Revision date: 15/05/2020
ΕRASMUS CONFERENCES & EVENTS S.A. (hereinafter “ERASMUS”) recognizes that privacy is important to you and is committed to protecting your personal data, in whatever capacity you communicate or cooperate with us, including, but not limited to, former or active customers, users of our services, employees, suppliers or third parties.
Your personal data includes any information that may lead, either directly or in conjunction with other information to your identification as an individual or relate to an identifiable individual. This category includes data such as your name, VAT number, social security number, your physical and email addresses, your fixed telephony and mobile numbers, bank / debit / prepaid cards, your email addresses, rating information, your internet search history (log files, cookies, etc.), and any other information that allows your unique identification in accordance with the provisions of the General Data Protection Regulation (GDPR 2016/679) and the relevant Greek legislation in force and the decisions of the Hellenic Data Protection Authority (HDPA).
1. Who we are
ERASMUS is a leading Professional Congress Organiser in Greece and one of the top ten Professional Congress Organisers globally. ERASMUS is established and headquartered in Greece, at:
52B Vouliagmenis Av., 167 77, Ellinikon, Greece
2. Where we collect your personal data from
ERASMUS will always collect the minimum required personal data in order to provide our services, including, but not limited to, name, surname, e-mail address, passport details, invoicing postal address, a billing method that may also include credit card details, account number in case of remittance, and other details related to the services that have been provided.
We mainly receive your personal data for the execution of a contract with a partner that may concern your participation at a seminar, a conference, or a training program.
ERASMUS maintains your personal data only for as long as is required by the contractual terms of each service, in combination with the current financial, tax and other legislation, based on the respective processing purpose and then anonymizes or deletes them
3. Children’s data
In general, we do not collect or process personal data of children or provide services to people under 15 years of age.
We might exceptionally process personal data of minors under 15 years of age based on their participation to an activity we organize, in these cases we always obtain the written consent of their parents or legal guardians.
4. Special categories of data
They are personal data that reveal racial or ethnic background, political views, religious or philosophical beliefs, participation in a trade union organization, genetic data, biometric data, health data, sex life or sexual orientation data of the natural person.
ERASMUS, based on executing contracts with customers, may collect data (as a data processor or as a joint data controller), that may relate to special categories, such as health data and ethnic data. In these cases, ERASMUS collects the data directly from the data subject, and after the conference is completed, the data is stored securely and is not further processed for any other purpose.
5. Legal basis for processing your personal data
ERASMUS process your personal data for one or more of the following legitimate reasons:
- To sign and perform a contract and carry out our contractual obligations
- To comply with a legal obligation and fulfil our tax, accounting and reporting obligations.
- To serve our and third-party legitimate business interests. Legitimate interest is when we have a business or commercial reason to use your information. But even then, such use is consistent with the fundamental rights of individuals, for example:
- To provide you with effective customer service and support.
- To respond to your requests.
- To improve the security and usability of our website.
- To execute business transactions with you.
- To keep you updated on the evolution of our services.
- To file your complaints.
- You have given us your consent
- Subject to a valid consent you have freely provided the lawfulness of such processing is based on that consent.
6. How we share your data
During the performance of our contractual and statutory obligations your personal data may be provided to various departments within ERASMUS. Various service providers and suppliers may also receive your personal data so that we may perform our obligations and provide our services. Such service providers and suppliers enter into contractual agreements with ERASMUS by which they observe confidentiality and data protection according to the national data protection law and GDPR.
We may disclose data about you for any of the reasons set out above, or if we are legally required to do so, or if you have given your consent. All data processors appointed by us to process personal data on our behalf are bound by contract to comply with the GDPR provisions.
Under the circumstances referred to above, recipients of personal data may be, for example:
- Conference management platforms
- Travel agencies
- Catering companies
- External consultants
- External accountants
- Specialized IT support providers
7. Transfers of Data outside the European Economic Area (“EEA”).
Your personal data may be transferred to third countries (outside of the European Economic Area) in such cases as e.g. to make a hotel reservation or travel arrangements or if this data transfer is required by law or you have given us your consent to do so. Processors in third countries are obligated to comply with the European data protection standards and to provide appropriate safeguards in relation to the transfer of your data in accordance with GDPR Article 46.
8. Data Retention
We will process and store your Personal Data for the duration of our relationship with you, and as long as necessary to fulfil our contractual and legal obligations.
We will delete your data:
- When it is no longer necessary for the purposes for which that information was collected and processed
- Upon your request or objection, provided there are no overriding legal grounds requiring us to maintain that information
- When it is not necessary in order to comply with our legal obligations.
- Upon the withdrawal of your consent in case that the collection and process of your personal data was based on your consent.
9. Automated decision and Profiling
In executing our business activities, we do not use any automated decision-making. We may process though some aspects of your data automatically, in order to enter into a business relationship with you.
10. How we use your personal data for marketing activities
We may process your personal data to notify you about our services and offers that may be of interest to you or your business. The personal data that we process for this purpose consists of information you provide to us and data we collect when you use our services. We can only use your personal data to promote our products and services to you if we have your consent to do so or if we consider that it is in our legitimate interest to do so.
You have the right to object at any time to the processing of your personal data for marketing purposes, which includes profiling.
11. Your data protection rights
You have the following rights in terms of your personal data:
- The right to request access to your Personal Data, you can ask to receive a copy of your data and to check if they are lawfully processed. In order to receive this copy, you can contact email@example.com
- The right to have your Personal Data corrected. This provides you with the right to correct any missing or incorrect data.
- The right to have your Personal Data erased (right to be forgotten). This provides you with the right to have your personal data erased in case there is no legitimate reason for us to continue processing them.
- The right to object to the processing of your personal data (right to object) when we rely on a legitimate interest, but there is something particular about you that makes you want to oppose processing for that reason. If you file an objection, we will no longer process your personal data for those purposes.
- You also have the right to object to the processing of your personal data if they are processed for direct marketing purposes. This also includes profiling to the extent that it is related to such direct marketing. If you object to the processing of your personal data for direct marketing purposes, the we will no longer process your personal data for such purposes.
- The right to restrict the processing of your personal data. You have the right to request from us to restrict the processing of your personal data ie to use them only in certain instances.
- The right to receive a copy of the personal data concerning you, in a structured, commonly used and machine-readable format in order to transmit the data to a third party. You also have the right to request from us to directly transmit your personal data to another party (data portability).
- The right to withdraw your consent you gave to us in order to process your personal data at any time. Please note that any withdrawal of consent shall not affect the lawfulness of processing based on consent before it was withdrawn by you.
To exercise any of your rights or if you have any other questions about our use of your personal data, you can contact the company firstname.lastname@example.org
. You can also contact the Data Protection Officer of ERASMUS email@example.com
12. Right to lodge a complaint with a supervisory authority
Before you submit a complaint, you should contact us and exercise the above-mentioned rights stipulated in GDPR. If we don’t satisfy your request or you feel that your concerns have not been properly addressed by us, you have the right to submit a complaint at the Hellenic Data Protection Authority at www.dpa.gr
13. Personal data security
We at ERASMUS have trained and responsible employees, and we recognize the importance of protecting privacy and all your personal information. To that end, we have appropriate security policies and we use the appropriate technical and organizational measures such as anonymization, pseudonymization, data encryption, firewalls, access levels, employee authorization levels, training, and periodic inspections.
Any partner who have access to the above information use them to serve the above purposes only. We share the information that you provide to us only through the ways described in this Policy.
14. Cookies policy
This Policy was published by ERASMUS on 15/05/2020 and is subject to periodic improvement and review.
Any changes to this Policy will apply to the information collected from the date of publication of the revised version and to the existing information we hold. The use of our website after the publication of changes, implies acceptance by you of these changes.