In light of the General Data Protection Regulation (EU) 2016/679 (“GDPR”), the Hellenic American Union (22 Massalias Street, 10680 Athens) (the “HAU”) would like to inform you of the following:
1. The HAU, in its capacity as data controller, processes personal data of adults who participate or are willing to participate in its events (the “data subjects”). Depending on the case , it may process personal data: (a) To provide information or clarification about these events when the data subject requests so. The legal basis for this data processing is the data subject’s consent, which he or she provides by asking the question (b) To register (or take action upon the data subject’s request before concluding the relevant contract), serve and in general manage data subjects and issue certificates of attendance. The legal basis for such data processing is to executive the relevant contract (or adopt the above measures) and comply with a legal obligation the HAU has. (c) To safeguard the interests of the HAU. The legal basis for such data processing is that processing is necessary to safeguard the HAU’s legitimate interests. (d) To send marketing material via electronic mail. Note that the HAU is entitled to use the data subjects’ email address, as it has been lawfully obtained as part of the services or transactions it has provided or to promote similar services or pursue similar purposes, even when data subjects have not given their prior consent, provided that they are given, when these contact details are collected, as well with every subsequent message, a clear, transparent, cost-free, and easy-to-use option to object to the collection and use of their electronic data. The legal basis for such data processing is is that processing is necessary to serve the prevailing legitimate interests of the HAU (i.e. the legitimate interests relating to the promotion of its services). (e) To promote the services of the HAU. For processing data that relates to the image and voice (voice) of the participants in the event (as defined in 2© above), the legal basis is the consent these individuals have given in speaking during the event in full knowledge of the fact that material from the event may be uploaded to the internet during the live transmission (live streaming) of the event and to the HAU’s website (www.hau.gr), to the HAU’s youtube and social media accounts, as well as to third parties’ websites and social media accounts. For all of the above purposes, the HAU does not proceed with automated decision-making, including profiling of the data subjects.
2. Data processed by the HAU may include: (a) personal information, such as those collected through the questions raised by the data subject, as well as the context of these questions and the answers of the HAU; (b) personal data, such as those collected through the Registration Form; and (c) image and voice data (voice) of the participants in the event, when despite the alternative means to participate (e.g. by submitting questions through chat), these individuals choose to speak during the event in full knowledge of the fact that material from the event may be uploaded to the internet during the live transmission (live streaming) of the event and to the HAU’s website (www.hau.gr), to the HAU’s youtube and social media accounts, as well as to third parties’ websites and social media accounts. The disclosure of the data in clause (b), above, is a legal or contractual obligation of the data subject or a requirement to fulfil a contract, namely for his/ her participation in the HAU’s events, while the disclosure of the data in clause (a) above, is a requirement for the HAU’s response to the data subject’s questions.
3. The source of the data, as the case may be, is the data subject himself/ herself disclosing his/ her data to the HAU.
4. Depending on the case and purpose of processing, personal data may be transmitted to authorized employees of the HAU, may be uploaded to the internet in the context of the live transmission (live streaming) of the event and to the HAU’s website (www.hau.gr), to the HAU’s youtube and social media accounts, as well as to third parties’ websites and social media accounts and may be transmitted to companies associated with the HAU as well, with which the HAU has a relevant contract and which processes the data on its behalf (e.g. IT companies, IT service providers, etc.), within their competencies and subject to the obligation of confidentiality, secrecy and compliance with the data protection legislation. In addition, the HAU may transmit personal data to third parties where so required by law, or for the purposes of, or in connection with legal proceedings in which it participates, or otherwise for the purposes of supporting, exercising or defending its rights, or to third parties that are law enforcement authorities and have submitted a lawful transmission request, or where it considers that transmission is necessary in connection with an investigation into the suspicion or existence of illegal activity. Depending on the platform/ website where material from an HAU’s event may be uploaded to, personal data will be transmitted outside the European Economic Area where so required by law. For the purpose of transferring data outside the European Economic Area, the HAU ensures that appropriate safeguards are provided for the lawfulness of the data processing. If a data subject wishes to receive a copy of these safeguards, he/ she may contact the Data Protection Officer of the HAU using the contact information mentioned in the term 6 below.
5. The above data will be retained for a period time as required or allowed by the legislation/regulatory framework in force each time, taking into account the applicable prescription period, which may extend to up to 20 years. Specifically: (a) where processing is carried out for the purpose of responding to questions raised by the data subject in relation to the events, and where there are no grounds for its retention, the personal data shall be destroyed 15 days following the respective communication; (b) where processing is carried out under a relevant contract, the personal data shall be stored for as long as necessary for the performance of the contract and for the establishment, exercise and/or support of any legal claims of the HAU arising from that contract; and (c) where the processing is imposed as an obligation by provisions stemming from the applicable legal framework, personal data shall be stored for as long as the relevant provisions so require.
6. The data subject has the following rights under GDPR: (a) to receive a copy of the personal data held by the HAU, together with other information on how data is processed; (b) to request that personal data concerning him or her be rectified and, under conditions, to request the deletion or restriction of processing, or to object to the processing of personal data; (c) to receive a copy or to request the transmission of a copy of his or her personal data to a third party in a structured, commonly used and machine-readable format (right to data portability). Where the processing of data is based on his or her consent, the data subject has the right to withdraw that consent at any time without affecting the lawfulness of processing based on consent before its withdrawal. If the data subject wishes to receive further information about the processing of his or her personal data or to exercise any of his or her above rights, he or she must email the HAU Data Protection Officer exclusively at: firstname.lastname@example.org, or send a letter to the mailing address mentioned above. Finally, the data subject has the right to file a complaint with the competent supervisory authority about how the HAU handles his or her data (www.dpa.gr).Download the above legal statement in .pdf format