Terms of Use

1. PURPOSE

The purpose of this document is to define the obligations, as well as the policy of NPDD Cave Perama for privacy and protection of personal data

The Administration of NPDD Cave of Perama, is committed to fulfilling the requirements of the General Regulation of Data Protection (GDPR) and recognizes the protection of personal data as a priority. The cultivation of an environment of security and trust, internally and externally, is the beginning of the NPDD Cave of Perama and every necessary resource will be available to ensure it.

The processing and protection of personal data are subject to the terms of this Policy, as well as to the provisions of GDPR and Law 4624/2019, but also to other provisions of national, Community and international law regarding the protection of the individual from processing personal data, as applicable.

Any future changes or adjustments will be the subject of this Policy, which will be amended and re-notified accordingly. In any case, the NPDD Cave of Perama reserves the right to change the terms of protection of personal data, in accordance with the applicable legal framework and information hereof.

2. SCOPE

The policy concerns the processing of personal data by the NPDD Perama Cave.

3. RESPONSIBILITIES

Responsible for the observance of this policy is the NPDD Cave of Perama.

The DPO appointed by the Management has a more general supervision and evaluation of the effectiveness and implementation of the policy.

4. WHAT IS CONSIDERED AS PERSONAL DATA

"Personal data" means any information relating to an identifiable or identifiable natural person ("data subject"); such as name, ID number, position data, online ID or one or more factors that characterize the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person. Personal data relates only to natural persons and can identify a natural person, either directly or on their own, or in conjunction with other information held by the controller. The processing of personal data is governed by the General Data Protection Regulation 2016/679 and any other relevant domestic and European legislation.

5. WHAT IS CONSIDERED AS PROCESSING OF PERSONAL DATA

Any operation or sequence of operations performed with or without the use of automated means, on personal data or on personal data sets, such as collection, registration, organization, structure, storage, adaptation or modification, retrieval , the search for information, use, disclosure by transmission, dissemination or any other form of disposal, association or combination, restriction, deletion or destruction.

6. PRINCIPLES CONCERNING PROCESSING

The NPDD Cave of Perama ensures compliance with the fundamental principles of the Personal Data Protection Regulation both in the processing that is currently performed and in the context of the introduction of new forms or methods of processing that may arise and emerge in the future. Specifically, the principles on the basis of which the NPDD Cave of Perama carries out processing operations in order to be legal and to operate within the framework set by the GDPR, are the following:

• Legitimacy, objectivity and transparency
• Limitation of purpose
• Data minimization
• Accuracy
• Limit the storage period
• Integrity and confidentiality
• Accountability

7. INDIVIDUAL RIGHTS

The rights of data subjects are supported by appropriate procedures that allow the required actions to be taken within the time limits set out in the General Data Protection Regulation. These procedures are recorded, documented and available to the subject at all times, in an easy and accessible manner.

The rights of the subjects are the following:

• The right to information and access
• The right of correction
• The right to delete
• The right to restrict processing
• The right to data portability
• The right to object
• The right to object in profiling cases

8. LEGALITY OF THE PROCESSING

It is the policy of the NPDD Cave of Perama to determine the appropriate legal basis for each processing and to document it, in accordance with the Regulation of Personal Data Protection.

9. PROTECTION OF PRIVACY FROM DESIGN

The NPDD Cave of Perama adopts the principle of prosprotection of personal data from the design of its services and procedures addressed either to citizens and partners, or within it. It also ensures that the identification and design of all new or significantly changed procedures or systems that it is likely to adopt and that collect and process personal data will be subject to appropriate privacy considerations.

When processing operations are likely to result in a high risk to the rights and freedoms of individuals, a data protection risk assessment (DPIA) will be carried out.

The use of techniques such as data minimization, pseudonymization, anonymization and encryption are considered where possible and appropriate.

10. CONTRACTS WHICH INCLUDE PROCESSING OF PERSONAL DATA

The NPDD Cave of Perama ensures that all activities carried out and that require the development of collaborations and the provision of services, which include the execution of personal data processing, or access to personal data in any way are subject to a documented contract that includes the specific information and terms required by the General Data Protection Regulation and the current legislation.

Each contractor or subcontractor shall sign a private contract, autonomous or as an annex to a main contract, in accordance with Article 28 of the GDPR, which states, inter alia:

• Scope and duration
• purpose
• documentation of forms and extent of processing,
• prior authorization in case another processor is used,
• the provision of any documentation demonstrating compliance with the
• General Data Protection Regulation and current legislation.
• immediate notification of any data breach or assistance in this regard.

In addition, a document of confidentiality and confidentiality is signed with each associate of the NPDD Cave of Perama.

The same happens with all the employees of NPDD Cave of Perama who are bound by terms of confidentiality and confidentiality based on operating regulations and relevant contracts.

The rights of employees, contractors and other third parties when they no longer have access to premises or procedures or when their contract expires are adjusted in the event of a transfer of work, revoked or in any case made by authorized persons, at regular intervals or where necessary. , reassessment and re-checking of their accesses.

11. TRANSMISSION OF PERSONAL DATA TO THIRD COUNTRIES

In the event of transfers of personal data outside the European Union, they will be carefully considered before the transfer, in order to ensure that they fall within the limits imposed by the General Data Protection Regulation and current legislation. This depends in part on the European Commission's judgment on the adequacy of personal data safeguards in force in the host country, which may change over time.

Data transfers to third countries within a group, if any, will be further subject to legally binding agreements, referred to as binding corporate rules, which provide enforcement rights for data subjects.

12. DATA PROTECTION MANAGER

A data protection officer (DPO) has been appointed at the NPDD Cave of Perama.

13. STATEMENT OF VIOLATION OF PERSONAL DATA

The policy of the NPDD Cave of Perama is fair and proportionate when considering the measures that must be taken to inform the affected parties about the breaches of personal data. This will be done in accordance with the Event Management Plan which sets out the overall process for dealing with information security incidents.

14. COMPLIANCE WITH GDPR

The following actions are taken to ensure that the NPDD Cave of Perama complies at all times with the principle of accountability of the General Data Protection Regulation:

• The legal basis for the processing of personal data is recorded, clear and unquestionable.
• All personnel involved in the management of personal data understand their responsibilities for the observance of good data protection practice and are bound by obligations of confidentiality, confidentiality and confidentiality.
• Data protection training is provided to all staff, both for the general principles of the Regulation and for the institution's policies and procedures.
• Rules apply to the consent of data subjects, when and if required.
• There are channels and procedures available for data subjects who wish to exercise their rights to personal data and all requests are processed effectively and within the prescribed time frames.
• Procedures related to personal data are reviewed and re-evaluated at regular intervals for possible additions and modifications.
• The principle of privacy during the design is adopted for all the new services and procedures of NPDD Perama Cave.

The following documentation of the processing activities is recorded in a relevant Register of Treatments, in accordance with the requirements of the Regulation:

• Name of body, department and head of department.
• Purpose of processing personal data
• Categories of people involved in each processing of personal data.
• Categories of personal data being processed.
• Legal basis for processing.
• Categories of acceptable personal data
• Agreements and mechanisms for the transmission of personal data to countries outside the EU, including details of controls applied if and when they exist.
• Programs or ways of keeping personal data
• Times of keeping personal data.
• The relevant technical and organizational controls that have entered into force

These actions are reviewed on a regular basis as part of the data protection management process.

It is clarified that the NPDD Cave of Perama, observes and implements separate policies for the collection, use and processing of personal data for each category of its counterparts or for different categories of processing, which need special regulation. The individual policies describe in detail and in accordance with the general principles hereof, more details, your rights and the procedures for their satisfaction, while the company has made relevant notifications to the interested parties. In case you have not been informed or you want more detailed information, you can submit a relevant request to the email address dpospileoperama@ioannina.gr, stating your name, capacity, contact details and exact request.