We support the right to privacy. We take the protection of your personal data and their confidential treatment seriously. And we process your personal data exclusively within the legal framework of the data protection provisions of the European Union, particularly the General Data Protection Regulation (hereinafter: GDPR).
This data protection policy statement describes when, how and for which purposes we’ll process your personal data. It also points out the rights you have regarding the processing of your data. In particular, you’ll find information on
- who is legally responsible for the data processing (data controller)
- the data collection and logging that we carry out automatically when you visit our website
- the social plug-ins we use on our website
- the web analytics tool we’ve chosen to analyse usage of our website
- your rights as a data subject
- your right to lodge a complaint
1. Responsible data controller
According to data protection legislation and especially the GDPR, the responsible data controller is:
Centre for Research and Technology Hellas (CERTH)
6th km Charilaou-Thermi Rd
P.O. Box 60361
GR 57001 Thermi, Thessaloniki
represented by Stefanos Vrochidis, Researcher C’
T +30 2311 257754
CERTH’s Data Protection Officer is:
You can contact her and CERTH’s data protection supervision via:
2. Data collection and logging
When you access our website on your device, we process the following data:
- IP address
- date and time of access
- referrer (i.e. the site you’ve accessed before, the one that brought you to us)
- duration of visit
- type of device
- type of operating system
- type and version of browser
- volume of data sent
We process this data on the basis of GDPR Article 6 (1) point f (legitimate interest), as we require them to provide the service, ensure technical operation, and investigate/ remove malfunctions.
We erase the data after 15 days – unless we need them (under exceptional circumstances) for a longer period for the above-mentioned purposes. In such a case, we erase the data as soon as they’re no longer required.
3. Social Plug-ins (LinkedIn, Twitter)
This website uses plug-ins for the following social networks:
- LinkedIn (LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA). You can recognize it by the LinkedIn logo
- Twitter (Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA). You can recognize it by the Twitter logo (in this case: a blue bird on a blue square).
When you click on a social network button, your browser uses this social plug-in to set up a direct connection to the server of the relevant social network. The legal basis for the transfer of data to the previously mentioned social networks is your consent (pursuant to Art. 6 Para. 1 letter a, 49 Para. 1 letter a GDPR). In this respect, your personal data might be transferred to bodies in a third country (outside the European Union), although a level of data protection comparable to that under EU law isn’t guaranteed. We have no influence on the scope of the data which is collected by the social media operators in this way. The operators process the information that you have called up our website. If you’re also logged into one of the social media platforms at that time, the operator can match your account with the relevant social network site. If you then also interact with the social plug-in by clicking e.g. “like” or “share”, the relevant social media site will process that information.
Please be aware that – even if you are not a member of one of these social networks – it’s possible for them to identify your IP address through the social plug-in, and they might store and process this information. You can find further information about the scope and purpose for which data is processed, collected and used by the respective social networks, as well as your rights in this respect and the setting options in each social network’s data protection policy:
If you don’t want social networks to collect data via our website, make sure you don’t click on the relevant buttons. In addition, you can block social plug-ins via add-ons in your browser. However, there is no guarantee that your data won’t be stored and processed by the social networks.
4. Web analytics (Matomo)
The legal basis for the use of Matomo is your consent according to GDPR Article 6 (1) point a. If you want to disable cookies for the future, you can do so by changing your browser settings.
5. Your rights as a data subject
As a data subject you are entitled to the following rights:
- Right to information: You have a right to access the data we’ve stored about you as a person.
- Right to rectification and erasure: You can require us to correct inaccurate data or – provided that the legal grounds are in place – to erase your data.
- Restriction of processing: Provided that the legal grounds are in place, you can require us to restrict the processing of your data.
- Data portability: If you’ve provided us with data on the basis of a contract or your consent, and as long as there are legal grounds, you can require us to send you the data you gave us in a structured, commonly used and machine-readable format, or you can require us to send your data to a different controller.
- Objection to data processing on the legal basis of “legitimate interest” under GDPR Article 6 (1) point f: If there are reasons arising from your specific situation, you are entitled to object to our processing of your data at any time, provided that such an objection has its legal basis in a “legitimate interest”. If you make use of your right to object, we shall discontinue the processing of your data, unless we can – within the parameters of the law – demonstrate compelling legitimate grounds for further processing, outweighing your own rights.
- Revocation of consent: If you’ve given us your consent to the processing of your data, you can revoke the same at any time with future effect. This, however, doesn’t affect the legitimacy of processing your data until the date of revocation.
To exercise any of the aforementioned rights, please use the contact details as provided in clause 1 of this data protection policy. When you do so, please make sure we can clearly identify you.
If you have any questions about the processing of your personal data, your rights as a data subject or any consent you may have given, please feel free to contact us. We’ll provide further information, free of any charges.
6. Your right to lodge a complaint
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.
Photo by Bernard Hermant