Privacy notice

Privacy Statement regarding the protection of personal data

in the context of e:Presence.gov.gr service

 

Data controller details:

Α public limited company (societe anonyme) under the corporate name "National Infrastructures for Technology and Research S.A.” and the distinctive title “GRNET S.A."

 

Competent Processing Service:

e:Presence.gov.gr Support Team

 

Data controller’s Contact Details:

support@epresence.grnet.gr

 

Data Processors:

i. ."Zoom Video Communications Inc" (hereinafter referred to as «Zoom»), a foreign, international company providing modern technical solutions related to the use of cloud infrastructure in order to hold teleconferences.

More detailed information about the provision of services by “Zoom”, the Terms of Use and the Privacy Policy thereof, is available on https://zoom.us/trust.

ii. The limited liability company "Protypa Diktya Polymeson Sole Shareholder Ltd."» with the company title "Medion7 Ltd" (hereinafter "Medion7"), which has entered into a contract with GRNET SA for the provision of services relating to the development, adaptation and support of the information infrastructure of the e:Presence.gov.gr service. The contract between GRNET SA and Medion7 includes, as an integral part and an Appendix thereto, a duly signed Data Processing Agreement (DPA).

Data subprocessor:

"Rackspace International GmbH". The e:Presence.gov.gr web application is hosted on computing infrastructure provided by Amazon (AWS), and "Rackspace International GmbH" has entered into a contract with GRNET S.A. for the provisioning of the relevant infrastructure services.

Scope of this Privacy Statement:

National Infrastructures for Technology and Research S.A. (hereinafter referred to as “GRNET SA") is bound by European Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation – hereinafter referred to as “the GDPR”) and Law 4624/2019 (Official Journal issue 137/A/2019) on "Data Protection Authority, measures for the implementation of Regulation(EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and for the incorporation into national law of Directive(EU) 2016/680 of the European Parliament and of the Council of 27 April 2016 and other provisions”, as in force at any time (hereinafter “the Law”). This Privacy Statement details all information necessary for the processing of personal data carried out in the context of e:Presence.gov.gr service, as well as the policies and procedures implemented by GRNET SA for the protection of the e:Presence.gov.gr users privacy. This Privacy Statement sets out the criteria as well as the terms and conditions under which GRNET SA collects, processes, uses, stores and transmits the personal data of the service users, how it ensures the confidentiality of such information, including any law and/or regulation implemented or enacted in accordance with Union and national laws on personal data protection and electronic privacy, as well as any law and/or regulation amending, replacing, issuing or consolidating any of the latter, including any other applicable Union and national laws on the processing of personal data and privacy, which may exist in accordance with applicable law.

GRNET SA reserves the right to amend and update this Privacy Statement whenever necessary, whereas any such updates shall become effective five (5) days after they have been posted on the e:Presence.gov.gr website and relevant notification email has been sent to all active "users" of the service.

For the purposes of this Privacy Statement, the terms “controller”, “processor”, “third party”, “supervising authority”, “personal data”, “processing”, “data subject” shall have the meaning ascribed to them by applicable legislation on the protection of personal data.

In addition, for the purposes of the present, the following definitions shall also apply:

"Website" – the website accessible via domain name https://www.epresence.gov.gr, ,including the entirety of the web pages thereof.

"e:Presence.gov.gr Service" - the e:Presence.gov.gr service addressed to the Organizations of the Greek State allows its members to organize and conduct online teleconferences of high quality and interactivity.

“Organization" - the organization of the public and wider public sector, whose members use the e:Presence.gov.gr service to organize and conduct online teleconferences.

“User” - the online e:Presence.gov.gr service user, whom the data refer to, whose identity is known or may be verified, namely it may be directly or indirectly determined. In e:Presence.gov.gr service, two distinct user categories are supported, as such are differentiated by the user rights assigned to each subcategory. The first user subcategory is that of "ordinary users" whereas the second is that of "coordinators".

"Guest User" - "Guest" - the online user of the e:Presence.gov.gr service, who is invited through their email address to participate in one or more teleconferences of the service, without being authenticated through the Authentication Service OAuth2.0 users of the GSIS , without the prior creation of a respective user account in the service, and applicable only for a specific teleconference. For a "Guest", no user account is maintained in the service.

"Coordinator" - is the special user category which is also responsible for supervising and managing all teleconferences carried out on behalf of an organization or an organizational unit of the organization, where the coordinator pertains to, as well as for inviting participants to join a teleconference. Two distinct subcategories of "coordinators" are supported in the context of the e:Presence.gov.gr service. The first subcategory of “coordinators” is that of the “organization coordinators” whereas the second is that of the “organizational unit coordinators”.

“Organization Coordinator” - The status of an “organization coordinator” is assigned to an e:Presence.gov.gr service user upon approval of the user’s relevant request to change role, submitted to the “e:Presence.gov.gr Support Team, on condition that said “user” is registered with the Human Resources Register of the Greek State and has adequately justified the valid and lawful nature of such request.

”Organizational unit coordinator” - The status of the “organizational unit coordinator” is attributed to an e:Presence.gov.gr service user either by the “organization coordinator”, or subject to the approval of the user’s relevant request for a change of role, submitted to the “e:Presence.gov.gr” Support Team, on the said condition that the user ” is registered with the Human Resources Register of the Greek State and has adequately justified the valid and lawful nature of such request. The organizational unit coordinator shall have the said powers only for the teleconferences of the organizational unit, for which they have been appointed as coordinator.

"Ordinary user" - is a person who can participate in a teleconference, upon receiving an invitation sent to them, without being able to host a teleconference by engaging resources of the system‘s available services at a specific time. Moreover, any stakeholder may be registered as a "ordinary user" even if they may not have been invited to join a teleconference by a "coordinator", provided that such "user" is registered with the Human Resources Register of the Greek State.

In the context of this Privacy Statement, the term "user" is used to describe both "ordinary users" and "coordinators" (it is noted that the term “user” does not include guest user – guest) and respectively, the term "coordinator" is inclusive of both "organization coordinators" and "organizational unit coordinators".

A. Purpose/s for processing the data collected:

i. GRNET SA – as data controller – processes the personal data of the “users" as referred to in the following section, for the following purposes:

  • Authentication of “e:Presence.gov.gr” service users
    • “Users” authentication is effected through the “user”’s TaxisNet credentials by using the User Authentication Service oAuth2.0 available through the interoperability center of the General Secretariat of Information Systems of the Greek State (GSIS)
  • Confirmation of the status of the e:Presence.gov.gr service “usesr” as members of the human resources of the Greek State
    • Following the identification of the "user" through the user authentication (oAuth 2.0) of GSIS, by entering the VAT number of the "user", information on whether such user actually belongs to the relevant "Register" as well as details of the Organizations, where the user has been inventoried with, may be sourced from the Register of Human Resources of the Greek State (http://apografi.gov.gr/) (hereinafter "Register"). In case of more than one "Organizations", where the user has been registered with, the "user" selects the Organization" that they wish to appear in their account.
  • Provision of the e:Presence.gov.gr service
    • Uninterrupted operation of the "website" and the e:Presence.gov.gr service.
    • Technical support to "coordinators" of the e:Presence.gov.gr service
    • Easy and user friendly operation of the "website".
    • Enhancement of the online experience when providing the e:Presence.gov.gr services
    • Seamless provision of the e:Presence.gov.gr service to Organizations
  • Recording of a teleconference held in the e:Presence.gov.gr service (optional right for "enhanced management" host key offered to “coordinators”)
    • The option to record video and audio streaming of a teleconference, locally on a storage medium of the personal device whereby the "coordinator” connects to the teleconference (personal computer), is offered to the latter.
  • Communication with the "coordinators" of the e:Presence.gov.gr service
    • Solving any teleconference management problems of the "coordinators" of the service
    • Sending notifications to the service "coordinators" via email massages only in case of major changes in the service operation requiring “users” to perform specific actions in order to continue seamless use of the service. Indicative examples may include the need to install new software in order to access teleconferences due to an urgent security software update or, for example, the unavailability of the service due to an upgrade etc.
  • Creation of statistical reports and charts to monitor the e:Presence.gov.gr service
    • Data used in such statistical reports and charts do not contain any “users” personal data, as they result from anonymized information.
  • Real time live streaming of a teleconference to a wider audience
    • The video and audio streaming of a teleconference is decrypted and made available in the DIAVLOS service of GRNET SA, which undertakes further distribution of it to the public, through a special website created for each live teleconference streaming event.
  • Conducting polls during a teleconference
    • The "coordinator" who organizes a teleconference can create one or more polls to a teleconference, each containing one or more questions. The questions of these polls can be displayed to the participants of a teleconference, if the "coordinator" of this teleconference chooses to enable them. The participants may, at their sole discretion, select an answer for each question. The results of these polls are made available to the "coordinator" of the teleconference, immediately after their completion.

GRNET SA collects and processes “users” and “guests” personal data in the context of providing the e:Presence.gov.gr service solely for the aforementioned purposes and only to the extent strictly necessary to effectively serve such purposes. Such data shall be, at all times, relevant, appropriate and not more than those required in view of the aforementioned purposes. They shall also be accurate and, if necessary, updated.

Furthermore, the aforementioned data shall be retained only during the period required as mentioned hereinabove, in order to accomplish the purposes for which they are collected and processed, and shall be deleted at the end thereof (see below “Retention period of personal data”).

ii. "Zoom"– as data processor – collects and processes “users” and “guests” personal data using its infrastructure for the purpose of holding teleconferences.

iii. "Medion7" - as data processor - collects and processes “users" and "guests” personal data for the purpose of providing technical support to the e: Presence.gov.gr service.

Β. Categories of personal data processed:

i. To authenticate e:Presence.gov.gr service “users”

The authentication of the e:Presence.gov.gr service "users" is effected through the Interoperability Centre of the General Secretariat of Information Systems of the Greek State (GSIS ) by using the user’s TaxisNet credentials as set out in Decision No 3981ΕΞ2020 of the Minister of State «Provision of User’s Authentication oAuth2.0 Service in Information Systems of third Party Organizations” (OJ Β’ 762). For the sole purpose of authenticating the e:Presence.gov.gr service "users", GRNET SA collects through the aforementioned authentication procedure (o Auth 2.0), and processes – as data controller- the following personal data:

  • Name
  • Surname
  • TaxisNet username
  • Father’s name
  • Mother’s name
  • Date of birth
  • VAT number

ii. To confirm the identity of the e: Presence.gov.gr service "users" as members of the Human Resources Register of the Greek State

Following identification of “users” through the GSIS authentication (oAuth 2.0), data relevant to the “users” registration with the Human Resources Register of the Greek State (http://apografi.gov.gr/) [hereinafter the "Register"] and details of the “Organizations”, such “users” have been inventoried with, are sourced by entering the “users” VAT number. In case of “users” having been registered with more than one "Organizations”, the former needs to select the "Organization" that they wish to appear in their account.

With the sole purpose of confirming the status of the e: Presence.gov.gr service “users” as members of the Human Resources Register of the Greek state, as well as of the Organization such “users” pertain to, GRNET SA collects through the aforementioned service, and processes - as data controller - the following personal data:

  • Organization (id) - one or more
  • Name of Organization
  • Primary status (true / false) for each Organization

iii. To provide the e:Presence.gov.gr service

For the use (when logging in, creating an account, participating in teleconferences – trial/official) of the e:Presence.gov.gr service as well as for the efficient and lawful provision of such service, GRNET SA processes – as controller – the following personal data:

  • The IP address wherefrom a “user“ logins to the e:Presence.gov.gr service and the teleconferences
  • In-site navigation data via cookies installation (see relevant Cookie policy)
  • Service use timestamp
  • Connecting device details (device type, manufacturer, model, operating system)
  • “Coordinators” e-mail address
  • “Coordinators” telephone number
  • “Coordinators” organization

iv. To record a teleconference on the e:Presence.gov.gr service ( the right of enhanced management – host key is offered as an option to “coordinators”)

In odrer to grant” coordinators” with the right of "enhanced management" (Host Key) to record video and audio streamings of a teleconference, locally in storage medium of the device whereby the "coordinator" connects to such teleconference (personal computer), GRNET SA processes, - as controller- the following:

  • unique activation code for the "enhanced management" of a teleconference

A "coordinator" with such “enhanced management” (host Key) right, receives from GRNET SA pertinent unique activation code for the "enhanced management" of a teleconference and bears together with their “Organization”, the exclusive responsibility for the proper and lawful use of such service option. It is noted that “the coordinator” may, at their own risk, further assign such “enhanced management” right to any participant in a teleconference. In any event, should a teleconference be recorded or live streamed by virtue of the "enhanced management" right, the full responsibility for the lawfulness, the storage as well as for the eventual further disposal of the outcome of such recording shall lie solely with the "coordinator" of the teleconference as well as with the" Organization " holding the teleconference.

GRNET SA is in no position to know whether the "coordinator" has made use or not of such “enhanced management righ”t, nor does it have access to the outcome originating from such recording of the teleconference (video and/or audio), which is stored exclusively in a storage medium of the device whereby the ‘the coordinator” is connected to the teleconference (personal computer)

With regards to the possibility of recording a teleconference, to the audio and/or video data originating therefrom, and in general with regards to all data processed by the "Organization" for its own purposes while making use of the e:Presence.gov.gr service, the "Organization as Controller is solely responsible for the collection, processing, the legal basis and the purpose of the processing, for informing the data subjects, and for satisfying the rights of the latter, for carrying out a Data Protection Impact Assessment (DPIA), for being accountable vi-a-vis the Data Protection Authority (DPA) and the data subjects, in accordance with the provisions of the currently applicable law on personal data protection.

Moreover, where a teleconference is recorded using technological means available to the "user", in such case, the full responsibility for such recording and eventual disposal of such recording shall lie with the ”user” and the “Organization” where the “user“ belongs to.

Should a “guest” invited in a teleconference, proceed to such a recording, the responsibility for the recording and the disposal of the content, shall lie with the “guest” and the “coordinator” who invited them in the specific teleconference .

v. To communicate with the e:Presence.gov.gr service “coordinators”

For communicating with e:Presence.gov.gr service “coordinators”, GRNET SA processes - as data controller - the following personal data:

  • “Users” and “Guests” e-mail address
  • “Coordinators” e-mail address
  • “Coordinators” telephone number

vi. To provide teleconferences services

For the provision of teleconference services, "Zoom"- as data processor- collects and processes the following personal data on behalf of GRNET SA:

  • “Users” full name as it results from data maintained with GSIS
  • “Guest”s full name, as declared by the “Guest” themselves when entering the teleconference where they have been invited to.
  • The IP address wherefrom the “user” or the “Guest” connects to the e:Presence.gov.gr service and to the teleconferences

vii. To provide teleconferences streaming services to wider audience

For the provision of teleconferences streaming services, "Zoom"- as data processor- on behalf of GRNET SA and GRNET SA - as data processor on behalf of any “Organization” - process the following personal data:

  • Live streaming of video, audio and shared data of a teleconference

viii. To provide technical support services to GRNET SA

For the provision of technical support services to GRNET SA, "Medion7" - as data processor - collects and processes all personal data mentioned in items (i) to (vii) hereinabove.

ix. For the utilization of polls during a teleconference

For the utilization of polls during a teleconference "zoom"- as processor -on behalf of GRNET SA and GRNET SA - as processor on behalf of any “organization” - process the following personal data:

  • Personalised answer selections to each question of a poll, for every participant who opts to answer that question. The "coordinator" may select to create the poll with the "Anonymous answers" option, in which case the "coordinator" will not have the information of personal answer choices for any participant. The selection of the "Anonymous answers" option is at the sole discretion of the "Coordinator", based on the particular needs that each poll involves.

x. Special categories of personal data

GRNET SA does not collect, process, or gain access in any way to specific categories of data as set out in the provisions of applicable law (in particular data relating to racial or ethnic origin, religion, health data, etc.). In the event that any "user" posts data of a specific category on the "website" or the e: Presence.gov.gr service, such data shall be removed as soon as they come to the knowledge of the e: Presence.gov.gr management team.

C. Legal bases for processing

The processing of “users” personal data is necessary for the performance of the Agreement on the provision of the e:Presence.gov.gr teleconferencing services, in line with the need (technical and organizational) to provide the best possible services, to serve its "users" and its legal basis can be found along the provisions of Decision No 3981ΕΞ2020 of the Minister of State «Provision of User’s Authentication oAuth2.0 Service in the Information Systems of third Party Organizations” (OJ Β’ 762/10.03.2020) and joint Ministerial Decision No 429/2020-OJ 850/b/13.03.2020, as it stands amended.

D. Access to personal data:

For the provision of e:Presence.gov.gr services and the seamless operation of such service, access to the “users” and “guests” personal data shall be granted to the following:

  • To the e:Presence.gov.grservice support team, consisting of personnel engaged in a contractual relationship by virtue of either a project or a services agreement with GRNET SA hereinafter referred to as "GRNET associates”, bound by a confidentiality agreement (NDA) with GRNET SA.
  • To "Zoom" personnel with regard to teleconferencing services, as specified in item (vi) of section (B) hereinabove.
  • To "Medion 7" personnel with regard to technical support services, as specified in item (vii) of section (B) hereinabove
  • To e:Presence.gov.gr service "coordinators" for the sole purpose of organizing teleconferences and notifying "ordinary users" of the service in view of their participation in a teleconference under way of organization.

The processing of e:Presence.gov.gr service “users” and “guests” personal data by the aforementioned, is carried out under the supervision and solely at the request of GRNET SA, within the scope of the mission and the role of each associate. Such associates undertake, finally, to comply with the same requirements regarding privacy and personal data as GRNET SA itself, in accordance to the present Privacy Statement.

Under no circumstances, shall GRNET SA have access to the outcome originating from the eventual recording of a teleconference (video and /or audio), as such is stored exclusively and only locally in a storage medium of the device whereby the "coordinator" connects to the teleconference ( personal computer), under the responsibility of the "coordinator" and the respective "Organization" conducting such teleconference. Finally, GRNET SA shall have no access to the recording of a teleconference by technological means available to the "user", which shall be carried out at the user’s own risk.

E. Recipients of the collected personal data:

GRNET SA shall in no way transmit/transfer or in any way disclose the e:Presence.gov.gr service “users” and “guests” personal data to any third-party entities, private businesses, natural persons or legal entities, public authorities, agencies or organizations, other than as expressly set out herein.

The personal data of the e:Presence.gov.gr service “users and “guests” may be disclosed or transmitted to government authorities and/or law enforcement officials, only if necessary for the abovementioned purposes, in the context of enforcing a court decision or a provision of the law or if necessary to secure the legitimate interests of GRNET SA in its capacity as data controller, in compliance with the terms and conditions of applicable law.

The personal data of the e:Presence.gov.gr service "coordinators" are communicated to "ordinary users" of the service via a notification e-mail, they receive with regard to their participation in a teleconference under way of organization, for the sole purpose of establishing communication between "coordinators" and "ordinary users" or “guests” with regard to a teleconference under way of organization or already organized.

Should any “coordinator” make use of the "enhanced management" right to real time live stream a teleconference to a wider audience, the video, audio and shared data live streaming of a teleconference shall become available to a wider audience. During such live streaming of a teleconference, the responsibility for keeping the participants informed on such fact, lies exclusively with the "coordinator" of the specific teleconference.

F. Rights of data subject

As regards the data processed in the context of providing the e:Presence.gov.gr service, GRNET as data controller – takes all necessary action, in accordance with the terms of this Privacy Statement, both during the collection as well as in every subsequent stage of processing of the personal data of the e:Presence.gov.gr service “users” and “guests”, so that every "user" and “guest” may fully exercise their rights, as laid out in applicable legislation on the protection of personal data, namely the rights of Access, Rectification, Erasure, Restriction of Processing, data Portability, as detailed hereinbelow and in accordance with the terms and conditions of applicable law:

  • Right of Access: The data subject is entitled to request and obtain from GRNET SA, a confirmation on whether or not their personal data are processed and, if so, to exercise the right to access such personal data pursuant to applicable legislation. The data subject may also request a copy of the personal data undergoing processing, as described in this Privacy Statement, by sending an email to the following email address: support@epresence.grnet.gr. Finally, it should be noted that the right to obtain a copy of the personal data undergoing processing shall not adversely affect the rights and freedoms of others in accordance with applicable law.
  • Right of Rectification:The data subject shall have the right to request GRNET SA to rectify any inaccurate personal data concerning them. Taking into account the purposes of the processing, the data subject shall have the right to request that any incomplete personal data be completed, including by means of providing a supplementary statement, in accordance with applicable legislation.
  • Right of Erasure:The data subject has the right to request GRNET to erase their personal data within the framework of e:Presence.gov.gr service, in accordance with the provisions of applicable law and under the following specific terms and conditions:
    • If the data subject has received an account activation message in the e:Presence.gov.gr service but does not wish to activate the account and does not take any further action after receiving such message, such inactivated account shall be automatically erased after four (4) months.
    • If the "user" has activated their account in the e:Presence.gov.gr service but has never participated in any teleconference, they may, under own responsibility automatically erase the account using a special button that exists for this purpose on their account management page. In such case, all personal data relating to said “user” shall be permanently erased from the web server and may not be recovered.
    • If the "user" has activated their account with the e:Presence.gov.gr service and has participated in one or more teleconferences, full erasure of the account shall not be possible for reasons of coherence of the service usage data. In such case, “the user” may, under own risk, activate the anonymization of their data, using a special button that exists for this purpose on their account management page. In this way, their account becomes inactive, their personal data are replaced with pseudo-data (e.g. full name Deleted, email address in the form of deletedXXXXXX@example.com), any eventual password is replaced by a random, non-recoverable password, and the "user" ceases to have access to the service.

In case of a request by a “user” to erase of their personal data, the “user” shall be referred to their account management page, as mentioned hereinabove.

In case of a request by a “guest” to erase their personal data, the “guest” shall have to fill out the Request Form for the Exercise of a Right and forward it to the appropriate email address, as mentioned hereinbelow.

  • Right to restriction of processing: The data subject is entitled to ensure that GRNET SA restricts the processing of their data, if any of the conditions laid down by applicable legislation on the protection of personal data, is met..
  • Right to data portability: The data subject has the right to obtain any personal data concerning them, which they have submitted to GRNET SA in a structured, commonly used and machine-readable format, as well as the right to transmit such data to another controller without any objection from the controller to which the personal data have been submitted, in accordance with the provisions of the applicable legislation on personal data.

To exercise any of the above rights, the “user” or “the guest” may contact the e:Presence.gov.gr Support Team at the following email address: support@epresence.grnet.gr by filling out the following Request Form to Exercise a Right..

The aforementioned rights of the data subjects are subject to restrictions in accordance with applicable legislation.

GRNET SA– acting in its capacity as data controller – shall provide the data subject with information about any action taken following their request to exercise any of the above rights within one (1) month as of receipt of the request. This period may be extended by an additional period of two (2) months, in accordance with the terms of applicable law.

GRNET SA, when processing personal data in the capacity of a data processor on behalf of an Organization, shall immediately forward any request filed by a data subject with GRNET SA concerning the processing carried out by the Organization in the context of providing e:Presence.gov.gr service, and shall assist the Organization to fulfill its obligation to respond to such request. GRNET SA shall not be responsible to respond to the data subject’s request in such cases.

G. Personal data retention periods

The e:Presence.gov.gr service users personal data shall be retained no longer than it is necessary for the needs of the service and the audits the service is subjected to. More specifically:

Categories of personal data collected Purpose of personal data collection (the numbering refers to Section B above) Time and place of personal data retention
IP address from which the user connects to the e:Presence.gov.gr service To provide the e:Presence.gov.gr service (iii) On GRNET S.A. datacenters and Amazon (AWS) datacenters for a maximum of 45 days
In-site navigation data through Session cookies (see Cookie Policy) To provide the e:Presence.gov.gr service (iii) In the user's browser for up to 4 hours after their last action in the website
In-site navigation data through Persistent cookies (see Cookie Policy) To provide the e:Presence.gov.gr service (iii) In the user's browser for up to 2 years after their last action in the website
Data retrieved from GSIS during “user” login process and specifically user's VAT number and the IP address where from the user successfully authenticated Authentication of the users of the e:Presence.gov.gr service (i) On GRNET S.A. datacenters and Amazon (AWS) datacenters for a maximum of five years according to GSIS requirements.
Data retrieved from GSIS during “user” login process and specifically user's first name and last name Authentication of the users of the e:Presence.gov.gr service (i) On GRNET S.A. datacenters and Amazon (AWS) datacenters for as long as a “user” account is active. In the event that the “user” has entered the e:Presence.gov.gr service (logged in), the data shall be retained for a period of 15 months after the last log in date of the user. 15 months after the last login date of the user, the account is anonymized and no longer active.
Data retrieved from GSIS during “user” login process and specifically ascendants' first name, year of birth and GSIS username Authentication of the users of the e:Presence.gov.gr service (i) On GRNET S.A. datacenters and Amazon (AWS) datacenters for a maximum of 11 days.
Email address To provide the e:Presence.gov.gr service (iii) On GRNET S.A. datacenters and Amazon (AWS) datacenters for as long as a “user” account is active
Telephone number (mandatory only for “users” acting as teleconference Coordinators) To communicate with the e:Presence.gov.gr service “coordinators” (v)
To provide the e:Presence.gov.gr service (iii)		 On GRNET S.A. datacenters and Amazon (AWS) datacenters for as long as a “user” account is active
For “users” registered with Human Resources Register of the Greek State, the Organizations with which they are engaged in an employment relationship according to the Register To confirm the identity of the e: Presence.gov.gr service "users" as members of the Human Resources Register of the Greek State (ii) On GRNET S.A. datacenters and Amazon (AWS) datacenters for as long as a “user” account is active
IP address wherefrom the “user” connects to teleconferences To provide the e:Presence.gov.gr service (iii) On GRNET S.A. datacenters and Amazon (AWS) datacenters for 15 months as of the date of each teleconference.
On "Zoom" web servers for a maximum period of 30, as from the date a teleconference was held.
The "User's" personal choice of answers to polls conducted during a teleconference, only if the "Anonymous answers" option has not been selected by the "Coordinator" during poll creation For the utilization of polls during a teleconference (ix) On "Zoom" web servers for a maximum period of 30 days maximum, as from the date a teleconference was held.

H. Privacy and Data Security:

The processing of personal data by GRNET SA is performed in a manner that ensures both confidentiality and security thereof. All appropriate organizational and technical measures are taken to safeguard and protect data against any accidental or unlawful destruction, accidental loss, alteration, prohibited dissemination or access or any other form of unfair processing. More specifically:

  • Teleconferences held on the e-Presence service are end-to-end encrypted in case all connected points in a teleconference are some kind of Zoom Client Application (for Windows, Mac, Linux, iOS and Android). This case applies to all teleconferences of the e:Presence.gov.gr service.
  • Any other case of intermediate decryption of audio and video signals has been disabled by GRNET SA.
  • The sole exception to the encryption of communications is relevant to the activation of the option to live stream a teleconference to public, during which the audio and video signals are decrypted in order to be broadcasted to the streaming server. Full responsibility for the lawful live streaming of a teleconference as well as for making the outcome thereof further available, is born exclusively by the “coordinator” of the teleconference and by the “Organization” holding it (teleconference).
  • The implementation of the application ensures that no unauthorized user can log into a service teleconference. An authorized user means a service user, who has an active account with the service, having passed the authentication process mentioned above, and has been invited to participate in a teleconference by the organizer (“coordinator”) thereof. By way of exception, the invitation to a teleconference sent to a "Guest", is activated by the "Coordinator" of the teleconference who, by doing so, assumes the responsibility for the participation of non-authenticated via the GSIS users in the specific teleconference of the service, as described in detail in the Terms of Use of the service

Additional information on the methods used for safeguarding communications is available in the "Detailed information on communication and compliance with the institutional framework" document posted on the e:Presence.gov.gr service home page https://www.epresence.gov.gr/service_security.pdf".

The e:Presence.gov.gr web application is hosted on computing infrastructure provided by Amazon (AWS) which provides high availability and fault tolerance, according to thecontract between GRNET S.A. and Rackspace International GmbH as it currently stands (Contract no. 17363/25-11-2022). 

I. Processing of personal data by the Organization

Every Organization using the e:Presence.gov.gr service, shall act as a controller with regard to all personal data processed for its own purposes during the use of the e:Presence.gov.gr service (as well as with regard to any audio and/or image data generated should the available option to record a teleconference be used- including the option to live stream a teleconference, and with regard to the answers and the results of polls conducted during a teleconference) and shall be responsible for the collection, the processing and the legal basis thereof, the purpose, for notifying the data subjects and for satisfying their rights as well as for carrying out a Data Protection Impact Assessment (DPIA). It shall also be accountable towards the Data Protection Authority (DPA) and the data subjects, in accordance with applicable law on data protection.

When holding a teleconference, GRNET SA acts as the processor on behalf of each Organization, in compliance with the provisions of law on personal data, and shall not be responsible for the lawfulness of the collection, the processing and the legal basis thereof, the purpose, nor for notifying the data subjects and for satisfying the rights thereof.

J. Contact

For any question or clarification regarding this Privacy Statement and as well as in the event of any violation related to personal data issues, "users" and “guests” may contact the Competent Department of GRNET SA at the e-mail address mentioned hereinabove.

They may also contact the Data Protection Officer (DPO) of GRNET S.A., Ms. Vera Meleti, and/or the deputy DPO, Ms. Vasiliki Konstantinopoulou at the e-mail address:dpo@grnet.gr.

K. Recourse/Complaint

In the event that a request by any e:Presence.gov.gr “user” or “guest” is not satisfied by the controller the "user" and /or the “guest” may at any time file recourse with the Competent Supervisory Authority, namely the Data Protection Authority https://www.dpa.gr.