Privacy Policy

Πλοήγηση

Subject of the Privacy Notice

The National Organization for the Certification of Qualifications and Vocational Guidance (hereafter “EOPPEP”), which is located in Nea Ionia, Attica, at 41 Ethnikis Antistaseos Avenue, 14234, P.C., tel. 210 2709000, in its capacity as Data Controller, collects and further processes your personal data only if absolutely necessary, for explicit and legitimate purposes, in accordance with Regulation (EU) 2016/679, Law No. 4624/2019 and Law No. 3471/2006, as applicable. This notice is intended to inform users of the https://www.nqf.gov.gr website about the processing of their personal data.

Definitions

For the purposes of this Policy, the following terms have the following meanings:

  • “Personal Data” means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one whose identity can be verified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or one or more factors specific to the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person;
  • “Special categories of personal data”: personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, as well as the processing of genetic data, biometric data for the purpose of positive identification, data concerning health or data concerning a natural person’s sex life or sexual orientation.
  • “Data Processing” means any operation or set of operations which is performed, whether or not by automated means, on personal data or on sets of personal data, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
  • “Anonymisation”: the processing of personal data in such a way that the data can no longer be attributed to a specific data subject.
  • “Pseudonymisation” means the processing of personal data in such a way that the data can no longer be attributed to a specific data subject without the use of supplementary information, provided that such supplementary information is kept separately and subject to technical and organisational measures to ensure that it cannot be attributed to an identified or identifiable natural person.
  • “Data Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, or the specific criteria for their appointment may be provided for by Union or Member State law. For the purposes of this Policy, OPPPEP shall act as a Data Controller.
  • “Data Processor”: the natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
  • “Data Subject”: the natural person whose personal data are processed, e.g. trainees, partners, employees of the Municipality, etc.
  • “Consent of the data subject”: any freely given, specific, explicit and informed indication of his or her free will, by which the data subject signifies his or her agreement, by a statement or by a clear affirmative action, to the processing of personal data concerning him or her.
  • “Personal data breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access of personal data transmitted, stored or otherwise processed.
  • “Existing Legislation”: The relevant national and EU data protection legislation and in particular Regulation (EU) 2016/679 (hereinafter referred to as ‘the GDPR’.), law 4624/2019, law 3671/2006, the case law of the Court of Justice of the European Union (hereinafter “CJEU”) and the Decisions, Directives and Opinions of the European Data Protection Board (hereinafter “EDPS”) and the European Data Protection Authority (hereinafter “DPA”).

Personal data collected and processed by EOPPEP

Data collected by the EOPPEP

Data we collect automatically

When you use our Website, we also collect information automatically, some of which may constitute personal data. This includes information such as language settings, IP address, location, device settings, device settings, device operating system, activity data, time of use, redirect URL, status report, user information (information about browser version), operating system, browsing result (single visitor or registered customer), browsing history, type of data viewed. We may also collect data through cookies. For information on the use of cookies, please visit “Cookie Settings”.

Collection and further processing of Personal Data of Minors

As a general rule, EOPPEP does not directly or indirectly collect and process data of minors (i.e. persons under the age of 18). However, given that it is impossible to cross-check and verify the age of persons entering or using the website, parents and guardians of minors are recommended to contact EOPPEP directly if they detect any unauthorised disclosure of data by the minors for whom they are responsible, in order to exercise their rights accordingly, such as for example to have their data deleted. In the event that EOPPEP becomes aware that it has collected personal data of a minor, it undertakes to delete them immediately and to take all necessary measures to protect such data.

No automated decision-making processes including profiling are carried out.

Transfer of Personal Data outside the EEA.

In principle, EOPPEP does not transfer your personal data to third countries and/or International Organisations. In the event of a transfer of your personal data to a country outside the European Economic Area (EEA) or an International Organisation, EOPPEP will first ensure that one of the legal bases of Article 6 of the Regulation is complied with; and :

  1. The Commission has issued an adequacy decision for the third country to which the transfer is to be made (Article 45 of the GDPR); or
  2. Appropriate safeguards are in place in accordance with the GDPR for the transfer of such data (Article 46 GDPR); or
  3. For occasional processing, there is one of the exceptions provided for in Article 49 of the GDPR (e.g. the explicit consent of the user and his/her information on the risks involved in the transfer, the transfer is necessary for the performance of a contract at the request of the data subject, there are reasons of public interest, it is necessary to support legal claims and vital interests of the data subject, etc.).

Data Retention Period

The personal data of the data subjects are collected and kept for a predetermined and limited period of time, depending on the purpose of processing, after which the data are deleted from our records.

Where the processing is required as an obligation by provisions of the applicable legal framework or a specific retention period is foreseen, your personal data will be stored for as long as the relevant provisions require.

Rights of Data Subjects

EOPPEP ensures that it is able to respond promptly to the requests of the subjects to exercise their rights in accordance with the existing legislation.

In particular, each data subject has the following rights:

AccessEditRestrictionDelete

In the event of the exercise of any of the above rights, EOPPEP will respond promptly [in any case within thirty (30) days of the request], informing you in writing of the progress of its satisfaction.

If you have any complaints regarding this notice or personal data protection issues, if we do not satisfy your request, you may contact the Hellenic Data Protection Authority via the following link: www.dpa.gr.

Data Protection Officer (DPO) details

To exercise all of the above rights, as well as for any issue concerning the processing of your personal data by the EOPPEP , you can contact the Data Protection Officer at dpo@eoppep.gr.

Disclaimer for Third Party Websites

EOPPEP does not control and is not responsible for any subsequent processing carried out on the personal data of the subjects by Third Party Sites.

Updates to the Privacy Notice

This Privacy Notice may be amended/revised in the future, in the context of the EOPPEP regulatory compliance and the optimisation and upgrading of the Website’s services. We therefore recommend that you refer each time to the updated version of this Privacy Notice for adequate information.

October 2022

This site is registered on wpml.org as a development site. Switch to a production site key to remove this banner.