Personal Data Protection Policy

Purpose of this Policy:

  1. To ensure you understand what personal data we collect about you and why we collect, use, and share it.
  2. To explain how we use the personal data you share with us in order to offer you an excellent experience when using this Website.
  3. To explain your rights and choices regarding the personal data we collect and process, and how we protect your privacy.

The Natural Environment and Climate Change Agency ("the Agency”) fully complies with the provisions of European Regulation 2016/679 on the "protection of natural persons with regard to the processing of personal data and on the free circulation of such data" and Law 4624/2019.

 

What are Personal Data?

The term “personal data” refers to information and data that can identify and distinguish the data subject, such as name, postal address, email address, contact phone number, etc., which identify or can identify your identity, hereinafter referred to as “Personal Data” or “Data.”

 

What is Personal Data Processing?

Any operation or set of operations performed, with or without automated means, on personal data or sets of personal data, such as collection, recording, Agency, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, deletion, or destruction.

 

Is the Provision of Your Data Mandatory?

The provision of Data to the Agency may be necessary to achieve the purposes outlined in this Privacy Policy or may be optional.
If you refuse to provide mandatory data on the Website, the primary purpose of collecting that data may not be fulfilled—e.g., the  Agency may not be able to fulfill a sales contract or provide other services available through the Website.

The provision of additional (non-mandatory) Data helps improve service quality but is optional and does not affect the main purposes of data collection.

Data Controller

In the context of providing products, the Agency maintains and processes your personal data confidentially and with respect for your privacy, taking technical and Agencyal measures to protect it.

For the purposes of this policy, the data controller is:

Natural Environment and Climate Change Agency (“NECCA”),
207 Mesogeion Ave., Athens 15525

The Agency acknowledges that the protection of personal data, their confidential nature, and their secure handling may be a major concern for users of its online services and Website and confidential handling of personal data may be of major concern to users of its online services and Website. The same concerns are a priority for the Agency and form part of its ethical standards.

This Policy outlines the information and data collected by the Agency and how it may be processed, as well as the actions that the Website user or recipient of the Agency’s services may take in the event they do not wish their personal information or data to be processed in any way. The Agency collects, stores, processes, and uses (hereinafter referred to as ‘processes’) the personal data you provide, to the extent necessary, for the establishment, performance, or termination of a contractual or quasi-contractual relationship with you. For example, such a relationship may arise if you subscribe to a newsletter, participate in surveys or competitions, or contact us for information. In such cases, your personal data is used to securely and effectively process your request.

 

Personal Data Collected

Non-personal data

When visiting the Website, certain data that is not associated with specific individuals (non-personal data) may be collected to improve services. See here our Cookies Policy for more.

Data we collect from you when you visit this Website:

a) Device data: device identifier, operating system and version installed on the device,
b) Time, date, duration of the visit, user location, Internet Protocol (IP) address, browser information, browser language, or related information.

Purpose: this information is collected for statistical analysis regarding user origin and session duration.

Legal basis: user consent during website registration or when sending an email to the contact address (Art. 6(1)(a) GDPR).

Legitimate interest (Art. 6(1)(f) GDPR): data may be processed for system security, fraud prevention, or service request fulfillment, provided these interests do not override your fundamental rights.

 

Personal data

Our website provides the possibility of communication through a dedicated contact form. When submitting this form, we collect and process the following personal data:

  • Full name (or first name)
  • Email address
  • Postal address
  • Telephone number

Purpose of Processing
The personal data submitted through the form are used exclusively for contacting you, in order to respond to your request or provide the relevant information.

Legal Basis for Processing
Processing is carried out on the basis of your consent, which you provide by sending the contact form (Article 6(1)(a) of the General Data Protection Regulation – GDPR).

Data Security
We take all necessary technical and organizational measures to protect your personal data, including the use of SSL/TLS encryption when transmitting sensitive information.

 

Your Rights

  • Right of access (Art. 15 GDPR): To be informed and access your data.
  • Right to rectification (Art. 16 GDPR): To correct or update inaccurate or incomplete data.
  • Right to erasure (Art. 17 GDPR): To request deletion of your data.
  • Right to restriction (Art. 18 GDPR): To request a halt (temporary or permanent) in data processing.
  • Right to object (Art. 21 GDPR):
    • You may object to processing based on your personal circumstances.
    • You may object to processing for direct marketing.
  • Right to data portability (Art. 20 GDPR): To request a copy of your data in a structured, electronic format and transfer it to another provider.
  • Right not to be subject to automated decision-making (Art. 22 GDPR): Especially when such decisions have legal or similarly significant effects.
  • Right to lodge a complaint (Art. 77 GDPR): You may file a complaint with the Data Protection Authority or the competent supervisory authority in any EU Member State.

Supervisory Authority:

Hellenic Data Protection Authority
1-3 Kifisias Ave., 115 23 Athens
Phone: +30 210 6475600
Fax: +30 210 6475628
Email: contact@dpa.gr

You may send a request to info@necca.gov.gr, clearly stating the action or right you wish to exercise. The request must be accompanied by documents verifying your identity.

The Agency will aim to respond in writing within one (1) month. If it cannot satisfy the request, it will provide a written explanation.

 

The Agency is committed to protecting the privacy of all visitors to www.necca.gov.gr, and to safeguarding any personal data provided to us.

By submitting your data to access services/products through the Website, you consent to its collection, processing, and use under this Policy. However, you will always be asked to give explicit consent for each such action.

 

Data Retention

The Agency retains and processes your data for as long as required to provide its services unless you request its deletion.

 

Advertising, Marketing, and Disclosure

To the extent that the User consents to the use of their personal data for advertising and market research purposes, such data may be used accordingly. A prerequisite for such use of personal data is the User’s explicit consent, for example, by activating the relevant checkbox during a promotional action and then clicking a confirmation button. In such cases, the Agency may send the User advertisements for its services and/or products tailored to the User’s needs, or invite the User to participate in programs, initiatives, or competitions. The Agency will communicate with the User via the means the User has consented to, such as email (if the User has provided their email address), or via phone or SMS (if a landline or mobile number has been provided).

The Agency may also use the User’s information to analyze and improve the effectiveness of its website, and for further advertising and market research purposes. The User is entirely free to decide whether, and to what extent, they wish to disclose their information for the aforementioned purposes. Where permitted by the nature of their request and where technically feasible and acceptable to the Agency, the User may contact the Agency anonymously or under a pseudonym.

In processing the User’s request, the Agency may need to disclose personal data to external service providers located in European or non-European countries. The Agency requires these external service providers to use the User’s personal data solely in accordance with its own standards, this Policy, European data protection legislation and case law, and the applicable national regulatory framework.

The Agency does not disclose, sell, or rent the User’s personal data to third parties without the User’s prior explicit consent. However, the Agency reserves the right to disclose information concerning the User if legally obliged to do so or if such disclosure is required by competent governmental authorities, administrative bodies, or law enforcement agencies.

The Agency accepts no responsibility in the event that a User discloses, either to the Agency or to a third party via its website, personal data or information relating to a third party without having first obtained that third party’s consent. The sole responsibility for such disclosure lies with the User who performed it.

Social Networks

Our website may use so-called social plug-ins ("plug-ins") from social networking platforms, primarily the "Like" plug-in from the social network "Facebook." When you visit our website, your browser establishes a direct connection with Facebook’s servers, and the fact that you have visited the Agency’s website is transmitted to Facebook, even if you are not logged in to Facebook and regardless of whether you have activated the corresponding plug-in.

If you are logged into your Facebook account while visiting the Agency’s website, Facebook may associate your access to the website with your Facebook account. If you click the "Like" button, this information will be transmitted to Facebook and stored there, allowing you to share your "Likes" with your Facebook friends.

The Agency has no control over the nature and extent of the data transmitted to Facebook, nor does it have any knowledge of the exact data transmitted or how Facebook uses such data. If you do not wish Facebook to associate your visit to the Agency’s website with your Facebook account, you must log out of your Facebook account before accessing our website.

For more information on the collection, storage, and use of your personal data by Facebook, as well as your available privacy settings, please refer to Facebook’s privacy policy at: http://www.facebook.com/about/privacy/.

Confidentiality, Data Processing Security, and Recipients of Personal Data

The processing of personal data is confined within the Agency, and such data is accessible only to the Agency’s staff solely for the purpose of informing users about the Agency’s programs and activities, provided that the User has consented and voluntarily submitted their personal data for that purpose. The Agency’s personnel are bound by confidentiality obligations.

The Agency has implemented appropriate technical security measures and organizational procedures for the processing of users’ personal data. The collected personal data is stored on servers with restricted access, secured by passwords, and the Agency employs specialized technologies and procedures, along with strict physical, electronic, and administrative safeguards, to enhance the protection of this information against loss or misuse, and to prevent unauthorized access, disclosure, alteration, or destruction.

Recipients of the data, pursuant to legal obligations, partnership agreements, or upon the request and consent of the data subject, may include:

a) Third parties (such as banks or the Independent Authority for Public Revenue - AADE), in order to fulfill a request made by the data subject through the Agency’s Website for the use of a service or to process a payment;

b) Judicial or prosecutorial authorities in cases involving legal claims or criminal acts.

In the event such data is disclosed, the data subject will be informed during the completion of the relevant form or application.

Except in cases explicitly required by law as mentioned above, the Agency will not otherwise disclose, sell, or share any information provided by the user without their explicit consent.

 

Changes to This Policy

We may occasionally make changes to this Policy.

Users are encouraged to review this Privacy and Personal Data Protection Policy periodically in order to stay informed about any amendments. This Policy will always remain in compliance with the applicable legal framework.

Although NECCA reserves the right to amend or supplement this Policy, it will provide notice of any significant changes through this Website at least 15 days prior to the implementation of such changes.