Data Protection Policy

The following information regarding the protection of your personal data concerns the way we process your personal information when you interact with the Federation of Hellenic ICT Enterprises (hereinafter referred to as SEPE) or use any of our services through its Web Portal (hereinafter referred to as WP).

Contact Details of the Data Controller

For every processing of personal data carried out within the framework of any potential interaction through the WP of SEPE, the Data Controller is the Federation of Hellenic ICT Enterprises, 19 Amvrosiou Frantzi St., 117 43 Athens, Greece, Tel: 2109249540, Email: info@SEPE.gr.

Contact Details for Data Protection

For any matter concerning Data Protection of the WP of SEPE, you can directly contact the Legal Advisor, Evangelos Papalamprou. To exercise your rights or for any other reason related to data processing conducted by SEPE, as outlined in this information, you can contact him at the email address info@sepe.gr at the postal address 19 Amvrosiou Frantzi St., 117 43 Athens. Please indicate "For Legal Advisor" on the envelope.

When and How We Collect Your Personal Data

Most of the personal information we process is provided directly by you for one of the following reasons:

  • You have applied to become a member of SEPE.
  • You have subscribed to the SEPE Newsletter.
  • You have contacted us through the contact form of the WP of SEPE.

Application for New Member Registration
We use the business information and representatives' details such as: Company Name, Address, Email, VAT number, representatives' roles, and other information described in the registration application, as well as supporting documents of the company attached at the time of the application. The purpose of collecting and processing this data is to register the respective company in the registry of SEPE members and to provide further regular or exceptional updates to the company representatives as members of SEPE, in accordance with its statute and the decisions of its bodies. The legal basis for this processing is Article 6(1)(b) of the General Data Protection Regulation (GDPR), i.e., the examination and processing of your request for membership registration in SEPE according to the terms of the registration application, as well as Article 6(1)(a), i.e., your explicit consent.

We retain your personal data for as long as you remain a member of SEPE, and we regularly request updates. After your deletion, we continue to retain the data for the purpose of maintaining a member's historical record or processing your request for re-registration. Additionally, you have the rights to request access to your data, rectify inaccuracies or incompleteness, delete them if you withdraw your consent, restrict processing under certain conditions, and file a complaint.

Newsletter Subscription
We use your email address to send you the SEPE Newsletter. Once you subscribe to the Newsletter, you will receive a confirmation message, and thereafter you will receive our electronic newsletters and updates.

The purpose of collecting and processing this data is to send the e-Newsletter and our updates. The legal basis for this processing is your consent, in accordance with Article 6(1) of the General Data Protection Regulation (GDPR).

We retain your personal data for as long as you remain subscribed to our newsletter recipient list, so that you can receive our electronic newsletters and updates, and we delete them in case you withdraw your consent. This means that you have the right to withdraw your consent at any time, resulting in the deletion of your data and the cessation of newsletter delivery.

Additionally, you have the rights to access your data, rectify inaccuracies or incompleteness, delete them if you withdraw your consent, restrict processing under certain conditions, and file a complaint.

Communication via the Contact Form
We collect personal data such as: Name, Surname, Email, Phone number, and any other personal data that you may provide us with if you choose to use the contact form of SEPE's WP. We retain your personal data for one year from the date of the communication. Additionally, we store our response to the communication in our system.

The provision of the above data is necessary to satisfy your request/query.

Our purpose for processing your personal data is to be able to respond to your request for information.

The legal basis for processing your personal data for this purpose is Article 6(1)(b) of the General Data Protection Regulation (GDPR).

In this regard, you have the same rights as with Newsletter subscription.

Sharing and disclosure of personal data

As a general rule, we do not disclose or transfer data to third parties. Your data may be disclosed to processors with whom SEPE collaborates to support its systems.

We store your data through SEPE's WP on the Microsoft Azure cloud. Specifically, the WP is hosted on OVH Cloud, and your data may subsequently be stored in a Microsoft cloud service. Finally, the management of SEPE's WP is handled by ATCOM INTERNET & MULTIMEDIA SA, whose authorized personnel may have access to the data entered through the New Member Registration Application, Newsletter Subscription, and contact form.

Your rights regarding your personal data

According to data protection legislation, when we process your personal data, you have certain rights that we need to inform you about. The rights you can exercise with respect to SEPE are as follows:

You have the right to request information about the processing of your data by SEPE at any time or copies of your personal data that we retain.

You have the right to request the correction of information that you believe to be inaccurate at any time. You also have the right to request the completion of information that you believe to be incomplete.

You have the right to request the erasure of your personal data in certain cases.

SPECIAL APPENDIX

Processing of personal data during SEPE Events

Besides convening General Assemblies, SEPE organizes events for documentation, promotion, and conducts them in a hybrid manner, which involves taking photos and videos, and broadcasting them via live streaming techniques, i.e., online transmission of an event. SEPE is the Data Controller for these initiatives, whether they occur within or outside its premises.

Please note that SEPE is not involved and bears no responsibility for any photography or videography conducted privately by individuals attending the events.

To comply with the General Data Protection Regulation (2016/679/EU) – GDPR and Greek Legislation (Law 4624/2019), appropriate organizational and technical measures are taken:

  • Informing individuals about these initiatives before taking photos or videos.
  • Obtaining individuals' consent for using the material for any purpose other than simple photography or videography.
  • Ensuring individuals' rights to their personal data.
  • Anonymizing personal data upon request.

Informing Individuals

Before collecting personal data, individuals will be informed about the aforementioned processing of their data. The information will be provided in three stages:

The invitation to the event will mention that there will be photography/ videography and live streaming. If the invitation is provided within a sponsorship context, the sponsor will inform the individual.

Notices (in A3 size) will be prominently displayed outside the entrances to the event venue, stating that there will be photography/videography and live streaming of the event.

The first speaker may announce that photography/videography and live streaming will take place within the venue and mention that the relevant information is available at the entrances.

Entering the event venue, after being informed through the aforementioned measures, is taken as the individual's consent, justifying the recording and further use of the material. Naturally, anyone can object at any time and request appropriate protection (under the rights of data subjects for information, correction, deletion, and restriction of data processing as provided by the General Data Protection Regulation 2016/679/EU and Law 4624/2019).

Outside the entrances to the event venue, a clearly visible (A3) notice will be posted, stating that photography/videography and live streaming, i.e., online transmission of the event, will take place.

The first speaker may announce that photography/videography and live streaming will be conducted within the venue and mention at least that the relevant information is available at the entrances.

Entering the event venue, after being informed through the aforementioned measures, is considered as the individual's consent, justifying the recording and further use of the material. Naturally, anyone can object at any time and request appropriate protection (under the rights of data subjects for information, correction, deletion, and restriction of data processing as provided by the General Data Protection Regulation 2016/679/EU and Law 4624/2019).

Rights of Individuals

From the moment SEPE collects personal data, in addition to protection measures, it grants the corresponding rights to individuals as provided by the GDPR and the implementing law.

Individuals are informed, through the notices at the entrances, that they can contact papalamprou@sepe.gr regarding their personal data. This allows them to submit any request to exercise their rights. Additionally, through the general notice posted, individuals are encouraged to visit the SEPE website where the general information on data protection and the application for exercising their rights is posted.

The primary right in the case of consent is the individual's ability to withdraw their consent at any time. The withdrawal of consent does not affect the legality of the processing prior to the withdrawal. Thus, for example, a publication in a magazine or an online presentation cannot be withdrawn, but a request should be made to the responsible parties to remove the posting from websites where the individual’s photos and videos were posted.

Other rights that the individual may request will be addressed jointly and, on a case-by-case basis with SEPE's Legal Service.

Anonymization of Personal Data

It is often desirable to take general shots of an event, e.g., for documentation or live streaming purposes, where consent cannot be obtained (large audience, lack of preparation for consent collection, opportunistic shots, etc.).

Techniques that can be used in capturing or displaying images (photos and videos) without requiring consent include:

Low-resolution images, so that participants’ faces are not distinguishable.

Images taken from behind the audience, so that faces are not visible.