The present data protection policy clarifies in a layered manner the processing of personal information of visitors of the CESAGRAM project website. The data processing on the CESAGRAM website is pursuant to Regulation (EU) 2016/679 (General Data Protection Regulation), Greek Law 4624/2019 on the protection of personal data and any other applicable law.
- Data Controller
The Data Controller is the Center for Security Studies (KEMEA) with offices in Athens, at P. Kanellopoulou str., 4, 10177 Greece. The Data Controller can be contacted by writing to the address above or by sending an e-mail message to kemea@kemea.gr , or by calling at Telephone: +30 2107710805 or sending a Fax at Fax number: +30 211 100 4499.
- Data Protection Officer (DPO)
KEMEA’s Data Protection Officer may be reached at dpo@kemea-research.gr in case you have any question about the processing of your data when using the CESAGRAM website or you wish to exercise any of your rights as a data subject.
- Types of personal of personal data to be processed:
- When visiting the CESAGRAM website
The IT systems and applications designated for the operation of this Website detect, during the course of their ordinary operation, certain data – the transmission of which is implicit in the use of Internet communication protocols – not associated with directly identifiable users.
The data collected may include cookies, IP addresses of computers used by users connecting to the site, the URI – Uniform Resource Identifier – addresses of the resources requested, the time of the request, the method used to send the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response from the server (completed successfully, error, etc.) and other parameters relating to the operating system and the user’s IT environment.
- When filing a question/request via our contact form
Other personal data collected are those provided by the user/visitor when corresponding with the e-mail addresses indicated on our website or when filling our online contact form or registering on the website (providing e.g., name, surname, username, password, e-mail address, institution/body etc.).
The sending of personal, non-mandatory data also by email on an optional, explicit and voluntary basis to the addresses indicated on this website means that the address of the sender is then acquired, this being necessary in order to respond to the request, together with any other personal data included in the message.
- Purposes of processing
The personal data of the user/visitor are processed for the following purposes:
- communication for responding to any requests/questions submitted by the user/visitor,
- security and proper functioning of the CESAGRAM website,
- dissemination of the CESAGRAM project and its results, invitation to other relevant activities
- compliance with legal or administrative obligations.
- Legal basis
The data processing takes place according to Article 6(1)(a) GDPR, your informed consent. You may withdraw your consent at any time with future effect, by sending an informal email to dpo@kemea-research.gr. We may also process personal data based on Article6(1)(c) GDPR, when the processing is necessary for our compliance with a legal obligation.
- Data recipients
Data recipients of:
- Information that the Consortium is obligated or entitled by law, contract, judgement and regulatory decision to notify may be: public and independent administrative authorities, judicial authorities and public officials.
- All the information necessary for the achievement of each specific purpose: the Administration and the relevant services of KEMEA and the CESAGRAM
KEMEA and the CESAGRAM Consortium shall not disclose, assign, exchange, grant or otherwise dispose, without the consent of the user/visitor, to third parties, natural or legal persons, personal data other than the cases mentioned above within the scope of national laws provisions and the General Data Protection Regulation.
- Data transfer
No transfer to non- EU countries/ international organizations is foreseen.
- Rights of the data subject
You have the following rights:
- pursuant to Article 7(3) GDPR, you have the right to withdraw your consent at any time and without any consequences for you. This means that in future we may no longer continue to process the data if the processing is based on this consent;
- pursuant to Article 13 ,14 and 15 GDPR, you have the right to obtain information about whether your personal data are processed by us and where that is the case, access to those personal data. In particular, you have the right to obtain from us confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data and the following information : the purpose of processing, the categories of the personal data, the categories of recipients, to whom your data has been or is disclosed to, the storage period planned, the existence of a right to request from the controller rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint and the source of your data if it has not been collected by us. Pursuant to Article 12 GDPR, we must provide any communication relating to the processing to the data subject in a concise, transparent, intelligible and easily accessible form, using clear and plain language.
- pursuant to Article 15 GDPR, and in case your personal data are processed by us, you have the right to access those personal data.
- pursuant to Article 16 GDPR, you have the right to obtain the rectification of inaccurate personal data without undue delay or the completion of your personal data stored with us;
- pursuant to Article 17 GDPR, you have the right to obtain the erasure of your personal data stored with us without undue delay, unless processing is necessary to exercise the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes or to establish, exercise or defend legal claims;
- pursuant to Article 18 GDPR, you have the right to request the restriction of the processing of your personal data under the conditions set by the applicable laws;
- pursuant to Article 20 GDPR, you have the right to receive your personal data, in a structured, commonly used and machine-readable format or to obtain the transmission to another data controller (right to data portability);
- pursuant to Article 77 GDPR, to lodge a complaint with a national supervisory authority. You can contact the supervisory authority of your habitual residence or workplace or our company headquarters. In the latter case, you can file a complaint with the Hellenic Data Protection Authority (gr)
If you wish to exercise any of your rights, you may contact us via e-mail at dpo@kemea-research.gr.
- Data retention
Your personal data is retained only for as long as it is necessary to fulfil the purposes described above, and they will be retained until 02 February 2031 (22/02/2031) as a maximum, unless a longer retention period is required by legal obligations or regulations.
Your personal data are processed by electronic means in compliance with the provisions of Article 32 of GDPR 2016/679, national law and in compliance with the principles of data’s confidentiality, integrity, and availability. Your personal data are transferred in an encoded manner using the widely used and secure TLS (Transport Layer Security) encryption standard. You will recognize a secure TLS connection by the additional “s” after “http” (i.e., https://..) in the address bar of your browser or from the lock icon. Moreover, we use suitable technical and organizational measures, which are being continuously enhanced, to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties.
- Amendments to this Data Protection Policy
This data protection policy is effective as of April 2023.
We keep our Data Protection Policy under regular review to make sure it is up to date and precise. Thus, it may become necessary to change it due to the potential addition of new features to the CESAGRAM website or due to further legal requirements. You can have access to the latest data protection information on the CESAGRAM website here.