Personal Data Protection

DATA PROTECTION NOTICE


 
‘NOMIKI BIBLIOTHIKI PUBCLICATIONS, TECHNOLOGY AND EDUCATION SOCIÉTÉ ANONYME’, headquartered in Athens, Greece (23 Mavromichali st., GR-10680) hereby informs you that any processing of your personal data on this website (‘the Website’) is carried out in accordance with the applicable data protection legislation (Regulation (EU) No. 2016/679 – hereinafter referred to as ‘GDPR’) and the Website Privacy Policy.
 
1. Data Controller and DPO
‘NOMIKI BIBLIOTHIKI PUBCLICATIONS, TECHNOLOGY AND EDUCATION SOCIÉTÉ ANONYME’, headquartered in Athens, Greece (23 Mavromichali st., GR-10680) is the Data Controller (‘the Controller’).
You can contact the Data Protection Officer (DPO) at: dataprotection@nb.org

2. The Data we process
Provided you have given your consent, we process the following usual and sensitive personal data that you provide in your interaction with the Website and use of services and functions provided thereon. Such data include in particular your name and surname, contact details, professional qualifications and the content of your specific requests or reports as well as any such additional data as the Controller may obtain, including from third parties, in the course of its business (‘the Data’).
In order to be able to respond to any requests submitted through the contact form and/or to provide updates on unwanted actions, we need your consent to the processing of the data marked with an asterisk (*). We are not able to proceed without the required data or your consent. On the contrary, information requested in fields not marked with an asterisk is optional, as is your consent with regard to receiving informational material: failure to provide such information or consent entails no consequences whatsoever.
The Controller may in any case, even without prior consent on your part, process your data in order to comply with legal obligations under the legislation, regulations and EU law, to exercise any rights in the framework of legal proceedings, to exercise its legitimate interests, as well as in all cases provided for, as the case may be, under Articles 6 and 9 GDPR.
Data processing is carried out both with the use of computers and in printed form and always implies the implementation of security measures as provided by the applicable legislation.
 
3.  Why and how we process your data
Data are processed for the following purposes:
  1. for us to deal with requests for information submitted through the Website and the contact form. Your consent constitutes the legal basis for the processing of personal data to this end (Article 6(1)(a) and Article 9(2)(a) GDPR);
  2. for us to manage reports of unwanted actions submitted through the Website or the Forms. Your consent constitutes the legal basis for the processing of personal data to these ends (Article 6(1)(a) and Article 9(2)(a) GDPR).
In addition, but only subject to your optional consent, which constitutes the legal basis for processing under Article 6(1)(a) GDPR:
  1. for you to receive promotional informative materials (direct marketing) from the Company.
By selecting the relevant boxes, you consent to the processing of your data for these purposes.
Your data may in any case be processed, even without your consent, for compliance with legislation, regulations, EU law (Article 6(1)(c) GDPR), for obtaining statistics on the use of the Website and its proper operation (Article 6(1)(f) GDPR), as well as establishing or defending legal claims in the Company’s interest.
Personal data are entered into the Company’s IT system in full compliance with the data protection legislation, including security and confidentiality profiles, and are based on principles of good practice, legality and transparency regarding processing.
The data are stored for such time as is strictly necessary to achieve the purposes for which they were collected. In any case, the criterion used to determine this period is based on compliance with the time limits set out by law and the principles of data minimization, storage limitation and rational file management.
All your data will be processed in printed or automated means, ensuring in either case the appropriate level of security and confidentiality.

4.  Persons who have access to the data
The Data are processed by means of electronic and manual means in accordance with the procedures and practices related to the aforementioned purposes and shall be accessible by the Controller’s staff who are authorized to process Personal Data as well as the supervisors and in particular the employees pertaining to the following categories: technical and administrative staff, product managers, and other staff members who need to process the data in order to perform their duties.
The Data may also be disclosed to countries outside the European Union (‘Third Countries’), and in particular to: (i) institutions, authorities, public bodies for institutional purposes; (ii) professionals, independent consultants – whether working individually or jointly – and other third parties and operators that provide the Controller with commercial, professional or technical services required for the Website’s operation (e.g. supply of IT and Cloud Computing services) for the purposes mentioned above and for assisting the Company in the provision of the requested services; (iii) to third parties in the event of mergers, acquisitions, transfers of undertakings or branches thereof, audits or other extraordinary operations.
The above data recipients shall only receive such data as is necessary for their respective functions and shall duly undertake their processing solely for the purposes mentioned above and in accordance with the data protection legislation. The Data may also be disclosed to such other lawful recipients as from time to time determined under the applicable legislation. Without prejudice to the above, the Data shall not be disclosed to third parties, be it individuals or legal entities, that do not perform commercial, professional or technical duties for the Controller, and shall not be disseminated. The recipients of the data shall process such data, as appropriate, as Controllers, Processors or persons authorized to process personal data for the purposes referred to above and in accordance with the applicable data protection legislation.
Regarding data transfers outside the EU, even to countries whose laws do not guarantee an equivalent level of protection of data privacy as provided under EU law, the Controller shall inform that the transfer will in any case be carried out in accordance with the methods that are acceptable under the GDPR, such as for example based on user consent, based on standard contractual clauses approved by the European Commission, by selecting parties who participate in international schemes for the free movement of data (e.g. EU-US Privacy Shield) or implemented in countries that the European Commission considers safe.
 
5. Your rights
You may at any time contact the Controller at the addresses listed above to exercise your rights under Articles 15-22 GDPR, including but not limited to the right to receive an up-to-date list of the people that have access to your data, receive confirmation of whether any personal data of yours is kept, review their content, origin, accuracy and location (also in relation to any Third Countries), request a copy, request their correction, and, where provided for under the GDPR, request that their processing be restricted or that they be deleted, oppose direct communication actions (including limiting those to certain means of communication), receive (direct marketing) advertising material from the Company. Similarly, you may always submit comments on specific uses of the data regarding specific personal situations that are deemed incorrect or unjustified in light of the existing relationship with the DPO or file complaints with the Hellenic Data Protection Authority. You may withdraw your consent at any time, without prejudice to the lawfulness of the processing carried out prior to the withdrawal of your consent.




 
WEBSITE PRIVACY POLICY
Introduction
‘NOMIKI BIBLIOTHIKI PUBCLICATIONS, TECHNOLOGY AND EDUCATION SOCIÉTÉ ANONYME’, a company using the distinctive title ‘NOMIKI BIBLIOTHIKI’, headquartered in Athens, Greece, at 23 Mavromichali st., GR-10680 (‘the Company’) takes the privacy of users very seriously and undertakes to fully comply with the applicable law (Regulation (EU) No. 2016/679 – hereinafter referred to as ‘GDPR’).
This document (‘Privacy Policy’) provides information on how the personal data collected by the Company are processed through this website (‘the Website’) and constitutes an informational notice to data subjects, in accordance with Article 13 GDPR. Particular informational notices on data privacy are usually published in the sections of the Website where users' personal data are collected and are in any case complemented by this Privacy Policy.

Data Controller and DPO
‘NOMIKI BIBLIOTHIKI AEETE’, a company using the distinctive title ‘NOMIKI BIBLIOTHIKI’, headquartered in Athens, Greece (23 Mavromichali st., GR-10680) is the Data Controller (‘the Controller’).
You can contact the Data Protection Officer (DPO) at: dataprotection@nb.org

The Data we process
The following data may be processed:
the usual personal data that you may provide upon use of this Website’s functions, including browser data or requests to use the services offered on the Website (e.g. registration in restricted areas, contests and other initiatives that may be available on the Website, use of Applications, requests for information and reports also submitted through contact forms, etc.), as well as data collected by cookies as defined in the Cookie Policy.

Why and how we process your personal data
Subject to your consent, the Company may process your usual personal data to ensure that you can benefit from the services and functions available and to optimize their performance, collect usage statistics, manage requests and reports received through the Website and manage your registration in any restricted areas or initiatives (e.g. contests) that may exist on the Website in accordance with Article 6(1)(a) GDPR. The Company may also process your personal data for the fulfillment of obligations arising from legislation, regulations and EU law: Article 6(1)(c) GDPR constitutes the legal basis for processing to that end.
In addition, subject to your optional consent, your usual personal data may also be used in the official publications of the company or in advertising activities (marketing), i.e. for sending advertising material and/or commercial communications related to the Company's services to the contact details provided, using traditional methods and/or communication methods (e.g. regular mail, telephone, etc.) or automated means (e.g. Internet, fax, email, text messaging, mobile applications for smartphones, tablets etc., social media accounts, e.g. Facebook or Twitter, etc.). Article 6(1)(a) GDPR constitutes the legal basis for processing to that end.
Finally, the Company may process your usual and sensitive personal data with the purpose of defending its rights in the framework of legal proceedings.
All your data are processed using the appropriate automatic and electronic tools to fully ensure security and confidentiality.

Required and optional processing
Forms to be completed on this Website require you to provide such personal data as is absolutely necessary for the processing of your messages and requests. The relevant data are marked with an asterisk [*]. If you do not wish to provide such data, we will not be able to process your messages / requests.
On the contrary, some forms may provide for the provision of personal data that are not absolutely necessary for the processing of your requests: the provision of such data is optional and failure to provide them entails no consequences whatsoever.

Browsing data
If you simply access the Website (i.e., without sending any message or using any of the available services/functions), data processing shall be limited to your browsing data, i.e. the data that must necessarily be sent to the Website for the operation of the computers running the Website and Internet communication protocols. This category includes, for example, IP addresses or domains of the computers used to access the Website and other parameters related to the operating system used to connect to the Website. The Company collects this data, along with other data (such as, for example, the number of times the Website was accessed and the time spent thereon) for statistical purposes only and in anonymous form, in order to monitor the Website’s operation and to improve its performance. Such data is not collected to establish links with other user information or to identify users. However, this information may, by its very nature, enable the Company to locate users by processing and linking to data kept by third parties. Browsing data are usually deleted following processing in anonymous form, but they may be stored and used by the Company to track and identify the perpetrators of any cybercrimes committed to the detriment of or through the Website. Without prejudice to this possibility and to the Cookie Policy terms, the browsing data described above shall be stored temporarily only, in accordance with the law.

Links to other websites
This Privacy Policy only applies to the Website indicated above. Although the Website may contain links to other websites (known as third party websites), we inform you that the Company does not have access to or use any cookie tracking systems, web beacons or other user tracking technologies that may be active on third party websites, the content and material published thereon or the methods used for processing of your personal data. For this reason, the Company expressly states that it may not be held liable for any such matters. You should, therefore, verify the privacy policies of such third party websites and collect information about the terms and conditions and the manner in which your personal data are processed.
 
How we store data and for how long
Pursuant to Article 5(1)(c) GDPR, the computers and software used by the Company are set up in such a way as to minimize the use of personal data and identification data. Such data are processed only to the extent necessary to achieve the objectives set out in this Policy and shall be stored for such time as is strictly necessary to achieve the specific objectives pursued. In any case, the criterion used to determine the storage period is based on compliance with the time limits set out by law and the principles of data minimization, storage limitation or rational management of our files.
 
How we ensure the security and quality of your personal data
The Company undertakes the obligation to ensure the security of users’ personal data and to comply with the security provisions set out by law to avoid data loss, unlawful or irregular use of data or unauthorized access to data, with special but not exclusive reference to Articles 25-32 GDPR. The Company uses many types of advanced technologies and security procedures to protect users’ personal data. For example, personal data are stored on secure servers located in facilities with protected and controlled access. Users can help the Company update and correct their respective personal data, by informing it of any change of address, qualifications, contact details, etc.

Persons who have access to the data
Persons pertaining to the following categories shall be authorized to process the users’ personal data: technical and administrative staff, product managers, and other staff members who need to process the data in order to perform their duties.
The Data may also be disclosed to third countries, and in particular to: (i) institutions, authorities, public bodies for institutional purposes; (ii) professionals, independent consultants – whether working individually or jointly – and other third parties and operators that provide the Company with commercial, professional or technical services required for the Website’s operation (e.g. supply of IT and Cloud Computing services) for the purposes mentioned above and for assisting the Company in the provision of the requested services; (iii) to third parties in the event of mergers, acquisitions, transfers of undertakings or branches thereof, audits or other extraordinary operations. The above data recipients shall only receive such data as is necessary for their respective functions and shall duly undertake their processing solely for the purposes mentioned above and in accordance with the data protection legislation. The Data may also be disclosed to such other lawful recipients as from time to time determined by the applicable legislation. Without prejudice to the above, the Data shall not be disclosed to third parties, be it individuals or legal entities, that do not perform commercial, professional or technical duties for the Controller, and shall not be disseminated. The recipients of the data shall process such data, as appropriate, as Controllers, Processors or persons authorized to process personal data for the purposes referred to above and in accordance with the applicable data protection legislation.
Regarding data transfers outside the EU, even to countries whose laws do not guarantee an equivalent level of protection of data privacy as provided under EU law, the Controller shall inform that the transfer will in any case be carried out in accordance with the methods that are acceptable under the GDPR, such as for example based on user consent, based on standard contractual clauses approved by the European Commission, by selecting parties who participate in international schemes for the free movement of data (e.g. EU-US Privacy Shield) or implemented in countries that the European Commission considers safe.

Your rights
You may at any time exercise your rights under Articles 15-22 GDPR, including the right to verify whether any personal data of yours is kept, review their content, origin, accuracy and location (also in relation to any Third Countries), request a copy, request a correction, and, where provided by law, request that their processing be restricted or that they be deleted, oppose direct communication actions, oppose direct marketing actions (or limit those to specific means of communication). Similarly, you may always withdraw your consent and/or submit comments on specific issues regarding any procedure for processing your personal data that you consider incorrect or unjustified in the context of your relationship with the Company or file a complaint with the Hellenic Data Protection Authority. You may contact the Controller and/or the DPO at the addresses listed above to submit any request regarding data processing by the Company, to exercise your legitimate rights and to receive an up-to-date list of parties that have access to your data.