ARISTOTLE UNIVERSITY OF THESSALONIKI DATA PROTECTION POLICY IN ACCORDANCE WITH THE GENERAL DATA PROTECTION REGULATION (EU) 2016/679 & THE GREEK LAW 4624/2019.
In compliance with the current legal framework, which includes the General Data Protection Regulation (EU) 2016/679 (GDPR) & the Greek Law 4624/2019, the Aristotle University of Thessaloniki (AUTh) has set up this Data Protection Policy along with the adoption of the appropriate technical and organizational measures for the collection, use, storage, disclosure, transmission of personal data of all members of the academic community, faculty members, permanent and contractual staff with open-ended contracts, Laboratory Teaching Staff, Special Teaching Staff, Scientific Associates, Special Technical Laboratory Staff, teachers based on P.D. 407/80, forensic-doctor students and graduates of AUTh including those participating in internship programs (TEI, OAED, etc.), foreign students, primary and secondary school teachers participating in training programs, language teachers, scholarship holders, interns and PhD students, suppliers, enterprises, recipients of AUTh services (patients, external users of the library, high school students), external collaborators/ parties (lessors of residential property, donors), participants in events organised under the auspices of AUTh, contractors and sub-contractors and any third party who has access to electronic systems of AUTh (data subjects) in order to ensure their effective protection against unfair processing.
THE ROLE OF AUTH
According to GDPR, AUTh constitutes the controller being responsible for the processing of personal data of the academic community as well as for defining the personal data to be under processing, the procedures, the means and the purpose of the processing in accordance with the requirements of the GDPR and the Greek law 4624/2019.
Contact Information: ARISTOTLE UNIVERSITY Address: University Campus, PC 54124, Thessaloniki Telephone: +30 2310 996000 In accordance with the current legal framework, AUTh takes all the appropriate technical and organizational measures to ensure the lawful and fair processing as well as the appropriate level of security against the risks of unfair processing.
PURPOSE OF PERSONAL DATA PROCESSING & LAWFULNESS OF PROCESSING
The lawfulness of processing personal data is primarily carried out in the public interest, as defined in article 16 (5) of the Greek Constitution within the framework regarding the provision of higher education.
Additionally, in accordance with the General Data Protection Regulation and based on the purpose of processing, the lawfulness of personal data processing by AUTh may also be based on:
- compliance with a legal obligation
- the pursuance and protection of the legitimate interests of AUTh
- the obligation to safeguard the vital interests of data subjects or other natural persons
- the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract;
- consent to the processing of personal data given by data subjects for one or more specific purposes
HOW AUTH COLLECTS PERSONAL DATA
For the fulfillment of the above mentioned personal data processing purposes, the collection of personal data is conducted by the staff of AUTh, who in this case constitute the controller based on their respective duties. The collection takes place during the process of submitting applications or student registration statements, as well as during the signing of a contract or the conclusion of another legal relationship. Collection of personal data can also take place through:
- The use of the website or the electronic platforms or other electronic programs and means of communication of AUTh.
- Correspondence and/or e-mail
- The completion of any research to improve the services of AUTh
- Participation in a research project
- Participation in events under the auspices of AUTh.
PERSONAL DATA COLLECTED BY AUTh
- Identity Data (User ID, Name, Father and Mother Name, Photo, ID or Passport Number, Issuing Authority, Date of Issue)
- Marital status data (existence of marriage, number & ages of children, existence of student status)
- Contact details (postal address, landline and mobile phones, e-mail address).
- Grade performance of students
- Data related to the qualification of administrative, academic, research staff Financial situation data (Tax Identification Number, Tax Office, IBAN, loans, seizures in the hands of AUTh as a third party)
- Asset data (registration number of a car entering the Campus)
- Demographic data (Gender, Nationality, Citizenship, Date of Birth, Place of Birth, Country of Birth)
- Health Data (A.M.K.A., insurance fund registration number) as well as medical history, medical opinions, medical certificates only in special cases and in order to provide special privileges and / or safeguard the vital interest of the data subjects or other natural persons
- Data from the use of electronic services (such as cookies, google analytics, internet protocol (IP) addresses, etc. and electronic identification data)
- Curricula vitae of students and graduates
RECIPIENTS OF PERSONAL DATA
AUTh discloses the personal data of the data subjects, where required for the performance of its duty in the public interest, as well as to public, private bodies and independent authorities, in case that this is obligatory to AUTh as a Controller or in order to serve its legitimate interests. AUTh. discloses personal data to private entities or companies for the purpose of lawful promotion (Presidential Decree 206/2005, Government Gazette 251/11- 10-2005, vol.A.’) of its students and graduates into the labor market and internships. Any further transfer of personal data to third countries and international organizations takes place in accordance with the relevant provisions of the GDPR or the consent of the data subjects in case it is required.
AUTh is entitled to entrust to natural or legal persons the provision of services, which entail the processing of your personal data on behalf of AUTh. In this case, these persons constitute the Processors committed to the protection of personal data that are entitled to carry out only the specific processing assigned to them under a contract or other legal act.
AUTh processes the personal data taking the appropriate technical and organizational measures, which ensure the level of protection set by the GDPR. AUTh maintains your personal data as long as it is required for the fulfillment of the respective lawful purposes and in any case for the entire period required by law (P.D. 768/1980, P.D. 87/1981 & P. D. 480/1985 and any other amendment thereof or other relevant provision of law). The processing of personal data for the purposes of archiving in the public interest or for the purposes of scientific or historical research or for statistical purposes may entail derogations from data subjects rights as long as they are in accordance with the guidelines of the GDPR and necessary for the fulfillment of the above mentioned purposes.
DATA SUBJECTS RIGHTS
According to GDPR data subjects have the following rights:
- The right to be informed about their personal data that are collected and processed as well as for any further processing thereof
- Right of access to their personal data maintained by AUTh
- Right to rectify their inaccurate or incomplete personal data
- Right to delete the data based on the GDPR and the Greek law 4624/2019
Right to restrict processing when specific conditions apply
- Right to data portability to another organization. This right does not apply when data processing is conducted for public interest purposes
- Right to object in accordance with the provisions of the GDPR if permitted by law
- Right to file a complaint to the Personal Data Protection Authority (www.dpa.gr), which is the competent supervisory authority for the protection of the fundamental rights and freedoms of natural persons against the processing of their personal data provided that the data subjects consider that their rights are being violated in any way
- Right to revoke their consent at any time by sending an e-mail or written message to the competent unit for the processing of personal data. The withdrawal of the consent does not affect the lawfulness of the processing of personal data that was
based on this consent and took place beforehand.
AUTh constituting the controller is obliged to respond to the relevant requests entailed at the exercise of the above mentioned data subject rights as soon as possible and definitely within one month from their submission. However, in case the relevant requests are conspicuously unfounded, excessive or repeated, AUTh may either impose a reasonable
fee or refuse to respond or comply with them.
DATA PROTECTION OFFICER – CONTACT DETAILS
In case there are questions about the processing, protection of personal data and the data subject rights they entail, any data subject can contact the Data Protection Officer: i) by phone at: +30 2310 996200, or ii) by email at: firstname.lastname@example.org, or iii) by sending a written message to the following address: Aristotle University of Thessaloniki, University Campus, P.C. 54124, Thessaloniki.
UPDATE – MODIFICATION OF PERSONAL DATA PROTECTION POLICY
AUTh may update/supplement this Personal Data Protection Policy, in accordance with the relevant legislative and regulatory framework. In this case the new version of the Personal Data Protection Policy will be posted and will be available at AUTh’s website.