Our Commitment

The National Centre for Scientific Research “Demokritos” (hereinafter “NCSR Demokritos”) is committed to making the protection of your privacy a top priority. This privacy policy aims to keep you informed about the processing of your personal data and your rights under Regulation (EU) 679/2016 (General Data Protection Regulation) and Law 4624/2019. In NCSR Demokritos we enhance the protection of your data by means of technical measures and internal procedures as well as physical measures protecting personal data.

Useful definitions

For you convenience, we use the following terms and abbreviations that have the corresponding meaning. 1. GDPR: Regulation (EU) 679/2016 (General Data Protection Regulation). 2. “Personal data”: Any information relating to a natural person (“data subject”) who can be directly or indirectly identified (e.g. name, id card number, tax id number, house address, telephone numbers, age, sex, physical characteristics, family status, profession, interests etc.). 3. “Special categories of personal data” or “sensitive data”: Subcategory of personal data that relates specifically to the core of an individual’s personality and require particular protection, such as data concerning the health, sexual life or sexual orientation of a data subject as well as data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership. 4. “Processing”: The collection or use of personal data by any means, such as storage, disclosure to third parties, erasure etc. 5. “Controller”: The natural or legal person, public authority or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. In this case, the controller is the National Centre for Scientific Research “Demokritos”.

Purposes and legal bases for the processing

NCSR Demokritos is a public entity pursuant to the Greek data protection legislation (Law 4624/2019) and therefore, as a general rule it processes personal data to the extent necessary for the performance of tasks carried out in the public interest or in the exercise of official authority, pursuant to article 6.1.e GDPR and article 5 of Law 4624/2019. In this context, NCSR Demokritos carries out processing activities that are required for its internal, administrative operations as well as for the fulfillment of its mission to promote scientific and technological research, the development of technology and the formation of a new research workforce for the benefit of the Greek Economy and Society. Below we provide you with concise information about the principal reasons regarding which you may get in touch with us as a data subject and about the data processing that we undertake in each of such cases, within the context of the aforementioned mission of NCSR Demokritos. Please note that for reasons of brevity and better understanding of this policy, we do not include specific and detailed information about all processing activities, considering that we inform separately each category of data subjects, pursuant to the provisions of the GDPR and Law 4624/2019.

A) Scholarship programmes NCSR Demokritos plans and implements, alone or jointly with other entities of the public and/or the private sector, several important academic and industrial scholarship programmes. In this context, we collect and generally process different categories of personal data, such as identification, information included in CVs, scholarship deliverables etc., that are necessary for the evaluation of candidates, the monitoring of the progress of scholars and the payment of scholarships, as detailed in the respective calls for application, the scholarship contracts and the applicable law. Such processing is founded on the legal basis of article 6.1.e GDPR and article 5 Law 4624/2019 as it is necessary for the performance of tasks carried out in the public interest, relating mainly to the meritocratic selection and support provided to scholars, on the basis of clear and predefined quality criteria, to the benefit of the Greek economy and society.

B) Education programmes NCSR Demokritos provides quality education and support in various subjects related to physical science and technology, including the completion of theses for graduate, postgraduate and doctoral degrees, postdoctoral research, the organization and supervision of student internships of all university cycles as well as other activities concerning the education community and citizens in general. As regards the education programmes for students and researchers, we process the personal data that are necessary for the performance of the relevant task carried out by NCSR Demokritos in the public interest and especially for ensuring high quality educational services (article 6.1.e GDPR and article 5 Law 4624/2019) including identification and contact data, data referred in certificates issued by universities or research centers regarding students and researchers respectively, social security data as well as any other information required for a specific purpose, e.g. registration of participants for the Ion Beam Accelerator. Furthermore, regarding other actions, such as “Cadet Researchers”, “Summer Schools”, conferences, seminars and “Open Doors” events concerning the general public, data processing is founded typically on the legal basis of article 6.1.a GDPR i.e. following “consent” by the data subject or -in case of minors-by their guardians, and includes identification and contact information as well as other data required for specific activities, such as the contestants’ written exams and grades for the “Cadet Researchers” programme.

C) “Lefkippos” Technology Park “Lefkippos” is a unit of NCSR Demokritos aiming to accommodate and offer support services to start-ups and spin-offs in order to facilitate innovation as well as the commercial exploitation of intellectual property and scientific knowledge. In order to be admitted in Lefkippos, interested companies file an application that is evaluated by NCSR Demokritos. Such evaluation requires processing of personal data relating to the companies’ associates and legal representatives (identification, data included in CVs etc.) and, if the application is accepted, NCSR Demokritos processes additional data that are necessary for their installation and operation in Lefkippos (e.g. employees’ identification and cars’ plate numbers for the issuance of the respective entrance permits). In this case, two legal bases are applicable for the data processing i.e. the conclusion and performance of the relevant lease agreements pursuant to article 6.1.b GDPR and on the other hand, the performance of a task carried out in the public interest pursuant to article 6.1.e GDPR and article 5 Law 4624/2019, concerning mainly the meritocratic selection of the companies that fulfill the acceptance criteria for the Technology Park as well as the protection of NCSR Dimokritos’ property as well as the persons and goods being on its premises.

D) Research and examinations NCSR Demokritos aims mainly at the promotion of scientific and technological research and conducts through its Institutes basic, translational and applied research in a broad range of scientific fields. Those research activities occasionally require the processing of personal data, including sensitive data concerning health, such as medical records, blood and tissue samples etc. In these cases, data processing is based on prior consent by the research subjects i.e. on the legal basis of article 6.1.a GDPR as far as simple data are concerned (identification, contact data etc.) and the “explicit consent” of article 9.2.a GDPR, concerning sensitive data. For this purpose, NCSR Demokritos first provides written and detailed information regarding data processing, in order for data subjects to be able to decide consciously whether they wish to provide their data for the purposes of a specific research or examination.

E) Contractors of NCSR Demokritos NCSR Demokritos processes personal data relating to individual businesses or contractors which provide services or goods and specifically their professional data (name, business address, tax id number), contact details, payment data (bank account number etc.) as well as information about transactions. The purpose for the collection and processing of such personal data is to carry out payments, communication, to issue tax documentation as well as to complete and submit the necessary tax returns. The legal basis for this data processing is article 6.1.c GDPR, that entitles NCSR Demokritos to process personal data when this is necessary for compliance with legal obligations pursuant to the applicable tax legislation.

Data retention

Personal data are kept in a form that permits identification of data subjects only for as long as necessary for the purposes for which the personal data are processed, taking also into account the legislation regarding clearance of public records. Exceptionally, NCSR Demokritos may store personal data for longer periods insofar as such personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures in order to safeguard the rights and freedoms of the data subject.

Recipients of personal data

Data processing is limited within NCSR Demokritos and the personal data are available only to authorized personnel. Personal data may be disclosed to third parties only insofar as such disclosure is necessary for the fulfillment of the purpose for which the data were collected, provided that there is a legal obligation or a cooperation agreement or, on an exceptional basis, with prior petition/consent by the data subject. Such third party recipients include:

1. Ministries (Managing Authorities), Supervisory Authorities, Social Security Organizations, other Public Services.

2. Courts and public prosecutors in case of legal claims or criminal offenses.

3. “Single Payment Authority”, General Accounting Office, auditors, banks, financial institutions.

4. European and international organizations (e.g. in the context of European and international research programmes). In case of data transfers to international organizations or recipients in third countries, NCSR Demokritos takes all legal measures for the protection of data (“mechanisms”) and ensures that the third countries provide an adequate level of protection pursuant to an adequacy decision of the European Commission or that the transfer is subject to appropriate safeguards pursuant to articles 46 ff. GDPR (e.g. standard contractual clauses, binding corporate rules, additional technical and organisational security measures).

5. Independent contractors committed to confidentiality, to whom we transfer the data necessary for the implementation of a project that we have assigned to them (e.g. providers of IT services).

Your rights

In case NCSR Demokritos holds data that are related to you, you may at anytime exercise the following rights on the conditions provided by the Greek and European legislation, by means of an email to support@egov.demokritos.gr:

1. Right of access i.e. to obtain confirmation as to whether or not personal data which concern you are being processed, and, if so, get specific information regarding such processing or a copy of the personal data;

2. Right to rectification i.e. to ask us to rectify or to complete incomplete personal data. This right may not be exercised in case such rectification would materially obstruct the fulfillment of (a) archiving purposes in the public interest, pursuant to article 29 Law 4624/2019 and (b) scientific, historical or statistical research pursuant to paragraph 2 of article 30 Law 4624/2019.

3. Right to erasure on the grounds provided in article 17 GDPR. This right is subject to restrictions in case processing is carried out for the performance of a task carried out in the public interest or in the exercise of official authority.

4. “Right to restriction of processing” of your data in specific cases.

5. “Right to object” i.e. to invoke particular reasons so that we no longer process your data.

6. Right to withdraw at any time your consent for the processing of your personal data.

7. Right to data portability i.e. to receive your personal data in a structured, commonly used and machine-readable format or to have them transmitted directly to another controller, where technically feasible. The right to portability may be satisfied if processing is based on consent or on a contract and is carried out by automated means. It should be noted that the right of access, the right to rectification, the right to restriction of processing and the right to object can be restricted, in so far as such rights are likely to render impossible or seriously impair the achievement of scientific or historical research purposes or statistical purposes, provided that such restrictions are necessary for the fulfilment of those purposes. On the same grounds, the right of access does not apply if the personal data are necessary for scientific purposes and the provision of information would involve a disproportionate effort (article 30 para. 2 Law 4624/2016). Moreover, if you think your data protection rights have been breached in any way, you have the right to lodge a complaint with the Greek Data Protection Authority (www. dpa.gr).

Updates

This policy will be updated when deemed necessary in order to enhance the protection of your personal data and the safeguarding of your rights. Therefore, please refer to the revision date at the end of this policy.

Contact details of NCSR Demokritos

In case you have any queries with regard to the processing of your personal data, you may contact support@egov.demokritos.gr (tel.: +30 2106503410). Last revision: July 2023.