Statement of the Data Controller – Regarding the Protection of Personal Data
The increasing economic and scientific collaborations, as well as the mutual provision for data processing services, result in the exchange of personal data, a trend that is reinforced by the ever increasing use of modern telecommunications media.
For these reasons, it is necessary that the processing of the data be carried out with care.
The Data Controller declares that compliance with the principles governing the protection of the data for the processing of such data is its purpose, as it has committed to respect the individual rights and the private life of the persons. The Data Controller handles the personal data with special care and always in accordance with Regulation EU 2016/679, the implementing National Law, and the applicable legislation.
For the purposes of this Guideline the following definitions shall apply:
Data Subject: any natural person whose personal data are the object of processing by or on behalf of the Company.
Personal Data: any information in relation to an identified or identifiable natural person, which concerns that person’s physical, physiological, psychological, emotional, or financial condition, or that person’s cultural or social identity.
Processing: processing of personal data (“processing”), any operation or set of operations carried out on personal data, such as indicatively collection, recording, storage, alteration, analysis, use, correlation, restriction (locking), erasure, or destruction.
1. Data Controller and DPO
The Data Controller is the company under the name Envisions Hub, with its headquarters in Heraklion, Crete, Industrial Area of Heraklion, Crete, Odos 1, Building 66, VAT number 801565926, and email:info@envisionshub.gr («Data Controller»).
2. The Data We Process
With your consent, we process the following ordinary and sensitive personal data that you provide when interacting with the website https://envisionshub.gr/ and using the services and features it offers. These data include in particular your first and last name, contact details, address, and the content of specific requests, notifications, or reports, as well as additional data that the Data Controller may obtain, among others from third parties, in the context of conducting its business activities («Data»).
In order to fulfill the requests you submit through the contact form and/or provide you with updates regarding unwanted actions, it is necessary that you consent to the processing of the data marked with an asterisk (*).
Without these mandatory data and your consent, we cannot proceed further. On the other hand, the information requested in fields not marked with an asterisk and your consent for receiving informational material is optional, and your failure to provide them has no consequence.
In any case, even without your prior consent, the Data Controller may process your data to comply with legal obligations arising from laws, regulations, and EU law, to exercise rights in judicial proceedings, to defend its legal interests, and in all other cases provided for, as applicable, under Articles 6 and 9 of the GDPR.
Processing is carried out both electronically and in printed form and always involves the application of security measures provided for by applicable legislation
3. Why and how we process your data
Data are processed for the following purposes:
• To handle the requests you submit through the “form”, to communicate further with you, or to provide information through it. The legal basis for processing personal data for this purpose is your consent (Article 6 paragraph 1 item a) and Article 9 paragraph 2 item a) of the GDPR) and the performance of the contract to which you are a contracting party as a data subject.
• To manage reports of unwanted actions submitted through the website or the forms. The legal basis for this processing is consent (Article 6 paragraph 1 item a) and Article 9 paragraph 2 item a) of the GDPR), as well as the fulfillment of any public interest (Article 9 paragraph 2 item g) of the GDPR) and legal obligations.
Additionally, but only with your explicit consent which constitutes the legal basis for processing under Article 6 paragraph 1 item a) of the GDPR:
• To receive promotional material (direct marketing) from us.
By selecting the appropriate boxes, you agree to the processing of your data for these purposes.
Data may in any case be subject to processing, even without your consent, for reasons of compliance with laws, regulations, EU law (Article 6 paragraph 1 item c) of the GDPR), for obtaining statistical information about the use of the website and its proper operation (Article 6 paragraph 1 item f) of the Regulation).
Personal data are entered into the Data Controller’s information system in full compliance with data protection legislation, including security and confidentiality profiles, and are based on principles of lawful processing and transparency.
Data are stored for as long as absolutely necessary to achieve the purposes for which they were collected. In each case, the criterion used to determine the storage period is based on compliance with statutory retention limits set by law and the principles of data minimization, storage limitation, and orderly file management.
All data will be processed both in printed and automated form, ensuring in each case the appropriate levels of security and confidentiality.
4. Principles applied during processing
It is permitted to process your personal data in order to provide personalized services, on the basis of the law (Article 6(1b) of Regulation (EU) 2016/679) and the relevant National Implementing Law. Your personal data will not be used for purposes other than those described in the statement, unless we obtain your prior consent, or unless such use is required or permitted by law.
Personal data are processed in a manner consistent with the purpose for which they were collected.
The principle of proportionality is applied in the processing of personal data. Among other things, it creates the obligation not to collect personal data without reason.
The personal data used must be accurate and up to date.
The personal data used, and which are no longer accurate and complete, must be corrected or delete
With the exception of cases where by law there is an obligation to retain them for a longer period of time, personal data are not stored for a longer period than is necessary for the purposes for which they were collected or processed.
The processing of personal data is carried out in accordance with the principles of good faith. This means that the data subjects can rely on the fact that those carrying out the processing will exercise due care in all matters of data processing.
The data subjects whose personal data have been processed will be informed accordingly, provided they so request. Specifically, they have the right to be informed of the purposes for which their data are being processed, the type of data concerning them, as well as the identity of the recipients of the data. Where necessary, data subjects also have the right to request the correction, non-disclosure, or deletion of their data.
The above rights may be restricted only where such restriction is provided for by law. This applies in particular in the case of scientific research.
In particular, personal data are protected against unauthorized disclosure and any unlawful processing. The measures put in place ensure a level of security appropriate to the nature of the data to be protected and the risks that may arise from their processing.
The data controller is responsible for compliance with and implementation of Regulation EU 2016/679 and the National Implementing Law.
Our employees who deal with the processing of personal data are adequately informed and trained. The procedures for processing personal data of third parties under agreement will be set out in writing, ensuring that the contracting third party processes personal data in a secure manner and that it complies with the principles set out in this Statement and the EU GDPR. In the event that the third party is found not to be able to ensure a satisfactory level of security for personal data, we will terminate the cooperation.
5. Persons who have access to the data
The data are processed electronically and manually in accordance with the procedures and practices related to the aforementioned purposes and are accessible by the staff of the Data Controller who is duly authorized to process the Personal Data and the supervisors and in particular the employees belonging to the following categories: technical staff, Information and Network Security staff and administrative staff as well as other staff members who must process the data in order to perform their duties.
The data may also be disclosed to countries outside the European Union (“Third Countries”): i) to institutional bodies, authorities, public entities for institutional purposes; ii) to professionals, independent advisors – whether they work individually or collectively – and other third parties who provide to the Data Controller commercial, professional and technical services required for the operation of the website (e.g. provision of IT and Cloud Computing services) for the purposes mentioned above and for supporting the Data Controller in providing the requested services; iii) to third parties in the event of mergers, acquisitions, transfers of business units or branches, audits or other extraordinary actions.
The mentioned recipients receive only the necessary data for their corresponding functions and undertake to process them only for the purposes mentioned above and in accordance with the laws on personal data protection. The data may also be disclosed to other legitimate recipients who are determined from time to time by the applicable laws.
Except as stated above, the data will not be disclosed to third parties, whether natural or legal persons, who do not perform tasks of a commercial, professional or technical nature for the Data Controller and will not be disseminated. The persons who receive the data will process them, depending on the case, as Data Controllers, carrying out the processing or as persons duly authorized to process the personal data for the purposes mentioned above and in accordance with the applicable legislation on personal data protection.
Regarding the transfer of data outside the EU, even to countries whose laws do not guarantee the same level of protection of personal data as that provided by EU law, the Data Controller informs you that the transfer will in any case be carried out in accordance with the methods permitted by the GDPR, such as based on the consent of the data subjects, on the basis of standard contractual clauses approved by the European Commission, by selecting parties participating in international programs for the free movement of data (e.g. EU-US Privacy Shield) or implemented in countries considered safe by the European Commission.
6. Your Rights
If you so wish, you may at any time request to exercise the rights provided under Articles 15–22 of the GDPR Regulation, to be informed about your personal data held by us, their recipients, the purpose of their retention and processing, as well as their modification, correction, or deletion, by sending a relevant email to the addresses indicated above, from the contact email address you have declared, by completing the request form or the corresponding application that may be provided to you by the Data Controller with an attached copy of your identity card. You also have the right to review the personal data we maintain and, in general, to exercise any right provided by the legislation for the protection of personal data.
The personal data you disclose to the Data Controller through this Website, either during your registration or at a later stage, are collected, used, and processed in accordance with the applicable provisions on the protection of personal data of the new European General Data Protection Regulation (EU) 2016/679.
You retain the following rights in detail:
Right to be informed about your personal data: Upon your relevant request, we will provide you with information regarding the personal data we hold about you.
Right to rectification and completion of your personal data: If you notify us accordingly, we will correct any inaccurate personal data concerning you. We will complete incomplete data if you notify us accordingly, provided that such data are necessary for the purposes of processing your data.
Right to erasure of your personal data: Upon your relevant request, we will delete the personal data we hold about you. However, certain data will be deleted only after a defined retention period, for example because in some cases we are legally obliged to retain the data, or because the data are required to fulfill our contractual obligations towards you.
Right to restriction of your personal data: In certain cases provided by law, we will restrict your data if you request it. Further processing of restricted data is carried out only to a very limited extent.
Right to withdraw your consent: You may withdraw your consent to the processing of your personal data at any time for the future. The lawfulness of the processing of your data remains unaffected by this action up to the point of withdrawal of your consent.
Right to object to the processing of your data: You may object at any time to the future processing of your personal data if we process your data on the basis of one of the legal justifications provided in Article 6(1)(e) or 6(1)(f) of Regulation (EU) 2016/679. If you object, we will stop processing your data, provided there are no legitimate grounds for further processing. The processing of your data for advertising purposes does not constitute a legitimate ground.
7. Security and integrity of Data
The Data Controller applies specific technical and organizational security procedures in order to protect personal data and information from loss, misuse, alteration, or destruction. Our partners who support us in the operation of this website also comply with these provisions.
The Data Controller makes every reasonable effort to retain the personal data collected only for the period of time necessary for the purpose for which they were collected, or until their deletion is requested (if this occurs earlier), unless their continued retention is required under the applicable legislation.
8. Revisions of the Statement
ChatGPT said: We reserve the right to amend or periodically revise this Statement, at our absolute discretion. In the event that changes are made, the Data Controller will record the date of amendment or revision in this Statement, and the updated Statement will apply to you from that date onwards. We encourage you to review this Statement periodically in order to examine whether there are any changes in the way we handle your personal data.
This document constitutes a Statement of Compliance with the provisions of Regulation (EU) 2016/679 and the applicable National implementing Law.
March 2025
