The Department of Physics of the Faculty of Sciences of the University of Thessaly (hereinafter University) pays special attention to the protection of your personal data and strongly recommends anyone and under any status or position (student, researcher, citizen, visitor /user of the website or professional) to contact the University for such matters. The processing of personal data is carried out in compliance with the main principles of legal processing of personal data as established by Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation – GDPR), in particular the principles of lawfulness, fairness and transparency of processing, purpose limitation, data minimization and accuracy, storage limitation integrity, confidentiality and, finally, accountability.
The University is the Controller for the personal data being processed in its website https://www.phys.uth.gr and is always at your disposal for any further information or clarification. The website https://www.phys.uth.gr exclusively concerns the Department of Physics of the University.
The University’s address is Argonafton & Filellinon, Volos, P.C, 38221, tel. +30-2421074000, while you may also contact the University’s Data Protection Officer (DPO), “Priority Quality Consultants S.A”, at the following email address: email@example.com
1. The Website
Our website https://www.phys.uth.gr includes a wide range of information, which is addressed to the students of the Department of Physics, to the teaching and administrative staff as well as the visitors of our website who are interested in being informed about the University’s processes and actions.
2. What kind of personal data do we process?
On our website we process personal data of the following categories:
- Basic Data: Name, surname, contact phone number, email address.
- Curriculum Vitae data: professional status, position at the University, scientific publications, dissertations and theses.
- Image data: photos of the faculty staff of the Department.
- Website traffic data, which are collected through special log-files: date of website visit, website navigation data, log-in user data and visitor user IP.
Such data mainly concern the administrative and faculty staff of the Department, scientific associates, members of the university community as well as participants in university activities.
The University collects basic data from users/visitors, exclusively through either the specific personnel data collection form, found on the website, or via other electronic means (email). The University urges visitors/users, to avoid disclosing more personal data than those requested or needed, in order to facilitate communication with the University and respond to any requests and/or questions.
Special categories of personal data (racial or of ethnic origin, political views, religious or philosophical beliefs, membership in trade unions, as well as processing of genetic data, biometric data for the purpose of incontrovertible identification of data, data concerning health or personal data concerning the sexual life of a person or the genetic orientation) are not collected during the use of this website.
3. Purpose of processing your personal data
The University processes personal data exclusively for the following purposes:
- to inform and promote scientific, educational and social events, actions and publications of teachers and students, which take place within the scope of University’ and its respective Departments’ function, or
- to provide information regarding the operation of the University and the contact persons for the respective programs, platforms and applications in order to facilitate communication within the University’s teaching and student community, or
- to facilitate information on how the website operates, to troubleshoot technical issues and to maintain the desired level of security of the website and systems, through the collection of data in special log-files while visiting the website, or
- to ensure the University’s compliance with legal or regulatory requirements or to exercise or defend its legal claims, if necessary.
4. Legal basis for processing
Regarding the processing of personal data through the website of the University’s Department of Physics, the legal basis of processing is that it is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the University. In particular, the website facilitates the support of the Department’s work, such as the promotion and support of the work, actions and initiatives of the faculty and student community.
The processing of data, collected in special log-files during website visits, is carried out on the same aforementioned legal basis, as we aim to ensure the required, by law, level of security of our networks, information and services from any accidental events, illegal or malicious actions, which may put at risk the availability, authenticity, integrity and confidentiality of the stored or transmitted data.
5. Who has access to your personal data?
Access to your personal data, as published on the University’s website, is provided to visitors and the strictly necessary, in each case, personnel of the University, who has received the required information regarding the safe processing of your personal data.
Moreover, companies that cooperate with the University, and act as data processors at the latter’s behalf- such as our webservice provider-, may have access to your personal data when a specific processing has been assigned to them by the University. The processing of personal data by the processors is made under the explicit instructions of the University and after it is guaranteed that all the necessary technical and organizational measures for the protection of your personal data are in place.
Third parties who may also have access to personal data are other official government and supervising bodies a) when such transfer is necessary in order for the University to comply with legal or regulatory obligations, b) when the transfer is necessary for public interest purposes and the receiving party is a competent public body, and c) for the establishment, exercise, or support of legal claims.
6. Transfer of personal data outside the EEA
Personal data, collected through the website, are not transferred outside the European Economic Area (EEA).
In case a future transfer to a third country or international organization is required, always within the context of the University’s performance of duties as well as for purposes of complying with legal obligations or supporting claims, such transfer shall be performed in compliance with the GDPR’s provisions regarding data transfers outside the EEA.
Furthermore, all concerned parties shall be informed prior to such transfer on behalf of the University, in accordance with any applicable provisions.
7. Do we use automated decision making / including profiling when processing personal data?
The University website does not make decisions, including profiling, based on automated processing of your data.
8. The retention period of your personal data
Personal data is kept only for the reasonable period of time required by the nature of the data processing and only for as long as is required to achieve this purpose, unless it is otherwise required by law.
9. Safety of your personal data
We commit to safeguard your personal data by taking all the appropriate organizational and technical measures to secure and protect them from any form of accidental or fraudulent processing. Please note that our authorized staff, who process your personal data, has also received appropriate guidance and information regarding safety and security of your data.
The measures taken are reviewed and amended regularly or when deemed necessary based on new needs and technological developments.
10. Link to other websites
Any connection of this website with another third-party website, through special links or hyperlinks (banners, etc.), does not imply any liability on behalf of the University for the content of such websites, the quality of any products or services presented to it or its policy regarding the protection of personal data. We encourage each visitor to pay the necessary attention and be informed in regards to the protection and processing of his/her personal data from the above websites by reading their respective data protection policies.
In the possible event of visitors led to a website of another Department of the administrative or the organizational structure of our University while following relevant hyperlinks of the website, they are strongly recommended to be informed about the Policy of such website and its respective Cookies Policy. Some of the cookies that are installed due to the visitors’ access to these websites, may follow them when browsing this website, and therefore they are advised to always ensure that they have been informed in advance about the cookies use and that their consent has been provided, where required, at the time of the cookies installation.
11. Your rights as data subjects
As the data subjects you have the following rights:
- The right of access to your personal data.
This means that visitors have the right to be informed by the University if their data are processed. If they are, visitors can request to be informed about the purpose of the processing, the type of data being processed, the data recipients, for the retention periods, whether automated decisions are being made, as well as their other rights, such as the right to rectification, erasure, restriction of processing and to lodge a complaint before the Data Protection Authority.
- The right to rectify your inaccurate personal data.
If the event of errors found in personal data, you can request the rectification of your inaccurate personal data (correct a wrong or previous phone number/address etc.)
- The right to erase your information / The right to be forgotten.
You may request the university to delete your personal data, if they are no longer necessary for the aforementioned processing purposes, or to withdraw your consent, in case this is the only lawful basis of processing. It is noted that the right of erasure cannot be fully satisfied in cases where the continuous storage and processing of personal data is necessary for the smooth operation of the University and the performance of its mission, responsibilities, and tasks, which are carried out in the public interest.
- The right to restrict the processing of your personal data.
You can ask from us to restrict the processing of your personal data for as long as the examination of a request based on your right to object objections is pending.
- The right to object to the processing of your personal data.
You may object to the processing of your personal data in case we process them on the legal basis of the public interest execution, and you consider that you have legitimate interests which prevail over the public interest pursued. In that case, we shall no longer process your personal data, unless we have compelling legitimate grounds for the processing which override your rights.
12. How can you exercise your rights?
If you wish to receive further information regarding the processing of personal data or to exercise any of the above rights, you may contact the Data Protection Officer of the University at: firstname.lastname@example.org, or send a letter to the mentioned above address (Argonafton & Filellinon, PC 382 21, Volos), mentioning “To the attention of the Data Protection Officer”, with a description of your request and we will make sure to examine it and reply as soon as possible.
We will reply to your request within (1) one month after receiving it and without any cost for you. The above time-period may be extended for two (2) additional months, due to the complexity or the number of requests, in which case you will be informed of the extension and the reasons for it as soon as possible and no later than one month after receiving your request.
In cases where the request is considered unfounded, excessive or recurring, the University may either refuse to process it or request a reasonable fee for its processing, taking into account the administrative costs of providing the information or performing the requested action.
In case: a) you consider that your request was not sufficiently and legally satisfied or b) you consider that the right to protection of your personal data is violated by any of our processing activities, you have the right to file a complaint to the Hellenic Data Protection Authority (postal address / Kifissias 1-3, 115 23, Athens, tel. 210. 6475600, (e-mail: email@example.com).
13. Change of our Policy
We will update this Policy whenever necessary. If there are any significant changes to the Policy or the way we use your personal data, we will notify you either by posting those changes on a visible place to our website before the changes come into force or by any other appropriate means. We encourage you to read this Policy regularly in order to be informed on the way your personal data is protected. The last revision of this website policy took place on 10/02/21.