Privacy Policy

GDPR

Update of the Greek National Tourism Organisation for Personal Data Protection according to the Regulation (EU) 2016/679 and the pertinent Greek legislation


As of 25.5.2018 the General Regulation for Data Protection (EU) 2016/679 is applied, known as GRDP, by which the framework of protection of the subjects of data is reinforced, as regards the processing of data of personal character in the European Union. Greek National Tourism Organisation with respect to the personal data complies with GRDP within the scope of the activity and its goal and takes the provided technical and organisational measures for the effective protection of personal data, as provided in the GRDP and further in the Greek legislation.

Head of Processing – Contact data

Greek National Tourism Organisation is responsible of processing with the following contact data:
Address of registered offices: 7, An. Tsoha street, Athens], Τ.Κ. 11521
Telephone: 210 8707000
E – mail: dpo@gnto.gr


Which personal data are collected and how?

The personal data that Greek National Tourism Organisation collects and processes are only those that are considered necessary for any specific and clearly defined goal and the specific legal basis.

Within this scope, the processing that takes place regards personal data that you provide in the Greek National Tourism Organisation in real interactive time, when you use our services, our official web sites, for instance a request, or you are a worker such as:
  • Surname and Name
  • Ε-mail address
  • Nationality
In any of the cases the processing is founded in the receipt of consent, Greek National Tourism Organisation abides by the provided by Law proceedings for the receipt hereof.


For which purposes is the processing effected and which is its legal basis?

The personal data are collected according to GRDP and the legislation in force, either by the commencement of your relation with the Organisation or after that and they constitute an object of processing by a legal basis:
  • Your consent, when required
  • The execution of an agreement by and between us
  • The fulfillment of our legal obligations
  • The safeguarding of vital interest
  • The fulfillment of duty for the public interest
  • The safeguarding of our legal interest or of a third party
Greek National Tourism Organisation can process your personal data, for the following purposes per legal basis:

1. With your consent
Transfer of personal data to third parties
Dispatching of updates

2. For the fulfillment of the contractual obligation in the event of entering into an agreement with the Greek National Tourism Organisation or according to the pre-contractual process
For the communication upon the pre-contractual process or upon the execution of the agreement

3. For the fulfillment of our legal obligations
Update of data of staff in insurance entities, the State Audit Council etc.
For the fulfillment of our obligations according to the legislation into force against public authorities and entities (Supervisory, Independent, Police, Judicial Authorities).

4. For the safeguarding of your vital interest or of a third party
In the event that your life or the life of a third party is in danger

5. For the fulfillment of duty for the public interest
The provision of First Degree and Second-Degree health care

6. For reasons of our legal interest, as:
For the development and the improvement of our provided services through your activities and your interests.
For the handling of your complaints.
For the protection and the safety of IT systems.


Who are the receivers of my personal data?

The staff of the Organisation has access to your personal data, within the scope of execution of the duties assigned by the Greek National Tourism Organisation as responsible for processing.
Greek National Tourism Organisation is obliged or is entitled to communicate your personal data to various third party receivers such as:
  • Public entities
  • Independent authorities
under the provision of the compliance in any event of the classified and the confidentiality and secrecy duty.


How long are my data preserved?

Greek National Tourism Organisation keeps your personal data only for the period required for the purposes of processing. However, it has to preserve the personal data for a time period defined by the legal and regulatory framework in force.


What are the cookies and why does the Greek National Tourism Organisation selects them?


In order to ensure that our website operates properly, sometimes it is possible to store a small part of data that is known as cookie in your computer or your mobile device during the visit in our website. A cookie is a text file that is stored by a web server to a computer or a mobile device. The content of a cookie can be retrieved or read only by the server that creates the cookie. The text in a cookie often consists of identifiers, website names and certain numbers and characters. The cookies are unique for the browser or the mobile applications that you use and they allow to websites to store data as your preferences. Read our cookie policy here.


How my data are protected?

In the Greek National Tourism Organisation we work on a daily basis in order to ensure that the personal data that we receive:
  • Are subject to a legal and legitimate processing in a transparent manner related to the subject of data.
  • Data are collected exclusively for specific and legal purposes.
  • Data are sufficient, they are related to the purpose for which are collected and they are limited to the necessary data.
  • They are accurate and updated.
  • They are maintained exclusively within the defined time framework and not for a longer period.
  • They are subject to processing in such a way in order to ensure their necessary protection.


What are my rights?

Greek National Tourism Organisation processes automatically and does not create a profile for any natural person for who it maintains the personal data.
The subject of the data has the following rights:

The right to access
At any time, you can be informed by us for your personal data that we maintain, and have access to them.

The right to data correction
You have the potential to address to us in order to correct the data that are inaccurate or insufficient.

The "right to oblivion"
Provided that we are not obliged by a legal framework to maintain the data that we keep and are related to you, you can ask us to delete them.

The right to data transferability
You can ask us to transfer your data to another public or private entity.

The right to objection and the limitation of processing
In the event that you disagree with the way that we process your personal data you can request the stop or the limitation of processing.

The right to lift consent
You have the right to withdraw your consent in the processing of your data at any time.

Greek National Tourism Organisation will make any endeavor to respond to the request that you will submit without delay and in any event within a month from its receipt. The above deadline is extended for two (2) more months, provided that this is necessary considering the complexity of the request and the multitude of requests. The organisation will inform you of the above time extension within a month from the receipt of the request, as well as of the reasons of the delay. If you have submitted the request by electronic means, the update is provided, if possible, by electronic means, unless it is otherwise asked by you.
Provided that the Greek National Tourism Organisation satisfies your request a) for limitation of processing of your data or b) for refusal of processing your data or c) for deletion of your data from the files of the organisation and provided that they are necessary for the entering into or the continuation and execution of the agreement, then this entails by right either the termination from your part of the corresponding agreement or the non-potential of processing of your relevant request.

In any event, Greek National Tourism Organisation has the right to refuse the satisfaction of your request for limitation of the processing or the deletion of your personal data, if this processing is necessary for the foundation, exercise or support of its legal rights or the fulfillment of its obligations.
The above services are provided for free. However, in the event that your requests are clearly unfounded, excessive or reiterated, the organisation may either impose a reasonable termination, informing you relatively, or to refuse to respond to them.

To exercise your rights, press here


Revocation of consent

You have the right to revoke your consent at any time. The revocation of your consent does not affect the legitimate nature of the processing based on it and was effected prior to its revocation.


Head of Data Protection

In the event that you have questions about your data protection and your rights, you can send an email to dpo@gnto.gr or to address in writing to the following postal address: 7, An. Tsoha street, Athens, Zip Code 11521, Greece and we will reply to them the soonest possible and not later than a month.


Personal Data Protection Authority

You have the right to submit a complaint to the Personal Data Protection Authority (www.dpa.gr), that is the competent supervisory authority for the protection of the essential rights and liberties of the natural persons against the processing of their personal data, provided that you consider that your rights are affected in any way whatsoever.
We urge you to see the Policy on Personal Data Privacy and Protection of the GNTO in the following link Policy on Data Protetion and Privacy