Protection of Personal Data

COVID-19 and personal data management

Given the increased measures to prevent and protect against the spread of Coronavirus, the need for health and safety measures for both workers and traders requires the use of data and information collected for this purpose. The processing of personal data, whether simple or sensitive, their transmission, their retention, have a legal status under the regulatory framework of the GDPR. It is therefore necessary to ensure that these practices, which involve the collection and processing of personal data, are carried out in accordance with the requirements of national law and European Union legislation (e.g. reporting possible exposure to the virus through contact with a person who has been exposed to the virus, travelling to countries with a high risk of infection).

Indicatively, fundamental provisions on the legality of data processing include, inter alia, the provisions of Article 6 par. 1(c), (d) of the GDPR, which refers to the fact that the person responsible for processing has certain law obligations, but also to protect the vital interests of the data subjects or other individuals. In this regard, the safety and health of employees and of partners are in any event the responsibility of the entity which must ensure that they are protected in an appropriate manner.

At the same time, in the event of data related to health, such as diagnosed symptoms of a medical condition, medical examinations, etc., i.e., sensitive personal data, for which special protection applies, their processing can only be carried out under the strict limitations of Article 9, paragraph h,i of the GDPR. Thus the processing needs to be necessary for the purposes of preventive or occupational medicine, assessment of the worker's fitness for work, medical diagnosis, provision of health or social care or treatment or management of health and social systems and services under Union or national law or under a contract with a health professional. or processing is required for reasons of public interest in the area of public health, such as protecting against serious cross-border threats to health or ensuring high standards of quality and safety of healthcare and medicines or medical devices, on the basis of Union law or the law of a Member State which provides for appropriate and specific measures to protect the rights and freedoms of the data subject, in particular professional secrecy.

Specifically, the GDPR has included in recital 46, as a legitimate basis for the use of such data that: "...certain types of processing may serve important public interest purposes on the one hand and the vital interests of the data subject on the other, such as, for example, when the processing is necessary for humanitarian purposes, including the monitoring of epidemics and their spread or in situations of humanitarian urgency, in particular in cases of natural and man-made disasters." Therefore, the intended processing is considered as necessary for human life and this is its legal basis.

Taking measures to protect health on the part of the State includes appropriate actions for this purpose, such as the provision of special purpose licences, remote working, decontamination of premises, and so on. The responsibility of the body managing any outbreaks implies full compliance with medical confidentiality, so that confidential data does not lose its character and the handling of medical data is carried out under the necessary security conditions.

Finally, in accordance with the decisions of the State, its relevant instructions concerning the operation of the entity must be implemented in a manner that does not prejudice or discriminate against the rights or freedoms of the employees, who must be fully informed of the measures taken by the entity.

In any case, the reasonable use of health data to protect the public interest and the good of health requires the collection of personal data to follow the principles of necessity, lawfulness, objectivity and transparency, purpose limitation, limitation of the storage period, integrity and confidentiality, but also minimization, along with the obligation to take appropriate technical and organizational measures (such as encryption) to avoid the infringement of personal data.

See more See less

The European General Data Protection Regulation (GDPR – EU 2016/679) became fully applicable on 25 May 2018. In this context, the University of Piraeus has developed a Personal Data Protection Policy in order to fully ensure the protection of all members of the academic community, partners and other stakeholders. The Policy addresses the Protection of Personal Data in order to meet the requirements of the European Data Protection Regulation (GDPR – EU 2016/679).

Informing data subjects of their personal data

Press release concerning the treatment of personal data in the context of the management of COVID-19

Guidelines for the Treatment of Personal Data in the context of COVID-19 Management

Management and protection of personal data

The University of Piraeus manages personal data which:

are processed in a lawful, fair and transparent manner
collected exclusively for specific and legitimate purposes
are adequate, relevant to the purpose for which they are collected and limited to what is necessary
are verified
are kept exclusively up to a specified time frame
are processed in such a way as to ensure the necessary security for members of the academic community and other interested parties.

User rights

The University of Piraeus safeguards the rights of its users, i.e. students, employees, collaborators and other stakeholders regarding the processing of their personal data and facilitates the exercise of their rights. (Exercise of Data Subjects' Rights Form (in forms doc and pdf)). Users have the right to request:

access to their personal data and information on which data are processed, the purposes of the processing, the recipients and the duration of the processing,
correction of their personal data if it is inaccurate or incomplete,
deletion of their personal data, provided that the legal requirements are met,
restrict the processing of their personal data only for specific purposes,
portability of their data, i.e. to receive the data they have provided in a structured, commonly used format or to request that it be sent directly to a third party,
withdraw at any time their consent to the processing of their personal data, including automated processing for profiling purposes. In this case, their data processing will be interrupted by the University of Piraeus, without this affecting the lawfulness of any processing until their consent is withdrawn. (Data Subjects' Consent Withdrawal Request Form (in forms doc and pdf))

In case of violation of their rights, users have the right to appeal to the Personal Data Protection Authority (www.dpa.gr, tel: 2106475600).

Contact

For inquiries about the protection of personal data, you can send an email to dpo@unipi.gr(Mr. Vartanian Minas, Data Protection Officer, University of Piraeus), which will be answered as soon as possible and not later than one month.

See the Personal Data Protection Policy.

Additional Helpful Forms:

Consent Form for Scientific Research (in forms doc and pdf)

RECTOR

BOARD OF DIRECTORS

SENATE

MODIP

KEDIMA

ORGANIZATION CHART

ADMINISTRATION SERVICES

Economics, Business and International Studies

Maritime and Industrial Studies

Finance and Statistics

Information and Communication Technologies

BENEFITS TO STUDENTS

E-SERVICES

STUDENT AND SOCIAL LIFE

UNIVERSITY GRADUATES