Personal Data Protection
Last edition as of March 2021
Thank you for visiting the website https://hfsf.gr/en (hereinafter the “website”). The HELLENIC FINANCIAL STABILTITY FUND is the sole administrator of this site and is responsible for the management of your personal data in accordance with the applicable General Data Protection Regulation (GDPR) 679/2016, national and EU legislation.
- HOW WE COLLECT PERSONAL DATA
- Directly from you: We collect personal data directly from you when you visit our website, when you request information, submit a request, submit a CV, in the context of a call for tenders following a call for FUNDs from the FUND and any other communication.
- By automated means through the use of the website: When you visit the FUND’s website, we may collect data from you based on your browsing and using our services. This data may include search history, address IP, screen resolution, browser you used, operating system and settings, access times and URL reference as well as data collected through cookies (See Policy cookies).
- WHAT PERSONAL DATA WE COLLECT
The personal data we collect vary depending on the purpose of collection and the use performed by a natural person ( contact form, in the context of a call for tenders following a call for FUNDs from the FUND/ project and evaluation of relevant bids, or in the context of submitting CVs to fill a specific position and any other information you may voluntarily provide) such as:
- Email address
- Telephone (mobile, landline)
- Any information you include in the text of the contact form
- Legal information
- Information you include in your CV
- Browsing data such as address IP, screen resolution, browser used, operating system and settings, access times and URL and data collected through (cookies).
The FUND will collect and process only personal data that are relevant and necessary for the specific processing purpose, and will not process this data for any purpose other than the one for which it was collected.
- PROCESSING PURPOSE
The processing of your personal data shall be carried out solely for the purposes set out below and in accordance with the GDPR provisions, i.e.:
- for communication purposes, to respond to your requests
- in the context of a call for tenders following a call for FUNDs from the FUND/ project and evaluation of relevant bids
- in the context of submitting CVs to fill a specific position and evaluate them.
We do not perform automatic individual decision-making including profiling.
- LEGAL BASIS FOR PROCESSING
The legal basis for the processing of personal data collected in accordance with the above is:
- processing of the personal data is necessary for the performance of the contract between you and the FUND, specifically to provide the services and/or information requested.
- processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the FUND.
- processing is necessary for compliance with a legal obligation to which the FUND is subject (such as tax law or lawful law enforcement requests).
- PERSONAL DATA RECIPIENTS
Access to the personal data collected and processed hereunder shall in principle have authorized staff and / or members of the governing bodies of the FUND and only to the extent required in the context of the above processing purposes.
To the extent that this is appropriate for the fulfilment of our statutory obligations, your best service and the satisfaction of your requests, access may on a case-by-case basis and exclusively in the context of their duties, cooperating bodies/service providers, such as legal, advisory and auditing companies, IT companies, transport companies, companies providing internet services, or other services necessary for the operation of the website and the performance of the Services of the FUND.
Your data may be addressed by official government and supervisory bodies (eg law enforcement and prosecutors, supervisory authorities, etc.) if we are required to comply with the law.
It should be noted that when storing, accessing and/or processing the user’s personal data, the employees and agents of the FUND fully comply with the relevant provisions of the European General Data Protection Regulation 2016/679 on the protection of Data as well as with current Greek legislation and jurisprudence on the protection of personal data. The FUND requires of its employees, its website hosting and service providers, as well as its third party partners to take all necessary technical and organisational measures (including appropriate policies and procedures) to prevent unauthorised disclosure of users’ personal data to which they gain access, and implement procedures for the management and processing of personal data in a manner that is lawful and protect such data according to GDPR imposed obligations.
- RETENTION PERIOD
Your personal data is held by us for the time that is strictly necessary for the purposes for which we have collected it, as well as for our compliance with any legal obligations or our internal procedures, and for duration that it is required to do so for the protection of our legal rights and interests, taking into account the applicable statute of limitations.
If CVs are submitted, your data is retained in accordance with the FUND’s Recruitment Policy.
However, some necessary personal data regarding your contractual relationship with the FUND as well as information concerning your notification on the processing of your data and your consent, where applicable, may be retained so as to establish the lawfulness of processing of user data by the FUND and the legal claims of the parties.
- TECHNICAL AND ORGANISATIONAL MEASURES
The FUND, its employees, processors, assistants, agents shall implement appropriate technical and organisational measures to ensure, as much as possible, the most appropriate protection of personal data against accidental or unlawful destruction, loss, alteration, unlawful disclosure or access to them and any unlawful processing, as well as to ensure the possibility of restoring availability and access to them. These measures also serve so as to demonstrate that processing is performed in accordance with GDPR, obviously taking into account the nature, scope, context and purposes of processing as well as the risks of varying likelihood and severity for the rights and freedoms of natural persons, while applying appropriate procedures for the regular testing, evaluation and evaluation of the effectiveness of the techniques and organisational measures.
- YOUR RIGHTS
We protect and safeguard your rights to the use of your personal data. Under the GDPR (articles 12-22) you have the following rights:
- Request a copy of your personal data.
- Withdraw your consent when this is the legal basis of the processing of your personal data.
- Request that your personal data be corrected if it is inaccurate.
- Request erasure of the personal data you have provided, under the conditions set out by law.
- Request restriction of processing, under the conditions set out by law.
- Request the portability of your personal data, if you have provided us with the data and the processing is based on consent or performance of a contract and processing is based on automated means.
- Oppose some form of processing of your personal data by the FUND.
You can exercise your rights by applying at: email@example.com. We will take all possible measures to satisfy your request within a reasonable period, no later than one (1) month after the submission of the request and proper proof of your identity. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests. Please note that the absolutely necessary user data may be retained, in order to safeguard the legal interests of the FUND.
Please note that depending upon the circumstances and the request, we may not be permitted to provide access to personal data or otherwise fully comply with your request; for example, where producing your information may reveal the identity of someone else. We reserve the right to charge an appropriate fee for complying with your request where allowed by applicable law, and/or to deny your requests where, in the FUND’s discretion, they may be unfounded, excessive, or otherwise unacceptable under applicable law.
Finally, each user has the right to submit a request to the FUND inquiring on how the FUND processes and protects your personal data, and if you consider that your rights are infringed, you have the right to file a complaint with the Data Protection Authority (http://www.dpa.gr/, Kifisias 1-3, P.C. 115 23, Athens, 210 6475600).
- EXTERNAL LINKS
The website of the FUND may contain links to other websites that are under the responsibility of third-party natural or legal persons. The FUND shall not be responsible for the terms of protection and management of the personal data that such websites apply.
The website of the FUND is addressed to an adult audience. No personal data must be submitted to the FUND through the website by visitors under 18 years of age. If we become aware that a user under the age of 18 has registered and provided personal data without the explicit consent of the parent or legal guardian, we will immediately delete, after receiving such information or request, the relevant data in accordance with the applicable FUND policy.
The FUND may change this policy. Please check the effective date at the top of the policy to see when it was last revised. Every revision will be implemented as soon as we publish the revised policy.
If we make substantive changes to this policy that broaden our rights to use the personal data that we have already collected from you, we will inform you and provide you with a choice for the future use of these data.