Salta al contenuto principale

Informativa sulla privacy

1. INTRODUCTION

This policy concerns the company with the name “NEA METROPOLITIKI ATTIKI S.A. – LOCAL DEVELOPMENT ORGANIZATION” and the distinctive title “NEA METROPOLITIKI S.A.”, hereinafter referred to as the “Company”. NEA METROPOLITIKI ATTIKI is committed to protecting the personal information collected when you use our website and other services. This Privacy Policy sets out the Company’s commitment to protecting personal data and how this commitment applies to the collection, use, transmission and retention of such data. This policy aims to inform you about the personal data we collect and process during our operation and our general communication with you. This applies when we determine the purposes and means of processing, acting therefore as a data controller.

As part of its activities, the Company has undertaken the implementation of the initiative called "Hellenic Cosmos Center". The initiative consists of the creation and operation of an electronic platform, which aims to present and connect cultural institutions, organizations and groups that promote and highlight the culture and heritage of the Ancient Greek World.

The platform was launched with the participation of entities from Greece and Italy and is intended to expand to other countries with common historical and cultural roots. Through the platform, the parties involved have the opportunity to present their work, exchange information and develop collaborations of a cultural, social or touristic nature.

The listing of the parties involved is based solely on publicly available online sources and is illustrative in nature, without implying an evaluation or control by the Company. The presentation and inclusion of an entity or group is made exclusively upon the express consent of the same, who retain full rights over their data, including the right to modify or delete their account from the platform.

The platform is not for profit or advertising purposes. The Company does not intervene in any collaborations or transactions between the parties involved and bears no responsibility for their solvency, reliability or activity. Any collaboration that arises is carried out solely under the responsibility of the parties that undertake it.

Our full details are:

NEA MITROPOLITIKI ATTIKI S.A. - LOCAL GOVERNMENT DEVELOPMENT ORGANIZATION
Email address: info@developattica.gr
Postal address: 236 Syggrou Ave., 176 72 Kallithea Attica, Greece
Contact Tel: 210 9213945 – 946

2. Personal Data Concepts / Definitions

For the purposes of this document, the following terms are understood as follows:

  • "Personal data" : any information relating to an identified or identifiable natural person ("data subject"), an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.
  • "Special categories of personal data": personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, as well as the processing of genetic data, biometric data for the purpose of unambiguously identifying a person, data concerning health or data concerning a natural person's sex life or sexual orientation.
  • "Processing": any operation or set of operations which is performed upon personal data or upon sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
  • "Anonymization": the processing of personal data in such a way that the data can no longer be attributed to a specific data subject.
  • "Pseudomonisation": the processing of personal data in such a way that the data can no longer be identified.are attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that it cannot be attributed to an identified or identifiable natural person.
  • "Controller": the natural or legal person, public authority, agency or other body which - alone or jointly with others - determines the purposes and means of the processing of personal data, where the purposes and means of such processing are determined by Union law or Member State law, the controller or the specific criteria for his appointment may be provided for by Union law or Member State law.
  • "Processor" : the natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller. "Consent" of the data subject: any freely given, specific, explicit and informed indication of his or her wishes by which the data subject, by a statement or by a clear affirmative action, signifies agreement to personal data concerning him or her being processed.
  • "Personal data breach": a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of or access to personal data transmitted, stored or otherwise processed.
  • "Data concerning health": personal data relating to the physical or mental health of a natural person, including the provision of healthcare services, and which reveal information about their health status.
  • "Existing legislation": The provisions of Greek, EU or other legislation to which the COMPANY is subject and which define personal data protection issues, such as: Law 2472/1997 on the protection of individuals with regard to the processing of personal data, Law 3471/2006 on the protection of personal data and privacy in the electronic communications sector and amendment of Law 2472/1997, Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on the protection of privacy in the electronic communications sector) electronic communications) as amended, Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, GDPR) and any implementing laws.

3. General Principles of Personal Data Processing

When the Company processes personal data, it ensures that:

  • To have collected and processed this data legally, pursuant to the provisions of existing legislation and the conditions it sets.
  • To process personal data only for specified, explicit and legitimate purposes.
  • To take appropriate technical and organizational measures so that personal data are processed in a manner that guarantees appropriate security of personal data, including their protection against unauthorized or unlawful processing and accidental loss, destruction or damage. In addition, to periodically review the adequacy and effectiveness of these measures.
  • To make the necessary efforts to ensure that the personal data it maintains and processes is always accurate and up to date.
  • Not to retain the personal data it collects for a longer period than is required by the purposes for which they were collected and processed. However, it is possible to retain them for a longer period if the processing of such data is necessary:
    • I. for compliance with a legal obligation that requires processing based on a legal provision,
    • II. for the performance of a duty carried out in the public interest,
    • III. within the framework of the COMPANY's legitimate activities and provided that the processing concerns employees or persons who have regular communication with it in relation to its purposes and that personal data are not disclosed to third parties without the consent of the data subjects,
    • IV. for archiving purposes in the public interest, or for scientific or historical research purposes, or for statistical purposes,
    • V. for the establishment, exercise or support of legal claims. 

4. Processing purposes 

The COMPANY, within the framework of its activities, may collect personal data of its employees, as well as its associates in general, as well as of natural persons with whom it transacts within the framework of its responsibilities. These persons may be external associates, owners of sole proprietorships, legal or other representatives of legal entities, as well as employees or third parties, but also generally associates of those with whom the COMPANY transacts.

In principle, the COMPANY may collect and process personal data for the following purposes:

  1. In order to meet the obligations imposed on it by law, as well as the provisions of its statutes for its purposes and actions, such as:
    • Scientific and advisory support to bodies and organizations, such as the Region of Attica, local authorities, contracting authorities, and other public and private bodies.
    • Support for the development policy of the Attica Region, including infrastructure projects and environmental actions.
    • Promoting sustainable development with an emphasis on energy efficiency, environmental protection and the use of Renewable Energy Sources (RES).
    • Actions to attract investment for RES projects and improve energy efficiency.
    • Development of sustainable urban mobility, including low-emission transport systems and applications of new technologies.
    • Integrated Spatial Investments (ISTI) and development policy strategies at local and regional level.
    • Implementation of CLLD/LEADER programs and claiming funding from European and international programs.
    • Implementation of projects that are consistent with the sustainable development goals of the UN 2030 Agenda.
    • Provision of digital convergence services and participation in digital convergence programs.
    • Support for tourism development and tourism marketing, promotion of cultural heritage and development of alternative tourism.
    • Execution and supervision of public projects and provision of technical support to local authorities.
    • Support for the rural economy and development of rural tourism activities and promotion of local products.
    • Scientific support for the utilization of public property and support for investment portfolios.
    • Encouraging sustainable entrepreneurship and supporting innovative and extroverted businesses.
    • Designing social policies and cohesion to support vulnerable groups and promote health and mental health.
    • Development of infrastructure to support entrepreneurship, including outdoor trade and digitalization actions.
    • Participation in program contracts and development of operational programs.
    • Creation of Portfolio Funds to utilize European financial instruments and support new businesses.
    • Organization of cultural, sporting and social events to promote society.
    • Carrying out any other related purpose consistent with the established laws and its statutes.
  2. In order to meet the obligations imposed on it by law, regarding its employees, suppliers and external partners.
  3. In order to be able to hire staff or even contract with external partners.
  4. In order to ensure its proper functioning within the framework of its statutes, purposes and existing legislation.
  5. In order to ensure the safety of its personnel, facilities and equipment.
  6. In order to legally enter into contracts and comply with the legal obligations they impose.
  7. In order to conduct research and studies within the framework of its statutory purposes.
  8. Within the framework of the "Hellenic Cosmos Center" initiative, the Company may process personal data and/or anonymized/statistical data for the following purposes:
    • Creation and management of accounts/profiles on the platform, with the aim of presenting the parties involved and their activities.
    • Display and publicize information related to the actions of organizations/groups, in order to make them known to the wider public and highlight cultural heritage.
    • Networking and interaction between registered parties, in order to promote communicationa, cooperation and joint development of initiatives.
    • Sending informational material and communicating with participants regarding the initiative, its actions and any technical or operational notifications of the platform.
    • Compliance with legal and regulatory obligations, including obligations arising from European and national data protection legislation.
    • Statistical analysis and extraction of anonymized data, with the aim of evaluating the impact and effectiveness of the initiative, without the possibility of identifying specific natural persons.
    • Ensuring the security and proper functioning of the platform, as well as preventing and/or investigating any incidents of malicious use.

5. Legal basis for processing data

The COMPANY processes your personal data transparently according to the principles of legality, proportionality, confidentiality and integrity, purpose limitation and accuracy, specific data retention time and data minimization.
The legal basis for processing your personal data in each case may be:

  • (a) your consent,
  • (b) the necessity of processing your data in the context of the performance of our contractual obligation,
  • (c) the necessity of processing your data in the context of compliance with our legal obligation,
  • (d) the necessity of processing your data in the context of safeguarding our legitimate interests.

The processing within the framework of the "Hellenic Cosmos Center" initiative is based on:

  • (a) the necessity of processing for the performance of a task carried out in the public interest or in the exercise of public authority (article 6 par. 1 sub-paragraph e) related to the promotion and promotion of cultural heritage, the networking of bodies and the facilitation of synergies, in accordance with the statutory purposes of the Company.
  • (b) the consent of the subjects when required.

6. What data is processed

With regard to the above purposes, the COMPANY may collect and process personal data, such as, but not limited to, the following:

Employees and/or external collaborators: full name, patronymic, maiden name, year of birth, place of birth, gender, citizenship, postal address, post office box, email address, contact telephone numbers, Identity Card Number (IDN), Tax Registration Number (AFM), Social Security Number, bank account number (IBAN), information regarding the employee/collaborator's family status, education and training, previous employment, CV.

Purposes - Legal Basis for Processing:
- Management of the employment relationship. The processing of data is necessary for the execution of the employment contract.
- Fulfillment of the COMPANY's employment obligations. The processing of data is necessary for the COMPANY to comply with a legal obligation.

Candidate employees: The COMPANY collects and processes data of candidate employees upon submission of a relevant application by the candidate for a vacant job position. In this case, the COMPANY collects and processes only the personal information necessary to assess the candidate's suitability for the specific job position (e.g. name, surname, contact details, education, work experience, etc.). This data is collected by submitting an application in any way, as well as through the CV attached by the candidate and documents attached to his application.

Purposes - Legal basis for processing: The collection of candidates' data is carried out for the purpose of:
-Evaluating the candidate's suitability for a specific job position. The lawful basis for processing is the legitimate interest of the COMPANY.
-The fulfillment of the candidate's application for any future job vacancies. The lawful basis for processing is the legitimate interest of the COMPANY.

Processing for transparency purposes: In the context of the transparency obligations arising from Law 3861/2010 ("Transparency Program"), the COMPANY may publish in the relevant information system decisions and contracts that include personal data. The publication concerns limited personal data of the data subject in compliance with the principle of proportionality (name, patronymic, maiden name, company headquarters, VAT number).

Purposes - Legal basis for processing: This processing is carried out in accordance with Article 6, paragraph 1, point c of the General Data Protection Regulation (GDPR), as it is necessary for compliance with with a legal obligation. The posting is carried out in accordance with the principle of data minimization (Article 5 GDPR), and personal data that is not necessary to achieve the purpose is hidden or omitted during the posting.

Contact details of persons: Persons who have regular communication with the COMPANY in relation to its purposes within the framework of its legitimate activities and contact data of persons who have expressed their desire and consent to receive updates from the COMPANY.

Purposes - Legal Basis for Processing:
-the necessity of processing data in the context of safeguarding the legitimate interests of the COMPANY.
-the consent of persons who wish to receive information from the COMPANY about its events and actions.

Special categories of personal data: The COMPANY may collect and process data belonging to special categories of personal data ("sensitive data"), such as data concerning the health of its employees, in order to meet its insurance obligations. Similarly, in exceptional cases, when required by applicable law and its statutes, the COMPANY may collect and process data such as a copy of a criminal record, a certificate of judicial solvency, tax information and insurance information in force, always respecting the principle of proportionality.

Purposes - Legal Basis for Processing: the necessity of processing data within the framework of the COMPANY's legal obligation.

Data collected by the COMPANY within the framework of the “Hellenic Cosmos Center” initiative through the website www.helleniccosmoscenter.gr as well as through hyperlinks that redirect to websites of the COMPANY

When browsing and using the website, the following is collected and processed:

Activity Processing Personal Data Purpose Legal Basis Retention Period Recipients
Create an Account/Registration of Entity/Group Full name/Surname, Username, Password, Email Address (email), Telephone Number (landline, mobile), Home/work address Registration on the website “Hellenic Cosmos Center” 1. The performance of a task carried out in the public interest or in the exercise of official authority [GDPR article 6 §1 (e) & Law. 4624/2019 article 5].
2. Consent – Article 6 par. 1 letter α’ GDPR & Article 11 par. 1 Law 3471/2 006		 Until the deletion of the organization/group from the Registry "NEA MITROPOLITIKI ATTIKI S.A. – LOCAL DEVELOPMENT ORGANIZATION"
Login to the platform Username, password Contact with registered organizations/
groups		 The performance of a task carried out in the public interest or in the exercise of official authority [GDPR article 6 §1 (e) & Law. 4624/2019 article 5]. Until the deletion of the organization/group from the Registry Processors

Data we collect automatically: When you use our Website, we also collect information automatically, some of which may be personal data. This includes information such as language settings, IP address, location, device settings, device operating system, activity data, time of use, redirect URL, status report, user information (information about browser version), operating system, browsing result, browsing history, the type of data you viewed. We may also collect data through cookies. For information about the use of cookies, click here.

7. Data Transmission

The COMPANY may transfer data to third parties (legal or natural persons) who act as processors, to support its operation (e.g. accounting support, technical support, payroll) but also to support its activities. On occasion, the COMPANY may process the above data both as a controller and as a processor on behalf of third parties. The COMPANY may transfer personal data to legal entities over which it exercises control.

It is also possible for the COMPANY to transmit the above data to third parties when this is provided for by existing legislation, in accordance with the guarantees provided for in existing legislation.

In the event that the transfer concerns a country withof the European Union (EU) or the European Economic Area (EEA), the COMPANY must check whether:

  • The Commission has issued a relevant adequacy decision for the third country to which the transfer will take place.
  • Appropriate guarantees are maintained in accordance with the Regulation for the transmission of this data.

Otherwise, the transfer to a third country is prohibited and the COMPANY cannot transfer personal data to it, unless one of the specific derogations provided for in the Regulation applies (e.g. explicit consent of the subject and information regarding the risks involved in the transfer, the transfer is necessary for the performance of a contract at the request of the subject, there are reasons of public interest, it is necessary to support legal claims and vital interests of the subjects, etc.).

8. Rights of Personal Data Subjects

The COMPANY ensures that data subjects can exercise the rights recognized by law regarding the collection and processing of personal data. These rights are the following:

  • The right to access data.
  • The right to correct data.
  • The right to erasure of data ("right to be forgotten").
  • The right to restrict data processing.
  • The right to data portability.
  • The right to object to data processing.

Each request of the person/subject is submitted to the COMPANY, at the electronic address: dpo@developattica.gr .

In case of exercising one of the above-mentioned rights, the COMPANY will take every possible measure to satisfy your request, within a reasonable period of time, but no later than within one (1) month from the submission of the request and your identification. This period may be extended by two more months, if necessary, if the request is complex or there is a large number of requests. In this case, the COMPANY is obliged, within one month from the identification of the request, to inform you of the delay, as well as the reasons for it. Within the above period of time, the COMPANY must inform you of any refusal to satisfy the submitted request in whole or in part, as well as the reasons for the refusal.

The COMPANY may refuse to satisfy, in whole or in part, a relevant request received from the data subject, only when this possibility is provided for by the General Data Protection Regulation (EU 2016/679).

In case the COMPANY processes personal data as a processor, it forwards the relevant requests to the data controller, who is responsible for examining and satisfying them.

9. Right of Appeal to the Hellenic Data Protection Authority

Furthermore, if you believe that any of your rights regarding the protection of Personal Data are being violated, you may submit a complaint to the competent supervisory authority, namely, the Hellenic Data Protection Authority (HDPA) and any interested party may obtain further information by visiting the website http://www.dpa.gr (http://www.dpa.gr). 

Personal Data Breach
A “personal data breach” is defined as a breach of security that leads to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure, disclosure or access of personal data collected, stored or otherwise processed by the COMPANY. In the event that any employee or associate of the COMPANY becomes aware or suspects that a personal data breach may have occurred, he or she shall notify the COMPANY at the following email address: dpo@developattica.gr . In the event that the COMPANY processes data as a processor, it shall notify the controller without delay and shall not make any disclosures.

10. Data retention period

Your personal data is retained for a limited period of time, depending on the purpose of the processing, after which the personal data is deleted from our files, unless another retention period is required or permitted by applicable law. For further information regarding the retention period and the deletion period, please send an email to dpo@developattica.gr.

11. Education

The COMPANY ensures that the personnel involved in the collection and processing of personal data are adequately informed and trained, taking into account the available training and information methods in order to select the most appropriate ones per circumstance.

12. Updates to the Privacy Policy

The COMPANY may amend this Policy from time to time, to comply with regulatory changes and for operational purposes. Updated versions of this policy will be posted on its website with a date indication, so that you know which is the most recently updated version. This policy was updated on 05-02-2026.

13. Disclaimer

Within the framework of the “Hellenic Cosmos Center” initiative, the Company makes every effort to ensure that the recording and presentation of the parties involved on the platform is accurate and consistent with the purpose of the initiative. However, the Company bears no responsibility for:

  • the solvency, reliability, legality or general activity of the parties involved;
  • any inaccuracies, omissions or deficiencies in the information posted, which comes either from public sources or is provided directly by the parties involved themselves;
  • any collaboration, transaction or interaction that takes place between the parties involved, which is the sole responsibility of them;
  • any temporary or permanent inability to access the platform, due to technical errors, upgrades, maintenance, viruses, malware, cyberattacks, force majeure events or other reasons beyond its control;
  • any direct, indirect, consequential or indirect damage that may arise from the use of the platform, reliance on third-party information, or any collaboration between the listed parties.

The "Hellenic Cosmos Center" platform is exclusively illustrative in nature, has no controlling or supervisory role and does not provide any express or implied guarantee as to the accuracy, completeness, timeliness or reliability of its content.

The presentation of entities/groups is carried out exclusively with their express consent, who retain full rights to process, deactivate or delete their account at any time, in accordance with applicable personal data protection legislation.

The Company expressly reserves the right to remove, restrict or modify content (e.g., agency profiles/posts) in case of violation of the law, infringement of third-party rights, abusive behavior or if it deems it necessary for reasons of protection of the platform, users or public order.

The Company does not have an advertising or profit-making nature and does not derive any financial benefit from the operation of the platform.

14. Social media

On the "Hellenic Cosmos Center" Website there are social media buttons - Social media widgets (e.g. Facebook, Instagram) with the use of which, after the user connects to the social network, a special digital footprint is created, for which both the COMPANY and the social network itself act as joint controllers. For the COMPANY, the purpose of processing the said data is the interoperability of the website and the services provided. The lawful basis for processing personal data is the achievement of the legitimate interest of the COMPANY (GDPR article 6 par. 1 letter f). The COMPANY does not control or is responsible for any subsequent processing carried out on them by the joint Controllers.

For more information about the data processing policy and configuration options of these networks, you can visit the following websites:

15. Communication

If you have any concerns or complaints regarding this policy, please contact us at: dpo@developattica.gr.