Incubator for Media Education and Development (hereinafter “iMEdD” or “us”), which is a civil not-for-profit association, fully recognises the importance of safeguarding your privacy and protecting your personal data no matter in what capacity you communicate with us or collaborate with us, such as in your capacity as employees, suppliers, associates and third parties interested in participating in our activities, to name a few.
Your personal data includes all information which could directly, or in combination with other information, result in you being recognised or identified as a natural person.
This category includes information such as your name-surname, age, Tax Reg. No., internet search history, and any other information which allows you to be identified in accordance with the provisions of Law 4624/2019, the General Data Protection Regulation (Regulation (EU) 2016/679 / GDPR) and the Greek legislation in general applicable from time to time and the decisions of the Hellenic Data Protection Authority (HDPA).
1. How your personal data is collected and the purposes of processing
iMEdD will always ask you for the minimum personal data needed to enable you to receive our services. These include the following data: name, surname, email address, phone number, postal address for issuing or sending an invoice or service receipt, etc.
As a rule, your personal data is obtained to implement a contract between us in your capacity as user of our services and/or as supplier and/or as visitor to our website and/or as someone interested in our activities and various programmes. We retain your personal data only for such time as is required by our relationship with you, in conjunction with the relevant legislation, based on the purposes for which it was processed, and we then anonymise or destroy that data.
2. Personal data of minors
We do not collect any personal data about children aged under 15.
3. Legality of processing
iMEdD will use your data if at least one of the following legal bases for processing exists:
a. To sign and implement our contract and discharge our contractual obligations.
b. Because it is necessary to comply with a legal obligation on our part to discharge our tax and accounting obligations.
c. To serve our legitimate interests and the legitimate interests of third parties in the sense of a business or commercial reason to use the information, provided that such processing does not harm your fundamental rights and freedoms, such as to provide you with effective service and support, to respond to your requests, to improve the security and ease of use of our website, to carry out our transactions, to inform you about our services and to record any complaints you may have.
d. Because you gave us your consent.
4. Sending your personal data to third parties.
When your data is being processed, we may send some of that data to various service providers and suppliers who will operate either as processors in our name and on our behalf or as data controllers. These service providers and suppliers are bound by data processing agreements and are obliged to ensure the security of your data in accordance with the provisions of Law 4624/2019, the General Data Protection Regulation (Regulation (EU) 2016/679 / GDPR) and the Greek legislation in general applicable from time to time and the decisions of the Hellenic Data Protection Authority (HDPA). Examples of third parties may be external legal advisors, financial and business advisors, IT and telecommunications companies, external auditors and accountants, insurance companies, advertising companies, etc.
In all events, we ensure that all persons processing on our behalf take suitable technical and organisational measures to ensure that your personal data is collected, transferred, stored and processed in accordance with suitable standards and security measures and in accordance with the terms of this Policy and the applicable data protection laws from time to time.
5. Dispatch to third countries
Your personal data may be sent to third countries (meaning countries outside the European Economic Area) based on our contractual obligations or because you have given us your consent. Controllers or processors in third countries are obliged to comply with European data protection standards and to provide suitable safeguards in relation to the transfer of your data in accordance with Article 46 of the GDPR. In particular, such suitable guarantees usually include the signing of standard data protection clauses which have been approved by the European Commission. You are entitled to receive a copy of these clauses by contacting us in the manner indicated below.
6. How long do we retain your data?
We will process and store your personal data for the entire duration of our relationship and for such time as is necessary to discharge our contractual and legal obligations.
We will delete your data when it is no longer necessary for the purposes for which it was collected and processed, following your request or your objection to the processing, provided that there are no legal grounds requiring us to retain it further, when it is not necessary for the purposes of complying with legal obligations or when you withdraw your consent (if the data was collected and processed based on such consent).
7. Automated decision-making and profiling
When carrying out our activities, we do not use any automated decision-making process. If that happens, we will inform you in good time in advance, informing you about the logic of the intended automated processing, the means we will use and any consequences this may have for you.
8. Use of customer data for marketing purposes.
We may process your personal data to inform you about our services and to market our services or programmes to you only if we have your express consent or if we consider that we have an overriding legitimate interest in doing so.
You are entitled to object at any time to the processing of your personal data for marketing purposes and to withdraw your consent for that purpose. The personal data we process for this purpose consists of information you provide us with and data we collect when using our services.
9. Your rights
You have the following rights in relation to your personal data held by us:
a. Right of access, namely the right to view or receive a copy of the personal data we hold about you and to check that we are lawfully processing it. To obtain a copy, you can fill out the web form on iMEdD’s website or contact us at the contact details indicated below.
b. Right to rectification, namely the right to request the rectification of personal data we hold about you, which may be incomplete or inaccurate.
c. Right to erase, namely the right to request the deletion of your personal information (also known as the “right to be forgotten”). This allows you to request that your personal data be deleted when there are no lawful grounds for continuing to process it.
d. The right to object, namely the right to state your opposition to the processing of personal data when we rely on our overriding legitimate interest, but on grounds relating to your particular situation, you want to object to the processing.
e. The right to restrict processing, namely the right to request that we limit the processing of your personal data when your data is not accurate, processing is unlawful or we do not need to retain it for the purposes for which we collected it.
f. The right to portability, namely the right to receive a copy of your personal data in a structured, commonly used and machine readable format and to transfer that data to other organisations and to request that the data be sent by us directly to other organisations you will indicate to us.
g. The right at any time to withdraw consent given to us concerning the processing of your personal data. Note that any withdrawal of consent does not affect the lawfulness of processing which was based on consent (before it was withdrawn or revoked) but this may entail the termination of certain services we provided to you.
To exercise any of your rights you can contact iMEdD at 3A Stadiou St., Athens GR-10562 or at the email address [email protected] or you can fill out the web form on iMEdD’s website.
10. Complaining to the Hellenic Data Protection Authority (HDPA)
The legislation grants you the right to lodge a complaint with the Hellenic Data Protection Authority if you consider that iMEdD is infringing the applicable legislation on the protection of your personal data.
11. Personal data security
Firstly, the staff who are involved in processing your personal data are trained and responsible. We also have suitable security policies and use suitable organisational and technical / enterprise tools such as anonymisation, pseudonymisation, data encryption, use of firewalls, establishment of authorised access levels, processing by specially authorised employees, staff training and periodic checks.
12. Links to other websites
Our website includes links to other websites or web-based platforms which are not controlled by iMEdD but by other natural or legal persons who own or manage those websites. Under no circumstances is iMEdD liable for any loss incurred by the user from visiting other websites, including any unlawful processing of his/her personal data.
13. Cookies Policy
This Policy was published by iMEdD on 10/11/2020 and is subject to periodic improvement and revision. Any changes to this Policy will apply to the processing of your personal data from the date on which the revised version is published.