INFORMATION ABOUT PERSONAL DATA PROCESSION
PROSVASI University of Thessaly
University of Thessaly, (hereinafter University), values personal data protection, always ensuring the lawful and proper processing of all individuals’ data. Always committed to the above purpose, the University fully complies with the basic personal data processing principles, as foreseen by European Parliament’s and Council’s Regulation, (EU) 2016/679(27 April 2016) regarding the protection of individuals’ personal data (General Data Protection Regulation) (hereinafter "GDPR" or "Regulation").More precisely, personal data shall be processed lawfully, fairly and in a transparent manner, collected for specified, explicit and legitimate purposes, being kept adequate and accurate, in integrity and confidentiality, kept no longer of what’s necessary, making sure providing accountability.
1. Data Controller
The University is responsible for processing data subjects’ personal data regarding all purposes analyzed under paragraph 2 of the herein document. Our address is Argonauton & Filellinon, Volos,P.C. 382 21, , Tel: +30 24210 74000.You can contact also University’s Data Protection Officer, “Priority Quality Consultants S.A”, on this email address: dpo@uth.gr.
2. Purpose of Processing
The University processes your personal data within the following purposes:
a. “PROSVASI” Program Management
3. Personal data to be processed
The University will have to process your personal data regarding:
1. Basic Personal Data (i.e.,. email, name, surname, telephone number, etc.)
2. Data concerning health (i.e., chronic health problems)
3. Social welfare data (i.e., disabilities, paraplegia)
4. Data indicating preferences
5. Evaluation data
6. Education data (i.e., Department, semester, faculty, year of enrollment)
7. Images (i.e., photos, videos)
8. Online identifiers (i.e., username, APELLA code)
4. Legal Basis for Processing
As legal basis for processing, the abovementioned data is considered the performance of a task carried out in public interest that has been assigned to the University. Regarding the processing of special categories of personal data, namely health data, its legal basis can be founded on the fact that their processing is necessary for carrying out the obligations and exercising specific rights of the University in the field of employment and social security and social protection law.
5. Access to personal data - Recipients
Entitled to gain access to your personal data is strictly the competent and authorized staff of the University of Thessaly, who has been adequately informed and trained about how your data should be processed, exclusively for the fulfillment of the purpose mentioned above. In addition, recipients of the above mentioned data are partner companies/ or individual associates who provide their services/products to the University, such as the supplier company sending on behalf of the University automated text messages to mobile phones. Furthermore, third parties who process personal data on behalf of the University have been informed and have signed in advance confidentiality agreements via which they commit to follow our instructions regarding the processing of personal data and take all appropriate measures to secure them.
6. Transfers outside the European Economic Area (EEA)
Your personal data collected within the above mentioned purposes will not be transferred outside the European Economic Area (ΕΕΑ). In case that the University , within its framework and its legal obligations and/or claims, decides that is necessary to carry out data transfer to a third country or international organization, this transfer will take place legitimately under the provisions for data transfer of the Regulation and national legislation. In addition, you will be fully informed of this transfer in advance in the case that its obligatory and derives from the current legislation.
7. Data retention period
Your personal data are retained/stored by the University strictly for the period required to achieve the processing purpose, unless required otherwise by any specific national law.
8. Security of your data processing
We have taken all the appropriate organizational and technical measures in order to secure and protect your data from any form of accidental or improper processing. Please note that our uniquely authorized to process your data staff has received appropriate training and guidance to ensure the lawful protection of your data. All measures are being regularly reviewed and amended when necessary, based on technological developments and businesses’ evolution and best practices.
9. Your rights and how to exercise them
As a Data Subject, you can always exercise the following rights:
• Right of access to your personal data
• Right of rectification
• Right to erasure (“right to be forgotten”)
• Right to data portability
• Right to restriction of processing
• Right to withdraw your consent
• Right to object to the processing of your data
In the case that: a) you consider that your request has not been sufficiently and legally handled or b) you consider that your right of personal data protection is violated by any processing operation we carry out, you have the right to file a complaint to the Hellenic Data Protection Authority (postal address: 1-3 Kifissias Avenue, P.C. 115 23 23, Athens, tel. +30 2106475600, e-mail address: contact@dpa.gr). If you wish to receive further information regarding the processing of your personal data or to exercise any of the above mentioned rights, you can contact the University’s Data Protection Officer at dpo@uth.gr, or send your request in physical form to our mailing address (Argonauton & Filellinon, P.C 382 21, Volos, Greece), stating as object, "For the attention of University’s Data Protection Officer", including as well a description of your request. We will make sure to examine it and answer back to you as soon as possible. Our reply to your request will take place at most within (1) one month of its receipt and will not entail any cost for you. The above deadline may be extended for two (2) more months due to the complexity or number of requests. In this case, you will be informed for the delay and the its reasoning as soon as possible, at most within one month from the request’s receipt. In cases where the request is considered to be manifestly inadmissible, unfounded, excessive or repeated, the University may either refuse to handle it, or request a reasonable fee payment, taking into account the administrative costs of providing the information or performing the requested action.
I have been informed via the herein document for the processing of my personal data in terms ofadministration of “PROSVASI” purposes.