The Civil Non-Profit Company under the name ‘HELLENIC HISTORY FOUNDATION’ (IDISME) respects and takes seriously the protection of the privacy of all visitors and users of this website, which is under its operation. For this reason, we strictly follow this Personal Data Protection Policy, strictly adhering to the current national and EU legal framework.
Hereby we would like to inform you about the use of your personal data. We encourage you to read this policy in order to understand our approach to the use and processing of your personal data.
This information is addressed to individuals who visit our website www.idisme.gr or carry out any transaction with IDISME through this website.
1. WHO ARE WE?
The Civil Non-Profit Company under the name ‘HELLENIC HISTORY FOUNDATION’ (IDISME), is responsible for the personal data collected and you give to us through this website. Where the terms “to us”, “ours” or “we” are used, they refer exclusively to that company. IDISME is the “data controller”, according to the definitions of article 4 par. 7 of European Regulation 2016/679 on the protection of personal data. Our details are as follows:
‘HELLENIC HISTORY FOUNDATION’ (IDISME)
T.I.N. 998250243/Tax Office of Pallini
Pallini, Attica, 25 Miktiadou Street (PC 153 51)
The Website is managed by Centiva Software Solutions.
2. Content of the Personal data Protection Policy
This policy defines the rules and conditions, observed by IDISME, for the protection of the personal data of the users of its website, during their browsing on it and during the communication and transaction with us, through all the possible ways provided through our website. This policy includes the rules under which we collect and process your personal data and ensure its integrity and confidentiality.
In particular, following the principles set out in Article 5 of European Regulation 2016/679 [hereinafter “Regulation” or “GDPR”], the personal data concerning you are collected and retained for the time necessary for specified, explicit and lawful purposes, are processed lawfully and appropriately in a transparent manner, always in accordance with the applicable legal framework. This data is always appropriate, relevant, appropriate and not more than what is required in view of the above purposes, and is accurate and, if necessary, updated.
Furthermore, with this Policy we provide the information that we have to disclose to you according to articles 13 and 14 of the Regulation, and specifically the type of personal data that we may receive directly from you, their possible use, their retention time, to whom we may disclose them, how we protect and safeguard them, and your rights regarding your personal data.
This policy and the rules and conditions it sets for the collection and processing of your personal data are fully harmonized with the above 2016/679 General Regulation of Personal Data Protection (GDPR) of the European Parliament, which entered into force in May 2018, as well as law 4624/2019 of our national law. In each case, the Community and national legislation applies as it is in force each time and includes all relevant legislation (EU Directive 2016/680 etc.)
3. Useful Definitions
For your better information, we use the following terms which have the corresponding meaning:
- “Personal Data”: is information about a natural person. The data are considered personal, if the natural person to whom they relate can be identified directly or indirectly (i.e. by reference to name, ID number, home address and other contact details (telephone, email), internet protocol address of the device that they use to enter the internet (IP address), age, gender, external characteristics, marital status, educational level, profession, interests, etc. The natural person to whom the personal data relate is called the “data subject”.
- “Processing” means any operation carried out, with or without the use of automated means, on personal data, such as the collection, registration, organization, structure, storage, adaptation or alteration, retrieval, search of information; the use, disclosure by transmission, dissemination or any other form of disposal, association or combination, restriction, deletion or destruction.
- “Data controller” for the processing of personal data, in accordance with Article 4 §7 of the General Data Protection Regulation 2016/679 (GDPR), is the natural or legal person, public authority, service or other body that alone or together with others, determine the purposes and manner of processing personal data. Where the purposes and manner of such processing are determined by EU law or the law of a Member State, the controller or the specific criteria for their appointment may be laid down in EU law or in the law of a Member State.
- “Data processor” of personal data, according to Article 4§8 of the General Regulation on Data Protection 2016/679 (GDPR), is the natural or legal person, public authority, service or other body that processes personal data on behalf of a controller.
- “Consent” of the data subject in accordance with Article 4-11 of the General Data Protection Regulation of the EU 2016/679 (GDPR), is any demonstration of will, that is free, specific, explicit and fully informed, by which the data subject expresses that they agree, with a statement or with a clear positive action, to the processing of their personal data.
- “Legislation”: Greek and European legislation for the protection of natural persons against the processing of their personal data, including Regulation 2016/679 of the European Union (GDPR).
- “Data logs”: Electronic traffic files of the Website that are recorded on our server.
- “Cookies”: Small data files in the form of text that are installed on your electronic device (computer, mobile, tablet) when you visit the Website and provide specific information about your browsing on it (See detailed Information on cookies).
3. What kind of DATA is collected?
Following the principles set out in Article 5 of the Regulation, IDISME is able to assure you that the personal data concerning you, are collected and kept for the necessary time for defined, explicit and legal purposes, and are lawfully and legitimately processed with transparency, always in accordance with the applicable legal framework. This data is always appropriate, relevant, suitable and not more than what is required in view of the above purposes, and is accurate and, if necessary, updated.
When you visit our website, we do not collect personal data other than information that concerns you and which you voluntarily choose to provide to us or enter on our website.
These are details that the user gives to us a) during their registration as a customer, b) in order to become a member of IDISME or to subscribe to the newsletter, c) in order to execute their order at www.idisme.gr, d) in order to contact us for any reason, e) in order to make a donation/sponsorship to us.
When filling out an available form, according to the above, on our website, you will be asked, depending on the form, the name, address, postal code of your area, your e-mail address, telephone number and (or) mobile phone, credit/debit card details. In addition, you may be asked for more specific information, such as shipping - delivery details of an order, billing details. Also, in case of orders and their payment by bank deposit, we will know, possibly the method of your payment and the IBAN of your account. It is further possible to collect any other personal data you choose to provide to us voluntarily when contacting us (e.g. in the ‘Message’ field when completing any available form.
Our website will never ask you to disclose “sensitive” personal data (Article 9 of the Regulation) concerning racial or ethnic origin, political views, religious or philosophical beliefs, trade union membership, health, social welfare and love life, criminal prosecutions or convictions, as well as participation in associations of persons related to the above.
Furthermore, during your visit to our website, the following are automatically registered in our server:
- Data logs
When you enter the website, we collect those personal data (data logs) that are transmitted to our server by your browser and specifically:
- Internet Protocol Address (IP-Address)
- Date and time of the request
- Time Zone Difference from Greenwich Mean Time (GMT)
- Content of the request (specific page)
- Access Status/HTTP-Code (Statuscode)
- Any amount of data transferred
- Website from which the request originates
- Operating system
- Language and version of browser software
These data are kept for the duration of the session (visit) at www.idisme.gr and then are permanently deleted.
In addition to the above mentioned data, when using the website, cookies are stored on your computer, i.e. small data files in the form of text (text files) that are stored on the device you use, and send to our server identification data of your device, that is, a unique identification number is created.
Please note that with the exception of the so-called session cookies, which are absolutely necessary for you to have unrestricted access and use of our website, all other cookies are registered on our server only after you give your consent and activate them when you enter the website.
4. SENDING OF NEWSLETTERS
From time to time, we send newsletters from the website to our subscribers. By registering, through the transparent process of filling in the opt-in form, in the newsletters of the page, you accept that IDISME can keep your email to continue sending the periodic newsletters. No personal data other than email is stored and nothing is shared with third parties. Only the administrators of the page have access to the emails of the newsletter subscriptions. Unsubscribing from them can be done at any time using the unsubscribe link from the subscriber list using the corresponding link at the end of each informational message,
It is noted that when you create your profile on www.idisme.gr or register as a member, you are automatically included in the list of recipients of newsletters to the email address you give.
Finally, newsletters can be sent via email to existing customers and to their legally acquired email contact, in the context of selling a product or transaction, even if the recipient of the email has not given their prior consent, as provided by law. In this case, however, the recipient will be able to clearly and distinctly oppose the sending of such messages through the above unsubscribing process.
5. HOW AND FOR WHAT PURPOSE DO WE PROCESS YOUR PERSONAL DATA?
IDISME uses the data it has collected for the main and sole purpose of providing you with its services in the most complete way, whether they relate to the communication with you or to your requests or to product orders and in general all kinds of transactions.
Below you will find details on how we use your Data and why:
- Product orders: IDISME processes your data in order to fulfill its contractual relationship, to process the order of products and/or services, to issue and send you the tax, to provide customer service, to comply with legal obligations, to oppose, raise or exercise legal requirements. If we do not collect your data upon completion of the order, we will not be able to process your order and comply with our legal obligations. Your data may need to be passed on to third parties for the supply or delivery of the product you have ordered. In addition, we may retain your data for a reasonable period of time in order to meet our contractual obligations, such as product returns, as defined in the relevant legislation.
- Create a User Account: IDISME processes your data (name, email, phone) in order to provide you with the account functions and to facilitate the conclusion of the purchase of products and/or services.
- Member Registration: At IDISME we process your data in order to provide services to our members, such as informing you about our upcoming news, initiatives, our new publications, our events, etc.
- Contact:IDISME uses your data to answer your requests/questions, comments and/or complaints. The information you share with us, enables us to manage your requests and respond to you in the best possible way.
- Sometimes, we will need to share your much-needed data (name, address, phone) with a third party providing a service (such as postal or courier services). Without disclosing your details to a third party, we would not be able to satisfy your request (e.g. order).
- Sending a newsletter:With your consent, we will use your personal data, preferences and details of your transactions to inform you via e-mail, Internet, about our relevant products, publications and events. Of course, you have the option to revoke this consent at any time.
- Protect your account from fraud and other illegal activities: This includes using your data to maintain, update and protect your account. We also monitor browsing activity with us to quickly identify and resolve any issues and protect the integrity of our website. All of the above are part of our legitimate interest. For example, we check your password when you log in and use automated IP address tracking to detect potential false logins from unexpected locations.
- Processing payments and preventing fraudulent transactions: We do this based on our legitimate interests. This also helps protect our customers from fraud.
- In order to comply with our contractual or legal obligations to exchange data with law enforcement. For example, following a court decision to exchange data with judicial services.
6. HOW DO WE LEGALIZE TO PROCESS YOUR DATA?
Data protection legislation sets out a number of reasons why your personal data may be collected and processed, in particular:
Type of processing
Contact – Answer your questions/requests
The processing of personal data you send us by completing a contact form or sending e-mails is based on the necessity and your desire to complete the communication and transaction between us, and we consider it in our legitimate interest to respond to requests or questions raised to us through existing communication channels. We understand that the processing of this data is also beneficial to you, the subjects themselves, in so far as it allows us to adequately assist you and answer any questions you may have.
Edit Internet Protocol (IP) address, data from Data Logs and Mandatory Cookies (session cookies)
It is in our legitimate interest to protect the security and integrity of the website, based on the registration of the web protocol address and the processing of the data from the Logs and the Mandatory Cookies.
Edit details from Optional Cookies
The processing of data from the Optional Cookies is based on your explicit consent, i.e. the activation of each cookie when you enter the website, which you can revoke at any time in the same way, disabling the cookies you do not want.
Processing during the sale of books and other products & during the provision of donations - sponsorships
Article 6 par. 1 para (b) GDPR, according to which the processing is necessary for the execution of a contract of which the data subject is a party.
Also, the basis of processing is case c during which the processing is necessary for the compliance with the legal obligation of the controller (tax legislation etc.)
Member registration – account creation – Newsletters
Article 6 par. 1 (a) GDPR, in which the data subject has consented to the processing of their personal data for one or more specific purposes,
5. WHAT ARE THE TERMS AND SECURITY MEASURES?
To ensure the security and confidentiality of personal data, IDISME SA uses data networks protected, inter alia, by industrial network protection systems (firewalls) and user codes.
Your connection to our website is secure because SSL (Secure Socket Layer) technology is used. SSL technology relies on a key code to encrypt data before it is sent over the (SSL) connection. The security control between the data and the Server is based on the unique key code, ensuring full communication. The browsers Google Chrome, Microsoft Edge, Mozilla Firefox, Opera, Safari support the SSL protocol and it is recommended to use them to connect to our website.
With regard to the management of personal data, reasonable measures have been taken to protect the information from loss, misuse, unauthorized access, disclosure, distortion or destruction. While we cannot guarantee the exclusion of data loss, misuse or distortion, we try to avoid unfortunate circumstances.
The manner and method of managing and processing your personal data is closely aligned with widely accepted international standards and is regularly reviewed and updated, whenever necessary, in order to meet regulatory requirements. Access to your personal data is granted only to IDISME staff or direct associates with what is required to have such information to service orders. In case of violation of data containing personal data, IDISME will comply with current legislation regarding the notification of the violation.
All payments made using a credit or debit card are processed through a special electronic payment platform of the bank………………. and the TLS encryption protocol is used. Encryption is a way of encrypting information until it reaches its intended recipient, who will be able to decrypt it using the appropriate key.
Additionally, there are two things that can be used to identify you as an account user: Username and Password. Each time you enter your details, you are given access to your personal account. This process is achieved securely through encryption during their transfer to the Internet and the servers of the Company. By the same standards, you are allowed to change your Personal Security Password as often as you wish. After entering the desired password, the new password is coded and stored in the Company’s systems. For this reason, you are the only one who knows your password and you are solely responsible for maintaining the confidentiality of the password by third parties.
IDISME requires its staff and the maintainers of its website to provide its customers with the level of security referred to in this Personal Data Protection Policy. In no other case, except those mentioned in this Policy, may IDISME not share your personal information with third parties without your prior consent, unless this is required through legal channels. Please note that under certain conditions permitted or required by law or court order, the collection, use and disclosure of your personal data collected online without your prior consent (for example in case of a court decision or compliance with tax or other legislation).
6. WHAT IS THE TIME OF KEEPING THE DATA?
IDISME keeps your personal data for as long as it takes to satisfy your request or application, always within the time limit that may be provided in each case, by the applicable legal framework.
In particular, we will keep your personal data for as long as you have an account on our website.
Regarding your personal data related to product purchases or donations - sponsorships to IDISME, we will retain the personal data you gave us for five years, so that we can comply with our legal and contractual obligations (such as tax legislation). At the end of this retention period, your data will be completely deleted or anonymized, for example by aggregation with other data, so that it can be used in an unrecognizable way for statistical analysis and business planning.
Your information in the context of communication with us, will be kept for as long as it is necessary to complete the communication and any of your request.
Your statement of consent for sending a newsletter is kept for as long as a newsletter is sent to you by the Company and in any case not more than six months from the cessation of sending it.
7. IS PERSONAL DATA DISCLOSED TO THIRD PARTIES?
As a rule, IDISME does not disclose personal data to third parties other than its staff except in the following cases:
- To third-party service providers who process personal data on our behalf, for example (indicatively mentioned) for credit card and payment processing, hosting, management and maintenance of our website and our data (web hosting), email distribution. We have selected for these services organizations and companies that provide security guarantees and we have contracted with them in order to provide secure services.
- In some cases, we may be required to share data with judicial or police authorities, under strict terms and conditions.
- Your Data may need to be transferred to third-party external partners (postal, courier services) for the supply or delivery of the product you have ordered.
- Finally, your personal data may be transferred to our third-party external partners (accountants, tax experts, lawyers, etc.) for the fulfillment of our obligations towards the tax, e.g. legislation and our legal coverage in general.
The Processors on our behalf must maintain confidentiality, not to send your Data to third parties without our permission, to take appropriate security measures, to comply with the legal framework for the protection of personal data and in particular Regulation 979/2016/EU (GDPR).
Finally, we know that your personal data is not sent knowingly to countries outside the EU/EEA. If your data is sent to such countries, we will take all necessary measures to ensure an adequate level of protection of personal data in accordance with applicable law. These include the Certificate of Signing of the Contractual Clauses, the certification that the recipient has adopted the European binding rules or adheres to the Privacy Shield between EU-US and Switzerland-US. In case we are aware and/or suspect that data has been sent or processed outside the EU/EEA by our partner or a third party and in the context of ensuring the lawful processing of your personal data, we will make every effort to investigate the matter quickly. At the same time, where deemed appropriate and in the context of the proper exercise of your rights, we will make sure to inform you about the above actions by any means the Company deems appropriate.
8. WHAT ARE YOUR RIGHTS WHEN YOU PROVIDE US YOUR DATA?
In particular, regardless of the purpose or legal basis on which we process your data, you have the following rights:
- Ask us for access to the data we have in relation to you.
- Ask us to correct the data we have
- Ask us to delete your data
- Ask us to restrict the processing of your personal data, which means that in some cases you can ask us to temporarily suspend the processing of the data or to keep it beyond the required time when you need it.
- If you have given us your consent to the processing of your data for any purpose, you also have the right to revoke it at any time.
- When we have the right to process your data based on your consent or for the performance of the contract, you will also have the right to request the portability of your personal data. This means that you will have the right to receive the personal data you have given us in a structured, widely used and machine-readable form, in order to transmit it directly to another legal entity without hindrance on our part.
- In addition, when the processing of your data is based on our legitimate interest, you will also have the right to object to the processing of your data.
It is noted that the above requests, in order to be accepted, should not contradict an existing legal obligation of IDISME to maintain and process your data or other relevant legal reasons, such as for the exercise and establishment of legal claims, which prevail over your interests. Also, the exercise of your above rights may be restricted following the adoption of relevant legislative measures (Article 23 of the Regulation) which concern reasons of wider public interest but also the protection of your own rights.
In cases where the processing of your personal data was based on your prior consent, you have the right to revoke it, which may be in force only in the future, and which is subject to the above restrictions. Your revocation will not affect the legality of the processing that took place before you revoked your consent.
In all the above cases, it is noted that the cessation or non-processing of your personal data, at your request, may lead to the cancellation of the original purpose for which you informed us.
In any case, you reserve the right to file a complaint to the competent supervisory authority if you consider that the processing of your personal data is done in violation of the applicable legislation. For more information you can visit the website www.dpa.gr.
Following any of the above actions, IDISME will provide you with information on the action that takes place within one month of receiving the request. This time limit may be extended by two more months, if necessary, taking into account the complexity of the request and the number of requests. Our company will provide the relevant information for this extension and for the reasons of the delay.
If the request is made by electronic means, the information is likewise provided by electronic means, unless otherwise indicated.
If we do not take action on your request, we will inform you, within one month of receipt of the request, of the reasons why this was done and of the possibility of lodging a complaint with a supervisory authority and bringing an action.
In case we consider it necessary to confirm your identity, we may ask you for a copy of a document proving your identity.
9. IS CHILDREN’S PERSONAL DATA PROCESSED?
IDISME does not request, nor does it collect personal information from or for children under the age of 16, nor does it enter into contracts (sales, sponsorships, etc.) with minors.
10. MODIFICATIONS IN PERSONAL DATA PROTECTION POLICY
IDISME, based on its current data protection policy, any changes in the operation of its website and in the context of the current legal and regulatory framework, may revise or modify this information, which will always be available in the updated website of the foundation (www.idisme.gr).