THE REGION OF WESTERN MACEDONIA (hereinafter “Region“) recognizes and respects the right to protect the personal data of visitors or users of its website and for this reason has adopted this Privacy Policy (hereinafter “Policy“). This Policy is addressed to you – the visitors or users of the website en.pdm.gov.gr (hereinafter the “Website“) of Region – and describes the way in which Region collects and processes your personal data during the visit and navigation on it. As a visitor and/or user of the Website, you must carefully read the personal data protection conditions mentioned in this Policy. By browsing the Website and any interaction you have through it, you accept the terms of this Policy. If you do not agree with the terms that govern this, please stop browsing the Website.
Controller
The controller is the REGION OF WEST MACEDONIA, which is based in Kozani, ZEP Region, tel .: 24610-52610-3, email: info@pdm.gov.gr
Data Protection Officer
PDM has appointed a Data Protection Officer, who monitors its compliance with Regulation 2016/679, who you can contact at the contact email: dpo@pdm.gov.gr
Basic definitions
What is personal data?
Personal data or personal data is any information relating to an identified or identifiable natural person (“data subject”), such as name, e-mail address, VAT number, etc. Identifiable is defined as a natural person whose identity can be ascertained, directly or indirectly, in particular by reference to an identification element, such as a name, an identification number, location data, an online identifier (IP address, e- mail , etc.) or to one or more factors that characterize his physical, physiological, genetic, psychological, economic, cultural or social identity.
What are special category data?
Special categories of personal data are personal data that reveal racial or ethnic origin, political opinions, religious or philosophical beliefs or participation in a trade union organization, as well as the processing of genetic data, biometric data for the purpose of uniquely identify a natural person, data concerning health or data concerning a natural person ‘s sexual life or gender orientation.
What is personal data processing?
Processing of personal data is any operation or set of operations which is performed with or without the use of automated means, on personal data, such as the collection, registration, organization, structuring, storage, adaptation, alteration, retrieval, information retrieval, use, transmission to third parties, dissemination, association, combination, restriction, erasure and destruction of personal data.
What is a controller?
Controller is the natural or legal person, public authority, agency or other entity that, alone or jointly with others, determines the purposes and means of processing personal data.
What is a processor?
The processor is the natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller.
What is a recipient?
Recipient is the natural or legal person, public authority, agency or other body, to which the personal data are disclosed, either it is a third party either no. However, public authorities they may receive data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients, the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.
What is data subject consent?
Consent of the data subject is any free, specific, nformed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
What personal data do we collect and how?
During your visit and navigation on our Website, we collect your personal data as follows:
- by automated means: when you navigate our Website
- through cookies: according to the Cookies Policy we have adopted
Purpose and Legal basis for processing personal data
During the general use of the Website
The purpose of processing your personal IP data and the operating system of your device for the proper functioning of our Website , dealing with technical issues as well as optimizing it is PDM’s legitimate interest , which has been weighed against your rights and freedoms in a fair way.
Cookie data based on your consent. You can find out about the processing of cookies by Region from the Cookies Policy.
In the case of exercising or defending legal claims, Region processes your personal data based on its best legal interest.
Recipients of the data
The personal data of visitors and/or users of our website services are shared with their recipients based on compliance with the necessary conditions for their protection and security in accordance with Regulation 2016/679 as well as after the appropriate data processing contracts have been signed when this necessary.
Data retention time
The personal data concerning the visitors of the Website and/or its users are kept for as long as you interact with our Website or for as long as is necessary for the purpose for which we collected them and then they are deleted.
As an example, personal data from visits to our Website are automatically deleted after 14 months, e- mail contact details and subject category selection when the user withdraws his consent.
The personal data processed by Region for the provision of electronic services are kept in accordance with the respective times stipulated by the current legislation.
Data Security
To protect the personal data of our website users and visitors, we use a secure connection (https://) and appropriate and sufficient data security measures to prevent the risk of loss, misuse, unauthorized access and disclosure of your personal information.
Your Rights
Regarding the protection of your personal data, you have the following rights:
a) right of access, i.e. the right to be informed if personal data concerning you is being processed, to receive a copy of it, to be informed about its processing, as long as the relevant information is not included herein.
b) right of rectification, i.e. the right to request the correction of inaccurate personal data.
c) right to deletion, i.e. the right to request the deletion of personal data concerning you, when:
– you have withdrawn your consent on which the processing is based,
– are no longer needed for the purposes for which they were collected,
– in the event that you find that they are processed in another way or illegally,
– if you object to the processing,
– your personal data must be deleted in order to comply with a legal obligation under EU law or Greek law to which Region is subject.
Region reserves the right not to exercise your right to erasure if the processing is necessary:
– to comply with a legal obligation that imposes the processing based on Union law or Greek law
– for the fulfillment of a duty performed in the public interest or in the exercise of public authority assigned to Region,
– to establish, exercise or support legal claims.
d) right to restrict processing when:
– their accuracy is disputed so you can verify their accuracy
– the processing is illegal but you do not wish to delete them
– the processing of the data is no longer necessary for the purposes for which it was collected, however it is necessary for Region to exercise or defend legal claims
– you object to their processing and await the verification of its result.
e) right to portability, i.e. the right to request to receive the data concerning you in a structured, commonly used and machine-readable format , as well as to transmit said data to another data controller and
f ) the right to object to the processing of your personal data, unless there are compelling and legitimate reasons for the processing that override your interests, rights and freedoms.
g) right to complain to the competent Authority: you have the right, if you believe that your rights regarding the protection of your personal data have been violated, to file a complaint with the Personal Data Protection Authority https://www.dpa.gr/el .
Region does not make decisions in an exclusively automated manner.
How to exercise rights
To exercise your rights, you can contact Region by sending an email to address: info@pdm.gov.gr or dpo@pdm.gov.gr or by post, to our above address.
The Data Subject Request Form is available in docx format
In order for Region to implement the request for the exercise of your right, you should have submitted a clear request and identified you. The timeframe for responding to your requests is one month from the receipt of a valid and accurate request, unless it is particularly complex or a series of your requests have been submitted together, in which case this period will be extended to three months.
Policy Amendment
Region reserves the right to amend this, while the revised text becomes effective from the date of its posting.
Last modified 7/5/2024.
