Skip to main content

Privacy policy

Introduction

ODAP, as the Data Controller, informs you about the way in which information about you is collected and processed. Your personal data includes any information that can lead, either directly or in combination with others, to your unique identification or tracking as a natural person. This category includes, where applicable, information such as name, postal addresses, telephone numbers, email addresses, and other information that allows your unique identification in accordance with the provisions of GDPR 2016/679, Law 4624/2019, the Greek legislation in force at that time, as well as the decisions of the Data Protection Authority.

The following information on the protection of your personal data concerns the way in which we process your personal information when you contact us or use any of our services.

The information is categorized. So, if you wish, you can easily select the reason for which we process your personal data and receive the relevant information.

We inform you about the following:

• the purpose for which we process your personal data,
• whether you are obliged to provide us with the relevant data,
• the categories of recipients of your personal data, if any,
• whether we intend to transfer such data to another country,
• whether we carry out automated decision-making or profiling, and
• what rights you have in relation to the respective processing, as well as how you can exercise them.

We keep this Privacy Policy under regular review to ensure that it is up-to-date and accurate.

More information about the processing carried out by the Entity and your rights can be found further down in this information.

 

Contact Details of the Data Controller

For any processing of personal data carried out in the context of any possible interaction you may have with the Entity, including your visit to this website, the Data Controller is:

ORGANIZATION FOR THE MANAGEMENT AND DEVELOPMENT OF CULTURAL RESOURCES (ODAP)
57 Eleftheriou Venizelou (Panepistimiou)
P.C. 105 64, Athens
Tel: 2103722500
Email: info@tap.gr

Contact Details of the Data Protection Officer (DPO)

The Data Protection Officer (DPO) is the company Computer Studio S.A. For any reason regarding the data processing carried out by the Entity and included in this information, you can contact them at the email address dpo@tap.gr.

When and how we collect your personal data
Most of the personal information we process is provided to us directly by you for one of the following reasons:

• You have requested information from us.
• You have contacted ODAP by phone, email or via the contact form.

We may collect and publish statistical data but not in a form that allows the identification of individuals.

Data retention period

The data recorded in log files for each request to the website server by the visitor/user’s browser are as follows:

• the visitor/user’s IP address, which constitutes personal data, even if we cannot identify him/her ourselves based on this data,
• the date and time of execution of each request for data transfer between browser and server (https request) for the operation of the https protocol,
• the server’s response code along with the https protocol call parameters (https response),
• the server’s response time in ms to each request and
• the type of browser through which the request was submitted.

They are kept for a period of 12 months and may be communicated to the competent authorities if deemed necessary for the investigation of any online attack and incident. The data for which an investigation is carried out or used in the context of legal claims is kept for the period of time required for these purposes.

 

Sharing and Transferring Data

We generally do not share or transfer data to third parties. However, in certain circumstances we are legally required to share your data:

a) In order to verify possible fraud or deceit against the smooth operation of the website.
b) In order for the Entity to respond to requirements imposed on it by law or a competent judicial authority
c) In order to ensure the legal rights of the Entity or others.

We do not disclose your personal data to third parties for the purposes of promoting products or services, but we may disclose data either for commercial or strategic purposes, or in the context of commercial studies.

Your data may be disclosed to the processors with whom the Entity collaborates to support its systems. Specifically, the website is hosted on the infrastructure of the Government Cloud (G-Cloud), which is managed by the General Secretariat for Information Systems & Digital Governance (GSIG & DS). Access to all or part of the information we have at our disposal may also be given to a technical analysis, commercial analysis or data processing company -on our behalf- in Greece or abroad, while access may be granted to the competent personnel of the companies TOOL and MODUS to the extent required for the provision of technical support services for the system. The executors may not further process your personal data, unless we have explicitly instructed them to do so, nor may they transfer your personal data to third parties.

More information about the terms of use of the website is available here.

 

Minors’ Data

We do not collect personal data of minors through the website.

Lawful processing

ODAP will use your information for the following lawful processing purposes (pursuant to Article 6 GDPR), such as, but not limited to:

• To respond to your requests and inquiries
• To analyze our website traffic and improve your experience as well as to provide you with information related to our actions
• For our internal operations and analysis, such as internal management, fraud prevention, use by management information systems, etc.

What are the principles of collection and processing

This Policy aims to inform you about the terms of collection, processing and transmission of your personal data that we may collect as data controllers. The Agency applies the Processing Principles of GDPR 2016/679 (lawfulness, objectivity, transparency, purpose limitation, data minimization, accuracy, storage time limitation, integrity, confidentiality and accountability).

Use of your personal data

We use your personal data to respond to your requests with the aim of improving the way we communicate with you, as it gives you the opportunity to express any questions or suggestions you have as a user of the website, but also to make the information of users interested in our services and products more effective.

 

Protection of personal data

In any case, we take the appropriate technical and organizational measures to ensure the confidentiality, integrity, availability of your data. ODAP has a Data Protection Officer (DPO) because we recognize the importance of protecting your privacy and all your personal information. For this purpose, it has appropriate security policies and uses the appropriate tools.

Your rights regarding the processing of personal data

In accordance with data protection legislation, when we process your personal data you have certain rights which we must inform you about. The rights you can exercise are as follows:

• The right of access

You have the right to request from us, at any time, information about the processing of your data by ODAP or copies of your personal data that we hold.

Individuals (data subjects) have the right to receive:

• confirmation regarding the processing of their data,
• a copy of their data, and
• information about the processing (relevant articles 12, 15 GDPR).

The right of access allows the data subject to obtain knowledge of their data and information about the processing in order to be able to verify its lawfulness. This right does not require justification from the data subject.

The information provided to the data subject in the context of exercising the right of access includes the following:

1. the purposes of the processing,
2. the categories of data concerned,
3. the recipients or categories of recipients,
4. if possible, the period for which the data will be kept or, where that is not possible, the criteria determining that period,
5. the exercise of the rights,
6. the origin of the data when they are not collected from the data subject,
7. the existence of automated decision-making, including profiling, and significant information on the logic, significance and envisaged consequences of such processing.

The payment of a reasonable fee for administrative costs may be imposed by the controller only for additional copies that the data subject may request.

• The right to rectification

You have the right to ask us, at any time, to correct information that you consider to be inaccurate. You also have the right to request the completion of information that you consider to be incomplete.

• The right to erasure

The right to erasure (‘right to be forgotten’) is the right for the data subject to request the erasure of personal data concerning him or her, if he or she no longer wishes these data to be processed and if there is no legitimate reason for the controller to hold them (see Article 17 GDPR and recitals 65 and 66).

In particular, the data subject may withdraw his or her consent on which the processing is based, in which case the data must be erased if there is no other legal basis for the processing.

Furthermore, if the data are no longer necessary in relation to the purposes for which they were collected or are processed otherwise or unlawfully or if the data subject objects to the processing and there are no compelling and legitimate grounds for the processing, the data subject may request their erasure. However, other EU rights, such as the right to freedom of expression and the right to information, must also be guaranteed.

Furthermore, this right is particularly relevant where the data subject has given consent as a child, when he or she was not fully aware of the risks involved in the processing, and later wants to remove the personal data in question, in particular from the internet. The data subject should be able to exercise this right despite the fact that he or she is no longer a child.

It is noted, however, that this is not an absolute right, as the further retention of personal data should be lawful, when necessary, for reasons such as the exercise of the right to freedom of expression and information, as mentioned above, or for compliance with a legal obligation, for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, for reasons of public interest in the field of public health, for archiving purposes in the public interest, for scientific or historical research purposes or statistical purposes, or for the establishment, exercise or defence of legal claims.

• The right to restriction of processing

You have the right to ask us to restrict the processing of your data in certain cases.

Natural persons (data subjects) have the right to request the restriction of the processing of their data (respectively Articles 18, 19 GDPR). In particular, the data subject may request the controller to restrict the processing. This right is an alternative to the right to erasure (Article 16 GDPR) and the right to object (Article 21 GDPR). It is not an absolute right and only applies in specific cases.

• The right to data portability

This only applies to the data you have provided to us. You have the right to request that we transfer the data you have provided to us to another entity or to provide it to you. The right only applies if we process information based on your consent or for the purpose of entering into or performing a contract and the processing is automated.

The right to portability (Article 20 GDPR) offers individuals (data subjects) an easy way to manage their own personal data. It makes it easier for them to easily move, copy or transfer personal data from one IT environment to another.

Data subjects have the right to receive personal data concerning them, which have been processed by automated means by a controller, in a structured, commonly used and machine-readable format (e.g. XML, JSON, CSV, etc.). They also have the right to request that the controller transmit those data to another controller, without objection from the original controller. Where technically feasible, they may request that their data be transmitted directly from one controller to another.

The right to data portability may be exercised where all of the following apply:

• the personal data are processed by automated means (which excludes paper records),
• the legal basis for the processing is either the data subject’s consent (Article 6(1a) or Article 9(2a) GDPR) or the performance of a contract to which the data subject is a party (Article 6(1b) GDPR),
• the personal data concern the data subject and have been provided by him or her. They are deemed to have been provided by the data subject when they are provided knowingly and actively, such as details in an account submitted by electronic means, e.g. email address, username, age, but also when generated and collected from users’ activities, when using a service or device (e.g. raw data processed by a smart meter, activity logs, website usage history or search history),
• the exercise of the right does not adversely affect the rights and freedoms of others.

The exercise of the right to data portability does not affect the exercise of the data subject’s other rights, which are exercised independently.

• The right to lodge a complaint regarding the processing of your personal data with the Data Protection Authority

We follow high standards for the processing of your personal data. If you have any questions or concerns, you can contact us at info@tap.gr either to exercise your rights (access, objection, etc.) or to request information and we will respond to you.

If you remain dissatisfied with the way in which we process your personal data, you can lodge a complaint with the Personal Data Protection Authority.

 

Changes to the Privacy Policy

ODAP may modify this Privacy Policy. Please check the Effective Date at the top of this Policy to see when this Policy was last revised. Any revision will be effective upon posting of the revised Policy.

If we make material changes to this Policy that expand our rights to use personal information we have already collected from you, we will notify you and provide you with a choice about our future use of that information.

Hellenic Heritage
Cookies Policy

We use cookies to make our site work properly, to personalize content and ads, to provide social media features and to analyze our traffic. We also share information about how you use our site with our social media, advertising and analytics partners. Read: Privacy Policy.