iMEdD (Incubator for Media Education and Development – non-profit civil partnership,) (hereinafter the “Company” or “We”) fully recognises the importance of safeguarding your privacy and of protecting your personal data, regardless of the capacity under which you communicate or work with us, including your capacity as employees, suppliers, third-party partners, interested for participation in Company’s training courses, applicants and selected for financing, former or active partners, mentors.
Your personal data include any information that might result, directly or in combination with other information, to your identification as an individual.
Personal data includes, but is not limited to, data such as name and surname, age, tax identification number, social security number, postal address and email address, landline and mobile phone numbers, credit, debit or prepaid cards, evaluation data, web browsing history (e.g. log files, cookies, etc.), and any other information enabling your identification pursuant to the provisions of the General Data Protection Regulation (EU) 2016/679 (the “GDPR”) and according to the provisions of the applicable Greek law, as in force from time to time, and the decisions of the Data Protection Authority (the “DPA”).
1. Means of collection and purposes of processing of your personal data
The Company shall only request from you the minimum personal data necessary in order for you to receive our services. These include, but are not limited to: name and surname, e-mail address, phone number, Tax Registration Number, billing address, credit card number for invoicing purposes or bank account number in case of payment via wire transfer.
In principle, the collection of your personal data is undertaken for the performance of an agreement entered into between you and us, in your capacity as recipient of our services and/or as our supplierand/or as a visitor of our webpage and/or as an interested party for our actions and various programs. We will keep your personal data only for as long as it is necessary depending on our relationship, in conjunction with the applicable legislation, and according to the purpose of their processing while after the applicable retention period, your personal data are anonymised or destroyed.
2. Minors’ Personal Data
No personal data concerning minors under 15 years old are collected by us.
3. Lawfulness of the processing
The Company will process your personal data provided only if at least one of the following legal bases applies:
Α. The signing and performance of any agreement entered into between us and the fulfilment of our contractual obligations.
Β. Our compliance to legal obligations, such as the discharge of our tax and accounting obligations.
- The legitimate interests pursued by us or third parties for business or commercial purposes, provided that such processing does not harm your fundamental rights and freedoms, for example for the purpose of providing you with efficient service and support, responding to your requests, improving security and ease of access to our website, performing the transactions agreed between us, keeping you updated on our services, and recording any complaints that you might have.
- Your express consent.
4. Disclosure of your personal data to third parties
In the course of fulfilling the purposes of the processing of your data, it is possible that we might disclose some of them to different service providers and suppliers acting either as data processors in our name and on our behalf, or as data controllers. Said service providers and suppliers shall be subject to binding data processing agreements and shall undertake the obligation to ensure the protection of your personal data pursuant to the GDPR. Examples of such third parties include external legal, financial and business consultants, IT and telecommunications providers, external auditors and accountants, insurance companies, advertising companies, etc.
In any case, we shall ensure that any persons undertaking processing activities on our behalf shall take the appropriate technical and organisational measures in order to ensure that your personal data are collected, transferred, stored and processed according to the appropriate standards and safety measures and in conformity with the terms of this Policy and the provisions of the applicable data protection laws, as in force from time to time.
5. Transfer of personal data to third countries
It is possible that your personal data might be transferred to third countries (i.e. countries outside the European Economic Area) on the basis of our contractual obligations or on the basis of your consent. The controllers or processors in third countries shall be under the obligation to comply with the European standards for the protection of personal data and to provide the appropriate safeguards in relation to the transfer of your data pursuant to Article 46 of GDPR. More specifically, said appropriate safeguards usually include the signing of the standard contractual clauses approved by the European Commission. You have the right to request and receive a copy of said clauses by contacting us using the contact details set forth below.
6. Data retention period
We shall process and store your personal data throughout the term of our relationship and for as long as it is necessary for the discharge of our contractual and legal obligations.
We shall delete your data: when their retention is no longer necessary for the purposes of their collection and processing; at your request; at your objection to the processing, provided there are no legal reasons that require further retention of your data, such as our compliance with legal obligations; and upon revocation of your consent (if the collection and processing of the data was based on such consent).
7. Automated decision-making and profiling
No automated decision-making is carried out in the course of our activities. However, if any automated decision-making is to take place, you will be informed timely and in advance of the logic behind the intended automated decision-making, as well as of the means to be used and any impact that this might have on you.
8. Use of your data for marketing purposes
It is possible that we might process your personal data in order to keep you updated of our services and promote them to you, provided that we have your express consent to do so, or if we have an overriding legitimate interest to do so.
You have the right to object at any time to the processing of your personal data for marketing purposes, and to revoke your consent to this purpose. The personal data that we collect for this purpose consist of information provided by you and of data collected by us in the context of your using our services.
9. Your rights
You have the following rights in relation to your personal data processed by us:
Α. Right of access; namely, the right to receive a copy of your personal data kept by us, and to verify that our processing of your data is legal. To receive such copy you may either fill in the web form via the Company’s webpage or contact us using the contact details set forth below.
Β. Right to rectification; namely, the right to request rectification of any of your personal data kept by us, that might be incomplete or inaccurate.
Γ. Right to erasure; namely, the right to request erasure of your personal data (also known as the “right to be forgotten”). This enables you to request from us to delete your personal data provided there is no legal reason for any further processing by us.
- Right to object; namely, the right to object to the processing of your personal data when the legal basis for the processing is an overriding legitimate interest pursued by us, but for reasons related to your particular situation, you wish to object to the processing.
Ε. Right to restriction of processing; namely, the right to request from us the restriction of the processing of your personal data when the accuracy of your personal data is contested, when the processing is unlawful, or when we no longer need the personal data for the purposes of the processing.
- Right to data portability, namely, the right to receive a copy of your personal data in a structured, commonly-used and machine-readable format, and the right to transmit those data to another controller and to have us transmit those data directly to another controller that you will name.
- Right to revoke your consent to process your personal data at any time. Please note that revocation of your consent does not affect the lawfulness of the processing based on such consent (before the latter is withdrawn or revoked). However, such revocation might entail the interruption of some of our services provided to you.
You can exercise any of these rights by contacting the Company at Stadiou 3A 10562, Athens or firstname.lastname@example.org, or by filling in the web form on the Company’s webpage.
10. Right to lodge a complaint with the Data Protection Authority (the “DPA”)
The law grants you the right to lodge a complaint with the DPA, if you think that the Company is violating the applicable law regarding the protection of your personal data.
11. Personal data security
Firstly, the employees carrying out the processing of your personal data are trained and responsible. We also have appropriate security policies in place and we use the appropriate organisational and technical/operational tools, such as anonymization, pseudonymisation, encryption, firewalls, security clearance levels, restriction of processing to specially authorised employees, personnel training, periodic audits.
12. Cookies policy
This Policy was published by the Company on 9 November 2018 and is subject to periodic enhancement and review. Any amendments to this Policy shall apply to the processing of your personal data starting from the revised version publication date.