The Navarino Network is an autonomous non-profit organization devoted to the development of new thinking regarding current and future policy challenges and operates under the auspices of Northern Greece Entrepreneurs Cultural Society, located in Thessaloniki, Greece (6-8 Frangon Str., Thessaloniki tel: +30 2310 517864).
The Navarino Network as Data Controller is bound to protect and respect your privacy according to General Data Protection Regulation/GDPR (EU) 2016/679 and the Greek legislation for the protection of personal data and the protection of the privacy of the electronic communications.
This Privacy Notice sets the rules and explains how the Navarino Network collects, uses, stores and deletes the personal information, how the organization protects them, and under which conditions it the Navarino Network shares them with third parties and public authorities.
PRINCIPLES RELATING TO THE PROCESSING OF PERSONAL DATA
The Navarino Network is bound to process in a lawful, fair and transparent manner the personal data, to collect them for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes. The personal data that the Navarino Network request and collects are adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed. The personal data are accurate and, where necessary, kept up to date.
The organization as Data Controller takes every reasonable step to ensure the appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organizational measures.
PURPOSE OF COLLECTION AND PROCESSING
The Navarino Network collects, process and store personal data that are required for its academic activities, scientific research, public events, academies, symposiums, lectures, conferences, seminars, cultural activities, webinars, and online events. The collection applies for participants to events, partners, third party providers, suppliers, employees, job applicants, interns, and volunteers. More specifically the purposes include:
- The organizing of activities and events as described above
- The partnership with institutions, organizations, and individuals for its purposes
- The participation to events
- The providing of information about content and venue details on current and future events and activities
- The response to inquiries and applications through the completion of forms, and incoming requests
- The sending of electronic communication
- The compliance with obligations imposed by the applicable legislative and regulatory framework
- The establishment, exercise, and defense of its legal rights
- The response to data subjects’ rights and the providing of relevant information
- The notification about disruptions of services
- The conduct of surveys about events and services
- The monitoring of payments and fulfilment of contractual obligations
- The assessment of the suitability of job applicants and the processing of job applications
- The monitoring of employment relationships
CATEGORIES OF DATA SUBJECTS AND PERSONAL DATA
The personal data that is collected includes without limitation:
- For event participants: identification, communication, financial data (name, surname, email address, address, phone number, job title, studies, credit and debit card number, PayPal accounts).
- For partners, third party providers and suppliers: identification, communication, and financial data (name, surname, email address, address, phone number, job title, identity card/passport number, Tax ID No, bank accounts).
- For employees and interns: identification data (name, surname, father’s name, mother’s name, date of birth, identity card/passport number, Tax ID No., photo, citizenship), communication data (address, e-mail address, telephone numbers), financial data (bank accounts, salary, additional fees), family status, social security data (social insurance registration number/AMKA, social security number/AMA, Single Agency of Social Insurance/ EFKA), studies (degrees and vocational training data), letters of references. Health data is being collected and processed when required by law.
- For volunteers: identification and communication data (name, surname, email address, address, phone number), information about studies.
- For electronic communication recipients: name, surname, email address.
- For website visitors: browser information, IP address, Internet Service Provider, type of device, operating systems, navigation information, and other relevant identifications of the computer used to access the website.
The Navarino Network may also collect feedback, comments and questions received in service-related communication and activities.
The Navarino Network does not collect or process any special categories of personal data, unless this is required by regulation and legislation under the conditions of General Data Protection Regulation (Article 9, paragraph 2) and the Article 27 (3) of the Greek Law 4624/2019.
LEGAL BASIS FOR PROCESSING
- The data subject has given consent to the processing of his or her personal data for one or more specific purposes according to the Article 6 (1) (a) GDPR and Article 27 (2) of the Greek Law 4624/2019, and taking into consideration the requirements of the valid consent and its withdrawal as described in the Article 7 GDPR, as well as the Greek Law 3471/2006 for the protection of personal data and privacy in the electronic communication. The data subjects have the right to withdraw their consent at any time, without prejudice to the lawfulness of the consent-based processing before the withdrawal in question.
- The processing is necessary for the performance of services, a contract or an agreement to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract, according to the Article 6 (1)(b) GDPR, and Article 27 of the Greek Law 4624/2019.
- The processing is necessary for compliance with a legal obligation to which the controller is subject according to the Article 6 (1)(c) GDPR.
- The processing is necessary for the purposes of the legitimate interests pursued by the Navarino Network or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child according to Article 6 (1)(f) GDPR.
POINTS OF COLLECTION
The Navarino Network collects personal data from the data subject’s personal interaction with the Navarino Network through correspondence, phone, mail, email, printed and online contact forms, social media, or through the Navarino Network website.
PHOTOS AND AUDIOVISUAL MATERIAL
The organization has a legitimate interest to inform its internal and external audience, its partners, donors, and supporters for its activity, services and programs, through informative and promotional material, e.g. printed and online editions, reports, webpages, official social media pages, electronic mass mail communication. For the above-mentioned purposes, the Navarino Network collects, uses, and stores photos and audiovisual material during physical and online events. The photographic and audiovisual records can be stored for archival purposes. They might also be used on the official webpages and social media pages, in electronic newsletters, printed editions, presentations, reports, events open to public.
This information may include browser information, IP address, name of the Internet Service Provider, type of device, operating system, navigation information, and other relevant identifications of the computer used to access the website.
Cookies and relevant technologies allow the modification of the website in accordance with the needs of the user, to identify and prevent threats against security and abuse.
RETENTION PERIOD OF PERSONAL DATA
The Navarino Network stores personal data for as long as it is necessary to fulfill the purpose for which the personal data was collected. The retention period may be extended if it is required by law and for the establishment, exercise, or defense of legal claims.
The Navarino Network may keep data for statistical purposes, but in such cases, data will be anonymized.
The Navarino Network does not share, sell, rent, or trade personal information with any third parties without the data subject’s consent, unless this is required by law or a statutory obligation.
THIRD-PARTY SERVICE PROVIDERS WORKING ON BEHALF OF THE NAVARINO NETWORK
The Navarino Network may assign the processing of the personal data on third parties, sub-contractors, and other associated organizations which provide services on its behalf. In this event, the Navarino Network as Data Controller shall use only Data Processors which provide sufficient guarantees to implement appropriate technical and organizational measures in such a manner that processing will meet the requirements of this Regulation and ensure the protection of the rights of the data subject.
If the sub-contractor processes Personal Data outside the EU/EEA area, such processing must be in accordance with the provisions and conditions of the GDPR, including the EU Standard Contractual Clauses for transfer to third countries, or another specifically stated lawful basis for the transfer of personal data to a third country.
DATA SUBJECTS RIGHTS
The data subject shall have
- the right to obtain confirmation as to whether personal data concerning him or her are being processed, and access to the personal data. (Right of Access).
- the right to obtain the rectification of inaccurate or out of date personal data concerning him or her. (Right to Rectification).
- The right to request the deletion of personal data when it is no longer necessary, under the conditions set in Article 17 GDPR. (Right to Erasure).
- The right to restrict the processing of the personal data, if the provisions of Article 18 GDPR apply. (Right to Restriction of Processing)
- The right to withdraw any consent to personal data processing at any time, without prejudice to the lawfulness of the consent-based processing before the withdrawal in question.
- The right to request that the Navarino Network as Data Controller pass on personal data directly (in a portable format) to another data controller when the processing is based on consent or contract. (Right to Data Portability)
- The right to object to the processing if the data processing has been based on legitimate interest and/or direct marketing. (Right to Object)
Any query about your Privacy Rights should be sent to:
For further actions you may contact the Greek Data Protection Authority www.dpa.gr
For any issue that may arise, the applicable courts for any complaints and legal claims are the courts in Thessaloniki, Greece.
UPDATES TO PRIVACY NOTICE
The Navarino Network reserves the right to amend this Privacy Notice at any time. The latest version will be found on the Navarino Network website.
For any request with respect to GDPR please use the contact form, or email us to firstname.lastname@example.org, or call us at +30 2310 517864