PRIVACY POLICY OF THE NON-PROFIT SCIENTIFIC ASSOCIATION, UNDER THE NAME “Hellenic Veterinary Medical Society” (abbreviated as: HVMS), BASED IN ATHENS (“hereinafter “HVMS”), FOR THE PROTECTION OF NATURAL PERSONS AGAINST THE PROCESSING OF THEIR PERSONAL DATA IN ACCORDANCE WITH THE GENERAL DATA PROTECTION REGULATION (GDPR) NO. 679/2016 OF THE EU.

 The General Data Protection Regulation (GDPR) is the European Regulation 2016/679 (GENERAL DATA PROTECTION REGULATION, GDPR), adopted on April 27, 2016, and mandatory for all member states of the European Union from May 25, 2018, to improve the protection of individuals against the processing of personal data.

Definitions as referred to in the GDPR:

I) Definitions of Article 4:

Personal data: means any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Processing: means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Restriction of processing: means the marking of stored personal data with the aim of limiting their processing in the future.

Profiling: means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.

Pseudonymisation: means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

Filing system: means any structured set of personal data which are accessible according to specific criteria, whether centralized, decentralized or dispersed on a functional or geographical basis.

Controller: means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union law or the law of a Member State, the controller or the specific criteria for its nomination may be provided for by Union law or by the law of a Member State.

Processor: means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Recipient: means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.

Third party: means a natural or legal person, public authority, agency or body other than the data subject, the controller, the processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.

Consent of the data subject: means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

Personal data breach: means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.

Genetic data: means personal data relating to the inherited or acquired genetic characteristics of a natural person which give unique information about the physiology or the health of that natural person and which result, in particular, from the analysis of a biological sample from the natural person in question.

Biometric data: means personal data resulting from specific technical processing relating to the physical, physiological or behavioral characteristics of a natural person, which allow or confirm the unique identification of that natural person, such as facial images or dactyloscopic data.

Data concerning health: means personal data related to the physical or mental health of a natural person, including the provision of health care services, which reveal information about that person’s health status.

Main establishment:

(a) where the controller has establishments in more than one Member State, the place of its central administration in the Union, unless the decisions on the purposes and means of the processing of personal data are taken in another establishment of the controller in the Union and the latter establishment has the power to have such decisions implemented, in which case the establishment having taken such decisions is to be considered the main establishment;

(b) where the processor has establishments in more than one Member State, the place of its central administration in the Union, or, if the processor has no central administration in the Union, the establishment of the processor in the Union where the main processing activities take place in the context of the activities of an establishment of the processor, insofar as the processor is subject to specific obligations under this Regulation;

Representative: means a natural or legal person established in the Union who, designated in writing by the controller or processor pursuant to Article 27, represents the controller or processor with regard to their respective obligations under this Regulation.

Corporate: means a natural or legal person engaged in an economic activity, regardless of its legal form, including partnerships or associations regularly engaged in economic activity.

Group of corporates: means a controlling undertaking and the undertakings controlled by it.

Binding corporate rules: means personal data protection policies which are adhered to by a controller or processor established in the territory of a Member State for transfers or a set of transfers of personal data to a controller or processor in one or more third countries within a group of undertakings, or group of enterprises engaged in a joint economic activity.

Supervisory authority: means an independent public authority which is established by a Member State pursuant to Article 51.

Concerned supervisory authority: means a supervisory authority which is concerned by the processing of personal data because:

(a) the controller or processor is established on the territory of the Member State of that supervisory authority;
(b) data subjects residing in the Member State of that supervisory authority are substantially affected or likely to be substantially affected by the processing; or
(c) a complaint has been lodged with that supervisory authority.

Cross-border processing: means either:

(a) processing of personal data which takes place in the context of the activities of establishments in more than one Member State of a controller or processor in the Union where the controller or processor is established in more than one Member State; or
(b) processing of personal data which takes place in the context of the activities of a single establishment of a controller or processor in the Union but which substantially affects or is likely to substantially affect data subjects in more than one Member State.

Relevant and reasoned objection: means an objection to a draft decision as to whether there is an infringement of the GDPR, or whether envisaged action in relation to the controller or processor complies with the GDPR, which clearly demonstrates the significance of the risks posed by the draft decision as regards the fundamental rights and freedoms of data subjects and, where applicable, the free flow of personal data within the Union.

Information society service: means a service as defined in point (b) of Article 1(1) of Directive (EU) 2015/1535 of the European Parliament and of the Council.

International organisation: means an organisation and its subordinate bodies governed by public international law, or any other body which is set up by, or on the basis of, an agreement between two or more countries.

Further definitions:

Data Subject: means any identified or identifiable natural person, domestic or foreign, to whom the information (personal data) relates and who comes into contact with HVMS for various reasons. These include HVMS employees, registered members, users of its website, and sole proprietorships. It does not include natural persons representing legal entities in their dealings with HVMS.

Data Controller: the data controller of HVMS is the management of the association that determines the purposes and means of processing personal data within the framework of its operation.

This privacy statement demonstrates our commitment to ensuring the protection of your right to privacy. It describes our practices for managing personal information. We comply with the principles of the General Data Protection Regulation when handling all data received from our members, visitors to our website, as well as participants in events and webinars and any partners.

HVMS processes personal data of employees, members, visitors to its website, participants in events and webinars, and other collaborators, which it receives either due to employment or service contracts, or due to its lawful business activities, as well as data it receives or becomes aware of from a third natural or legal person or a public authority, and which are necessary either for the achievement of the legitimate interests of HVMS itself or a third party, or for the fulfillment of its duties carried out in the public interest (e.g., tax and social security authorities).

The use and processing of personal data by HVMS, as well as their transmission and disclosure to competent authorities such as social security bodies, financial and public authorities (EFKA, OAED, tax offices, etc.), banks, and before courts, is absolutely necessary for the pursuit of legitimate interests, given that it arises either from employment or service contracts, or from its lawful activity and the law, and for the purpose of fulfilling HVMS’s legal obligations and for the exercise and defense of its legal rights, respectively.

HVMS does not process personal data relating to racial or ethnic origin, political opinions, religious or philosophical beliefs, or any membership in a trade union, genetic or biometric data for the purpose of identifying the data subject, as well as health data or data concerning sexual life or sexual orientation, except if: a) explicit consent has been given by the Data Subject for a specific purpose; b) such data have been disclosed to HVMS by the Data Subject or a third natural or legal person within the context of their employment with HVMS or for the documentation and safeguarding of the legitimate interests of either the Data Subject or HVMS as the data controller; c) the data have been manifestly made public by the Data Subject; d) the processing is necessary for the establishment, exercise, or defense of legal claims of both the Data Subject and HVMS as the data controller, and where explicitly provided by the GDPR.

All information transmitted from members/visitors of the website to HVMS is confidential, and HVMS has taken all necessary measures to use such information only to the extent necessary for the provision of services. HVMS does not disclose data of members, collaborators, or transactions unless written authorization has been provided or there is an order pursuant to a court decision or decision by any other public authority. In cases where HVMS uses third parties to support its systems, it will ensure that privacy is safeguarded. You may request any data held about you, as well as their correction if you find any errors. For your security, you should also treat all information provided through the service as confidential and private and refrain from disclosing it to third parties.

Transaction security

HVMS recognizes the importance of the Security of your Personal Data, as well as the importance of your online transactions, and takes all necessary measures to ensure the highest possible security. All information related to personal data and transactions is secure and private. The security of the HVMS website is ensured as follows: A user ID is used for your identification, along with your email address and password, which, when entered, give you access to your personal data with absolute security. You have the option to change your password and email address whenever you wish. The only person who has access to your data is you through these credentials, and you are solely responsible for maintaining confidentiality and privacy against third parties. In case of loss or leakage, you must notify us immediately; otherwise, HVMS is not held responsible for unauthorized use of the password. For security reasons, we recommend that you regularly change your password and avoid using the same password or easily traceable passwords (e.g., birthdate). Additionally, we advise you to use not only letters and numbers but also symbols to create a password. Payment by bank cards is a completely secure payment method for our members. HVMS will never have access to your card or account information.

Our website

What we collect

HVMS collects only data provided directly to us by registered members, or participants in HVMS events, or collaborators who have completed a Contact Form or created an account:

When you fill out a contact form or create an account, we collect the following information:

Your email address
Your password
Your address: Street, number, postal code, area
Tax Identification Number (TIN) & Tax Office
Contact phone numbers
Professional activity

You can view our news and publications on our website, but you need to have an account to watch previous recorded webinars and to check if you are financially up to date with your subscriptions to HVMS.

What we do with the information we collect

We need this information to identify the member or user accessing our website.

Links to other websites

Our website may contain links to websites of interest. If you use these links to leave our website, you should note that we have no control over these other websites. Therefore, we cannot be responsible for the protection and privacy of any information you provide when visiting such websites, as they are not governed by this privacy statement. Except for the connection with the HVMS data application, by the company Qubiteq.

How we use cookies

A cookie is a small file that asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyze web traffic or notifies you when you visit a particular website. Cookies enable web applications to respond to you as an individual. The web application can tailor its operations to your needs, preferences, and dislikes by gathering and recalling information about your preferences.

We use traffic logging cookies to identify which pages are being used. This helps us analyze data about website traffic and improve our website in order to tailor it to our customers’ needs. We use this information only for statistical analysis purposes and then the data is removed from the system.

Overall, cookies help us provide you with a better website by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, except for the data you choose to share with us.

browser settings to reject cookies if you prefer. This may prevent you from fully benefiting from the website.

Our members’ and partners’ details

What we collect

HVMS collects only data of members and partners provided directly to us. The personal data we maintain in our system include:

• Your full name
• Your address or
• The name and address of your business or company
• Your email address
• Your phone number
• Tax Identification Number (TIN) & Tax Office (DOY)

What we do with the information we collect

We request your information for your registration as our member and to manage your account and contributions.
If you agree, we send your details to our sponsors so that you can be informed about products and services we believe may interest you. You can stop receiving this information at any time.

Data Security

We are committed to ensuring that your personal data is secure. We have implemented physical, electronic, and managerial procedures to safeguard and protect the information we collect both online and offline.

We never sell, rent, or trade mailing lists containing your personal information to third parties without your consent or unless required by law to do so.
We retain personal data only as long as necessary. Once the data is no longer needed, it is deleted from our records in accordance with legal requirements.

Partners as Third Parties

Personal data processed by HVMS is not disclosed or transferred to third parties outside the scope of its activities, except to lawfully appointed HVMS employees within the scope of their responsibilities, and to other necessary parties under the law, as well as to natural persons or companies providing services to HVMS (including, but not limited to, accountants, agents, lawyers, IT services, insurers, legal services, tax authorities, and other public services) who act on behalf of the Data Subjects and based on written instructions from HVMS. These parties are not permitted to use the data for their own benefit or disclose it to third parties. We share data only with partners who comply with the General Data Protection Regulation.

Specifically, the personal data collected by HVMS in accordance with Article 5 of the GDPR:

1. a) Are processed lawfully, fairly, and in a transparent manner in relation to the data subject (“lawfulness, fairness, and transparency”),
2. b) Are collected for specified, explicit, and legitimate purposes and are not further processed in a manner incompatible with those purposes,
3. c) Are adequate, relevant, and limited to what is necessary for the purposes for which they are processed (“data minimization”),
4. d) Are accurate and, when necessary, kept up to date, and all reasonable steps are taken to ensure that personal data that are inaccurate, considering the purposes of processing, are erased or rectified without delay (“accuracy”),
5. e) Are kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed,
6. f) Are processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organizational measures (“integrity and confidentiality”).

Control of Your Personal Data

If you believe that any information we hold about you is incorrect or incomplete, please contact us and we will correct any information found to be inaccurate.

Rights of Data Subjects under the GDPR

i) Right to Information
The Data Subject has the right to transparent information regarding the personal data collected by the Company, the purposes of processing such data, the duration of their retention, their rights concerning the processing of personal data, and the procedures for exercising these rights.

ii) Right of Access of the Data Subject
The Data Subject has the right to obtain confirmation as to whether or not personal data concerning them are being processed, and if so, the right to access the personal data and the following information:
a) the purposes of the processing,
b) the categories of personal data concerned,
c) the recipients or categories of recipients to whom the personal data have been or will be disclosed, d) where possible, the envisaged period for which the personal data will be stored or, if not possible, the criteria used to determine that period,
e) the existence of the right to request rectification or erasure of personal data or restriction of processing concerning the Data Subject or to object to such processing,
f) the right to lodge a complaint with a supervisory authority,
g) where the personal data are not collected from the Data Subject, any available information as to their source,
h) the existence of automated decision-making, including profiling.

The Data Controller provides a copy of the personal data undergoing processing. For any further copies requested by the Data Subject, the Data Controller may charge a reasonable fee based on administrative costs.

iii) Right to Rectification

The Data Subject has the right to require from the Data Controller (the Company) without undue delay the correction of inaccurate personal data concerning them. Taking into account the purposes of the processing, the Data Subject has the right to request the completion of incomplete personal data, including by means of a supplementary statement.

iv) Right to Erasure (Right to be Forgotten)
The Data Subject has the right to request the Data Controller to erase personal data concerning them without undue delay if one of the following grounds applies:

a) The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
b) The Data Subject withdraws the consent on which the processing is based, and there is no other legal basis for the processing.
c) The Data Subject objects to the processing, and there are no overriding legitimate grounds for the processing.
d) The personal data have been unlawfully processed.
e) The personal data must be erased in order to comply with a legal obligation under Union law or the law of a Member State to which the Data Controller is subject.
f) The personal data have been collected in relation to the offer of information society services.

The above do not apply to the extent that the processing is necessary:
a) for the establishment, exercise, or defense of legal claims;
b) for the continuation of the employment relationship;
c) to exercise the right of freedom of expression and information;
d) to comply with a legal obligation requiring processing under Union law or Member State law applicable to the Data Controller, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Data Controller;
e) for reasons of public interest in the area of public health;
f) for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes;
g) for the establishment, exercise, or defense of legal claims.

v) Right to Restrict Processing
The Data Subject has the right to obtain from the Data Controller restriction of processing when one of the following applies:

a) The accuracy of the personal data is contested by the Data Subject, for a period allowing the Data Controller to verify the accuracy of the personal data;
b) The processing is unlawful and the Data Subject opposes the erasure of the personal data and requests instead the restriction of their use;
c) The Data Controller no longer needs the personal data for the purposes of processing, but the data are required by the Data Subject for the establishment, exercise, or defense of legal claims;
d) The Data Subject objects to the processing pursuant to the right to object, pending verification of whether the legitimate grounds of the Data Controller override those of the Data Subject.

When processing has been restricted according to the above, such personal data shall, aside from storage, be processed only with the consent of the Data Subject or for the establishment, exercise, or defense of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the Union or a Member State.

The Data Subject who has secured the restriction of processing shall be informed by the Data Controller prior to the lifting of the restriction on processing.

vi) Right to data portability
The Data Subject has the right to receive the personal data concerning them, which they have provided to a Data Controller, in a structured, commonly used, and machine-readable format, as well as the right to transmit those data to another Data Controller without hindrance from the Data Controller to whom the personal data were provided, when: a) the processing is based on consent or on a contract, and b) the processing is carried out by automated means.

When exercising the right to data portability, the Data Subject has the right to request the direct transmission of personal data from one Data Controller to another where technically feasible.

This right shall not adversely affect the rights and freedoms of others.

vii) Right to object
The Data Subject has the right to object at any time, on grounds relating to their particular situation, to the processing of personal data concerning them which is based on processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Data Controller, or for processing necessary for the purposes of the legitimate interests pursued by the Data Controller or a third party, unless the interests or fundamental rights and freedoms of the Data Subject which require protection of personal data override those interests, including profiling based on the above grounds. The Data Controller shall no longer process the personal data unless the Data Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the Data Subject or for the establishment, exercise or defense of legal claims.

Data Subjects such as, for example, suppliers, customers, partners, etc., may exercise the above rights by submitting relevant requests to the Company.

Information Protection

HVMS protects the information it holds and processes according to the Regulation with regard to:

a) their integrity, i.e., preventing any alteration, loss, or destruction;
b) their confidentiality, i.e., preventing any leakage to unauthorized persons;
c) their availability, i.e., the ability to use and access them whenever required without obstacles;

while applying the following for their protection:
i) technical and organizational measures such as pseudonymization, data minimization, and use of certified encryption protocols;
ii) physical security measures;
iii) logical access security measures;
iv) communication security measures;
v) operational security measures;
vi) supply chain security measures.

The HVMS website has an SSL Security Certificate, and its server uses TLS and SSL encrypted protocols providing absolute security in internet communication.

Data Breaches & Cooperation with the Supervisory Authority

HVMS implements defined procedures for the identification, recognition, and recording of incidents that jeopardize the confidentiality of Data Subjects’ Personal Data. Specifically, in the event of Personal Data breach incidents, immediate notification to the Personal Data Protection Authority is provided in accordance with Regulation 679/2016.

Information, Awareness – Evaluation & Review

The continuous information and awareness-raising of HVMS personnel on Personal Data protection matters is part of the personnel training & information framework, as an integral element thereof.

HVS ensures the evaluation and review of the performance of procedures, policies, and measures it adopts to protect personal data, aiming at the continuous improvement of their protection and security.

Risk Management

HVMS acts in managing risks related to the processing of personal data by:

• Identifying and analyzing risks
• Evaluating and addressing risks
• Monitoring and controlling

It is noted that within the scope of risk management, risk assessment is conducted concerning the core objectives related to the protection of personal data, specifically regarding their integrity, confidentiality, and availability.

If you wish to delete your account, please send us an email at office@hvms.gr.

For any questions or comments regarding this document, please contact the Data Controller of HVMS:

Ioannis Karagiannidis, i.g.karagiannidis@gmail.com &
Georgios Prasinos, g.prasinos@qubiteq.gr

The supervisory authority responsible for enforcing the regulatory framework regarding personal data in Greece is the Hellenic Data Protection Authority.

Changes to this Privacy Policy

HVMS may update the Privacy Policy from time to time. HVMS will notify you of any changes by publishing the new Policy on this page.

We advise you to periodically review this Policy for any changes. Changes to this Policy take effect when published on this page.