Select Page

Privacy Policy

PERSONAL DATA PROTECTION POLICY Κ.Ε.ΔΗ.Θ.

The Public Benefit Enterprise of the Municipality of Thessaloniki, located at 164 Konstantinou Karamanli Street, 1st floor, PC 54248, Thessaloniki, tel. 2311821722 ensures the confidentiality and confidentiality of your personal data and adopts the General Regulation of Personal Data Protection 679/2016 of the European Union in all procedures and stages of communication with you, taking appropriate technical and organizational measures.

H Κ.Ε.ΔΗ.Θ. take measures to ensure that any natural person acting under its supervision, who has access to personal data, processes it only at the behest of the Controller, unless required by Union or Member State law. In particular, these measures ensure that, by definition, personal data are not made accessible without the intervention of the natural person to an indefinite number of natural persons.

Purpose of this policy

This policy provides to each person and to each visitor / user of the website of KEDITH. interested in receiving from it concise and transparent information regarding the practices followed for the management and protection of his personal data.

It concerns any transaction or series of transactions performed with or without the use of automated means, in personal data or in personal data sets, such as the collection, registration, organization, structure, storage, adaptation or modification, retrieval, search for information, use, disclosure by transmission, dissemination or any other form of disposal, association or combination, restriction, deletion or destruction.

The Policy is updated from time to time and may be amended whenever necessary, without prior notice, always within the applicable legal framework and in accordance with any changes in the current legislation on personal data protection. We therefore recommend that you check this Policy at regular intervals to be informed of any changes that have been made.

Editor

The person responsible for the processing of personal data for all the processing carried out by the services of KEDITH, is the same, a legal entity under private law (Local Government Organization, as legally represented, according to the GCP, Article 4 , par. 7). Κ.Ε.ΔΗ.Θ. determines the purpose and manner of processing the data for the above services.

The employees, with any employment relationship, in the above services of Κ.Ε.ΔΗ.Θ. who process personal data, are "persons acting under the supervision of the Controller" (according to the GCC, Article 29).

Other natural or legal persons that process personal data on behalf of the Controller are the "Executors of the Processing" (according to the GCP, Article 4, par. 8).

Data Protection Officer

Κ.Ε.ΔΗ.Θ. has appointed a Data Protection Officer (DPO) (according to the GCC, Article 37) the consulting company BUSINESS ADS. Contact details for the DPO are: dpo@kedith.gr.

DPO tasks are:

a) To inform and advise Κ.Ε.ΔΗ.Θ. and employees who process personal data for their GPT obligations and other data protection provisions.

b) To monitor the level of compliance in accordance with the provisions of the GCC, with other provisions regarding data protection and with the policies of K.E.D.TH. in relation to the protection of personal data, including the assignment of responsibilities, the awareness-raising and training of officials involved in processing operations, and related controls.

c) Provide advice, when requested, on impact assessment on data protection and monitor its performance in accordance with the GPA.

d) To represent Κ.Ε.ΔΗ.Θ. before the competent authorities and to cooperate with the Personal Data Protection Authority or other competent authorities for the protection of personal data.

(e) To act as a point of contact with the Personal Data Protection Authority on matters relating to processing, including the prior consultation referred to in Article 36 of the GIP, and to consult, as appropriate, on any other matter.

What is defined as Personal Data

Personal data is any information concerning a specific natural person or person whose identity can be verified (eg name, identity number, address, etc.). Data related to health (physical or mental condition, receiving medical services, etc.) are included in the general term personal data, but are a special category of data.

Legal Basis for Data Processing by Κ.Ε.ΔΗ.Θ.

The processing of personal data by Κ.Ε.ΔΗ.Θ. allowed only if provided by relevant provisions, in the following cases:

The processing is allowed if it is necessary for the execution of a contract of which the data subject is a contracting party or for measures to be taken at the request of the subject before the conclusion of the contract (according to the GCP, Article 6.1 par. B ').
Processing is allowed if it is necessary for the compliance of K.E.D.TH. with its legal obligation. Primarily, the Agency processes only the data that it is obliged to process in order to exercise its responsibilities provided by law (according to the GCP, Article 6.1 par. C '). All the responsibilities that are already provided by the legislation for KEDITH, are still exercised on a legal basis the provision that already provides them.
Processing is allowed if it is necessary to safeguard the vital interest of the data subject or other natural person (according to the GCP, Article 6.1 par. D ').
The processing is allowed if it is necessary for the fulfillment of a duty that is performed in the public interest or during the exercise of public authority that has been assigned to K.E.D.TH. (according to the GCP, Article 6.1 par. e ').
The processing of personal data by Κ.Ε.ΔΗ.Θ. is based on the "consent" of the data subject (according to the GCP, Article 6 par. a ').
The processing of personal data by Κ.Ε.ΔΗ.Θ. based on a "legitimate interest" that transcends the rights and freedoms of the individual (according to the GCP, Article 6.1 para. f).
Data retention period

The retention period can vary significantly depending on the type of data and how it is used. Determining the retention time of data is based on criteria such as legal retention periods, pending or potential disputes, intellectual property or rights, contractual requirements, business instructions or archiving needs.

The processing time of the data is the required for the fulfillment of the respective purposes.

Updating data subjects

With the announcement of the present Privacy Policy of KEDITH, the data subjects are informed about the conditions under which the Organization processes the data that concern them (according to the GCP, Article 12).

In the event that K.E.D.TH. collects data from the data subject itself, such as e.g. when the subject submits to Κ.Ε.ΔΗ.Θ. an application or has its data to process the provision of services or to exercise a relevant right, the Agency shall provide the following information to the data subject, clearly marked on the application form itself or in the electronic form of communication of the citizen with the Agency:

a) The identity and contact details of Κ.Ε.ΔΗ.Θ. and, where appropriate, its representative,

b) the contact details of the Data Protection Officer (DPO),

(c) where applicable, the purposes of the processing for which the personal data are intended, as well as the legal basis for the processing;

(d) the recipients or categories of recipients of personal data, if any;

e) as the case may be, the intention of K.E.D.TH. transmit personal data to a third country or international organization and the existence or absence of a Commission decision of adequacy or, in the case of transfers referred to in Article 46 or 47 or Article 49 (1) (b), an indication of the appropriate or appropriate guarantees and the means to obtain a copy of them or where they were made available,

(f) the period for which the personal data will be stored or, where this is not possible, the criteria for determining that period;

(g) the existence of a right to submit a request to the Agency for access to and correction or deletion of personal data or a restriction on the processing of the data subject or a right to object to the processing, as well as a right to data portability;

(h) where the processing is based on consent, the existence of the right to withdraw its consent at any time, without prejudice to the lawfulness of the processing based on the consent prior to its withdrawal;

i) the right to lodge a complaint with the Personal Data Protection Authority;

(j) whether the provision of personal data constitutes a legal or contractual obligation or requirement for the conclusion of a contract, and whether the data subject is obliged to provide the personal data and what the possible consequences would be of non-provision of such data;

(k) the existence of automated decision-making, including profiling, referred to in Article 22 (1) & (4) and, at least in such cases, important information on the logic to be followed, as well as the significance and intended consequences thereof; processing for the data subject.

In the event that K.E.D.TH. collects data from other sources and not from the data subject himself, provides the data subject with the following information, unless their collection is explicitly provided for in the legislation, in which case he is not obliged to inform the subject about the following:

a) The identity and contact details of Κ.Ε.ΔΗ.Θ. and, where appropriate, its representative,

b) the contact details of the Data Protection Officer (DPO),

(c) where applicable, the purposes of the processing for which the personal data are intended, as well as the legal basis for the processing;

(d) the relevant categories of personal data;

(e) the recipients or categories of recipients of personal data, where appropriate;

(f) where appropriate, that the Agency intends to transmit personal data to a recipient in a third country or international organization and the existence or absence of a Commission decision of adequacy or, in the case of transfers referred to in Article 46 or 47 or Article 49 paragraph 1 (b), an indication of the appropriate or appropriate guarantees and the means to obtain a copy of them or where they were disposed of,

(g) the period for which the personal data will be stored or, where this is not possible, the criteria for determining that period;

(h) the existence of a right to submit a request to the Agency for access to and correction or deletion of personal data or a restriction on the processing of the data subject and a right to object to the processing, as well as a right to data portability;

(i) where the processing is based on consent, the existence of the right to withdraw its consent at any time, without prejudice to the lawfulness of the processing based on consent prior to its withdrawal;

j) the right to file a complaint with the Personal Data Protection Authority;

(k) the source of the personal data and, where applicable, whether the data came from sources accessible to the public;

(l) the existence of automated decision-making, including profiling, provided for in Article 22 (1) & (4) and, at least in such cases, important information on the logic followed, as well as the significance and intended consequences thereof; processing for the data subject.

Archive of Processing Activities Κ.Ε.ΔΗ.Θ.

Κ.Ε.ΔΗ.Θ. maintains a "File of processing activities". It records every particular case of data processing (according to the GCP, Article 4, par. 8).

When a service of Κ.Ε.ΔΗ.Θ. intends to start a new processing of personal data, with any legal basis, is obliged to take care of the relevant updating of the "Archive of processing activities". Specifically, it is obliged to submit a document with the following information: a) The name and contact details of the service and, where appropriate, of the Joint Processing Officer, the Representative of the Processing Officer and the Data Protection Officer,

b) the purposes of the processing;

(c) a description of the categories of data subjects and the categories of personal data;

(d) the categories of recipients to whom personal data are to be disclosed or disclosed, including recipients in third countries or international organizations;

(e) where applicable, the transfer of personal data to a third country or international organization, including the identification of that third country or international organization and, in the case of transfers referred to in Article 49 (1) (b), the documentation of appropriate guarantees,

(f) where possible, the deadlines for deleting the various categories of data;

(g) where possible, a general description of the technical and organizational security measures referred to in accordance with the GPA, Article 32 (1).

Rights of the natural person vis-.-Vis the processing of personal data

You have the right at any time to request: a) access to your personal data, b) correction of your personal data if it is inaccurate or incomplete, c) deletion of your personal data, unless their processing is necessary for the exercise of legal rights of the Agency or third parties, for the fulfillment of a legal obligation, for reasons of public interest or for the defense of the legal rights of the Agency before judicial or other authorities, d) restricting the processing of your personal data only for specific purposes e) the transfer of your personal data in accordance with the existing legal requirements f) opposition to the processing of your personal data.

In order to exercise any of the above rights, please use the "Application Form for Exercising Rights" and send it either by letter to the headquarters of KEDITH. (Konstantinou Karamanli 164, 1st floor, PC 54248, Thessaloniki, tel. 2311821722), or by e-mail to the E-mail account: dpo@kedith.gr always stating your full details and the reason for your communication.

In case of exercise of one of the above rights, K.E.D.TH. informs you that it will take all possible measures to satisfy the request within one (1) month of receiving it, informing you in writing of the satisfaction of your request or of the reasons that prevent the satisfaction of one or more of them, as well as and for the reasons of any delay beyond the above period of one (1) month and in any case not later than three (3) months. Also, Κ.Ε.ΔΗ.Θ. will inform you of your further rights in the event of an inappropriate response. This information shall in principle be provided free of charge by the Agency, provided that the request for notification and information is not repeated, exaggerated and / or manifestly unjustified.

If you consider that K.E.D.TH. in any way violates the current legislation on personal data, you reserve the right to file a complaint / complaint to the competent Personal Data Protection Supervisory Authority: http://www.dpa.gr, Kifisias 1-3, PC 115 23, Athens, tel. 210 6475600, email: contact@dpa.gr.

In this case, we would particularly appreciate your previous communication with the Data Protection Officer of K.E.D.TH. either by letter at its headquarters (164 Konstantinou Karamanlis, 1st floor, PC 54248, Thessaloniki, tel. 2311821722), or by e-mail to the E-mail account: dpo@kedith.gr, always stating your full details and your reason for contact.