Font ResizerChange Colors
Ελληνικά
search icon

GDPR

Information on Personal Data Protection in accordance with Regulation (EU) 2016/679
Since 25/5/2018 the General Data Protection Regulation (EU) 2016/679, also known as GDPR, is being implemented, which strengthens the framework for the protection of data subjects with regard to the processing of personal data in the European Union. INAB | CERTH with respect to personal data, complies with the GDPR in the context of its activity and scope and takes the respective technical and organizational measures for the effective protection of personal data, in accordance with the GDPR.

The Institute of Applied Βιο-Sciences of the Centre for Research and Technology Hellas (INAB | CERTH) aims to bridge the gap between excellence research in the field of life sciences and applications that meet the needs of end users. In this endeavor, with full respect for human value and privacy, the Institute has developed a complete Personal Data Protection Program, to fully ensure the protection of patients and study participants. Researchers and employees act in accordance with applicable Greek and European law, as well as international rules resulting from agreements or decisions of international organizations in which our country participates.

Active and dynamic participation of all INEB employees in the Personal Data Protection Program ensures that program performance audits are regularly audited and that the level of protection of personal data in the possession of the institute. To achieve these goals INAB has designed and is maintaining an Information Security Management System (ISMS). INAB is certified acording to ISO 27001:2013 for its ISMS.

Personal data collected and processed by INAB | CERTH are limited to those necessary for the specific and clearly defined purpose and the specific legal basis, for each circumstance.
In this context, the processing that takes place concerns the personal data you provide to INAB | CERTH when you visit our official web sites, when using our services or interact with us, for example by sending a contact form.
Such personal data is:

Identification data (e.g., User ID, Full Name, Father’s & Mother’s Name, Photo, Identity or Passport Number, etc.)
Communication data (e.g. postal address, phones numbers, e-mail address, etc.)
Demographic data (e.g., Nationality, Citizenship, Religion, Date of Birth, Place of Birth, Country of Birth etc.)
Health Data (e.g. Medical opinions, Medical Certificates, Medical Samples etc.)
Curriculum Vitae (CV)

Personal information is collected in accordance with the GDPR and the applicable legislation, either at the beginning of your relationship with the Institute or later, and are processed on a legal basis:

consent to the processing of your personal data for one or more specific purposes
for the performance of a contract
for compliance with our legal obligations
in order to protect your or another natural person’s vital interests
for the performance of a task carried out in the public interest
for the purposes of our legitimate interests
INAB | CERTH might process your personal data for the following purposes by legal basis:

Consent to the processing of your personal data for one or more specific purposes
To identify and communicate with you

For the performance of a contract
For communication during pre-contract or contract performance

For compliance with our legal obligations
To fulfill our obligations, imposed by current legislation, on our students, our staff and our external collaborators.
To fulfill our obligations under applicable law on disclosure to Public Authorities.

In order to protect your or another natural person’s vital interests
• for medical examinations / tests

For the performance of a task carried out in the public interest
To understand the pathogenicity of diseases and to develop and validate innovative methodologies, products and services of medical interest

For the purposes of our legitimate interests, such as:

• To develop and improve our services through your activities and interests.
• Complaints management
• For the protection and security of our IT systems
• For the protection and safety of our facilities
• To manage risks from breaching the obligations arising from sponsorship contracts.

In order to carry out the examinations you are entrusted with, we will need to use some of your personal information as well as your clinical samples. The collection and processing of any information about you will be confidential and protected by the rules of medical privacy, as well as by Regulation (EU) 2016/679 on the protection of personal data. Anonymity will be respected and all necessary measures will be taken to protect the rights of the persons to whom they refer.

The personal data collected will be limited to the minimum necessary and will remain in our possession for the purpose of the examination / analysis for which it is intended, as well as for 6 months thereafter, in order to satisfy any of your requests relating to validating the analysis of results.

Biomedical research at INAB | CERTH focuses on understanding the pathogenicity of diseases and developing and validating innovative methodologies, products and services of medical interest to promote the transition from laboratory to clinical practice (‘from bench to bedside’), in accordance with its principles. Medical Precision to maximize the benefits and minimize unnecessary costs and side effects.

Once you have given us your consent, your clinical sample, along with the anonymized information that accompanies it, may be used in research aimed at improving patient health, as well as their life expectancy and quality of life.

In all cases where the processing is based on consent, INEB | CERTH follows the procedures provided by law.

The staff of INAB | CERTH has access to your personal data, in the course of performing the duties assigned to them by the University as a controller.

INAB | CERTH may be required or entitled to disclose your personal data to a number of third parties such as:

Public authorities
Independent authorities
Research Institutes, Universities and Hospitals (if you are involved in research, with your consent)
provided that privacy and confidentiality is always respected.

INAB | CERTH retains your personal data for a period defined by the applicable legal and regulatory framework.

In order to make sure our site is working properly, we may sometimes put a small piece of data known as cookie on your computer or mobile device. A cookie is a text file that is stored by a web server on a computer or a mobile device. The content of a cookie can only be retrieved or read by the cookie server. Text in a cookie often consists of identifiers, site names and some numbers and characters. Cookies are unique to browsers or mobile apps you use, and allow sites to store data, such as your preferences.
You can view our Cookies policy here

At INAB | CERTH we work daily to ensure that the personal data we receive:

• Are processed and treated lawfully and fairly in a transparent manner with respect to the data subject
• Are collected solely for specific and legitimate purposes
• Are adequate, they are related to the purpose for which we collect them and are limited to what is necessary
• Are accurate and up-to-date
• Are maintained exclusively within the specified timeframe and no longer
• Are processed in a way as to ensure the necessary security of personal data

Access
You may at any time be informed by us of and access to your personal data we hold.
Correction
You have the right to contact us to correct the data that is inaccurate or incomplete.
Erasure
If we are not obliged by law to maintain the data we hold and relate to you, you can ask for your personal data to be deleted.
Data Portability
You can ask us to forward your data to another authority.
The right to oppose and limit processing
In case you disagree with the way we process your personal data, you can request the interruption or limitation of the processing
The right to withdraw consent
You have the right to withdraw your consent to process your data at any time.

INAB | CERTH will make every effort to respond to your request without delay and in any case within one month of receiving it. This period is extended for a further two months if it is necessary taking into account the complexity of the request and the number of requests. INAB | CERTH will inform you of this extension within one month of receipt of the request and of the reasons for the delay. If you have submitted the request by electronic means, the update is provided, if possible, by electronic means, unless you request otherwise.

In case INAB | CERTH satisfies your request (a) to limit the processing of your data; or (b) to terminate the processing of your data; or (c) to delete your data from the University’s records and if they are necessary for the preparation or continuation and performance of a contract, then either the termination by you of the relevant agreement or the inability to process your request is automatically implied.

INAB | CERTH is in any case entitled to refuse the satisfaction of your request to restrict the processing or deletion of your personal data if such processing is necessary for the foundation, exercise or support of its legitimate rights or the fulfillment of its obligations.
The above services are provided free of charge. However, if your claims are manifestly unfounded, excessive or recurrent, INAB | CERTH may either impose a reasonable end, inform you or refuse to respond to them.

To exercise your rights click here

You have the right to withdraw your consent at any time. The withdrawal of your consent does not affect the legitimacy of the processing that was previously based on it and was made prior to its revocation.

If you have any questions about protecting your data, you can email dpo-inab@certh.gr gr or write to the postal address:
Institute of Applied Biosciences
Centre for Research and Technology Hellas
6th Km. Charilaou – Thermi Road
P.O. BOX 60361 GR – 57001
Thessaloniki
Hellas

and we will respond to you as soon as possible and not later than one month.

You have the right to file a complaint to the Personal Data Protection Authority (www.dpa.gr) which is the competent supervisory authority for the protection of the fundamental rights and freedoms of natural persons with regard to the processing of their personal data if you believe that your rights are being infringed in any way.

We encourage you to read our Privacy and Personal Data Protection Policy


Relevant files:
Privacy and Personal Data Protection Policy
Data Request Form
Cookies policy