PERSONAL DATA PROTECTION POLICY

The Civil Non-Profit Company ASCLEPIUS OH places the utmost priority on the protection of privacy and is committed to providing the appropriate guarantees for the protection of the personal data it collects. This Personal Data Protection Policy provides you with information on the type of personal data collected through the website (hereinafter “Website”) or through the e-mail addresses the company maintains, the purpose of processing the data, the way the collected data is handled, as well as and your rights in accordance with the General Data Protection Regulation (GDPR) EU 2016/679, the Greek law, as applicable, and the applicable Regulatory Acts of the Personal Data Protection Authority.

In which cases and what kind of personal data do we collect?
ASCLEPIUS OH collects personal data, such as the first and last name, father’s name, email and/or postal address, contact phone number, etc., when and where necessary, directly from the subjects themselves who act voluntarily, and not through partners or third parties, and specifically in the following cases:
i. When you fill in the membership application form, the online contact form or send an email to: [email protected]
You are asked to fill in said personal data voluntarily and only if you wish to do so.
During your navigation on the Website where we collect data through cookies and the Google Analytics tool in order to improve the user experience and collect information about website traffic and the type of pages you navigate. For more information about the cookies used by the Website, please read the Terms of Use.
When you visit the website, the server records your IP address in a special log file, which constitutes personal data, even if we are not able to identify you on the basis of said address. Log files help us record information about the type of browser you use and other information, such as the date and time you visited the Website. The above data is stored for up to thirty (30) days in order to ensure network security and to acquire information from accidental events or illegal or malicious actions, which may compromise the availability, authenticity, integrity and confidentiality of the stored data and operation of the Website. During the thirty (30) day period, only the authorized server administrator has access to the files and afterwards files are automatically deleted.

Why do we collect your personal data?
ASCLEPIUS OH collects only the personal data that are strictly necessary for the purpose for which they are intended, while they are not subjected to any further processing in a manner incompatible with the purpose for which they were collected. ASCLEPIUS OH does not transmit or send personal data of subjects to third parties in any way, except for the specific cases listed below (in the next section), and always in accordance with the purpose for which they are collected.

The personal data we receive are subject to processing for the following purposes:
To contact you in response to your request, question, or comment submitted on the Website.
To send you updates about events and new programs of ASCLEPIUS OH, as well as about activities of ASCLEPIUS OH in general.
To take stock of the actions of ASCLEPIUS OH and to draw up financial reports – reports in anonymized form, so that they are not identifiable, to serve internal purposes of operation, financial control and commercial development.
To maintain a historical record and conduct statistical analyses regarding the operation of ASCLEPIUS OH, which are maintained in a non-identifiable form.
To promote commercial actions and to advertise ASCLEPIUS OH in printed or electronic media as well as on social networks.

Who are the recipients of your personal data?
Recipients of your personal data are the authorized employees and external partners of ASCLEPIUS OH, who act under the company’s orders and on its behalf, while all the above natural or legal persons already have a contractual obligation of confidentiality and protection of the personal data they may receive or / and process in any way, always in accordance with the purpose for which they were collected. Data collected are under no circumstances disclosed to third parties, are not made public, nor are they subject to other types of processing, other than those limitedly specifically stated in this policy.

Where and for how long are your data retained?
Your data are retained in the system of ASCLEPIUS OH, which is hosted on a server in a specially configured and predetermined space in a computer center (hereinafter “Data Center”), located in the Greek territory. The management of the server is carried out by the provider company in accordance with the appropriate methods and international practices, ensuring that access to the information is exclusively available to its staff that is authorized for this purpose, for which it undertakes an explicit obligation of confidentiality and protection of personal data.
As a general principle, ASCLEPIUS OH retains the personal data of subjects in an identifiable form only for as long as necessary, as determined by the processing purposes for which the data are collected, as well as to fulfill tax and other statutory or contractual obligations. There are express storage periods for each category of data. For example, data processed by virtue of a contractual relationship are kept for a longer period of time, even after the expiration of the contract, in order to protect the legal interests of ASCLEPIUS OH and its members. In other cases, ASCLEPIUS OH may retain the personal data of subjects in anonymized form so that they cannot be identified, for statistical and research purposes.
The rules for determining the retention period result from compliance with applicable data protection legislation, international best practices and the Personal Data Retention Policy applied by ASCLEPIUS OH to minimize and erase your personal data.

What guarantees do we take to protect your data?
ASCLEPIUS OH has taken the necessary technical and organizational measures by applying the most appropriate technical mechanisms to protect the content in order to ensure the safest possible environment for you, in accordance with the corresponding legislative provisions. In this context, it regularly checks the security systems and limits access to the personal data of subjects only to employees and agents, who need to be aware of this data and who are expressly committed to keeping this data strictly confidential, with relevant confidentiality and personal data protection statements.

What are your rights regarding your data and how can you exercise them?
In accordance with the General Data Protection Regulation EU 2016/679 (hereinafter the “Regulation”), you can exercise the following rights regarding the management of your data by ASCLEPIUS OH:
A) Right of access: you can be informed by ASCLEPIUS OH if your data is being processed and if so, which data is being processed, who are the recipients, what is the purpose of their processing, etc.
B) Right of rectification and erasure (right to be forgotten): You have the right to request that any inaccurate data relating to you are corrected and/or their partial or total erasure subject to certain conditions, in accordance with the afore-mentioned Regulation.

C) Right to restriction of processing: you may request the restriction of the processing of your data in the cases expressly authorized by the Regulation.
D) Right to data portability: you may request the data you provided in a structured, commonly used and machine-readable format, once this has been determined by the relevant national supervisory authority.
E) Right to object: you may object to the processing of your data at any time.
F) Right to lodge a complaint to the supervisory authority in the case of an unlawful processing operation.
It is clarified that ASCLEPIUS OH has the right to refuse your request to limit the processing or erase your personal data or your opposition to the processing, if the processing or retaining of the data is necessary for the establishment, exercise or support of legal rights or the fulfillment of its obligations.
In order to exercise the above rights or if you have questions about the personal data protection policy or if you need help exercising or understanding your privacy options you can contact our Data Protection Officer. ASCLEPIUS OH will make every effort to respond to your request(s) within thirty (30) days from their submission. This deadline may be extended for an additional sixty (60) days at the absolute discretion of ASCLEPIUS OH, taking into account the complexity of the request and the number of requests, after informing you in a timely manner.

Data Protection Officer
ASCLEPIUS OH has appointed a Data Protection Officer to monitor the observance of the Personal Data Protection Policy, the individual Policies and Procedures for the processing of personal data, and in general the application and compliance with the applicable European and national legislation.
For any issues related to the management of your personal data or in case you wish to exercise your above rights, you can send a relevant written request to the DPO via the email address [email protected].

Supervisory authority
The Greek supervisory authority responsible for the implementation of the General Data Protection Regulation EU 2016/679 is the Independent Personal Data Protection Authority. You can contact the above Authority for issues related to the management of your personal data: 1-3 Kifisias Ave., PC 11523 Athens, tel. 210-6475600, [email protected], www.dpa.gr.