PERSONAL DATA PROTECTION POLICY

PERSONAL DATA PROTECTION POLICY

The purpose of this Policy is:

To ensure that you understand which personal data we collect about you and the reasons why we collect, use, and disclose them.
To explain how we use the personal data you have shared with us so that you can enjoy an excellent experience when using this Website; and
To explain your rights and choices in relation to the personal data we collect and process, as well as how we protect your privacy.

The Natural Environment and Climate Change Agency (“the Agency”) fully complies with the provisions of European Regulation 2016/679 on “the protection of natural persons with regard to the processing of personal data and on the free movement of such data” and Law 4624/2019.

What personal data is

The term “personal data” refers to information and data that can identify and distinguish the data subjects, such as full name, postal address, email address, contact telephone number, etc., which identify or may identify your identity, hereinafter “Personal Data” or “Data”.

What is the Processing of Personal Data

Any operation or series of operations performed on personal data, whether or not by automated means, such as collection, recording, Agency, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or any other form of making available, alignment or combination, restriction, erasure, or destruction.

Is the Provision of Your Data Mandatory?

The provision of Data to the Agency may be necessary in order to achieve the purposes specified in this Privacy Policy, or it may be optional.
If you refuse to provide the information marked as mandatory on the Website, it will be impossible to achieve the primary purpose of collecting such Data and, for example, the Agency may be unable to fulfil a sales contract or provide other services available on the Website.
Providing additional Data to the Agency, beyond those marked as mandatory, is optional and does not have consequences regarding the main purposes of data collection; however, offering such data helps improve the quality of the services provided.

Personal Data Controller

In the context of providing products, the Agency maintains and processes your personal data with confidentiality and respect for your privacy, taking technical and organizational measures for their further protection.

For the purposes of this personal data protection policy, the data controller is the: Natural Environment and Climate Change Agency,
207 Mesogeion Ave., Athens 11525

The Agency recognizes that the protection of personal data (“personal data”), their confidential nature, and their secure handling may be a major concern for users of its online services and Website. The Agency therefore assures that these same considerations constitute a priority for it with respect to those individuals and form an integral part of its code of conduct. This Policy describes the information and data collected by the Agency and how it may process them, as well as information regarding the actions a user of the Website or a recipient of the Agency’s services may take if they do not wish their personal information or data to be processed in any way. The Agency collects, stores, processes, and uses (“processes”) the personal data you provide, to the extent required, for the establishment, performance, or termination of a contractual or quasi-contractual relationship with you. For example, such a relationship arises if you register to receive a newsletter, participate in surveys or competitions, or contact us to obtain information about us and our services. In such cases, we use your personal data for the secure and efficient processing of your requests.

Personal Data Automatically Collected During Your Visit to the Website

During your visit to this website, certain data are collected that are considered personal data under the GDPR, as they may, after certain processing, lead to your identification. You can read more in the Cookies Policy.
Specifically, the following data are collected:

a) Device data: device identifier, operating system and version installed on the device;
b) Time, date, duration of visit, user location;
c) Internet Protocol (IP) address, browser information, browser language, or related information.

Purpose: this information is collected to ensure the proper operation and security of the website, for statistical purposes regarding the user’s place of origin and navigation duration, as well as for the prevention of malicious use (e.g., threats, fraud).

Legal basis for the Processing of Users’ Personal Data: the legal basis for this processing is the consent provided by the user when registering on the Website or when sending an email to the contact address listed on the Website (Article 6(1)(a) GDPR).

Legitimate interest (Article 6(1)(f) GDPR): we may process data for system security purposes, fraud prevention, and/or handling your requests, provided that your interests or fundamental rights do not override ours.

Personal data collected for the purpose of responding to your requests, based on your consent.

Our website provides the option to contact us through a dedicated contact form. When you submit this form, we collect and process the following personal data:

Full name (or first name)
Email address
Postal address
Telephone number

Purpose of processing

The personal data submitted through the contact form are used exclusively to communicate with you, in order to respond to your request or provide the relevant information.

Legal basis for the Processing of Users’ Personal Data

The processing is carried out on the basis of your consent, which you provide by submitting the contact form (Article 6(1)(a) of the General Data Protection Regulation – GDPR).

Personal Data for Marketing Purposes

The Organization may send newsletters and/or other updates regarding its activities, events, and services. For this purpose, the following personal data are collected and processed:

Full name (or first name)
Email address
Telephone number
(where applicable) Postal address

Purpose of processingThe above personal data are used exclusively for sending informational and promotional communications related to the Organization’s activities, events, and services.

Legal basis for the processing of User’s Personal Data

Processing is carried out based on your explicit and specific consent (Article 6(1)(a) GDPR which you provide through a separate consent declaration (checkbox) on the relevant form.

Your consent is voluntary, and you may withdraw it at any time without any adverse consequences, either via the unsubscribe link included in each communication or by contacting the Organization directly.

Data Security

We take all necessary technical and organizational measures to protect your personal data, including the use of SSL/TLS encryption when transmitting sensitive information.

NOTICE: If you visit other websites of our Organization, such as the Parks’ websites for ticket purchases, the Privacy Policy posted on the respective website applies. We recommend that you read it carefully before submitting any personal data or making any transactions.

Your Rights

Right of access – you have the right to be informed and to request access to your personal data that we process (GDPR, Art. 15).
Right to rectification – You have the right to request that we amend or update your personal data if it is inaccurate or incomplete (GDPR, Art. 16).
Right to deletion – you have the right to request that we delete your personal data (GDPR, Art. 17).
Right to restriction of processing – you have the right to request the temporary or permanent cessation of processing of all or some of your personal data (GDPR, Art. 18).
Right to object (GDPR, Art. 21) –
- you have the right to object at any time to our processing of your personal data on grounds relating to your particular circumstances.
- you have the right to object to the processing of your personal data for direct marketing purposes.
Right to data portability – you have the right to request a copy of your personal data in electronic form and to transfer this data to a third-party service (GDPR, Art. 20).
Right not to be subject to automated decision-making – you have the right not to be subject to a decision based solely on automated processing, including profiling, if such a decision would have legal effects on you or similarly significant effects (GDPR, Art. 22).
Right to file a complaint with a supervisory authority – you have the right to file a complaint against the Agency with the Hellenic Data Protection Authority or any other authority designated by the Greek state, or with any supervisory authority of an EU Member State (GDPR, Art. 77).

The supervisory authority for the Agency is:

Hellenic Data Protection Authority
Kifisias 1–3, P.O. 115 23, Athens
Call Center: +30-210 6475600
Email: contact@dpa.gr

To exercise the above rights, the interested parties may send an email with a specific request and/or action to info@necca.gov.gr, accompanied by documents proving the identity of the applicant. In the event that you exercise one of the above-mentioned rights, the Agency will attempt to satisfy your request in writing within one (1) month from submission and verification of your identity. If the Agency is unable to fulfil the request, it will provide written justification. The Agency is committed to maintaining the confidentiality of the personal data of all visitors to the website www.necca.gov.gr and to protecting the personal data that may be provided to us. By submitting your information for the provision of services and/or products through this Website, you consent to the collection, processing, and use of your personal data in accordance with the terms of this personal data protection policy. However, the User will be asked to provide their consent expressly for each such action.

Retention Period of Personal Data

The Agency retains and processes your data for as long as necessary to provide its services to the User, unless, following the User’s request, we delete the data.

Advertising and Commercial Purposes – Disclosure

To the extent that the User consents to the use of their personal data for advertising and market research, their personal data may be used for such purposes. A prerequisite for this use is the User’s explicit consent — for example, when they activate the relevant checkbox during a promotional activity and then click a confirmation button.

In such a case, the Agency may send the User advertisements about its services and/or products tailored to the User’s needs, or suggest participation in programs, activities, or competitions. The Agency will contact the User through the communication channels to which the User has consented, such as email (if they provide their email address) or by phone or SMS (if they provide their landline or mobile number).

The Agency may also use the User’s data for analyzing and improving the effectiveness of its website, as well as for further advertising and market research purposes.

The User is entirely free to decide whether, and to what extent, they wish to disclose their data for the above-mentioned purposes. If permitted by the nature of their request, and provided it is technically possible and acceptable by the Agency, the User may contact the Agency anonymously or using a pseudonym.

While processing the User’s request, the Agency may need to disclose their personal data to external service providers located in European or non-European countries. The Agency requires these external providers to use the User’s personal data only in accordance with its own standards, this Policy, European data protection law and case law, and the applicable national regulatory framework.

The Agency does not disclose the User’s personal data to third parties, nor does it sell or rent them without the User’s prior explicit consent. However, the Agency reserves the right to disclose information concerning the User if required by law or if such disclosure is necessary for competent government bodies, administrative authorities, or law enforcement agencies.

The Agency bears no responsibility if a User discloses, either to the Agency or to a third party through the Agency’s website, personal information or data of a third person without having obtained that third person’s prior consent. Responsibility for such disclosure lies solely with the User who made it.

Social Networks

Our website may use so-called social plug-ins (“plug-ins”) from social networks, primarily the “Like” plug-in of the social media platform “Facebook.” When this plug-in is enabled, your Internet browser will establish a connection with Facebook’s servers, and the fact that you visited the Agency’s website will be transmitted to Facebook, even if you are not logged into Facebook and regardless of whether you have activated the plug-in.
If you are logged into your Facebook account while visiting the Agency’s website, Facebook can link your access to the site with your Facebook account. If you click the “Like” button, this information will be transmitted to Facebook and stored there. In this way, you can share your “Likes” with your Facebook friends.

The Agency has no influence over the nature and scope of the data transmitted to Facebook, nor is it able to know exactly which data is transmitted or for what purposes Facebook uses it. If you do not wish Facebook to associate your visit to the Agency’s website with your Facebook account, you must log out of your Facebook account before visiting the Agency’s website.

Further information regarding the collection, storage, and use of your personal data by Facebook, as well as available settings for protecting your personal data, can be found in Facebook’s privacy notices at Facebook’s relevant privacy page.

Privacy, Security of Processing, and Recipients of Personal Data

The processing of personal data is limited within the Agency, and personal data is accessible only to the Agency’s personnel for the sole purpose of informing users about the Agency’s activities and programs for which the User has agreed, provided that they voluntarily submit this data. The Agency’s personnel are bound by confidentiality obligations.

The Agency has put in place the necessary technical and Agencyal security measures for the processing of users’ personal data. Collected personal data is stored on restricted-access servers controlled by passwords, and the Agency uses specialized technologies, procedures, and strict physical, electronic, and administrative safeguards to protect this information from loss, misuse, and unauthorized access, disclosure, alteration, or destruction.

Recipients of the data, pursuant to legal obligation, cooperation contracts, or at the request/consent of the data subject, include:
a) third parties (such as banks or the Independent Authority for Public Revenue) in order to fulfill a request submitted by the data subject on the Agency’s Website for the use of a service or to process a payment.
b) judicial and prosecutorial authorities in case of claims or criminal acts.

In the event of such disclosures, the data subject is informed at the time of completing the relevant form/application.
Except where explicitly required by law, as noted above, the Agency will not otherwise disclose, sell, or make available any information provided by the user without their consent.

Changes to This Policy

We may occasionally make changes to this Policy.
The user should periodically read this Privacy and Personal Data Protection Policy to stay informed of any changes made. This Policy will always comply with applicable legal rules. Although the Agency reserves the right to amend or supplement this Policy, it will inform users through this Website about significant changes at least 15 days before such changes take effect.