Greek Law 4624/2019 (Government Gazette 137 A) came into force on 29-8-2019 as part of adapting to and harmonising with the General Data Protection Regulation of 25-5-2018 (EU 2016/679) and Directive (EU) 2016/680 of the European Parliament, which strengthens the framework of protection of data subjects with regard to the processing of personal data in the European Union. With respect for personal data, ethosMedia complies with GDPR as part of its activities and its objects and takes all necessary and available technical and organizational measures set out in GDPR and, by extension, Greek legislation.
Data Controller – Contact information
Tourism Media is the data controller and can be reached at the following:
Address 16 Alkmanos Str., 11528, Athens
Telephone +30 2107295620
The purpose of this policy is to describe the applicable legislation and outline the steps Tourism Media, as data controller, takes to ensure its compliance with it and to inform data subjects about the manner in which data that pertain to them are collected and processed.
Personal data entail any piece of information that refers to individuals (data subjects) whose identity is known or can be discovered.
The protection of the data subject's personal data is very important. We process personal data in accordance with legislation regarding data protection and ensure that Tourism Media management, executives, staff and associates are aware of their obligations when processing personal data on behalf of the company.
The General Data Protection Regulation (GDPR 679/2016) is one of the most significant pieces of legislation affecting the manner in which Tourism Media carries out its activities in relation to data processing. A violation of GDPR, which is designed to protect personal data of those within the European Union, may be subject to significant fines. It is the policy of Tourism Media to ensure that its compliance with GDPR and related legislation is transparent and can be substantiated at any given time.
As data controller, it bears the responsibility and is in a position to prove its compliance with the Regulation and national legislation and ensures that it complies with all of these principles, both in current processing and when introducing new processing methods, such as new IT systems.
What are cookies and why are they collected
To make sure our website functions correctly, we may occasionally place a small piece of data known as a cookie on your computer or mobile device. A cookie is a text file that is stored on a web server, a computer or a mobile device. The contents of a cookie can be recovered or read only by the server that creates the cookie. The cookie text often consists of identifiers, location names and certain numbers and characters. Cookies are unique to the browsers or mobile applications you use and allow our websites to store data such as your preferences.
By consenting to the installation of cookies, users can enjoy a richer browsing experience on our website.
GDPR contains a total of 26 definitions. The main definitions relevant to this policy are stated below:
“Personal data” means:
any information relating to an identified or identifiable individual (“data subject”). An identifiable individual is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that individual.
any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, deletion or destruction.
“Data Controller” means:
the individual or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by European Union or Member State law, the controller or the specific criteria for its nomination may be provided for by European Union or Member State law.
an individual or legal person, public authority, agency or another body to which the personal data are disclosed, whether a third party or not.
Principles Governing Personal Data Processing
There are some key principles upon which GDPR is based, so that personal data are:
(a) processed lawfully, fairly and in a transparent manner in relation to the data subject (“lawfulness, fairness and transparency”);
(b) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with these purposes. Further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes are not considered to be incompatible with the initial purposes (“purpose limitation”);\
(c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (“data minimization”);
(d) accurate and, where necessary, kept up to date. Every reasonable step must be taken to ensure that personal data that are inaccurate, with regard to the purposes for which they are processed, are erased or rectified without delay (“accuracy”);
(e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed. Personal data may be stored for longer periods in order to safeguard the rights and freedoms of the data subject (“storage period limitation”);
(f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures (“integrity and confidentiality”).
Which personal data are collected and how
The personal data that Tourism Media collects and processes, with
a) the personal (at our offices or at events we stage or participate in) submission of an individual application for registration of the subject as a member/recipient/subscriber to sites, portals, publications, newsletters and other informational media that the company publishes and prepares;
b) the online submission of an individual application for registration of the subject as a member/recipient/subscriber to sites, portals, publications, newsletters and other informational media that the company publishes and prepares;
c) personal or online data entry by the data subject in order to take part in and receive notifications of individual company actions, activities and events;
d) personal or online data entry by the data subject to facilitate the assessment of CVs when hiring company staff are limited only to those which are necessary each time for the particular and clearly specified purpose and specific legal basis allowing processing.
The intent is to provide you with better individualized service and information as part of our corporate communication, as well as in relation to each individual company action, activity or event.
In this regard, processing relates to personal data that you provide in real interactive time when you use our official websites.
The personal data you provide us include data that depend on the manner in which you interact with Tourism Media, for example, the website you visit, and may include:
- Identification and demographic data
- Contact data
- Where required, additional subject profile data
What is the purpose of processing and what is the legal basis
Personal data are collected with the registration or entry of the subject, in accordance with GDPR and current legislation, for the purposes of information, communication and participation in general in the company’s activities, in any way whatsoever, and are the object of processing on the legal basis of consent derived from identification and communication with the subject, provided either by filling out forms available on the website online, or freely providing personal data for entry.
Who are the recipients of my personal data
The recipient of your personal data is Tourism Media management, as competent for organizing, managing, operating and fulfilling its purpose, as well as the management of subsidiary or affiliated companies, as independent corporate entities.
Moreover, as part of the duties assigned them by Tourism Media as data controller and in accordance with GDPR, either on the basis of an agreement or other legal act linking them, employees and associates of the company may also have access to your personal data as data processors.
Tourism Media, as part of the necessity to communicate with you, such as when preparing conference or other events, is entitled to permit access to your personal data to various third parties who have a direct professional connection to the company exclusively for this purpose.
How long are my data retained?
Tourism Media processes your personal data only for as long as necessary for the purposes of processing. However, it is obliged to keep these personal data throughout the period from registration and receiving your consent and for the duration that you maintain some financial relationship with it, while in the event this relationship is interrupted, they are kept for an additional 5 years to support the company's legitimate interests.
How are my data protected
At Tourism Media, we work daily to ensure that the personal data we receive are:
- Processed lawfully, fairly and in a transparent manner in relation to the data subject.
- Collected exclusively for specific and legal purposes.
- Adequate, relevant to the purpose for which they are collected and limited to the essential.
- Accurate and up to date.
- Retained exclusively for the predetermined time period and no longer.
- Processed in such a way to ensure the necessary security of personal data.
What are my rights
The data subject has the following rights:
Right to access
- You can ask us to inform you about the personal data we keep at any time and you can have access to them.
Right to rectification
- You can contact us so we can correct any data that are inaccurate or incomplete.
Right “to be forgotten”
- Provided we are not required by law to retain the data we keep that pertain to you, you can ask us to erase them.
Right to data portability
- You can ask us to transmit your data to another organization.
Right to object to and restrict processing
- If you disagree with the manner in which we process your personal data, you can ask us to stop or restrict processing.
Right to withdraw consent
- You have the right to withdraw your consent to the processing of your data at any time.
Tourism Media will make every effort to handle your request without delay. If you have made your request via electronic means, notification will be provided by electronic means, where possible, unless you, as the data subject, request otherwise.
Tourism Media is entitled to refuse to fulfill your request to restrict processing or erase your personal data if such processing is necessary for the establishment, exercise or defense of its legal rights.
To exercise your rights, contact us via e-mail at firstname.lastname@example.org .
Withdrawal of consent
You also have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
For questions regarding the protection of your data and your rights, please contact us via e-mail at email@example.com
or by post at: 16 Alkmanos Str, 11528, Athens
Data Protection Authority
You have the right to lodge a complaint with the Data Protection Authority (www.dpa.gr) if you believe that your rights have been violated in any way. The DPA is the competent supervisory authority for protecting fundamental rights and freedoms of individuals in relation to processing of the subject’s personal data.