Privacy Notice
DATA PROTECTION NOTICE FOR STUDENTS PARTICIPATING IN THE MSC TITLED «MSC IN PUBLIC HEALTH AND MARITIME TRANSPORT»
This notice concerns the processing of your personal data carried out by the University of Thessaly (Greece), in the context of your participation to the University’s MSc Program titled “MSc In Public Health and Maritime Transport”.
Please read this document to receive detailed information about the terms of the processing of your personal data by the University.
I.Who is the Controller of my personal data?
The University of Thessaly (hereinunder “University”, “UTH”, “Controller”, or “We”) acts as the Controller for the processing of your personal data.
The University’s contact details may be found below:
Address: Argonafton & Filellinon Str., Volos, Greece, 38221, Tel: (+30)2421074000
You may also contact the University’s Data Protection Officer in the following email address: dpo@uth.gr
II.Personal data categories
We process exclusively the personal data which you provide us yourself, either:
a) During the MSc selection and registration process, and throughout the course of your studies.
indicative data categories collected under this process:
· name/surname,
· contact details: address, email, phone no.,
· passport no., Student ID no., Social Security No.,
· Country of Origin, Birth date,
· University Department of Study, date of admittance in the MSc Program,
· Payment data: tuition fees, payment date, annual income (only where necessary to assess a scholarship application that you submitted)
· Data related to your academic performance: attendance, coursework/exam grades etc.
· Data included in your CV and in recommendation letters about you
· Video Data: CCTV data collected from the on-premise CCTV system in some of the University’s facilities
No special categories of personal data are collected under this process for the purposes of the MSc.
Or
b) When using the MSc’s eLearning platform/app and/or your academic email account.
indicative data categories collected under this process:
· eLearning Calendar Data: Course Schedule, Calendar Events
· Course attendance, Course grades
· Username/Email Address
· Personal Notes/Personal Files, uploaded in the relevant section of the eLearning platform
· Data contained in the Coursework/Essays which you upload in the eLearning platform
· IP Address
· Metadata and Security Logs related to the use of the eLearning platform and the academic email account.
No special categories of personal data are collected under this process
III. For what purpose is your data collected?
We process your personal data exclusively for the following purposes:
a) For the purpose of student selection for the MSc
b) For the purpose of student registration in the MSc
c) For the purpose of supervising and ensuring the proper administration and the successful completion of our MSc program
d) For the purpose of receiving the MSc tuition fees and issuing the corresponding invoices/receipts
e) For the purpose of supervising your academic progress and supporting you during the MSc program (exams, coursework, meetings during visiting hours etc.)
f) For the purpose of communicating with you regarding academic events and opportunities, related to your curriculum
g) For the purpose of responding to your communications, inquiries, and complaints
h) For the purpose of managing scholarships
i) For the purpose of providing you the services of our eLearning platform.
j) For the purpose of ensuring the safety of students, staff, and visitors on the premises of the University (through the use of CCTV systems)
k) For the purpose of producing official statistics relating to the functioning of the University
l) For the purpose of ensuring the security and integrity of the University’s digital and electronic systems (through the use of security logs and measures)
m) For the purpose of protecting the University’s legal right and claims.
IV.What is the legal basis for the processing of your data?
For purposes “a” to “k”, we process your personal data on the legal basis that the processing is necessary for the performance of the tasks carried out by the University in the public interest or in the exercise of the official authorities vested to UTH under the Greek Legislation which encompasses the founding and functioning of the University of Thessaly. (Article 6 par.1e GDPR)
For purposes “l” and “m”, we process your personal data on the legal basis that the processing is necessary for the protection of our legitimate interests. The legitimate interests sought are specified as: a. The protection of the Intellectual Property and Personal Data contained in the University’s digital systems and services, and b. the protection of the university’s property, rights, and legal claims.
Additionally, we may process your personal data when the processing is necessary for us to comply with our legal obligations.
V.Who is your data shared with?
As a rule, your data is only being processed by the competent, in each case, staff of our University, who have been duly informed about the secure processing of your personal data.
Your data may also be transferred, where applicable and necessary, to:
1) Natural and legal persons to whom we entrust the performance of specific tasks on our behalf, such as the hosting provider of our eLearning platform, the company who has undertaken the creation and distribution of your student IDs, and the company who has undertaken the security of our premises. These persons, who act as data processors on our behalf, have been informed and committed in advance to respecting the confidentiality of your data, are aware of and follow our instructions regarding the processing of personal data, and take all appropriate measures to protect it.
2) Courier/Mail service providers, as well as the Bank used for the payment of your tuition fees. These partners act as independent Data Controllers for your data within the scope of the regulatory/legal frameworks governing their operations.
3) Visiting Professors or lecturers.
4) Supervisory, auditing, independent, judicial, public and/or other official authorities and bodies within the scope of their statutory powers, and duties when the transmission, of your data, to them is required by law (such as the Greek Ministry of Education, the State Scholarships Foundation, Other Greek Public Universities, The Hellenic Statistical Authority etc.) .
5) Lawyers, law firms, bailiffs, experts, and expert witnesses, in cases where we need to take legal actions to safeguard our rights and interests.
VI.Is your data transferred outside the European Economic Area?
As a rule, your data is processed exclusively within the European Economic Area.
If the transfer of your data outside the EEA is absolutely necessary for the purposes mentioned above, the University will ensure that there is a sufficient legal basis for the transfer and that all the safeguards and requirements of Chapter V of the GDPR have been applied.
VII.For how long is your data stored and when is it deleted?
As a general rule, we delete your data as soon as the processing is no longer necessary to achieve the purpose for which the data was collected or for us to comply with our legal obligations. In any case, your data will not be kept for more than 20 years, following the completion of your studies in our MSc Program (In accordance with statute of limitations rules).
VIII. Is your data safe?
We are committed to safeguarding your Personal Data. We have taken appropriate organizational and technical measures to ensure the security and protection of your Data from any form of accidental or unlawful processing, modification, destruction, or loss. These measures are reviewed and modified at regular intervals and also on an ad-hoc basis when necessary.
IX. What are your data protection rights?
You have the right to access your personal data.
This means that you have the right to be informed by us on whether we are processing your Data. If we are processing your Data, you can request to be informed about the purpose of the processing, the type of your Data we hold, who we give it to, how long we store it for, whether automated decision-making is taking place, and on how to exercise your remaining data protection rights, such as the right to rectification, the right of erasure, and the right of restriction of processing and the right to file a complaint with the Data Protection Authority.
You have the right to rectify inaccurate personal data.
If you find that there is an error in your Data, you may submit a request for us to correct it (e.g., correcting your name or updating a change of telephone number).
You have the right to request the deletion of your personal data/right to be forgotten.
You may ask us to delete your Data if it is no longer necessary for the processing purposes listed above or if you wish to withdraw your consent, where your consent is used as the sole legal basis for the processing.
Please note that this right will not be satisfied if the processing of your data is still necessary for tasks carried out in the public interest or in the exercise of official authority vested in the University.
You have the right to restrict the processing.
You may ask us to restrict the processing of your Data for as long as your objections to the processing are pending, or if part of the processing is no longer necessary to fulfil the purposes for which your Data was collected.
You have the right to object to the processing of your Data.
You may object to the processing of your Data where it is carried out in the pursuit of our legitimate interests, and we will stop processing your Data if there are no other compelling and legitimate grounds that override your rights and interests.
X. How can you exercise your rights?
You may exercise the abovementioned rights by sending an email to the Data Protection Officer of the University of Thessaly, in the following email address: dpo@uth.gr .
Additionally, you may choose to exercise your rights, specifically for the data contained in the eLearning platform, by using some of the privacy functionalities available to you through the “profile” page of our eLearning platform.
XI.When will you receive a response to your request?
We will respond to your Requests free of charge and without delay. We aim to always respond to your requests within one (1) month of receiving them. However, if your Request is complex or there is a large number of pending Requests, we will let you know within the first month if we need an extension of two (2) additional months within which to respond to you.
If your Requests are manifestly unfounded or excessive, in particular because of their repetitive nature, we may impose a reasonable fee to respond, taking into account the administrative costs of providing the information or performing the requested action, or refuse to follow up on your request.
XII. Right to lodge a complaint
If you believe that:
a) your request has not been adequately and/or lawfully fulfilled, or
b) your personal data protection rights are being violated by any processing carried out by us,
you have the right to lodge a complaint with the Hellenic Data Protection Authority-HDPA (postal address: 1-3 Kifisias Ave,P.C. 115 23, Athens,
website: https://www.dpa.gr/, tel: 210 6475600, e-mail: contact@dpa.gr or the competent data protection authority of your country of residence (within the EU).