Incubator for Media Education and Development - non-profit civil partnership (hereinafter “iMEdD” or “the Organisation” or “We”) fully recognises the importance of safeguarding your privacy and protecting your personal data, regardless of the capacity under which you communicate or work with us, including your capacity as employees, users of the website, suppliers, third-party partners, participants in the Organisation’s workshops and other activities.
For any processing of personal data carried out in the context of any potential interaction with the Organisation, including website visits, the Data Controller is the Company “iMEdD – Incubator for Media Education and Development – non-profit civil partnership”, whose registered office is at 3A Stadiou Street, 10562, Athens, tel. +30 211 1035100, e-mail: [email protected].
Your personal data include any information that might result, directly or in combination with other information, to your identification as an individual.
Personal data includes, but is not limited to, data such as name and surname, age, tax identification number, social security number, postal address and email address, landline and mobile phone numbers, credit, debit or prepaid cards, evaluation data, web browsing history (e.g. log files, cookies, etc.), and any other information enabling your identification pursuant to the provisions of the General Data Protection Regulation (EU) 2016/679 (the “GDPR”) and according to the provisions of the applicable Greek law, as in force from time to time and the decisions of the Data Protection Authority (the “DPA”).
1. Means of collection and purposes of processing of your personal data
When accessing our site, you may browse without disclosing any personal data, unless you are expressly informed otherwise by the Organisation.
In this case, the Organisation shall only request from you the minimum personal data necessary in order for you to receive our services and be notified of our activities. These include, but are not limited to: name and surname, e-mail address, phone number, Tax Identification Number, billing address, credit card number for invoicing purposes or bank account number in case of payment via wire transfer.
In principle, the collection of your personal data is undertaken for the following purposes:
(a) performance of an agreement entered into between you and us, in your capacity as recipient of our services and/or as our supplier
(b) in your capacity as a visitor of our webpage and/or as an interested party for our actions and various programs and
(c) subscribing in the Organisation’s newsletter.
We will keep your personal data only for as long as it is necessary depending on our relationship, in conjunction with the applicable legislation, and according to the purpose of their processing while after the applicable retention period, your personal data are anonymised or destroyed.
2. Minors’ Personal Data
No personal data pertaining to minors under 15 years of age are collected by us.
3. Processing of sensitive data
The Organisation may, in certain cases, process special categories of personal data (‘sensitive data’). Sensitive data are defined as personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data processed solely to identify a human being, health-related data and data concerning a person’s sex life or sexual orientation. The Organisation, for instance, may process sensitive data that a user has made public. It may also process sensitive data, where appropriate, to support, exercise or defend legal claims. The Organisation may finally process a user’s sensitive data if they have freely given their explicit consent for one or more specific purposes, within a specific context.
4. Lawfulness of the processing
The Organisation will process your personal data only if at least one of the following legal bases applies:
Α. The signing and execution of any agreement entered into between us and the fulfilment of our contractual obligations.
Β. Our compliance to legal obligations, such as the discharge of our tax and accounting obligations.
C. The legitimate interests pursued by us or third parties for business or commercial purposes, provided that such processing does not harm your fundamental rights and freedoms, for example for the purpose of providing you with efficient service and support, responding to your requests, improving security and ease of access to our website, performing the transactions agreed between us, keeping you updated on our services, and recording any complaints that you might have.
D. You have lawfully given us your consent.
5. Disclosure of your personal data to third parties
In the course of fulfilling the purposes of the processing of your data, it is possible that we might disclose some of them to different service providers and suppliers acting either as data processors in our name and on our behalf or as data controllers. Said service providers and suppliers shall be subject to binding data processing agreements and shall undertake the obligation to ensure the protection of your personal data pursuant to the GDPR. Examples of such third parties include external legal, financial and business consultants, IT and telecommunications providers, external auditors and accountants, insurance companies, advertising companies, etc.
In any case, we shall ensure that any persons undertaking processing activities on our behalf shall take the appropriate technical and organisational measures in order to ensure that your personal data are collected, transferred, stored and processed according to the appropriate standards and safety measures and in conformity with the terms of this Policy and the provisions of the applicable data protection laws, as in force from time to time.
6. Transfer of personal data to third countries
It is possible that your personal data might be transferred to third countries (i.e., countries outside the European Economic Area) on the basis of our contractual obligations or on the basis of your consent. The data controllers or processors in third countries shall be under the obligation to comply with the European standards for the protection of personal data and to provide the appropriate safeguards in relation to the transfer of your data pursuant to Article 46 of GDPR. More specifically, said appropriate safeguards usually include the signing of the standard contractual clauses approved by the European Commission. You have the right to request and receive a copy of said clauses by contacting us using the contact details set forth below.
7. Data retention period
We shall process and store your personal data throughout the term of our relationship and for as long as it is necessary for the discharge of our contractual and legal obligations in accordance to the Organisation’s Data Retention Policy.
We shall delete your data when their retention is no longer necessary for the purposes of their collection and processing, as well as following your request, at your objection to the processing, provided there are no legal reasons that require further retention of your data, such as our compliance with legal obligations or upon revocation of your consent (if the collection and processing of the data was based on such consent).
8. Automated decision-making and profiling
No automated decision-making is carried out in the course of our activities. However, if any automated decision-making is to take place, you will be informed timely and in advance of the purpose behind the intended automated decision-making, as well as of the means to be used and any impact that this might have on you.
9. Use of your data for marketing purposes
It is possible that we might process your personal data in order to keep you updated of our services and promote them to you, provided that we have your express consent to do so or if we have an overriding legitimate interest to do so.
You have the right to object at any time to the processing of your personal data for marketing purposes and to revoke your consent to this purpose. The personal data that we collect for this purpose consist of information provided by you and of data collected by us in the context of your using our services.
10. Your rights
You have the following rights in relation to your personal data processed by us:
A. Right of access; namely, the right to receive a copy of your personal data kept by us, and to verify that our processing of your data is legal. To receive such copy, you may contact us using the contact details set forth below.
B. Right to rectification; namely, the right to request rectification of any of your personal data kept by us that might be incomplete or inaccurate.
C. Right to erasure; namely, the right to request erasure of your personal data (also known as the “right to be forgotten”). This enables you to request from us to delete your personal data provided there is no legal reason for any further processing by us.
D. Right to object; namely, the right to object to the processing of your personal data when the legal basis for the processing is an overriding legitimate interest pursued by us, but for reasons related to your particular situation, you wish to object to the processing.
E. Right to restriction of processing; namely, the right to request from us the restriction of the processing of your personal data when the accuracy of your personal data is contested, when the processing is unlawful or when we no longer need the personal data for the purposes of the processing.
F. Right to data portability, namely, the right to receive a copy of your personal data in a structured, commonly-used and machine-readable format, and the right to transmit those data to another controller and to have us transmit those data directly to another controller that you will name.
G. Right to revoke your consent to process your personal data at any time. Please note that revocation of your consent does not affect the lawfulness of the processing based on such consent (before the latter is withdrawn or revoked). However, such revocation might entail the interruption of some of our services provided to you.
You can exercise any of these rights by contacting the Organisation at 3A Stadiou St., 10562, Athens or [email protected].
11. Right to lodge a complaint with the Data Protection Authority (the “DPA”)
The law grants you the right to lodge a complaint with the DPA, if you think that the Organisation is violating the applicable law regarding the protection of your personal data.
12. Personal data security
Firstly, the employees carrying out the processing of your personal data are trained and responsible. We also have appropriate security policies in place and we use the appropriate organisational and technical/operational tools, such as anonymization, pseudonymisation, encryption, firewalls, security clearance levels, restriction of processing to specially authorised employees, personnel training, periodic audits.
13. Cookies policy
This Policy was published by the Organization on 01.04.2023 and is expected to be periodically improved and revised. Any changes to this Policy will be effective for the processing of your personal data from the date the revised version is published.