Personal Data Management & Privacy Policy

This Policy presents the commitment of the Non-profit Civil Society "Pythagorean Academy of Sciences and Values - International Centre for Stress Science and Health Promotion", GEMI 172393551000, (hereinafter "the Academy") to the protection of natural persons (hereinafter "data subjects") with regard to the processing of their personal data (PII), in accordance with the European General Data Protection Regulation (GDPR) and Law no. 4624/2019.

The Privacy Policy is an integral part of the terms of use of the website www.pyrthagoreanacademy.org www.pyrthagoreanacademy.org.

The services of the website and the Academy in general are NOT addressed to minors.

This document provides you with a detailed framework for the management of PII, in all processing operations by the Academy and throughout the data lifecycle. In addition, it provides information about your rights and options applicable to each processing operation. The Academy reserves the right to revise this Privacy Policy from time to time to reflect current management practices in data processing. The most recent version is always available on our Website.

This Privacy Policy also applies to any third party that manages personal data on behalf of the Academy.

PERSONAL DATA PROTECTION SYSTEM

ID

Data Controller:

"Pythagorean Academy of Science and Merit - International Centre for Stress Science and Health Promotion" Non-profit civil society company

Hippocrates Zaimi 83200

Karlovassi Samos

Tel: 22730 35878 / 6982482951

For any information or request related to the management of your personal data, please contact us at: info@pythagoreanacademia.org

Data Processing Principles

The Academy follows a robust system for the processing of personal data, as disclosed to it and processed by data subjects in each interaction with the Academy (website visitors, newsletter recipients, participation in our programs or provision of related services, etc.).

The Academy, in collaboration with qualified professionals, who are fully aware of their obligations under the law and are committed to it, implements appropriate technical and organizational measures to protect the personal data it processes, ensure the confidentiality and integrity of the data, defining levels of authorized access to them based on taking into account risk studies and impact assessments on the rights and freedoms of the data subjects

All personal data are:

  • Collected for specified purposes and processed lawfully, in a fair and transparent manner by the Academy's staff and its authorized partners, within the framework of the services provided to data subjects on the basis of the scientific programs in which they participate,
  • Classified, stored for a certain period of time and securely destroyed at the end of that period,
  • Accurate and updated when necessary,
  • Filed, so as to be available to the subjects, as well as to any competent supervisory authority,
  • Processed with integrity and confidentiality, while ensuring their availability by applying appropriate technical measures and IT controls.

PERSONAL DATA PROCESSED:

  1. When browsing the website: When you access our website, our server records in a special file (log file) the IP address generated by the browser of your device. This address constitutes personal data, even if we are unable to identify you ourselves on the basis of this data.

In addition, through the cookie preference management option, cookies and related technologies will be collected, according to your choice, as provided for in the cookie policy: https://pythagoreanacademia.org/en/cookie-policy-eu/ , in order to enable communication and for any other purpose that you may choose to instigate with your choice.

In case the possibility of registering as a user on our website is launched, in order to create a user account for the website, the following data are required as a minimum : First name, Last name, e-mail, Password, Telephone (optional).

  1. In the context of your participation in Academy programs

By signing the Application for Participation/Consent Form we receive your Name, full address and contact details (tel., email), profession. Also, as part of the tax documents that we issue for your participation in our programs, we receive your VAT number and tax office, and any other information required by tax law, as applicable at the time.

For the processing of electronic payments, the Academy cooperates with an appropriate service provider certified according to the PCI DSS standard.

Depending on the program you choose, you will fill in relevant activity and personality questionnaires (primarily customized to the Greek population), we will obtain, with the collaboration of specialized laboratories and special scientific tools, a blood sample for microbiological testing, a sample of your hair, to conduct scientific measurements on the level of physical and mental condition, stress and inflammation levels in the body, etc. More information about the methodology and findings of these tools can be found by following the link https://pythagoreanacademia.org/en/ta-programmata-mas/. Please note that the biological sampling is conducted in a pseudonymized manner by our partners, without your identification at all stages and relevant measurements.

  1. For communication purposes regarding the provision of our services, the examination and response to requests, the dispatch of newsletters

This communication takes place at the contact details provided to us (e.g. email, postal address)

Data subjects should provide the Academy with sufficient, accurate and true data and inform the Academy in a timely manner of any changes to their data.

DATA PROCESSING PURPOSES

Personal data are processed by the Academy, in its capacity as Data Controller, for the following purposes:

  • The management of the website www.pythagoreanacademia.org;
  • The provision of services to data subjects, including the collection and processing of biological material, biometric measurements, etc., on the basis of its programs in which they participate and the extraction and communication of personalized conclusions and advice, including the provision of personalized deliverables, according to the program selected; To communicate with them regarding the provision of services, the sending of receipts, invoices,
  • To communicate with them regarding the provision of services, the sending of receipts, invoices, payment reminders, responses to requests or complaints, etc.;
  • To inform individuals of promotional activities undertaken by the Academy, events and projects organized by, or involving, the Academy;
  • To subscribe to newsletters,
  • In order to open a user account in the Academy's information environment, navigation and use of its website;
  • For the fulfilment of the Academy's legal and/or contractual obligations,
  • To comply with the orders of the competent police, public and judicial authorities,
  • To defend its legitimate interests, protect its property and its rights;
  • To detect attempts to steal data or fraud using the Academy's registered name or trademarks (e.g. phishing);
  • To protect the vital interests of a data subject;
  • To respond to requests from individuals regarding the exercise of their rights as personal data subjects;
  • The Academy may use data relating to your participation in the program and the conclusions drawn from them for the purposes of scientific or statistical research. In this case, the processing will be carried out on a completely anonymized basis, after informing the subjects.

PROCESSORS - RECIPIENTS OF PERSONAL DATA

Your personal data are processed exclusively by the Academy's scientific staff and its partners, who are bound by fully binding confidentiality clauses.

In addition, the Academy ensures that persons and processors who carry out personal data processing operations on its behalf comply with the applicable data protection legislation.

Processors::

  1. Supporting information system and data support service:

 

  1. Collaborating Biochemical/Microbiology Laboratories

 

 

  1. Accounting support:

 

  1. Payment clearing service provider:

 

  1. Newsletter/communication service provider:

 

Data and personalized findings are provided exclusively to you and are not disclosed to third parties.

LEGAL BASES FOR PROCESSING PERSONAL DATA 

  • The legal basis for the processing of your data in the context of participation in our programs is the existence of a contract, with the signing on behalf of the interested natural persons of the Application for Participation/Consent Form, between the Academy and the participating natural persons or a contract with public benefit organisations (such as local authorities, associations, unions, etc. ) aimed at developing specifically structured programs, with beneficiaries being members of local communities, aimed at strengthening and improving the health of the population , for the fulfilment of which - including all stages of this as described above - the processing of specific personal data is necessary;

By providing consent herein, the natural person also provides his/her consent to the collection and processing of personal data concerning him/her as defined in Regulation 2016/679 of the European Parliament and of the Council and the Greek Law 4624/2019;

  • For the provision of promotional material updates by the Academy, recipients provide their consent in this regard;
  • Furthermore, the Academy also processes data to comply with its legal obligation in its capacity as Data Controller. The Academy also processes data where such processing is necessary for the purposes of the legitimate interests pursued by the Academy as Data Controller or by a third party. In this case, it shall consider whether the interests override the interests or fundamental rights and freedoms of the data subject which require the protection of personal data, in which case, if either of these applies, it shall refrain from processing;
  • Finally, the Academy may process personal data for the purpose of safeguarding the vital interests of the data subject, in this case the user, or another natural person.

 

SECURITY OF PROCESSING

The Academy recognizes and respects the importance of the privacy of the data subjects' data and is committed to ensuring the availability, integrity and confidentiality of the personal data processed. The aim is to protect data from unauthorized access, unlawful processing, misuse, alteration, accidental loss, destruction or damage.

 

Appropriate organizational and technical measures have been implemented to secure all physical and electronic databases. All data is classified and retained for predetermined periods of time as defined by this Policy.

Technical measures may include firewalls, intrusion detection and prevention systems, unique and complex passwords and encryption.

 

DATA RETENTION PERIOD

  • The data of each participant in the programs will be kept for as long as necessary to provide services to him/her under the agreement between the parties and for five (5) years from the end of the year of completion of the program;
  • Data relating to the execution of transactions (payments) will be kept on file for fifteen (15) years from the end of the year in which the contract was established for tax law compliance purposes. However, the payment and reservation history will be kept directly accessible to users through their account for five years from the end of the year in which the reservation was created or last modified or cancelled in the case of a simultaneous payment/prepayment as described above;
  • Data relating to the creation of a user account on the Academy's website is retained until the user requests the deletion of the account;
  • Data relating to the sending of commercial updates and newsletters will be retained until the recipient requests not to receive them, i.e. withdraws his/her consent in this regard;
  • Data may be retained for longer than the time necessary in the above-mentioned cases a) if required by law, b) if the Academy considers that they are related to existing and/or potential legal disputes, c) to defend its legitimate interests, or d) to safeguard the vital interest of the data subject or another natural person.

DATA SUBJECTS RIGHTS

The data subjects whose data is collected in accordance with the above, have, as set out by Law, the right to be informed, the right to access, the right to restrict processing, the right to object, the right to portability regarding his/her personal data, the right to request the correction/completion, or deletion ("right to be forgotten") of them, as well as the right to withdraw his/her consent in the event that personal data is processed on the basis of consent provided by the user..

Right to information: It is the right to know who is processing your data, what it is, for what purpose and for how long the processing takes place.

Right of access: It is the right to receive confirmation as to whether or not your personal data is being processed, what it is, for what purpose it is being processed, for how long it is being stored and to whom it may be shared with.

Right to erasure ('right to be forgotten'): It is the right to request the erasure of your personal data, under certain conditions set by the Regulation, such as when the data is no longer necessary, you have withdrawn your consent, the data has been subject to unlawful processing, etc.

Right to restriction of processing: It is the right to request the restriction of processing of your personal data when its accuracy is disputed, the processing is unlawful, the data is no longer needed by the controller, you object to automated processing.

Right to object: It is the right to object at any time and for reasons related to your particular situation, to the processing of personal data concerning you, which processing is based on or is necessary for the fulfillment of a duty performed towards the public interest or in the exercise of public authority delegated to the data controller or to the fact that this is necessary for the purposes of the legitimate interests pursued by the data controller or a third party, unless these interests are overridden by the interest or the fundamental rights and freedoms of data subject that imposes the protection of personal data, including profiling under said provisions.

Right to portability: It is the right to receive the personal data concerning you that you have provided in a structured, commonly used and machine-readable format, as well as the right to transmit said data to another entity without objection from the Academy to which the personal data was provided when: a) the processing is based on consent or a contract and b) when the processing is carried out by automated means.

When exercising the right to data portability, you have the right to request the direct transfer of personal data from one data controller to another if this is technically possible.

Data subjects who register as users on our website can withdraw their consent to the processing of data subject to processing based on said consent at any time, either by changing the corresponding settings on the device where the application is installed, or by using of the unsubscribe option provided in relevant communications or on the website or in the application, or finally by sending a relevant communication to the email address below.

The user can exercise these rights or request more information about them by sending an email to info@pythagoreanacademia.org. info@pythagoreanacademia.orgThe Academy must respond to him/her in writing within one (1) month.

DATA TRANSFER (OUTSIDE EU – EEA)

No transfer of your personal data takes place outside the European Union, or the European Economic Area

For more information about this you can contact the email address info@pythagoreanacademia.org info@pythagoreanacademia.org

 

AMENDMENT OF PERSONAL DATA MANAGEMENT & PRIVACY POLICY

The Academy reserves the right without notice and at its discretion to modify this Personal Data Management & Privacy Policy by posting the modified text on the website www.pythagoreanacademia.org . www.pythagoreanacademia.org;.

Users should periodically check this page to ensure that they are kept up to par with any changes to the Policy.

 

In the event that you consider that the protection of your personal data is infringed in any way, you can appeal to the Hellenic Data Protection Authority: 1-3 Kifisias St., PO Box 11523, Athens, www.dpa.gr. To read more on the Authority's competence and how to submit a complaint, you can visit its website (www.dpa.gr - My rights - Submit a complaint), to obtain detailed information.

 

DISPUTE RESOLUTION

This Policy is governed and construed by Greek law, the law of the European Union and the relevant international treaties and any possible dispute in this regard will be resolved by the competent courts of Samos. Any provision of the above that becomes or is deemed contrary to the law, automatically ceases to be valid, without in any way affecting the validity of the other terms of this Policy.

 

Privacy Policy Effective Date: January 2024