Implementation date: 13-11-2024

Thank you for visiting the Website https://milosport.gr/. The Municipal Port Fund of Milos (hereafter DLT) attaches great importance to the lawful processing, security and protection of your personal data, in whatever capacity you communicate or cooperate with us. Before using our website, please read this Privacy Policy carefully.

Generally

The DLT, as data controller, informs you about the way in which information about you is collected and processed. Your personal data includes any information that can lead, either directly or in combination with others, to your unique identification or location as a natural person. This category includes, where applicable, information such as name, VAT number, social security number, physical and electronic addresses, telephone numbers, email addresses, web search history and any other information that allows your unique identification in accordance with the provisions of GDPR 2016/679, Law 4624/2019, the Greek legislation in force at that time as well as the decisions of the APDPH.

The following information on the protection of your personal data concerns the way in which we process your personal information when you communicate with us or use any of our services.

We inform you about the following:

  • for what purpose we process your personal data,
  • whether you are obliged to provide us with the relevant data,
  • the categories of recipients of your personal data, if any,
  • whether we intend to transfer the data in question to another country,
  • whether we carry out automated decision-making or profiling, and
  • what rights you have in relation to the respective processing, as well as how you can exercise them.

We keep this data protection policy under regular review to ensure that it is up-to-date and accurate.

More information about the processing carried out by DLT and your rights, classified by processing category, can be found below this information.

Contact Details of the Data Controller

For any processing of personal data carried out in the context of any possible interaction you may have with the MLF, including your visit to this website, the Data Controller is:

Municipal Port Authority of Milos (MLF)

Adamantas, P.C. 84800, Milos, Greece, Tel: 2287021895, 2287022130

email: info@milosport.gr, grammatia@milosport.gr

Contact details of the Data Protection Officer (DPO)

The Data Protection Officer (DPO) is the company Computer Studio S.A. To exercise your rights or for any other reason regarding the data processing carried out by DLT and included in this notice, you can contact him at the email address dpo@computerstudio.gr.

When and how we collect your personal data – What data do we collect from you?

Most of the personal information we process is provided to us directly by you for one of the following reasons:

  • You have contacted DLT directly. Your name, email, telephone number (optional) and any other information you choose to provide us via the contact form are stored. This data will be sent to DLT with an email message via the SMTP (Simple Mail Transfer Protocol) protocol. Our SMTP servers are protected by the TLS security protocol (sometimes known as SSL), which means that the email content is encrypted before it is sent over the internet. The email content is decrypted by DLT’s local computers and devices.
  • Traffic tracking. Your geographical location, your device, your web browser, your operating system, your IP address are recorded via StatCounter. However, this information is not disclosed to the DLT by StatCounter, we only receive statistical data regarding website traffic.

We also receive your personal information from other sources, in the following cases:

  • Your data is shared with us by other regulatory authorities or law enforcement agencies in the context of carrying out our duties.

We may collect and publish statistical data but not in a form that allows the identification of individuals.

 

Data retention period

The data recorded in log files for each request to the portal server by the visitor/user’s browser are as follows:

  • the visitor/user’s IP address, which constitutes personal data, even if we cannot identify him/her ourselves based on this data,
  • the date and time of execution of each request for data transfer between browser and server (https request) for the operation of the https protocol,
  • the server response code together with the https protocol call parameters (https response),
  • the server response time in ms for each request and
  • the type of browser through which the request was submitted.

They are kept for a period of 12 months and may be communicated to the processing company for the purpose of managing the portal and to the competent authorities in case it is deemed necessary for the investigation of any cyber attack and incident. The data for which an investigation is being carried out or is used in the context of legal claims, are kept for the period of time required for these purposes.

Data communication and transmission

As a rule, we do not share or transfer data to third parties. In some cases, however, we are legally obliged to share your data. For example, in execution of a court order or when we cooperate with other supervisory authorities in handling complaints or inspections. We may also exchange information with other supervisory bodies in the context of performing our duties. If, in the course of exercising our responsibilities, we become aware of a criminal offense, all relevant information may be transmitted to the competent judicial and prosecutorial authorities.

We do not share your personal data with third parties for the purpose of promoting products or services.

Minors’ data

We do not collect personal data from minors through the website.

This policy has been written in simple language so that a person aged 16 or over can understand its main points. For minors, please ensure that their parents or guardians are also aware of this Policy.

Lawful processing

DLT will use your information for the following lawful processing purposes (pursuant to Article 6 GDPR), such as, but not limited to:

  • To respond to your requests and inquiries.
  • To analyze our website traffic and improve your experience as well as to provide you with information related to our actions.
  • For our internal operations and analysis, such as internal management, fraud prevention, use by management information systems, etc.

What are the principles of collection and processing?

This Policy aims to inform you about the terms of collection, processing and transmission of your personal data that we may collect as data controllers. DLT applies the Processing Principles of GDPR 2016/679 (lawfulness, objectivity, transparency, purpose limitation, data minimization, accuracy, storage time limitation, integrity, confidentiality and accountability).

Use of your personal data

We use your personal data to respond to your requests with the aim of improving the way we communicate with you, as you are given the opportunity to express any questions or suggestions you may have as users of the Website https://milosport.gr/, but also to make the information of users interested in the actions of the DLT more effective.

Storage – protection of personal data

The hosting space (data center) where your personal data is stored is located on a server of the company ENARTIA SINGLE-MEMBER SOCIETE ANONYME.

In any case, we take the appropriate technical and organizational measures to ensure the confidentiality, integrity, availability of your data. DLT has a Data Protection Officer (DPO) because we recognize the importance of protecting your privacy and all your personal information. For this purpose, it has appropriate security policies and uses the appropriate tools.

Your rights regarding the processing of personal data

According to data protection legislation, when we process your personal data you have certain rights of which we must inform you. The rights you can exercise are as follows:

  • The right of access

You have the right to request from us, at any time, information about the processing of your data by DLT or copies of your personal data that we hold.

Individuals (data subjects) have the right to obtain:

  • confirmation of the processing of their data,
  • a copy of those data, and
  • information about the processing (relevant articles 12, 15 GDPR).

The right of access allows the data subject to obtain knowledge of his/her data and information about the processing in order to be able to verify its lawfulness. This right does not require justification from the data subject.

The information provided to the data subject in the context of exercising the right of access includes the following:

  1. the purposes of the processing,
  2. the categories of data concerned,
  • the recipients or categories of recipients,
  1. if possible, the period for which the data will be kept or, where that is not possible, the criteria determining that period,
  2. the exercise of the rights,
  3. the origin of the data when they are not collected from the data subject,
  1. the existence of automated decision-making, including profiling, and significant information on the logic, significance and envisaged consequences of such processing.

A reasonable fee for administrative costs may be charged by the controller only for additional copies that may request the data subject.

  • The right to rectification

You have the right to ask us, at any time, to correct information that you consider to be inaccurate. You also have the right to request the completion of information that you consider to be incomplete.

  • The right to erasure

The right to erasure (“right to be forgotten”) is the right for the data subject to request the erasure of personal data concerning him or her, where he or she no longer wishes the data to be processed and where there is no legitimate reason for the controller to hold them (see Article 17 GDPR and recitals 65 and 66).

In particular, the data subject may withdraw the consent on which the processing is based, in which case the data must be deleted if there is no other legal basis for the processing.

Furthermore, if the data are no longer necessary in relation to the purposes for which they were collected or are otherwise processed unlawfully or if the data subject objects to the processing and there are no compelling legitimate grounds for the processing, the data subject may request the erasure of the data. However, other EU rights, such as the right to freedom of expression and the right to information, must also be safeguarded. Information on the right to have links removed from the search engine results list following a search using the data subject’s name and surname is available in the relevant section.

Furthermore, this right is particularly relevant where the data subject has given consent as a child, when he or she was not fully aware of the risks involved in the processing, and wishes to remove the personal data concerned at a later date, in particular from the internet. The data subject should be able to exercise this right despite the fact that he or she is no longer a child.

It is noted, however, that this is not an absolute right, as the further retention of personal data should be lawful when necessary for reasons such as exercising the right to freedom of expression and information, as mentioned above, or for compliance with a legal obligation, for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, for reasons of public interest in the field of public health, for archiving purposes in the public interest, for scientific or historical research purposes or statistical purposes, or for the establishment, exercise or defence of legal claims.

  • The right to restriction of processing

You have the right to request that we restrict the processing of your data in certain cases.

Natural persons (data subjects) have the right to request the restriction of the processing of their data (relevant articles 18, 19 GDPR). Specifically, the data subject may request the controller to restrict the processing. This right is an alternative to the right to erasure (article 16 of the GDPR) and the right to object (article 21 of the GDPR). It is not an absolute right and only applies in certain cases.

  • The right to data portability

This only applies to the data you have provided to us. You have the right to request that we transfer the data you have provided to us to another entity or to provide it to you. The right only applies if we process information based on your consent or for the purpose of entering into or performing a contract and the processing is automated.

The right to portability (Article 20 GDPR) offers individuals (data subjects) an easy way to manage their own personal data. It makes it easier for them to easily move, copy or transfer personal data from one IT environment to another.

Data subjects have the right to receive personal data concerning them, which have been processed by automated means by a controller, in a structured, commonly used and machine-readable format (e.g. XML, JSON, CSV, etc.). They also have the right to request that the controller transmit those data to another controller without objection from the original controller. Where technically feasible, they may request that their data be transmitted directly from one controller to another.

The right to portability may be exercised where all of the following apply:

  • the personal data are processed by automated means (which excludes paper records),
  • the legal basis for the processing is either the data subject’s consent (Article 6(1a) or Article 9(2a) GDPR) or the performance of a contract to which the data subject is a party (Article 6(1b) GDPR),
  • the personal data concern the data subject and have been provided by him or her. They are deemed to have been provided by the data subject when they are provided knowingly and actively, such as details of an account submitted by electronic means, e.g. mailing address, username, age, but also when generated and collected from users’ activities, when using a service or device (e.g. raw data processed by a smart meter, activity logs, website usage history or search history),
  • the exercise of the right does not adversely affect the rights and freedoms of others.

The exercise of the right to data portability does not affect the exercise of the data subject’s other rights, which are exercised independently.

  • The right to lodge a complaint regarding the processing of your personal data with the Data Protection Authority

We follow high standards for the processing of your personal data. If you have any questions or concerns, you can contact us at info@milosport.gr either to exercise your rights (access, objection, etc.) or to request information and we will respond to you.

If you remain dissatisfied with the way we process your personal data, you can file a complaint with the Personal Data Protection Authority.

Changes to the Privacy Policy

DLT may modify this Privacy Policy. Please check the Effective Date at the top of this Policy to see when this Policy was last revised. Any revisions will be effective upon posting of the revised Policy.

If we make material changes to this Policy that expand our rights to use personal information we have already collected from you, we will notify you and provide you with a choice about our future use of that information.