This Policy was updated on 05/10/2020
Purpose of this policy
The protection of your personal data is very important to the City of Thessaloniki. This policy aims at informing you about the information collection practices of the City of Thessaloniki, including the categories of data it may collect, retain and process, the purpose of their collection, the categories of persons to whom the data are communicated and your rights. The City of Thessaloniki makes every possible effort to protect your personal data, on the condition that the personal data you have provided are true and accurate.
It also outlines certain security measures taken by the City of Thessaloniki in order to protect data confidentiality and provides certain guarantees for actions the City of Thessaloniki will not take.
Legal and regulatory framework
In the context of the obligation of all state services to operate an e-governance website (Law 3979/2011, Gov. Gazette, Series I, Issue 138), the City of Thessaloniki, a Category A Local Government Authority, seated at 1, Vas. Georgiou Avenue, GR-54640, Thessaloniki, collects and processes the personal data that concern you in order to exercise its powers and perform its legal obligations. For the purposes hereof, the City of Thessaloniki shall be referred to as the “Controller” within the meaning of Article 7(4) of the General Data Protection Regulation.
The management and protection of the personal data of visitors to the website https://e-dimitria.gr and other webpages related thereto and managed by the City of Thessaloniki (sub-pages) are subject to these terms, as well as the relevant provisions of European Regulation 2016/679 on the Protection of Personal Data (GDPR). These terms are formulated in view of the rapid development of technology, and particularly
the Internet, as well as the existing set of legal regulations relating to these issues. The website https://e-dimitria.gr and the related webpages of the City of Thessaloniki shall not make any unlawful use without your prior approval, in conformity with the principles of personal data protection laid down in the relevant laws and international conventions. The website https://e-dimitria.gr and the related webpages of the City of Thessaloniki shall in no way disclose, make public or exchange the personal data and information you provide, and do not distribute personal data and information of their users to any other organisation or partner not associated with them, e-mail address or, generally, any other information that concerns their users.
What kind of data does the City of Thessaloniki collect through its main website and its related webpages?
We collect the following personal data:
Identification Data: Name, Surname, Father’s name, Mother’s name, Username, Identity card number (ADT), Tax identification number (AFM), Social security number (AMKA), Date of birth, Place of birth.
Contact Data: Postal address, E-mail address, Mobile telephone number.
Data found in attached documents or supporting documents that are necessary for the submission of an application.
Data that concern third parties, e.g. date of death, place of death, etc.
Audiovisual material: Photographs and videos of events
We do not collect or acquire any type of access, via the website, to special categories of (“sensitive”) personal data or data that concern criminal convictions and offences of data subjects. Visiting the website of the City of Thessaloniki (https://thessaloniki.gr) and its related webpages does not absolutely require the provision of any type of personal data on your part. However, in several cases, it is necessary for you to provide specific personal data indicated in the corresponding data entry fields on the website https://thessaloniki.gr and its related webpages.
Collection and purposes of use of personal data
This Policy provides information on the manner and process personal data are collected by https://thessaloniki.gr and the City’s webpages related thereto, stating each category of data that may be collected, stored and processed during exchanges and communication with you, the purpose of collection-storage-processing, the categories of persons the information concerns, and the third parties to whom the data may be disclosed and the rights that natural persons enjoy as data subjects.
The City of makes every possible effort to protect personal data, on the condition that the data you have provided are true and accurate. Moreover, this Policy outlines, to the greatest extent possible, the security measures taken to protect the confidentiality of your personal data and provides examples of guarantees for activities and actions from which the City will abstain. The City collects personal or non-personal data from you for the following purposes:
Improvements and adjustments to the website: The City of Thessaloniki will use this information solely for the reasons for which they were collected and in order to provide you with information. It will also use this information in order to adapt the content of the website to your needs and to improve its compositions, changes and dynamism.
Legal use: The City of Thessaloniki may collect, store, disclose and, generally, process your personal data when this is required by the Personal Data Protection Regulation and/or the law or when necessary in order to protect or defend its interests and your interests.
Provision of online services through user authentication processes: The City of Thessaloniki will use this information to process your electronic application and will forward it to the competent Services/Departments of the City for the purpose of issuance of digital or handwritten certificates.
Communication with Citizens: The City of Thessaloniki will use this information in the context of communicating with Citizens using any means (including post, e-mail, telephone, etc.), to help us manage affairs and communicate with you in order to improve the management of the services that were, are being or will be provided by the City of Thessaloniki.
Filing of complaints: in order to process reports/complaints, whether or not in the context of the ‘Citizen Supporter’ institution.
Provision of ‘e-pay’ electronic payment services: The City of Thessaloniki will use this information in the context of payment of users’ debts to the City.
Volunteerism: The City of Thessaloniki will use this information in the context of contacting natural persons who have expressed an interest in volunteer actions.
Applications for issuance of a permanent resident card: The City of Thessaloniki will use this information for the processing of the aforesaid applications. The personal data provided by users of services of parking rights provided by THESi are processed solely and exclusively for the provision the services being offered. These include use of contact details in order to resolve any questions and queries arising in the use of the services by the THESi support team, as well as contact for the provision of information on the services being offered and related services.
Applications for the ‘THESi’ controlled parking system: The City of Thessaloniki will use this information for the processing of the aforesaid applications. The personal data provided by users of services of parking rights provided by THESi are processed solely and exclusively for the provision the services being offered. These include use of contact details in order to resolve any questions and queries arising in the use of the services by the THESi support team, as well as contact for the provision of information on the services being offered and related services.
The ‘Improving our City’ service: The City of Thessaloniki will use this information in order to process request or examine your complaints or reports; for this purpose, it may forward this information to the competent Services/Departments of the City or other State Bodies, Competent Authorities or Service Providers it collaborates with in order to respond to your requests, or to natural or legal persons to whom processing has been assigned, on the condition that we notify you in advance and obtain your prior consent, where this is required and necessary.
For the digital citizen services platform:
The City of Thessaloniki will use this information for the processing of the aforesaid applications. Following identification/authentication of users via the unique taxisnet codes (Independent Authority for Public Revenue – AADE), the data necessary to file an application for issuance of a certificate shall be collected; subsequently, in order to receive the digital certificates, users shall log back into the platform, using their personal taxisnet codes, and visit their digital inbox to download the digital documents and certificates requested to their personal computers. This certificate can be found in the user’s inbox for a period of 3 months after its issuance, ready to be printed and collected.
For registration as a user on the ‘DIMITRIA’ website
The City of Thessaloniki will use this information in the context of communicating with Citizens using any means (including post, e-mail, telephone, etc.), to help us manage affairs and communicate with you in order to improve the management of the services that were, are being or will be provided by the City of Thessaloniki and, naturally, following your express and clear consent, where required.
The website https://thessaloniki.gr and City webpages related thereto shall store your personal data solely for the time required to provide a service you requested or approved, without prejudice to any legal provisions to the contrary, as is the case with issues governed the applicable legislation from time to time, the various applicable provisions, etc.
Your data shall be erased on a case-by-case basis and always in accordance with the provisions laid down in the applicable legislation.
Forwarding of Personal Data to third parties
The City of Thessaloniki shall not forward personal data to third parties, save where this is required for legitimate purposes, in order to respond to your requests, where this is required or permitted by law, or if you have expressly granted your consent to the forwarding of your data to third parties, associates and partners of the City of Thessaloniki for the purpose of your notification with regard to surveys, events and actions. In any event, access to your personal data is permitted solely to authorised persons who must have access in order to enable the fulfilment of the purposes of the collection, use and processing of the personal data, as disclosed herein.
In certain cases, the City of Thessaloniki may share your personal data with other State Bodies, Competent Authorities or Service Providers it collaborates with in order to respond to your requests, or to natural or legal persons to whom processing has been assigned, on the condition that we notify you in advance and obtain your prior consent, where this is required and necessary. The persons with access to these data are obligated to keep them confidential, and the City of Thessaloniki will take all measures to ensure they are bound for this purpose.
Cookies are small text files that are transferred via the Internet to the hard drive of your computer and permit access to websites such as https://thessaloniki.gr, permitting them to operate seamlessly and without technical errors, collecting users’ multiple choices, recognising frequent users and facilitating their access to the website. Through the aforesaid cookies, we can offer you services such as those indicated above.
What if you do not wish to accept cookies? If you do not wish to accept cookies, your computer can be set to alert you each time a cookie is sent to it, or you can disable the download of all cookies by your Internet browser. (Check the Help menu of your browser to learn how you can change or correctly update your cookies settings).
Nevertheless, you must be aware that if you chose to block cookies from being stored on your hard drive, you will be unable to user certain services of the website. Cookies do not harm users’ computers or the files stored thereon.
What are webbeacons and how does the City use them? Some of the webpages and e-mail newsletters of the City of Thessaloniki may contain electronic images called webbeacons, also known as one-pixel GIF files, pure GIF files or pixel tags. Their use on websites allows the counting of visitors who have accessed the pages of the City of Thessaloniki. Their use in our e-mail responses and newsletters allows us to measure how many registered users have read the material we are sending. Webbeacons allow us to develop statistical information about the activities and functions that are most interesting to our visitors/users in order to provide more personalised material. They are not used to access personal information without your consent.
How safe are your data?
The City of Thessaloniki endeavours to apply strict security and control measures for the protection of your personal data, in order to ensure compliance with all applicable legal requirements.
The City of Thessaloniki employs security measures at a technical and organisational level aiming at the security of the data collected from you against any intentional or unintentional attempt, handling, loss, destruction and, generally speaking, access to them by unauthorised individuals. These security measures undergo continuous controls and updates in accordance with the latest technological developments.
Access to your personal data is limited solely to employees authorised for this purpose, so that they may provide you with the above services by accessing these data.
Physical, electronic and procedural safeguards, harmonised with personal data protection regulations, have been activated.
The City of Thessaloniki takes every precaution possible to keep your personal data safe. However, due to the nature of the Internet, DIMERA GROUP cannot guarantee the protection of communications or the data stored in its browsers from any unauthorised access by third parties.
If you contact the City of Thessaloniki via the Internet, then we may occasionally use e-mail to contact you regarding our services, if you have provided your e-mail address voluntarily.
Please be aware that communications over the Internet, including but not limited to e-mail messages, are not secure unless they have been encrypted.
The City of Thessaloniki shall bear no liability whatsoever for any unauthorised access or loss of your personal information that is beyond its control.
Contact through the website platform: Should users contact us through the contact form or any other manner, they provide personal data voluntarily and exclusively of their own free will. We will process the personal data in question solely to the extent that it is necessary for the specific purpose.
Social Networking Sites: Our Website may offer the possibility to share items on Social Networks and other related tools that allow you to share your actions on the Website to other applications, websites or mass media, and vice versa. The use of such features allows the exchange of information with your friends or the public in general, depending on the settings you have set on your personal profile. Please consult the privacy policies of these social networking services for further information on how they handle your data.
Special Categories of Data: We ask that you do not send us sensitive personal data via e-mail or disclose such data through the contact platform. The processing of personal data of this category does not serve the processing purpose set forth above in any event.
Monitoring of communication
No communication between you and the City of Thessaloniki (including telephone conversations, e-mail exchanges, etc.) is monitored or recorded.
Information on the processing of Personal Data via a video surveillance system
- Controller Details
The Category A Legal Person governed by Public Law (NPDD) – Local Government Authority (OTA) under the name ‘City of Thessaloniki, with registered offices in Thessaloniki (at 1, Vas. Georgiou Avenue – GR-54640, tel.: 231331-7777), e-mail: [email protected]
- Processing purpose and legal basis
We use a surveillance system for the purpose of protecting persons and goods. The processing is necessary for purposes of legitimate interests that we pursue as a controller (GDPR, Article 6(1)(f)).
- Analysis of legitimate interests
Our legitimate interest consists in the need to protect our premises and the goods found in them from illegal acts, including, for example, theft. The same applies to the safety of the lives, physical integrity, health and assets of our staff and third parties legitimately found in the area under surveillance. We only collect image data and limit reception to places where it has been assessed that there is an increased likelihood of illegal acts (e.g. theft or vandalism) being committed, such as in the Entrances of City Buildings (City Hall), around the Foyer of City Hall, Stairwells, in front of the entrance to the Mayor’s Office and the Cashier’s Desk, without focusing on places where the privacy of the persons whose image is being recorded may be excessively restricted, including their right to respect for their personal data.
The material collected is accessible only by our competent/authorised personnel charged with security of the premises. This material shall not be transmitted to third parties, save in the following cases: a) to the competent judicial, prosecution and police authorities when it includes information necessary to investigate a criminal act involving persons or goods relating to the controller; b) to the competent judicial, prosecution and police authorities when legitimately requesting data in the performance of their duties; and c) to the victim or the perpetrator of a criminal offence, in cases of data which may constitute evidence of the act.
- Retention period
We retain the data for fifteen (15) days, after which period the data are automatically deleted. If an incident comes to our attention during this period, we will isolate part of the video and retain it for one (1) further month, for the purpose of investigating the incident and institute legal proceedings to protect our legitimate interests; if the incident concerns a third party, we will retain the video for a further period of up to (3) months.
- Rights of data subjects
Data subjects have the following rights:
- Right of access: You have the right to be informed whether we process your image and, if so, to receive a copy of it.
- Right to restrict processing: You have the right to request that we restrict processing, such as, for example, not to delete data which you consider necessary to establish, exercise or defend legal claims.
- Right to object: You have the right to object to processing.
- Right to erasure: You have the right to request the erasure of your data.
You can exercise your rights by sending an e-mail to [email protected] or a letter to our postal address or by filing a request in person at our premises. In order for us to examine a request related to your image, you will need to advise us approximately when you were within reach of our cameras and provide us with an image of yours to enable us to locate your data and withhold the data which portray third parties. Alternatively, you may visit our premises in order for us to display the images in which you appear. Please note that the exercise of your right to object or right to erasure does not entail the immediate deletion of your data or the modification of the processing. In any event we will respond in detail as soon as possible, within the time limits set forth in the GDPR.
What are your rights?
Under the Personal Data Protection Regulation [EU General Data Protection Regulation (GDPR) 2016/679], as in force, you have the following rights:
- a) the right to access;
- b) the right to rectification;
- c) the right to erasure, under certain conditions, such as when processing is no longer necessary for the purpose for which the data were initially collected and there is no imperative reason to continue processing (or storing) your information;
- d) the right to restriction of processing;
- e) the right to data transmission;
- f) the right to object and the right not to be subject to a decision based solely on automated processing, including profiling;
- g) the right to lodge a complaint with a supervisory authority.
To view the above documents, click here.
In other words, you have the right to receive, upon request, free information on the personal data we have stored that concern you, to object, upon request, to the processing of data that concern you, valid thenceforth, and to withdraw your consent, and, in accordance with the applicable provisions, the right to rectification, restriction of processing, data transmission, erasure of the data in question and the right to lodge a complaint with a supervisory authority.
In such cases, please contact the competent Personal Data Protection Department of the City listed below in writing via original letter or fax or e-mail.
Revisions to the Policy
The City of Thessaloniki reserves the right to modify or revise this Policy periodically, at its unfettered discretion. Where changes occur, the City of Thessaloniki shall record the data of modification or revision herein and the updated Policy shall apply to you as of that date. We encourage you to periodically review this Policy in order to examine whether the way we process your personal data has changed.
Applicable law and Jurisdiction
With regard to any dispute arising between users and the City of Thessaloniki, Greek law shall be the applicable law, and the courts of the Prefecture of Thessaloniki shall have jurisdiction ratione materiae over the dispute.
If you have questions or recommendations concerning this Policy, please contact the above address and telephone number. Constant Internet developments in general necessitate the adaptation of our rules concerning the protection of online data from time to time. The City of Thessaloniki reserves the right to make any recommended changes to these rules at any time.
Right to lodge a complaint
Should you believe that the processing of your data infringes Regulation (EU) 2016/679, you have the right to lodge a complaint with the supervisory authority. The competent supervisory authority for Greece is the Hellenic Data Protection Authority, 1-3, Kifisias Street, GR-11523, Athens, https://www.dpa.gr/, tel.: 2106475600.