The processing and protection of your personal data are subject to the Terms and Conditions of the company’s Privacy Notice, as well as to the agenda of the GDPR and the other National, EU and International Data Protection Laws, whenever those apply.
WHAT IS PERSONAL DATA ACCORDING TO GDPR?
Any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity or that natural person.
WHAT PERSONAL DATA OF YOURS DO WE COLLECT? FOR WHAT PURPOSE?
Your personal data that we collect during your visit to our website and the use, by you, of the service our website provides are:
Data that you provide us when you fill out our contact form: your name and your e-mail
Technical data, such as your IP address. We collect this type of data to identify spam messages and security breach attempts
Whenever the need for processing your personal data arises and we, in order to do so, require your consent, we store a copy of the consent form you have filled out, as evidence of the given consent, which can also be used as a data source (the date the consent was given), in case you ever decide to withdraw your consent. The written consent is given for specified, explicit and clearly distinguishable purposes, which will have been declared in advance and, having given your consent, you acknowledge them.
YOUR RIGHTS AS DATA SUBJECTS
As subjects of the personal data we process, you have the right to access the personal data file we have created on you; you have the right to request the erasure or rectification or restriction of processing, as well as the right to object to the processing, excluding the cases which the data processing is mandatory for administrative, legal or security purposes. In addition, you have the right to withdraw your given consent for processing of your personal data.
According to GDPR, your rights as data subjects are:
- Right of access
- Right to rectification
- Right to erasure (“right to be forgotten”)
- Right to restriction of processing
- Right to data portability
- Right to object
- Right to object to automated individual decision-making, including profiling
REQUESTS – EXERCISE OF RIGHTS
You may exercise your rights, as data subjects, by requesting from us, the controller, access or rectification or erasure of personal data or restriction of processing or to object to processing, as well as the right to data portability. We pledge to get back to you and provide information on action taken on your request without undue delay and, in any event, within one month of receipt of the request.
That period may be extended by two further months where necessary, considering the complexity and number of requests. In this case, we will inform you of any such extension within one month of receipt of the request.
In case we cannot provide a reply to your request within the time frame mentioned above, we will inform you about the reasons of not taking action within one month of receipt of the request.
The incoming requests are being examined on their size and reportativity per requester, so that the company can exercise its rights stated in article 12, section 5 of GDPR.
HOW WE PROCESS YOUR PERSONAL DATA
Being compliant with the GDPR’s imperatives, we, in Dental School, process your personal data in a lawful, fair and transparent manner.
We collect your data for specified, explicit and legitimate purposes and we do not further process it in a manner that is incompatible with those purposes.
We only collect data that is relevant to what is necessary in relation to the purposes for which they are processed.
We keep your personal data up to date and we ensure that it is accurate; in case it is inaccurate, having regard to the purposes for which they are processed, we ensure they are erased or rectified.
We ensure to keep them in a safe manner for as long as it is necessary for the purposes for which the personal data are processed and we ensure their safe destruction.
We ensure that your personal data is safe from accidental loss, destruction or damage, unauthorized or unlawful processing, using appropriate technical or organizational measures.
LEGAL BASIS OF PROCESSING
The legal basis of the data processing described above is legal obligation: the processing of your personal data is necessary to be done by us so we can be compliant with the legal obligations to which we are subject. In such a case, if there is no data processing, it will result in law violation followed up by relevant penalties, as well as lack of proper service towards you.
The purpose and the services of our company are subject to the relevant legislation and the way the purpose is fulfilled and the services are offered are compliant to this legislation.
The legal obligation of our company comes from the legislation that defines the way the company operates. The relevant obligations to the legislation ensure that the business transactions between the company and you are always carried out with accuracy, effectiveness and with your own interests in mind.
PUBLIC USE OF YOUR PERSONAL DATA
Your personal data is treated with confidentiality and respect and does not become public, with exception to situations that necessitate their publication.
TIME THAT YOUR PERSONAL DATA IS KEPT
Your personal data is kept not more than the period that is required for the fulfillment of the purposes of the processing; the duration of this period depends on some criteria:
If the purpose for the personal data processing is legal obligation, the period that the said data is kept is determined based on the legislation, the time frame within the supervisory authorities can conduct investigations on the matter, the statute of limitations, as well as your legal interests.
In case of data processing based on your consent, simple of explicit, the period that the said data is kept is based on the ability to withdraw your consent. If you withdraw your consent, your relevant personal data is deleted.
As a company, we preserve the right to alter the current Privacy Notice whenever the need for a change of its contents arises and such an alteration needs to be public. If a new processing purpose arises, which is not already part of this Privacy Notice, and requires the use of your personal data, an updated version of the current Notice will be known to you, before the start of the new process; the updated version of the Privacy Notice will include the new personal data processing, as well as the relevant purposes for it and the processing conditions. Whenever is needed, we will, a priori, require your consent about the new processing.
We collect the personal data mentioned in this Privacy Notice from you, the data subjects.
As controller of your personal data, we affirm that we have taken measures for the protection of your data and have implemented a complete security plan, according to GDPR.
The collection and processing of personal data, within the context of this Privacy Notice, is carried out using fair means and in a way which ensures that we respect the values of confidentiality, personality and human dignity.
The compliance with the current Privacy Notice is based on the good faith, business ethics and free will of both parts, aiming at the efficient cooperation and protection for both.
In case you are unable to exercise your acknowledged, by the Regulation, rights, or have inquiries or wish to lodge a complaint, you have the right to address the Hellenic Data Protection Authority.