The Association of Infant and Specialized Nutrition (SEPTEDE) guarantees the respect of your privacy and the protection of your personal data, whether they are kept online or at the Association’s premises. SEPTEDE is committed to safeguard your privacy and to comply with all the principles of transparent and lawful processing in accordance with the applicable European and national law and in particular in accordance with European Regulation (EU) 679/2016. The aim of this Policy is to inform you about the type of personal data that SEPTEDE collects about you and how SEPTEDE uses your data.

This Policy applies and applies to data collected on premises and/or in digital environments and applications.

 

Definitions

For the purposes of this document, the following terms shall have the following meanings:

“Personal data” means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one whose identity can be established, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or one or more factors specific to the physical, physiological, genetic, psychological, economic, cultural or social identity of that person;

“Special categories of personal data”: personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, as well as the processing of genetic data, biometric data for the purpose of positive identification of a person, data concerning health or data concerning the sex life of a natural person or sexual orientation.

‘processing’ means any operation or set of operations which is performed, whether or not by automated means, on personal data or on sets of personal data, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

“Anonymisation”: the processing of personal data in such a way that the data can no longer be attributed to a specific data subject.

‘Pseudonymisation’ means the processing of personal data in such a way that the data can no longer be attributed to a specific data subject without the use of supplementary information, provided that such supplementary information is kept separately and subject to technical and organisational measures to ensure that it cannot be attributed to an identified or identifiable natural person.

‘controller’ means the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its appointment may be provided for by Union or Member State law.

“Processor”: the natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

‘Consent’ of the data subject: any freely given, freely given, specific, explicit and informed indication of the data subject’s wishes by which the data subject signifies his or her agreement, by a statement or by a clear affirmative action, to the processing of personal data concerning him or her.

“personal data breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access of personal data transmitted, stored or otherwise processed.

“Existing Legislation”: the provisions of the existing Greek, EU or other Legislation that define personal data protection issues.

 

Legal Basis for Processing

SEPTEDE processes personal data transparently in accordance with the principles of lawfulness, proportionality, confidentiality and integrity, purpose limitation and accuracy, specific retention period and data minimisation.

The lawful basis for processing personal data on a case-by-case basis may be:

(a) the subject’s consent,

(b) the performance of a contractual obligation or at the pre-contractual stage,

(c) safeguarding the legitimate interests of the SEPTEDE,

(d) compliance with a legal obligation,

(e) the performance of a task carried out in the public interest or in the performance of rights and obligations arising from social security law.

(f) the extraction of statistical data.

 

 

 

Purposes of Processing

SEPTEDE, in the context of its activities and operation, may collect personal data of its members, its employees and in general its collaborators or participants in actions and programmes.

In particular, the main purposes of the processing of the FADN are the following:

1. a) registration of its members, members of the SEPTEDE are legal entities, however, data of members of the administration and contact representatives are collected,
2. b) sending electronic communication to its members and associates,
3. c) participation and promotion of European programmes,
4. d) the holding of events related to its objectives,
5. e) the recruitment of employees and the management of the employment relationship

(f) the management of its partners,

1. g) the transmission of consumer complaints to its respective members.

 

Collection of Personal Data

SEPTEDE may collect personal data both in paper form (e.g. through the submission of the necessary documents for the conclusion of a contract) and through its web/digital applications (e.g. for participation in its events).

 

Disclaimer for Third Party Websites

On the website of SEPTEDE, links may be provided, which further redirect the user to third party websites. SEPTEDE is not responsible for the privacy practices of third parties or for the content of third party websites.

 

Data transmission

The SEPTEDE in some cases transfers data to third parties (legal or natural persons) acting as processors, to support its operation (e.g. the organisation of events, technical support, etc.) and to serve its purposes, in accordance with the guarantees provided for in existing legislation.

In particular, where the transfer concerns a country outside the European Union (EU) or the European Economic Area (EEA), the SEPTEDE checks whether:

 

The Commission has adopted an adequacy decision for the third country to which the transfer will be made.

Appropriate safeguards are in place in accordance with the Regulation for the transfer of such data.

If the above conditions are not met, the transfer to a third country is prohibited and the SEPTEDE does not transfer personal data, unless one of the specific derogations provided for by the Regulation applies (e.g. explicit consent of the data subject and information of the data subject regarding the risks involved in the transfer, the transfer is necessary for the performance of a contract at the request of the data subject, there are reasons of public interest, it is necessary to support legal claims and vital interests of the data subjects

 

Data Retention Period

The personal data collected by SEPTEDE are kept for a predetermined and limited period of time, depending on the purpose of the processing, after which the data are deleted from its records, unless a different retention period is provided or permitted by applicable legislation.

 

Personal Data Security

SEPTEDE implements appropriate technical and organizational measures, security policies, training of its staff, in order to ensure the secure processing of personal data and to prevent accidental loss or destruction and unauthorized and/or unlawful access, use, modification or disclosure of personal data.

 

Your Rights

Under national and EU legislation regarding the collection and processing of personal data, your rights are as follows:

 

The Right of Access to Data.

The Right to rectification of data.

The Right to erasure of data (“right to be forgotten”).

The Right to restrict the processing of data

The Right to Data Portability

The Right to object to the processing of data

Also, if you simply wish to stop receiving electronic communications, in any communication from the SEPTEDE, you can send your request to septe@sevt.gr

 

To exercise any of the above rights, you may contact the Data Protection Contact Person by email at septe@sevt.gr

 

In the event of the exercise of one of your above mentioned rights, the SEPTEDE will take all possible measures to satisfy your request within (1) month from its submission and identification, informing you in writing about the satisfaction of your request, or the reasons that prevent the exercise of your relevant right, or the satisfaction of one or more of your above mentioned rights in accordance with the General Data Protection Regulation.

In addition, if you believe that any of your rights or legal obligations of the Association regarding the protection of your personal data are violated, you may submit a complaint to the competent supervisory authority, namely, the Personal Data Protection Authority (“PDPPA”) for issues related to the processing of your personal data. Detailed information on the competence of the Authority and how to file a complaint is provided on the website of the DPAA (“http://www.dpa.gr” My rights ð File a complaint).

 

Updates to the Personal Data Protection Policy

SEPTEDE may amend this Privacy Policy from time to time to comply with regulatory changes or to meet its operational needs and legal obligations. Updated versions of this Privacy Policy will be posted on this website with a date indication so that it is known which is the most recently updated version.

 

Review: March 2024