The University of Thessaly (hereinafter University) pays special attention to the protection of your personal data and strongly recommends anyone and under any status or position (student, researcher, citizen, visitor /user of the website or professional) to contact the University for such matters. The processing of personal data is carried out in compliance with the main principles of legal processing of personal data as established by Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation - GDPR), in particular the principles of lawfulness, fairness and transparency of processing, purpose limitation, data minimization and accuracy, storage limitation integrity, confidentiality and, finally, accountability.
The University is the Controller for the personal data being processed in its central website https://www.uth.gr and is always at your disposal for any further information or clarification.
The University’s address is Argonafton & Filellinon, Volos, P.C, 38221, tel. +30-2421074000, while you may also contact the University’s Data Protection Officer (DPO), “Priority Quality Consultants S.A”, at the following email address: dpo [at] uth [dot] gr
1. The Website
Our website https://www.uth.gr includes a wide range of information, which is addressed to the University’s students, to the teaching and administrative staff, the academia, as well as the visitors of our website who are interested in being informed about the University’s structure, its actions, its academic, scientific, and social projects.
2. What kind of personal data do we process?
On our website we process personal data of the following categories:
- Basic Data: Name, surname, father’s name, date of birth, place of birth, contact phone number, email address.
- Curriculum Vitae data: professional status, position at the University, scientific publications, dissertations and theses.
- Image data: photos and videos of the academia members and participants in scientific events and social actions.
- Website traffic data, which are collected through special log-files: date of website visit, website navigation data, log-in user data and visitor user IP.
Such data, collected through the central website, mainly concern the administrative and faculty staff of the Department, scientific associates, members of the university community as well as participants in university activities.
Special categories of personal data (racial or of ethnic origin, political views, religious or philosophical beliefs, membership in trade unions, as well as processing of genetic data, biometric data for the purpose of incontrovertible identification of data, data concerning health or personal data concerning the sexual life of a person or the genetic orientation) are not collected during the use of this website.
3. Purpose of processing your personal data
The University processes personal data exclusively for the following purposes:
- to provide information and fulfill the obligation of publicity and transparency with regards issues concerning the University community. The information may concern matters of the Rector's Office and the members of the Rector's Council, the University’s and Department’s teaching and administrative staff.
- to inform and promote scientific, educational and social events, actions and publications of teachers and students, which take place within the scope of University’s and its respective Departments’ function, or
- to provide information regarding the operation of the University and the contact persons for the respective programs, platforms and applications in order to facilitate communication within the University’s teaching and student community, or
- to facilitate information on how the website operates, to troubleshoot technical issues and to maintain the desired level of security of the website and systems, through the collection of data in special log-files while visiting the website, or
- to ensure the University’s compliance with legal or regulatory requirements or to exercise or defend its legal claims, if necessary.
4. Legal basis for processing
Regarding the processing of personal data through the University’s central website, the legal basis of processing is that it is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the University. In particular, the website facilitates the support of the University’s work, such as the promotion and support of the work, actions and initiatives of the faculty and student community.
The processing of data, collected in special log-files during website visits, is carried out on the same aforementioned legal basis, as we aim to ensure the required, by law, level of security of our networks, information and services from any accidental events, illegal or malicious actions, which may put at risk the availability, authenticity, integrity and confidentiality of the stored or transmitted data.
In addition, the University may process your data in the case of publication of decisions concerning faculty members and the rector's authorities in the context of its obligation to maintain publicity and transparency, when the legal basis of the processing is that it is necessary for complying with the University’s legal obligations.
5. Who has access to your personal data?
Access to your personal data, as published on the University’s website, is provided to visitors and the strictly necessary, in each case, personnel of the University, who has received the required information regarding the safe processing of your personal data.
Moreover, companies that cooperate with the University, and act as data processors at the latter’s behalf- such as our webservice provider-, may have access to your personal data when a specific processing has been assigned to them by the University. The processing of personal data by the processors is made under the explicit instructions of the University and after it is guaranteed that all the necessary technical and organizational measures for the protection of your personal data are in place.
Third parties who may also have access to personal data are other official government and supervising bodies a) when such transfer is necessary in order for the University to comply with legal or regulatory obligations, b) when the transfer is necessary for public interest purposes and the receiving party is a competent public body, and c) for the establishment, exercise, or support of legal claims.
6. Transfer of personal data outside the EEA
Personal data, collected through the website, are not transferred outside the European Economic Area (EEA).
In case a future transfer to a third country or international organization is required, always within the context of the University’s performance of duties as well as for purposes of complying with legal obligations or supporting claims, such transfer shall be performed in compliance with the GDPR’s provisions regarding data transfers outside the EEA.
Furthermore, all concerned parties shall be informed prior to such transfer on behalf of the University, in accordance with any applicable provisions.
7. Do we use automated decision making / including profiling when processing personal data?
The University website does not make decisions, including profiling, based on automated processing of your data.
8. The retention period of your personal data
Personal data is kept only for the reasonable period of time required by the nature of the data processing and only for as long as is required to achieve this purpose, unless it is otherwise required by law.
9. Safety of your personal data
We commit to safeguard your personal data by taking all the appropriate organizational and technical measures to secure and protect them from any form of accidental or fraudulent processing. Please note that our authorized staff, who process your personal data, has also received appropriate guidance and information regarding safety and security of your data.
The measures taken are reviewed and amended regularly or when deemed necessary based on new needs and technological developments.
10. Link to other websites
Any connection of this website with another third-party website, through special links or hyperlinks (banners, etc.), does not imply any liability on behalf of the University for the content of such websites, the quality of any products or services presented to it or its policy regarding the protection of personal data. We encourage each visitor to pay the necessary attention and be informed in regards to the protection and processing of his/her personal data from the above websites by reading their respective data protection policies.
In the possible event of visitors led to a website of another Department of the administrative or the organizational structure of our University while following relevant hyperlinks of the website, they are strongly recommended to be informed about the Policy of such website and its respective Cookies Policy. Some of the cookies that are installed due to the visitors’ access to these websites, may follow them when browsing this website, and therefore they are advised to always ensure that they have been informed in advance about the cookies use and that their consent has been provided, where required, at the time of the cookies installation.
11. Your rights as data subjects
As the data subjects you have the following rights:
- The right of access to your personal data.
This means that visitors have the right to be informed by the University if their data are processed. If they are, visitors can request to be informed about the purpose of the processing, the type of data being processed, the data recipients, for the retention periods, whether automated decisions are being made, as well as their other rights, such as the right to rectification, erasure, restriction of processing and to lodge a complaint before the Data Protection Authority.
- The right to rectify your inaccurate personal data.
If the event of errors found in personal data, you can request the rectification of your inaccurate personal data (correct a wrong or previous phone number/address etc.)
- The right to erase your information / The right to be forgotten.
You may request the university to delete your personal data, if they are no longer necessary for the aforementioned processing purposes, or to withdraw your consent, in case this is the only lawful basis of processing. It is noted that the right of erasure cannot be fully satisfied in cases where the continuous storage and processing of personal data is necessary for the smooth operation of the University and the performance of its mission, responsibilities, and tasks, which are carried out in the public interest.
- You have the right to data portability.
You can request from us to receive in a readable format your personal data that you have provided us or request from us to transfer your Information to another data controller. This right may be limited if there is no alternative controller who can provide services like those for which your data was collected for.
- The right to restrict the processing of your personal data.
You can ask from us to restrict the processing of your personal data for as long as the examination of a request based on your right to object objections is pending.
- The right to object to the processing of your personal data.
You may object to the processing of your personal data in case we process them on the legal basis of the public interest execution, and you consider that you have legitimate interests which prevail over the public interest pursued. In that case, we shall no longer process your personal data, unless we have compelling legitimate grounds for the processing which override your rights.
- You have the right to withdraw your consent.
You have the right to withdraw your consent at any time, in those cases that processing is based on that legal basis.
12. How can you exercise your rights?
If you wish to receive further information regarding the processing of personal data or to exercise any of the above rights, you may contact the Data Protection Officer of the University at: dpo [at] uth [dot] gr, or send a letter to the mentioned above address (Argonafton & Filellinon, PC 382 21, Volos), mentioning "To the attention of the Data Protection Officer", with a description of your request and we will make sure to examine it and reply as soon as possible.
We will reply to your request within (1) one month after receiving it and without any cost for you. The above time-period may be extended for two (2) additional months, due to the complexity or the number of requests, in which case you will be informed of the extension and the reasons for it as soon as possible and no later than one month after receiving your request.
In cases where the request is considered unfounded, excessive or recurring, the University may either refuse to process it or request a reasonable fee for its processing, taking into account the administrative costs of providing the information or performing the requested action.
In case: a) you consider that your request was not sufficiently and legally satisfied or b) you consider that the right to protection of your personal data is violated by any of our processing activities, you have the right to file a complaint to the Hellenic Data Protection Authority (postal address / Kifissias 1-3, 115 23, Athens, tel. 210. 6475600, (e-mail: contact [at] dpa [dot] gr).
13. Change of our Policy
We will update this Policy whenever necessary. If there are any significant changes to the Policy or the way we use your personal data, we will notify you either by posting those changes on a visible place to our website before the changes come into force or by any other appropriate means. We encourage you to read this Policy regularly in order to be informed on the way your personal data is protected. The last revision of this website policy took place on 11/5/2020.