Date of application: 14-11-2024

Thank you for visiting the website of the Municipality of Milos (https://milos.gr/). The Municipality of Milos (hereinafter “the Municipality”) attaches great importance to the lawful processing, security and protection of your personal data, in whatever capacity you communicate or cooperate with us. Before using our website, please read this Website Privacy Policy carefully.

General

The Municipality, as the controller, informs you about the way information about you is collected and processed when you browse its official website. Your personal data includes any information that can lead, either directly or in combination with others, to your unique identification or identification as a natural person, such as your email address, your IP address and website cookies.

The following update on the protection of your personal data concerns the way we process your personal data when you browse the official website of the Municipality of Milos.

We inform you about the following:

  • for what purpose we process your personal data,
  • if you are required to provide us with the relevant data,
  • the categories of recipients of your personal data, if any,
  • if we intend to transfer said information to another country,
  • if we do automated decision-making or profiling, and
  • what rights you have in relation to the respective processing, as well as how you can exercise them.

We keep this Website Privacy Policy under regular review to ensure that it is up-to-date and accurate.

More information on the processing carried out by the Municipality during your navigation on its official website and your rights can be found at the end of this information

Contact Details of the Controller

For any processing of personal data carried out in the context of your possible interaction with the Municipality of Milos, including your visit to this website, the Controller is:

Milos Municipality

Plaka Milos, P.K. 84800, Plaka Milos, Greece, Tel: 22873 60100,

email: grammatia@milos.gr

Contact details of the Data Protection Officer (DPO)

The company Computer Studio SA has been appointed as the Data Protection Officer (DPO). You can contact him at dpo@computerstudio.gr for any issue related to the data processing carried out by the Municipality and included in this update.

When and how we collect your personal data

The personal information we process (IP address, Cookies) is provided to us directly by you during navigation. We may collect and publish statistics but not in a form that allows for the identification of individuals.

In addition, we collect your data:

  • (name, surname, phone number, e-mail) when you choose to contact us through the contact form you will find at https:// milos.gr/epikoinonia/
  • (taxisnet codes, VAT number, first name, last name, patronymic, patronymic, year of birth) when you choose to use electronic payments at https://milos-slgcloud.elocalgovernments.gr/login?gov=0. When you use the electronic services provided through the website, your data may be transmitted to the Processor Singular Logic, only for the purpose of providing the electronic payment services.

Data retention time

The data recorded in log files for each request to the website server from the browser of the visitor/user are as follows:

  • the IP address of the visitor/user, which is his personal data, even if we cannot identify him ourselves based on this element,
  • the address (URL) that the user wishes to access and the relevant date and time
  • error file

The data for which an investigation is carried out or used in the context of legal claims are kept for the period of time required for these purposes.

Communication and transmission of data

As a rule, we do not share or transmit data to third parties, other than our processing partners. In some cases, however, we are legally obliged to share your data. For example, in execution of a court order or when we cooperate with other supervisory authorities when handling complaints or audits. We may also share information with other supervisory bodies in the course of carrying out our duties. If a criminal offense comes to our attention in the exercise of our responsibilities, all relevant information may be forwarded to the relevant judicial and prosecutorial authorities.

We inform you that we do not share your personal data with third parties for the purposes of promoting products or services.

Data of minors

We do not collect personal data of minors through the website.

This Policy has been written in plain language so that a person at least 15 years of age can understand its main points. For minors, please make their parents or guardians aware of this Policy.

Lawful processing

The Municipality of Milos will use your information for the following legitimate processing purposes (according to Article 6 GDPR), such as, but not limited to:

  • For your communication with its services.
  • To analyze our website traffic and improve your experience as well as to provide you with information related to our actions.
  • For our internal operations and analysis, such as internal management, fraud prevention, use of management information systems, etc.
  • To make online payments.

What are the principles of collection and processing?

This Policy aims to inform you about the terms of collection, processing and transmission of your personal data that we may collect when you browse our official website as data controllers. The Municipality faithfully applies the Processing Principles of GDPR 2016/679 (legality, objectivity, transparency, purpose limitation, data minimization, accuracy, storage time limitation, integrity, confidentiality and accountability).

Use of your personal data

We use your personal data to control the security of website information and services, to ensure the availability, integrity and confidentiality of information and data from accidental or illegal or malicious actions or incidents, to investigate any cyber attacks and incidents and to the support of any relevant legal claims.

Storage – protection of personal data

The hosting space (data center) where your personal data is stored is located on the server of the company ENARTIA MONOPROSOPI ANONIME ETERIA. In any case, we take the appropriate technical and organizational measures to ensure the confidentiality, integrity, availability of your data.
The Municipality has a Data Protection Officer (DPO) because we recognize the importance of protecting your privacy and all your personal information. For this purpose, it has appropriate security policies and uses the appropriate tools.

Your rights regarding the processing of personal data

Under data protection law, when we process your personal data you have certain rights that we must inform you about. The rights you can exercise on a case-by-case basis are the following:

  • The right of access

You have the right to request, at any time, information on the processing of your data by the Municipality or copies of your personal data which we keep on a case-by-case basis.

Natural persons (data subjects) have the right to receive:

  • confirmationregarding the processing of their data,
  • a copyof their data, and
  • πληροφορίες για την επεξεργασία (σχετικά άρθρα 12, 15 ΓΚΠΔ).

The right of access allows the data subject to be aware of his data and information about the processing to be able to verify its legality. This right does not need justification from the data subject.

The information provided to the data subject in the context of exercising the right of access includes the following:

  1. the purposes of processing,
  2. the relevant categories of data,
  • the recipients or categories of recipients,
  1. if possible, the time period for keeping the data or, when this is impossible, the criteria that determine that period,
  2. the exercise of rights,
  3. the origin of the data when not collected by the data subject,
  1. the existence of automated decision-making, including profiling and important information about the logic, significance and intended consequences of said processing.

Payment of a reasonable fee for administrative costs may be imposed by the controller only for additional copies that may be requested by the data subject.

  • The right to rectification

You have the right to ask us, at any time, to correct information that you believe is inaccurate. You also have the right to request the completion of information that you consider incomplete.

  • The right to erasure

The right to erasure (“right to be forgotten”)is the right for the data subject to request the erasure of personal data concerning him/her, if he/she no longer wishes this data to be the subject of processing and if there is no legitimate reason to they are owned by the controller(see article 17 GDPR and recitals 65 and 66).

In particular, the data subject can withdraw his consent on which the processing is based, in which case the data must be deleted if there is no other legal basis for the processing.

Also, if the data is no longer necessary in relation to the purposes for which it was collected or is otherwise or unlawfully processed or if the data subject objects to the processing and there are no compelling and legitimate reasons for the processing, the data subject may request its deletion. However, other EU rights, such as the right to freedom of expression and the right to information, must also be guaranteed.

Furthermore, this right is particularly relevant when the data subject gave his consent as a child, when he was not fully aware of the risks involved in the processing, and later wants to remove the specific personal data, mainly from the internet. The data subject should be able to exercise this right despite the fact that he is no longer a child.

It is pointed out, however, that this is not an absolute right, since further retention of personal data should be lawful, when necessary , for reasons such as exercising the right to freedom of expression and information, as mentioned above,
or to comply with a legal obligation, to fulfill a duty performed in the public interest or in the exercise of a public authority delegated to the controller, for reasons of public interest in the field of public health, for purposes of archiving in the public interest, for scientific or historical research or statistical purposes or to establish, exercise or support legal claims.

  • The right to restrict processing

You have the right to ask us to restrict the processing of your data in certain cases.

Natural persons (data subjects) have the right to request the restriction of the processing of their data (related articles 18, 19 GDPR). In particular, the data subject can ask the controller to restrict the processing.
This right is an alternative to the right to erasure (Article 16 GDPR) and the right to object (Article 21 GDPR). It is not an absolute right andonly applies in specific cases.

  • The right to data portability

This only applies to the data you have given us. You have the right to request that we transfer the data you have given us to another party or that we give it to you. The right only applies if we process information based on your consent or for the purpose of entering into or performing a contract and the processing is automated.

The right to portability (Article 20 GDPR) offers natural persons (data subjects) an easy way to manage their own personal data. Makes it easy for them to traffic, copy ortransfer personnel data easily character from one IT environment to another.

Data subjects have the right to receive their personal data, processed by automated means by a controller, in a structured, commonly used and machine-readable format (e.g. XML, JSON, CSV, etc.).
They also have the right to request that the controller transmit said data to another controller, without objection from the original controller. In case it is technically possible, they can request the direct transmission of their data from one data controller to another.

The right to portability can be exercised when all of the following apply:

  • personal data is processed by automated means (which excludes paper files),
  • the legal basis of the processing is either the consent of the data subject (Article 6 par. 1a or Article 9 par. 2a GDPR) or the execution of a contract in which the data subject is a contracting party (Article 6 para. 1b GDPR),
  • the personal data concern the data subject and have been provided by him. They are deemed to have been provided by the data subject when they are consciously and actively provided, such as account details submitted by electronic means e.g. email address, username, age, but also when generated and collected from user activities, when using a service or device (e.g. raw data processed by a smart meter, activity logs, website usage history or search history),
  • the exercise of the right does not adversely affect the rights and freedoms of others.

The exercise of the right to data portability does not affect the exercise of the data subject’s other rights, which are exercised independently.

You can exercise your above rights in the following ways:

  • by letter to the address “Municipality of Milos” (Plaka Milos, PO Box 84800, Plaka Milos)
  • by email to grammatia@milos.gr.

The right to submit a complaint regarding the processing of your personal data before the Data Protection Authority

We follow high standards for processing your personal data. If you have questions or concerns, you can contact us at the following email address dpo@computerstudio.gr.

If you remain dissatisfied with the way we process your personal data, you can lodge a complaint with the Data Protection Authority.

Links to other websites

This website contains links to other websites which are under the responsibility of third parties (natural or legal persons). In no case is the Municipality responsible for the personal data protection conditions that these websites follow.

You also have the right to file a complaint with the Personal Data Protection Authority (PDPA) [L. Kifisias 1-3, P.O. 115 23, Athens, tel.: +30 2106475600, email: contact@dpa.gr] if you consider that your rights to the protection of your personal data are violated. You also have the right to appeal to the competent judicial authorities.

Changes to Website Privacy Policy

The Municipality may amend this Personal Data Privacy Policy. Please check the Effective Date at the beginning of this Policy to see when this Policy was last revised. Any revision will be effective as soon as we post the revised Policy.

If we make material changes to this Policy that expand our rights to use the personal data we have already collected from you, we will notify you and provide you with a choice about future use of that data.