PERSONAL DATA PROTECTION POLICY

PERSONAL DATA PROTECTION POLICY

“25 Years of CERTH” Events

Centre for Research and Technology Hellas (CERTH) pays special attention to the privacy and personal data protection of individuals. For this reason, CERTH adheres to the present policy in accordance with the EU General Data Protection Regulation 2016/679 (“GDPR”) and Greek Law 4624/2019, as applicable, aiming to inform you about how it collects and processes your personal data in the context of the events celebrating the “25 Years of CERTH”.

Data Controller

CENTRE FOR RESEARCH AND TECHNOLOGY HELLAS (CERTH), 6th Km Charilaou - Thermi Road, 57001, Thessaloniki, Greece, tel. 2310 498100, email: This email address is being protected from spambots. You need JavaScript enabled to view it..

Categories of Personal Data, Purposes and Legal Basis for the processing

In the context of the “25 Years of CERTH” events, CERTH collects and processes personal data to ensure the effective organisation and proper execution of the event-related activities. Processing is based on your consent and/or CERTH’s legitimate interests. Specifically, CERTH collects and processes the following:

  • Audiovisual material (photos, videos, live streaming, photobooth):Upon entering the event area, photos, videos, or live streaming may be captured, along with the option of photobooth images. This material is collected and used by the organizers for the promotion of events in media (e.g. press, websites, social media, television, etc.) with the aim of informing the public about the organization's events and disseminating their results, as well as for the preservation of the material in the organization's archives for historical reasons. This data processing is based on consent of participants (Article 6(1)(a) GDPR).
  • Competition entry data: When participating in a competition, you are asked for personal information, such as your name, telephone number and email address. This data collection is carried out solely for the purposes of effective organisation of and successful participation in the competition, as well as for communication with the prize winners. This data processing is based on consent of competition participants (Article 6(1)(a) GDPR).
  • Guest information: Guests included on an invitation list provide their details (name, contact details, affiliation) for access management and proper participation in the events. This processing is necessary for the purposes of the legitimate interests pursued by CERTH (article 6 (1f) GDPR), while respecting participants’ rights.
  • Badges: Upon entry, participants receive color-coded badges by category of participation (e.g. general public, speakers, guests, staff, etc.) and, in some cases, name indication. This data is used to effectively manage entry and access to the event venues, support security and the smooth flow of people in the event venues, as well as for the proper implementation of activities aimed at specific categories of participants. This processing is necessary for the purposes of the legitimate interests pursued by CERTH (article 6 (1f) GDPR), while respecting participants’ rights.

By participating in the events and competitions, you acknowledge and accept the collection and processing of your data for the purposes described above. If you do not wish to be photographed/recorded/streamed, please notify us in advance at This email address is being protected from spambots. You need JavaScript enabled to view it.. You may withdraw consent at any time where processing relies solely on consent.

Data Retention Period

Your personal data are retained until withdrawal of consent and for as long as necessary to achieve the above purposes of processing. Afterwards, the data are deleted/destroyed unless retention is required by law or necessary for establishing, exercising, or defending legal claims.

Recipients/Transfers of data

The collected personal data may be disclosed to third parties, if this is required for the fulfillment of our legal obligations or is necessary for the fulfillment of the above data processing purposes, in compliance with the applicable legal framework. Such disclosure could be made to official government and supervising bodies, public authorities, and organizations, courts and external providers (data processors) involved in event execution (e.g., photographers, videographers). The processing of the personal data by the data processors is made under the explicit instructions of CERTH and after it is contractually guaranteed that all the necessary technical and organizational measures have been implemented. CERTH will never transfer, sell, rent or exchange your personal data to third parties for marketing purposes. It is also highlighted that CERTH does not transfer your personal data outside the European Union (EU) or the European Economic Area (EEA).

Data security

The personal data collected by CERTH are strictly confidential and are used solely for the above purposes. CERTH implements appropriate technical and organizational measures to ensure an appropriate level of protection against the risks arising from processing, such as accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access.

Your rights

According to GDPR, you have the following rights:

  • Right to access: You have the right to request access to your personal data and be informed if we process your personal data, about the purpose and way of their processing, their security, as well as about your rights. You can also request a free-of-charge copy of your personal data undergoing processing.
  • Right to rectification: If you believe that your personal data is inaccurate or needs an update, you have the right to request the rectification of the inaccurate information and the completion of the incomplete data.
  • Right to restriction of processing: If you consider that your data is inaccurate, or that the processing is unlawful, or that we no longer need your data, or that you have objections to automated processing, you have the right to request the restriction of processing.
  • Right to object to processing: You have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data, unless there are compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise, or defense of legal claims.
  • Right to erasure (“right to be forgotten”): When you no longer wish the processing and retention of your personal data, you have the right to obtain their erasure, unless the processing is necessary for a specific legal purpose.
  • Right to portability: you have the right to receive or transmit your personal data in a structured, commonly used and machine-readable format to another controller.
  • Right to withdraw your consent: You have the right to withdraw your consent at any time. Where your consent is the only legal basis for processing, we will stop processing your data after its withdrawal. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

Please note that the aforementioned rights may be restricted in the light of the GDPR or other applicable data protection legislation.

How to exercise your rights

To exercise your rights, you can contact the Data Protection Officer of CERTH at This email address is being protected from spambots. You need JavaScript enabled to view it.. We will reply to your request within (1) one month after receiving it and without any cost for you. The above time period might be extended for two (2) more months, due to the complexity or the number of the requests. In such a case you will be informed for the time extension and the reasons for it, as soon as possible. In case your request is considered obviously unfounded or excessive, CERTH may refuse to respond to it or to impose a reasonable fee. Finally, if you believe that your request has not been sufficiently satisfied or the protection of your personal data has been violated by CERTH’s processing, you have the right to lodge a complaint with the Hellenic Data Protection Authority.

 

Contact

For any question that may arise regarding this policy, you may contact the Data Protection Officer of CERTH at This email address is being protected from spambots. You need JavaScript enabled to view it..