This Website Privacy Notification applies to all natural persons (“you”) who have access to and make use of this website (“Website”). In this Website Privacy Notification “we” refers to the Hellenic American Union (22 Massalias Street, 10680 Athens) (“HAU”), who is the controller of your personal data.
This Website does not seek to collect personal information from individuals under the age of fifteen (15). Individuals under the age of fifteen (15) should receive permission from their parent or legal guardian before providing any personal information to us.
2. Types of personal data collected and processed
The types of personal data we collect and process depends, among other factors, on how you are using this Website. If you are only using this Website for information purposes, i.e., you do not otherwise transmit data to us, HAU will only collect the personal data that is forwarded to its servers by your browser. In particular, HAU will gather the access data that it requires for technical reasons so as to be able to display this Website and warrant that navigating the Website is stable and secure. This access data includes the IP address, date and time of your visit, access status/ HTTP status code, the referred URL (previously visited page), browser type and version, operating system.
In addition, we will receive your personal data if you reach out to us through the contact form of this Website. In this context, personal data includes e.g., name, address, e-mail, telephone number, date and time of your request and content of your request.
Finally, if you are using this Website for any other purpose, special data privacy notification terms shall apply, together with the terms of this Notification. In case of conflict (contradictions, discrepancies), the terms of the more specific notification shall prevail over the terms of this Notification.
3. Sources of personal data
We collect your personal data:
- Directly from you; and
- From third parties that provide personal data that relate to you. If you transmit personal data about third parties (e.g., your spouse, relatives etc.), you are responsible for complying with the applicable data protection provisions. This may require obtaining the consent of these third parties prior to the transmission of their data to us.
4. How we use personal data
The situations in which we may process your personal data are listed below:
- To process your request, if you contact us using the contact form of this Website;
- To comply with any applicable laws and regulations;
- To comply with the request or requirement of any court of any relevant jurisdiction or any relevant authority; and
- For use in connection with any legal proceedings or regulatory action (including prospective legal proceedings/ regulatory action) and for obtaining legal advice or for establishing, exercising or defending legal rights.
In addition, HAU may process for personal data so as:
- To provide you with access to this Website;
- To administer technically and develop this Website; and
- To carry out statistical and other analysis regarding the use of this Website.
5. Recipients of your personal data
We may disclose personal data in the situations described below:
- To third parties who provide services to us (e.g., IT companies, telecommunication providers);
- To third parties insofar as it is necessary in order to process your request, if you contact us using the contact form of this Website;
- To any court of any relevant jurisdiction or any relevant authority;
- To public authorities, regulators or governmental bodies or other third parties, when required by the applicable legislation/ regulation; or
- Otherwise, if you consent to such disclosure.
6. Legal basis for using your personal data
We will only use your personal data when the law allows us to. Most commonly and as the case may be, we will use your personal data in the following circumstances:
- Where you have given your consent (given by a clear affirmative action, e.g., of sending us a request through the contact form of this Website);
- Where we need to comply with a legal obligation;
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests (e.g., ensuring compliance with our policies and procedures); and
- Where necessary for the establishment, exercise and defense of legal claims.
7. Overseas transfers
We may transfer the personal data we collect about you to countries other than the country of our incorporation or the country in which the data was originally collected. Other destination countries may not have the same laws on personal data as the country in which you initially provided the data.
When we transfer your personal data to other countries, we will protect that data as per this Website Privacy Notification and in accordance with applicable law. If necessary, we require the recipients referred to in section 5 above to comply with appropriate safeguards designed to protect personal data.
8. Will your personal data be used for automated decision-making?
As a rule, we do not use fully automated decision-making (i.e., a purely automated process that would produce legal effects concerning you or significantly affecting you) during your access to this Website or when you make use of a contact form so as to reach out to us. If such a decision-making process is used in isolated cases, you will be separately informed, to the extent your notification is required by law.
9. Do you have an obligation to provide personal data?
For the purpose of using this Website, you will need to provide us with personal data that is required for its use and in particular for technical or IT security reasons. If you do not provide this data, you will not be able to use this Website.
For the purpose of reaching out to us through the relevant form, you are only required to provide us the personal data without which your inquiry cannot be processed by us.
10. Your rights in connection with personal data
Under certain circumstances and subject to applicable law, you have the right to:
- Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data that we hold about you.
- Request correction of the personal data that we hold about you. This enables you to correct incomplete or inaccurate data that we hold about you.
- Request erasure of your personal data. This enables you to ask for the deletion or removal of personal data where there are no grounds for us to continue data processing. You also have the right to ask for the deletion or removal of your personal data when you have exercised your right to object to the processing (see below).
- Object to the processing of your personal data when we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to such processing on that ground.
- Request the restriction of the processing of your personal data. This enables you to ask for the suspension of the processing of your personal data, for example if you want us to establish its accuracy or the legal grounds for its processing.
- Where personal data is processed by automated means:
- in case we process your personal data on the basis of your consent; or
- in case that such processing is necessary for entering into or performing our obligations under a contract with you,
request the transfer of your personal data to you or to another party (also known as “data portability”).
- Where we process your personal data on the basis of your consent, you may withdraw that consent at any time. If you do not give your consent or withdraw your consent this may affect our ability to provide you with our services. Please note that the withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
- In certain circumstances, request not to be subject to automated decision-making, including profiling.
Certain rights are not absolute under the applicable legislation (as sometimes there may be overriding interests that require the processing to continue, for example); nonetheless we will consider your request and respond to you.
Finally, you have the right to lodge a complaint with the supervisory authority in the jurisdiction where you live or work, or in the place where you think an issue in relation to your personal data has arisen (for Greece: www.dpa.gr).
11. Retention of personal data
We will retain personal data for as long as necessary to fulfil the purpose for which it was collected or to comply with legal, regulatory, reporting or internal policy requirements. To determine the appropriate retention period for personal data, we consider the applicable legal requirements, as well as the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, as well as the time periods, during which such personal data may need to be retained as evidence in an actual or potential judicial context.
12. How to contact us
If you have a query regarding the processing of your personal data or you would like to exercise any of your rights in connection with your personal data or receive a copy of the safeguards designed to protect personal data in the case of transfer of your personal data outside the EEA or obtain further information on the retention periods of personal data, please contact the Data Protection Officer of HAU exclusively at: email@example.com, or send a letter to the mailing address mentioned above.
13. Changes to this Website Privacy Notification
We may revise this Website Privacy Notification from time to time. The most current version of this Notification, which will always be available at this Website, will govern the processing of your personal data by HAU. By continuing to access and use this Website you agree to be bound by the Website Privacy Notification which is in place and in force at the time of each visit.