Privacy Policy

INTRODUCTION

This Privacy Policy (hereinafter the “Privacy Policy”) concerns the website of the National Public Health Organization (NPHO). The NPHO is the owner of all rights to this website (hereinafter “the website”), which is posted under the domain name: https://eody.gov.gr/, including all its data – content, texts, documents, software, and overall design.

The NPHO attaches particular importance to the protection of personal data. For this reason, it has drafted this Privacy Policy in order to inform users about the way their personal data are processed when collected through the operation of this website.

DEFINITIONS OF PERSONAL DATA (Note: according to Art. GDPR)

  • Personal Data: any information through which a natural person (“Data Subject”) is identified or can be identified.

  • Data Controller: the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of processing personal data. In this case, the NPHO is the Data Controller for the processes described in this Policy.

  • Processor: the natural or legal person, public authority, agency, or other body which processes personal data on behalf of the Data Controller.

  • Data Subject: the identifiable natural person, whose identity can be verified, directly or indirectly, especially by reference to an identifier such as a name, identification number, location data, online identifier, or one or more factors specific to the physical, physiological, genetic, psychological, economic, cultural, or social identity of that person. In this case, the Data Subjects are the users of the website.

  • Recipient: the natural or legal person, public authority, agency, or other body to which the personal data are disclosed, whether a third party or not. Public authorities which may receive personal data in the context of a specific inquiry under Union or Member State law are not considered recipients.

DATA CONTROLLER

National Public Health Organization (NPHO)
Address:-5 Agrafon Str.,5123, Athens
Tel.: +3010212000

For any matter relating to the processing of your personal data, you may contact the NPHO Data Protection Officer at: dpo@eody.gov.gr.

COLLECTION OF PERSONAL DATA: PURPOSE AND LEGAL BASIS

When a user visits the NPHO website and interacts with it, personal data may be collected.

The purposes of processing, the categories of data processed, and the corresponding legal bases are as follows:

1. Communication via email

When you send a message to the Organization through the email addresses listed on the website, we process the following data:

  • Full Name

  • Email Address

  • Any personal data contained in your message

The legal basis for processing depends on the nature and subject of your message and includes compliance with NPHO’s legal obligations, the exercise of its official duties, and safeguarding the public interest (Art.(1)(c) and (e) GDPR). If your request contains special category data, the legal basis for processing is Art.(2)(e) GDPR.

Access to your personal data is granted to the competent NPHO departments in order to respond to your request.

Your personal data are retained until the matter to which your message refers has been resolved, unless legislation provides for longer retention or the data are necessary for the establishment, exercise, or defense of NPHO’s legal claims.

2. Publication of Decisions and Acts on the NPHO website

To comply with the obligations set by Law727/2020 (Digital Governance Code), NPHO publishes on its website all legally required decisions and acts under Chapter IA “Digital Transparency – Diavgeia Program.” The legal basis for this processing is compliance with legal obligations (Art.(1)(c) GDPR).

If your personal data are processed for inclusion in such acts or decisions, these are processed exclusively for that purpose, as provided by law. Such data may include your name and surname.

3. Sending of Newsletter

If you wish to receive updates on NPHO’s news and activities, you may subscribe by providing your email address. Submission of your email constitutes consent for receiving the newsletter.

Purpose: Sending NPHO’s electronic newsletter.
Legal Basis: Your consent (Art.(1)(a) GDPR).

We retain your data as long as you remain subscribed, and we delete them within two (2) months after withdrawal of your consent.

The newsletters may be sent using third-party software providers, who in such cases act as Data Processors.

4. Automated Data and Metadata Collection

Automatically collected information may include:

  • User’s IP address (assigned by your internet provider). The IP address and any associated data (e.g., approximate city-level location) are retained only under legal conditions.

  • Browser type and operating system.

  • Websites and links selected (clicks) within the NPHO website.

  • Basic connection information with the server.

  • Information collected through technologies such as “HTML cookies,” “Flash cookies,” “web beacons,” and similar tools.

These elements (points.2–3.5) are collected solely for the proper technical operation of the website.

TRANSFER AND DISCLOSURE OF PERSONAL DATA

Your personal data are not transferred to third parties, except to the provider of development, support, and hosting services of the website. The provider has contractually committed to safeguard your personal data.

The data are stored on servers located in Greece and other EU countries.

DATA SUBJECT RIGHTS

The NPHO facilitates the exercise of the following rights. For any questions regarding the processing of your personal data, you may contact us at dpo@eody.gov.gr.

At the same address, you may exercise the following rights:

  • Right of Access: to know whether your data are processed and, if so, to obtain a copy.

  • Right of Rectification: to request correction of inaccurate or incomplete data.

  • Right to Restriction: to request limitation of processing, e.g., preventing deletion of data you consider necessary for legal claims.

  • Right to Object: to object to processing.

  • Right to Erasure: to request deletion of your data.

  • Right to Withdraw Consent: to revoke your consent at any time.

  • Right to Lodge a Complaint: if you are dissatisfied with how your data are processed, you may file a complaint with the Hellenic Data Protection Authority: https://www.dpa.gr/polites/katagelia_stin_arxi.

AUTOMATED DECISION-MAKING

The NPHO does not carry out automated decision-making.

AMENDMENT OF THIS POLICY

The NPHO reserves the right, whenever deemed necessary, to amend this Policy, either in whole or in part, and publish the updated version on this website.

Any modification takes effect immediately upon posting. Users are advised to consult this Policy periodically to ensure awareness of its most recent version.

Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.