Information on the processing of personal data

The University of Thessaly, (hereinafter the University), takes very seriously the legal and secure processing of your personal data, which is carried out in compliance with the basic principles of personal data protection, imposed by Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation - GDPR), namely the legality, objectivity, and transparency of the processing, minimization of data, accuracy, limitation of the storage period, integrity, and confidentiality and, finally, accountability.
 
1. Responsible of Process
The University is responsible for the processing of personal data the purpose described below.
Our address is Argonauts & Filellinon, Postal Code 382 21, Volos, tel.: 30 2421074000, while you can contact the Personal Data Protection Officer of the University, Priority Quality Consultants S.A, at the email address: dpo@uth.gr

2. Purpose of Processing
The University processes your personal data in the framework of the ISAAC research project in order to analyze the needs for the adaptation of Erasmus+ students to the environment of the host university.

3. Personal data to be processed
Within the framework of the above purposes, the following personal data that you have provided to us will be processed:
1. Basic data of the student (sex, age)
2. Education data (level of study, subject of study, degrees, foreign languages)
3. Statistics on years of work experience

4. Legal Basis of Processing
Regarding the personal data processed by the University for the above purpose, the legal basis for data processing is that it is necessary for the performance of a duty performed in the public interest or the exercise of public authority has been assigned to the University.
 
5. Access to personal data-recipients
The University, the University Research Committee, and faculty members are authorized to handle this process and have access to your personal data, which is collected in the framework of the above purpose, knowing all the important information for the safe processing of your personal data.
In addition to that, the recipients of your data are companies such as Google that provide data storage services. Those who process your data are informed and committed in advance to the confidentiality of the data, are aware of and follow our instructions regarding the processing of personal data, and take all appropriate measures to protect them.

6. Transfers outside the EEA
Your personal data will not be transferred outside the EEA as part of the ongoing processing. In case they are required in the future, within the responsibilities of the University and within the framework of its legal obligations or claims, to make a transfer to a third country or international organization, it will be carried out under the conditions of legal and secure transfer provided by Regulation 679/2016 and national legislation.
In addition, in the cases allowed by the current legislation, you will be notified and informed before the data transfer.
 
7. Time of keeping your personal data
Your personal data is retained only for the reasonable period of time required by the nature of the data processing and only for as long as is required to achieve that purpose, unless otherwise required by law.

8. The Security of your data
We have taken all the appropriate organizational and technical measures to secure and protect your data from any form of accidental or improper processing. Please note that our specially authorized staff processing your personal data has received appropriate training, guidance, and information.
The measures we take are reviewed and amended at regular intervals or when deemed necessary based on new needs and technological developments.
 
9. Your rights and how to use them
As a Data Subject you have the following rights:
• Right of access to personal data
• Right to correct inaccurate personal data
• Right to delete / right to forget
• Right to portability of your Data
• Right to restrict processing
• Right to object to the processing of your Data
In case: a) you consider that your request has not been sufficiently and legally satisfied or b) you consider that the right to protection of your personal data is violated by some processing we carry out, you have the right to file a complaint to the Personal Data Protection Authority (postal Kifissias 1-3, 115 115, Athens, tel. 210. 6475600, e-mail address (e-mail: contact@dpa.gr).
 
If you wish to receive further information regarding the processing of your personal data or to use any of the above rights, you can contact the Personal Data Protection Officer of the University at: dpo@uth.gr, or send a letter to the mentioned above mailing address (Argonauton & Filellinon, PC 382 21, Volos), stating "For the information of the Personal Data Protection Officer", with a description of your request and we will take care to examine it and answer you as soon as possible.
Our response to your request will take place within (1) one month and does not involve any cost to you. The above deadline may be extended for a period of two (2) additional months, due to the complexity or the number of requests, in which case you will be informed of the extension and the reasons for it as soon as possible and at the latest within one month of your request.
In cases where the request is deemed manifestly unfounded, excessive or repeated, the University may either refuse to process it or request a reasonable fee for its processing, taking into account the administrative costs of providing the information or performing the requested action.