”: means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
“Processing”: means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
“Restriction of Processing”: means the marking of stored Personal Data with a view to limiting their processing in the future;
“Controller”: means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law; in this case “Water Matters” .
“Processor”: the natural or legal person, the public authority, the service or other body that processes Personal Data on behalf of “Water Matters” .
“Consent”: of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of Personal Data relating to him or her;
“Personal Data breach”: means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Data transmitted, stored or otherwise processed;
“Data Subject”: The person (natural person) to whom the data refers.
“Personal Data Protection Legislation”: includes Regulation 2016/679 on data protection (GDPR) and Law 2472/1997on Personal Data Protection, instructions and decisions of the Personal Data Protection Authority, Law 3471/2006on the protection of Personal Data in electronic communications and any other specific legislation in force in Greece regarding the protection of privacy and / or the processing of Personal Data. The legislation for data protection governs the way in which the data controller such as “Water Matters” can process the Personal Data of the subjects, while recording and securing their rights.
“Personal Data Protection Authority (DPA)”: is the Greek DPA, located at 1-3 Kifissias Avenue, PC 115 23, Athens, tel.: + 30-210 6475600, Fax: + 30-2106475628, www.dpa.gr. DPA is a constitutionally established independent public authority, which has as its mission the supervision of the application of the General Data Protection Regulation (GDPR), national laws 4624/2019 and 3471/2006, as well as other regulations concerning the protection of the individual from the processing of Personal Data. The Greek DPA is preoccupied with protecting the rights and the privacy of the individual, aiding them in case of violation of their rights and offering support and guidance to the controllers for their complying with the rule of law.
“Recipient” means a natural or legal person, public authority, agency or another body, to which the Personal Data are disclosed, whether a third party or not. However, public authorities which may receive Personal Data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;
‘Third party’ means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process Personal Data;
“Data Protection Policy”: a set of rules and procedures that everyone involved in the organisation is required to follow. They balance the right and the need of the Organisation like “Water Matters” to process Personal Data with the obligation to protect the rights and respect for the privacy of the Data Subject.
“Staff”: includes all employees of “Water Matters” which are linked to an employment contract or the provision of services as well as all temporary staff, contractors, consultants and third parties with whom there is cooperation and in the framework of which contracts have been concluded or confidentiality or non-disclosure clauses have been included.
“Water Matters” complies with GDPR.
“Water Matters” respects and observes the principles governing the processing of Personal Data,
namely:
(a) Personal Data are processed lawfully and transparently in a transparent manner in relation to the data subject (“legality, objectivity and transparency”). This means “Water Matters” will use Personal Data fairly and determine a legal basis for processing. When the subjects will provide to “Water Matters” Personal Data for the first time or if the purpose of the processing changes, they have the right to request to know the way, the purpose, the period for which their Personal Data will be stored, the recipients or the categories of recipients, the contact information of the controller and the DPO, their rights with regard to data, including data access and transfer rights, correction and deletion, the right to object to the processing, the consequences of not providing the Personal Data required by law or for contractual purposes, and the existence and rights associated with automated decision-making, including profiling.
(b) Personal Data are collected for specified, express and lawful purposes and are not further processed in a manner incompatible with those purposes (“limitation of purpose”). The “Water Matters” processes Personal Data for processing purposes only and will not use them for other purposes that are not compatible with the original purposes. Subject to appropriate safeguards, further processing for archiving purposes of general interest, scientific or historical research or statistical purposes shall not be considered incompatible with the original purposes.
(c) Personal Data are appropriate, relevant and limited to what is necessary for the purposes for which they are processed (“data minimization”). “Water Matters” ensures that only the absolutely necessary Personal Data are processed, for the purpose for which they were collected and will not be collected or retained because they may be useful in the future.
(d) Personal Data are accurate and, where necessary, updated, all reasonable steps will be followed to promptly delete or correct Personal Data which is inaccurate in relation to the purposes of the processing (“accuracy”). The data will be inaccurate when they are incorrect or misleading as to the facts to which they refer. “Water Matters” has created and will periodically check whether it needs to develop other procedures, to maintain the quality of data collection, whether collected or received by the Organisation or not, as well as for their exact modification, update or correction.
(e) are kept in a form which allows the identification of data subjects only for the period required for the purposes of the processing of Personal Data (“limitation of the storage period”), and which in no case exceeds the period necessary for the purposes for which the Personal Data are processed. Each Address, Department or Office of the organisation is responsible to identify and comply with the appropriate detention periods as well as to ensure their safe destruction when the time elapses or the purpose of processing ceases and there is no legal requirement or legitimate interest or right to continue their observance. They may be stored for a longer period of time, provided that Personal Data are processed solely for the purposes of archiving in the public interest, scientific and historical research or for statistical purposes subject to the application of appropriate technical and Organisational measures.
(f) Personal Data shall be processed in such a way as to guarantee the appropriate security of Personal Data, including their protection against unauthorized or unlawful processing and accidental loss, destruction or deterioration, using appropriate technical or Organisational measures (“integrity and confidentiality “). For this reason, any Personal Data Processing on behalf of “Water Matters” or Personal Data collected by the Organisation, takes place in compliance with strict contractual clauses. The Data Protection Officer of “Water Matters” participates, learns and presents to the management its point of view in the initial stages of each project or in the proposed change of a process that has significant implications for the processing of Personal Data. The processing of Personal Data by any Address, Department, Office or employee complies with the Security Policy of “Water Matters” the staff of “Water Matters” has been informed in order to report any fact or suspicion that has or may result in los , theft, unauthorized disclosure, accidental destruction or disclosure of Personal Data in accordance with the prescribed data breach response procedures.
“Water Matters” respects and complies with European and Greek legislation, investing equally in the trust of the public and users of its infrastructure. Follows and follows the recommendations of the Greek DPA, the European Data Protection Council and the European Commissioner. Implements good practices and adopts appropriate codes of conduct and policies for the internal Organisation and management of Personal Data.
It is at the disposal of the Supervisory Authorities and the subjects in order to prove its compliance with the relevant provisions, providing the following information: a) the name and contact details of the data protection officer, b) the purposes of the processing and the legal basis, c a description of the categories of underlying data and Personal Data; (d) the recipients of any recipients of Personal Data that may exist; (e) if and in which countries the Personal Data is transmitted; Organisational security measures of Personal Data. It strives to design and develop the appropriate structures for the operation of the systems and procedures for the proper and legal processing of all Personal Data, in a way that ensures their integrity, accuracy, relevance and safety. For this reason, it adopts solutions for the protection of privacy and confidentiality by definition and specially designed for the needs of “Water Matters” .
Conducts data protection impact assessment when using new technologies or planning high risk processing for Personal Data. Especially regarding the installation and use of closed circuit television (CCTV), both in the installation in Heraklion, Crete, and in the installation in Rhodes. Follows the recommendations of the Supervisory Greek and European authorities, i.e. DPA. The “Water Matters” categorizes Personal Data and controls, recognizes, takes action and eliminates the processing risk, in order to eliminate as much as possible the risk to Personal Data Protection and the privacy of the Data subjects.
Ensures transparent processing and provides alerts and updates regarding Personal Data processing. While it uses consent as the legal basis for the processing of Personal Data, when this is the appropriate choice to serve the processing purposes.
Controls and ensures that Personal Data are not disclosed to the ones having not the relevant right nor third parties, unless permitted or required by law. For this purpose, it ensures that the staff of “Water Matters” who is directly involved in the processing of personal data has been trained and updated on an annual basis. “Water Matters” verifies and ensures that external partners receiving Personal Data from the Organisation, whether they can be considered as processors or not, have taken the appropriate, technical and organisational measures to ensure compliance with the data protection principles and related requirements described in the current policy. The control of employees and external collaborators is continuous. Violation of the rules and principles of the protection of Personal Data by an employee of the Organisation also has disciplinary sanctions.
Thoroughly monitors and evaluates its associates, who transmit data back to the Organisation and asks for the appropriate assurance and affirmation that they have the right and have taken the appropriate measures in order not to assert the rights of the subjects.
“Water Matters” manages the requests of the subjects who oppose to the processing or who wish to limit it, in order to respond to a great extent and it also voluntarily corrects inaccurate data or even deletes them. In any case, it respects and satisfies the requests of subjects not to use their data for commercial purposes and promotional activities. It has established the appropriate structure and procedures for managing any incident or complaint concerning the processing of Personal Data and the Organisation’s compliance with this policy. Any complaint and incident will be handled by the Organisation as a controller with the assistance and advice of the Data Protection Officer dpo@lists.hcmr.gr
“Water Matters” as a Controller
At “Water Matters” the entire staff is responsible for supporting compliance with this policy. The staff processes Personal Data only to serve the legitimate, operational purposes directly related to the performance of their duties. All staff of the Organisation are responsible for reporting breaches that have occurred or are in progress, to the Data Protection Officer, as soon as they become aware of and follow the procedures and actions provided by internal policy. These procedures are described in detail in the documents of the Organisation.
The Data Protection Officer (DPO)
Takes into great consideration the risk associated with processing operations, while evaluating the nature, scope, context and purposes of processing and is responsible for informing and advising “Water Matters” and its employees working on their obligations under European and Greek data protection legislation. Monitors compliance with European and Greek legislation, the Organisation’s policies regarding the protection of Personal Data, including the delegation of responsibilities, awareness and training of staff involved in processing operations, and related audits. Provides advice, when requested, on impact assessment on data protection and monitors its implementation. It cooperates with the supervisory authority, and acts as a point of contact for the supervisory authority and the subjects on processing-related matters. DPO also keeps the documentation records of the procedures for the protection of Personal Data and manages in cooperation with the Organisation the process of informing the data subjects and the DPA.
Internal audit
“Water Matters” has adopted procedures for the preclusive audit regarding the compliance of the staff and of all the involved partners, during the Personal Data Processing with the procedures and policies that have been communicated to them by the Organisation. It is also responsible for investigating and assigning responsibilities to anyone who may be involved in an incident of breach of the Organisation’s obligations regarding the lawful Personal Data of the subjects.
Changes to Privacy Policy
This policy was approved by the Board of Directors of the Organisation, by 358/D40 decision on 9/9/2020 and will be subject to review whenever deemed appropriate by “Water Matters” . Please check the Implementation Date (see beginning of this Policy) to see when this Policy was last revised. Each review will take effect upon posting on the website in the appropriate section, and the previous one will be archived. If we make substantial changes to this Policy that extend our rights to use the personal data we have already collected from you, we will notify you and provide you with the option to use this data in the future.
Data and Privacy Protection
At this point we provide all the necessary information i.e. regarding the type of data we may collect during your visit to our Website or from the contact we will have, and to inform you about how we use this information and how we protect your privacy when you use our services.
It is a commitment of “Water Matters” to use only the Personal Data that are necessary to offer the best possible services to the served public or if required by law, always within the framework of Greek and European Regulation, providing the maximum possible protection of your personal data when you use its services.
What information do we collect from you?
The “Water Matters” collects data through the contact it has with its employees, partners, visitors or users of its services for various purposes, in any way e.g. when you visit the website https://water-matters.hcmr.gr/, and when you fill in some of the contact forms that exist on these pages, the form for the Subjects to exercise their data protection rights, etc. Cookies and / or other user / visitor data may be used to facilitate user access when using certain services and / or pages of the Website. Indicatively, the Organisation may collect browsing data from our Websites: data from the Browsing History. At the same time, because the Organisation has given the employees specific passwords for entering the services of their websites, it may also collect data of the accounts of the users / employees of the Organisation. It may also collect your information from the contact form. The personal data that he collects is the Name of the user who wants to contact, the email as well as free text about the reason for which they communicate (https://water-matters.hcmr.gr/en/contact/) Also, the Institute manages in case you have a request regarding the management and processing of Personal Data by the Organisation, in this case fill in the contact form regarding the request you have regarding the management of your Personal Data by “Water Matters” . For more information you can contact the e-mail address st.ioannou@hcmr.gr.
How we collect your personal data
We collect your personal data directly from you when necessary in order to offer you a service. Usually the data are provided by you voluntarily entering them in the form available on our website (i.e. name, e-mail address, etc.) in order to request from “Water Matters” to offer you the services you select (https://water-matters.hcmr.gr/en/contact/).
In extremely rare cases, we may collect data in order to protect our interests or to respond to a request from the authorities regarding protection and security issues that may arise from relevant legal requirements.
You may also make a request to “Water Matters” on how the Personal Data are processed by the Organisation. In this case you need to send your personal information as well as the request you make regarding your Personal Data to the Organisation st.ioannou@hcmr.gr.
Επίσκεψη στην Ιστοσελίδα μας
When you visit the website of our Organisation https://water-matters.hcmr.gr/en/, we may automatically collect data and information transmitted to our server and they are stored in logs each time you visit it. This information does NOT identify the user, it is technical / IT data, it is anonymous, and their sole purpose is to improve the quality of service and the provision of statistics on the use of the Website, such as:
- Browser type and version information that was used
- The operating system used by the access system
- The website you left before visiting the Organisation’s website
- The Internet Protocol (IP) Address
- The internet service provider
- Similar data and information for the protection of our website from attacks and external risks i.e., malware
Utilisation of Cookies
Cookies are small text files that are installed on your computer, tablet, mobile phone and generally the device with which you browse the internet and thus, on the website https://water-matters.hcmr.gr/en They are widely used in order to make the websites work better and more efficiently. Cookies do not give us full access to your computer or device and are not used to violate your privacy.
Third party websites
The Organisation’s Website contains links to Websites that owned and operated by third parties, such as a link to the Institute of Oceanography, Marine Biology, Biotechnology and Aquaculture, and Marine Organics Resources and Inland Waters. These institutes constitute essential research centres of “Water Matters” . These pages have their very own privacy policies, so we urge you to consult them before browsing these websites. After redirection to third parties’ website, you are entirely responsible.
Data storage
The hosting center (data center) where your personal data is stored are located in cloud services, a space which is well protected and only accessible by authorized individuals working in the Computer Center Department. Back-up copies that are retained, are kept in a fireproof safe and in a safe location.
Retention period of personal data
The retention time of your personal data that we collect from the website is determined as
follows:
In case you fill in the contact form your personal data are kept for a period of time according to your request. After the end of the period of time defined either by our contractual relationship or by the legislation (i.e. tax, etc.), the prescribed procedures for their safe destruction are followed.
Technical measures to protect your data
The protection of your data is very important for “Water Matters” We take all necessary, technical and organisational measures to ensure their proper use, confidentiality and integrity. “Water Matters” will never send a message asking you to provide us with security data such as password, financial information or other sensitive information via email or link.
We strive to use the latest technological solutions and procedures to protect your personal data. Where possible we have adopted Secure Sockets Layer (SSL) encryption technology for the security of your data and communication privacy. We have taken appropriate security measures to protect you from the loss, misuse or alteration of the data we collect from you through our websites and to protect your privacy. “Water Matters” has provided for and installed both an antivirus system and a firewall, in order to be as protected as possible from an external attack. However, we would like to emphasize that the internet is not a secure means of communication and we cannot guarantee the security of the data you enter on this website or send to us via the internet, at least for the entire route.
Τροποποιήσεις και Αλλαγές της Πολιτικής
“Water Matters” may modify this data protection and privacy policy. Please ALWAYS DO check the Application Date at the beginning of this to see when it was last revised. Each revision will come into effect as soon as we post the revised privacy statement and the older one will be archived.
If we make substantial changes to this statement that extend our rights to use the personal data we have already collected from you, thereby affecting your privacy, we will inform you and give you, where possible, the option to use these data in the future.
Should you have questions about your privacy policy or need help exercising or understanding your privacy rights, please contact: the Data Protection Officer, sending your request to the e-mail address dpo@lists.hcmr.gr
In any case, for exercising your rights you can submit a request by applying to the Greek DPA, located at 1-3 Kifissias Avenue, PC 115 23, Athens, tel.: + 30-210 6475600, Fax: + 30-2106475628, www.dpa.gr
Rights of data subjects
We implement data processing as follows:
- As an employer, for staff matters.
- As an Institution, for the service of our members and visitors.
- As obligated to comply with any requirement of the legal framework in which we operate.
Your rights under European and Greek Personal Data protection legislation are:
Right to Information
There must be a clear reason why the “Water Matters” must collect or use your personal data. Thus, you have at any given time the right to obtain information about your personal data, the way we process them and where we have them stored, always in compliance with the current regulation and free of any charge. A summary of this information will usually be provided to you when we collect your personal information, but in any case, you can also receive detailed information from our website.
Right to Access
Personal Data Regulation gives you the right to request, view and receive a copy of any personal information we hold about you. However, in order to respond to your request, we may need additional information (i.e. to identify the subject and to make sure that the personal data is not sent to the wrong person). Where possible, you will be able to access the information we hold through the account. We will arrange to respond to any relevant request within a period of one month, unless for objective reasons we may need more time, in this case we will inform you. Please refer to our website in the relevant section to select the appropriate form: https://water-matters.hcmr.gr/en/contact/
Right to Correction
You can ask from us the correction – update of your personal data in case they are inaccurate or incomplete. If we have passed the information on to others, we will take steps to notify them and take the necessary corrective action. If we find that the information does not need to be changed, we will contact you within one month to explain our decision.
Right to Deletion
We strive to ensure that the data we receive will not be retained and will not be processed for longer than necessary. However, since you have the right to request the deletion of your personal data, “Water Matters” will delete them immediately. This will happen particularly in the following cases:
They are no longer necessary for the purpose for which they were originally
- You agreed to the collection and editing initially and later changed your mind
- We have stated that we will use them to serve our own “legitimate interests”, which have now disappeared and there is no other reason to retain your data
- You have sound reason to believe that we used your data illegally
- You have a well-documented opinion that we have an obligation by the law to stop processing and stop holding your data
- The data refers to a minor for whom there is no legal possibility for the processing of their data
However, in some cases where applicable legal obligations (i.e. tax) require mandatory data retention, data deletion may be prohibited. In these cases, we will explain why we cannot delete your personal data and for how long. While we can also refuse to delete data if there is no clear reason or if the request was excessive.
If we have passed the information on to others, we will take steps to notify them so they will take the necessary corrective action.
We will arrange to respond to any relevant request within a period of one month, unless for objective reasons we may need more time, in which case we will inform you. Please refer to our website in the relevant section to select the appropriate form. But if we have any objections, we will explain our decision to you.
Please note that if we comply with a request, we may still be required to retain some information such as that you made the request and that we have responded. We may also need to retain some data such as contact details in a log protocol so that we do not communicate for advertising purposes in the future.
Right to Restriction of Processing
You have the right to request the restriction of processing of your personal data from “Water Matters” and “Water Matters” will immediately proceed to the limitation of the processing of these, at least, in order to consider your request, to limit, correct or stop the processing of data. If this is not possible, we will explain why we cannot restrict the processing of Personal Data.
Right to Data Portability
For the processing of personal data for which we use computer systems, either by contract or with your consent, you have the right to request that we provide you with these in one of the most widely used forms of reading, for example in an XML file.
Right to Object
You have the right to object to the processing of the Personal Data which we carry out:
- for the fulfillment of a task assigned to us and performed in the public interest
- because processing is necessary for the purposes of legitimate interests
- for advertising / marketing purposes
- for scientific or historical research and statistics
We will not be able to respond to your request if:
- there is an imperative and legal reason which prevails
- there is an urgent need to establish, exercise or support legal claims
We will contact you within a month to explain our decision.
Automated decision-making rights, including profiling
As a processor “Water Matters” has the right to utilize technology in order to make decisions that have a significant impact on subjects in very specific cases and under certain conditions. In particular, we may use technology for automated decision-making and profiling when:
- is necessary for the conclusion or execution of a contract between “Water Matters” and you
- is based on your explicit consent
- allowed by European or Greek legislation
In any case, the specific technology will have been implemented having taken the appropriate measures to protect the rights, freedoms and legal interests of the data subject, providing the appropriate information, i.e. what information we use, for what purpose and the effects. You can ask us to reconsider the decision with human participation.
How you can exercise your rights
After being informed from our website, you can fill in the contact form (link that refers to the contact form).
To exercise any of your rights you can:
Contact the department of “Water Matters” which is deemed supervisory. Information about the infrastructure of the Organisation and the contact details can be found here :
https://water-matters.hcmr.gr/en/contact/
Alternatively, send an e-mail to the Data Protection Officer of “Water Matters” , at st.ioannou@hcmr.gr
In any case, for exercising your rights you can submit a request by applying to the Greek DPA, located at 1-3 Kifissias Avenue, PC 115 23, Athens, tel.: + 30-210 6475600, Fax: + 30-2106475628, www.dpa.gr