Terms and Conditions
Home — Terms and Conditions
Personal Data Protection Notice
The Ministry of Culture (hereinafter the “Ministry”), which has its seat in Athens, at 20-22 Bouboulinas St., P.O. Box 10682, through the Ephorate of Antiquities of Chania, in its capacity as Data Controller, collects and processes your personal data only if absolutely necessary for explicit and legitimate purposes, in accordance with Regulation (EU) 2016/679 of the European Parliament and Council, Law 4624/2019 and Law 3471/2006 as applicable. This notice is intended to inform users of the Archaeological Museum of Chania Website (“https://amch.gr/”) about the processing of their personal data.
Definitions
For the purposes of this Notice, the following terms have the following meanings:
“Personal data”: any information relating to an identified or identifiable natural person (“data subject”). An identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to his or her physical, physiological, genetic, mental, economic, cultural or social identity.
“Special personal data categories”: personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.
“Processing”: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
“Anonymisation”: the processing of personal data in such a manner that the data can no longer be attributed to a specific data subject.
“Pseudonymisation”: ”: the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
“Controller”: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law. For the purposes of the present policy, the Ministry acts as Controller.
“Processor”: the natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
“Data subject”: the natural person whose personal data are processed. e.g. trainees, colleagues, Ministry staff, etc.
“Consent” of the data subject: any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
“Personal data breach”: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.
“Regulatory Framework”: the relevant national and EU data protection regulatory framework, namely Regulation (EU) 2016/679 (hereinafter referred to as the “GDPR”); Law 4624/2019, Law 3471/2006, the jurisprudence of the Court of Justice of the European Union (hereinafter referred to as the CJEU) as well as the Decisions, Directives and Opinions of the European Data Protection Board (hereinafter referred to as the “EDPB”) and the Hellenic Data Protection Authority (hereinafter referred to as the “DPA”).