Protection of Personal Data5 February 2024 2024-02-06 20:56
Protection of Personal Data
COVID-19 and personal data management
Given the increased measures to prevent and protect against the spread of Coronavirus, the need for health and safety measures for both workers and traders requires the use of data and information collected for this purpose. The processing of personal data, whether simple or sensitive, their transmission, their retention, have a legal status under the regulatory framework of the GDPR. It is therefore necessary to ensure that these practices, which involve the collection and processing of personal data, are carried out in accordance with the requirements of national law and European Union legislation (e.g. reporting possible exposure to the virus through contact with a person who has been exposed to the virus, travelling to countries with a high risk of infection).
Indicatively, fundamental provisions on the legality of data processing include, inter alia, the provisions of Article 6 par. 1(c), (d) of the GDPR, which refers to the fact that the person responsible for processing has certain law obligations, but also to protect the vital interests of the data subjects or other individuals. In this regard, the safety and health of employees and of partners are in any event the responsibility of the entity which must ensure that they are protected in an appropriate manner.
The European General Data Protection Regulation (GDPR – EU 2016/679) became fully applicable on 25 May 2018. In this context, the University of Piraeus has developed a Personal Data Protection Policy in order to fully ensure the protection of all members of the academic community, partners and other stakeholders. The Policy addresses the Protection of Personal Data in order to meet the requirements of the European Data Protection Regulation (GDPR – EU 2016/679).
Management and protection of personal data
- are processed in a lawful, fair and transparent manner
- collected exclusively for specific and legitimate purposes
- are adequate, relevant to the purpose for which they are collected and limited to what is necessary
- are verified
- are kept exclusively up to a specified time frame
- are processed in such a way as to ensure the necessary security for members of the academic community and other interested parties.
- access to their personal data and information on which data are processed, the purposes of the processing, the recipients and the duration of the processing,
- correction of their personal data if it is inaccurate or incomplete,
- deletion of their personal data, provided that the legal requirements are met,
- restrict the processing of their personal data only for specific purposes,
- portability of their data, i.e. to receive the data they have provided in a structured, commonly used format or to request that it be sent directly to a third party,
- withdraw at any time their consent to the processing of their personal data, including automated processing for profiling purposes. In this case, their data processing will be interrupted by the University of Piraeus, without this affecting the lawfulness of any processing until their consent is withdrawn. (Data Subjects' Consent Withdrawal Request Form (in forms doc and pdf))