The non-profit organization with the name: “Hellenic Institute for the Study of Sepsis” (hereinafter referred to as the “Institute”), pays special attention to the legal collection, processing, use, security and protection of your personal data, by whatever capacity you communicate or cooperate with us, e.g. site visitors, collaborators, employees, participants in a clinical study.
The Institute is the Controller for the personal data being processed during your navigation in its website (sepsis.gr) and is always at your disposal for any further information or clarification.
Our Institute is based in 88 Michalakopoulou Street, 11528, Athens, Greece, telephone number: (+30) 210 7480662, e-mail: firstname.lastname@example.org.
1. Our website
The domain sepsis.gr is the website of the Institute and provides a wide range of information about the activities of the Institute.
2. What kind of personal data do we process?
When you browse our website, we process the following categories of personal data:
- Data collected through cookies that are installed on our website and for which you can find information here
As part of our website’s operation we do not collect data of specific categories (racial or ethnic origin, political views, religious or philosophical beliefs, membership in a trade union, as well as processing of genetic data, biometric data for the purpose of indisputable identification of a person, health data or data that concern a natural person’s sexual life or sexual orientation). We therefore urge you not to send data in this category and we inform you that in case of sending them the Institute will immediately proceed to delete them.
3. Purpose of Processing your Personal Data
The Institute and/or third parties under its instructions and on its behalf (data processors) process your personal data exclusively for the following purposes:
a. to improve the operation of our website and your browsing experience, by using cookies. Learn more about our website’s Cookies Policy here.
Your data is being processed solely for the above mentioned purposes or in certain occasions for the purpose of the legal/regulatory compliance of the Institute or for supporting our legal claims.
The processing of your personal data is carried out in compliance with the basic principles of personal data protection, which are imposed by the General Data Protection Regulation, i.e. lawfulness, objectivity and transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity and confidentiality and, finally, accountability.
4. Legal basis for the processing
Regarding the personal data we collect via cookies installed on our website, processing is based on your explicit consent.
5. Who has access to your personal data?
Access to your personal data has exclusively the necessary, in each case, personnel of the Institute, who has received the required information regarding the safe processing of your personal data.
Moreover, access to your personal data might also have the Companies and individuals partners that cooperate with us (data processors), when a specific processing has been assigned to them by the Institute, such as the IT company that supports our website. The processing of personal data by the data processors is carried out under the explicit instructions of the Institute and under the guarantee that all appropriate technical and organizational measures to protect your data have been taken.
Third parties who may have access to your data are official government and supervising bodies (e.g. law enforcement and prosecuting authorities, supervising authorities, etc.), when we are under a legal obligation, when transferring relevant data is deemed necessary for important reasons of public interest, as well as for the establishment, exercise or support of legal claims.
6. Transferring of personal data outside the EEA
Your Personal Data is transferred outside of the European Economic Area (EEA). Specifically, the Institute transfers your personal data to the company SiteGround, based in Bulgaria, which provides web hosting services and which hosts our website in UK.
SiteGround processes data under the standard contractual data protection clauses issued by the European Commission. This transfer is therefore lawful and ensures a satisfactory level of personal data protection of the European citizens.
7. Do we use automated decision making / including profiling when processing your Data?
We do not make decisions, nor profiling, based on automated processing of your Data. Cookies are used on our website, always after your informed consent. Find out about the Cookies Policy (here).
8. Retention period of your personal data
Your personal data is retained only for the reasonable period of time required by the nature of the data processing, the fulfillment of our legal obligations to retain such data and the support of any legal claims we may have. In any case the data are not kept for a period longer than 20 years.
9. Links to other websites
The potential interconnection of this Website with other third parties’ websites through links, hyperlinks, banners, etc., does not entail any liability on behalf of the Institute for the content of those websites, the quality and completeness of any promoted products or services or the implemented policy on the protection and processing of personal data. The individual should make sure to inform themselves about the protection and processing of their data from the above websites by reading their respective personal data protection policies.
10. Safety of your data
We commit to safeguard your personal data by taking appropriate organizational and technical measures to secure and protect your Data from any form of accidental or improper processing. Please note that our authorized staff, who process your personal data, has also received appropriate guidance and information regarding safety and security of your data.
The measures we take are reviewed and amended when deemed necessary
11. Your rights as data subjects
As a Data Subject you have the following rights:
1. Right to access your personal data.
This means that you have the right to be informed by us about whether we process your data. If we process your data you can request to be informed about the purpose of processing, the type of data we keep, to whom we send it, how long we store it, whether we do automated decision-making, as well as about your other rights, such as rectification, erasure of data, restriction of processing and to lodge a complaint with the Hellenic Data Protection Authority.
2. Right to rectify inaccurate personal data.
If you find that there is an error in your Data you can request a rectification (eg name correction).
3. Right to erasure/right to be forgotten
You can request from us to delete your personal data if it is no longer necessary for the above mentioned processing purposes or if you wish to withdraw your consent in case this is the only legal basis for the processing.
4. Right to data portability
You can request from us to receive in readable format the Data you have provided or request from us to transfer your Information to another data controller.
5. Right to restriction of processing.
You can request from us to restrict the processing of your Data for the period that the examination of your processing objections is pending.
6. Right to object to the processing of your personal data.
You may object to the processing of your personal data, if it is carried out upon the legal basis of our legitimate interest. In that case, we shall stop processing your data, unless there are other compelling legitimate grounds for the processing which override your right.
7. Right to withdraw your consent.
You can withdraw your consent at any time, in cases where processing is based on that legal basis.
12. How can you exercise your rights?
- If you wish to receive further information regarding the processing of your personal data or to exercise any of the above rights, to withdraw your consent in the event that you have provided it, you may contact the Institute’s delegated Data Protection Officer at: email@example.com or send a letter to the above mentioned postal address (88 Michalakopoulou, 11528, Athens, Greece,) stating “To the attention of the Data Protection Officer”, with a description of your Request and we will make sure to examine it and respond to you as soon as possible.
- Our response to your request will take place within (1) one month of receipt and without any cost for you. The above time period might be extended for two (2) additional months, due to the complexity or the number of requests, in which case you will be informed of the time extension as soon as possible and in any case no later than one month from receiving your request. In this case we will inform you about the delay and its reasons.
- In cases where the request is considered obviously unfounded or excessive, the Institute may either refuse to process it or request a reasonable fee for its processing, taking into account the administrative costs of providing information or performing the requested action.
- In case: a. you consider that your request was not sufficiently and legally satisfied or b. you consider that the right to the protection of your personal data is violated by the processing that we perform, you have the right to lodge a complaint with the Hellenic Data Protection Authority (postal address 1-3 Kifissias, 115 23, Athens, tel. 210. 6475600, e-mail address: firstname.lastname@example.org).
We will update this Policy whenever deemed necessary. If there are any significant changes to the Policy or the way we use your Personal Data, we will notify you either by posting a prominent notice prior to the changes becoming effective or by any other appropriate means. We encourage you to read this Policy on a regular basis in order for you to know how your Data is protected. The last revision of this website policy took place on August 31st 2022