(Articles 12-14 of General Data Protection Regulation)
The Ministry of Maritime Affairs and Insular Policy/Headquarters of Hellenic Coast Guard, with respect to the protection of personal data of natural persons and for the compliance with the articles 12-14 of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation-GDPR) and the law No 4624/2019 (Series A, Issue No 137) «Hellenic Data Protection Authority, (HDPA), measures for implementing Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data, and transposition of Directive (EU) 2016/680 of the European Parliament and of the Council of 27 April 2016, and other provisions», announces this information for the processing of personal data with purpose to provide to the natural persons («data subjects») sufficient information for the personal data that is being processed, in the framework of its competences and for the fulfillment of its legal obligations.
1.Identity and contact details of the Controller and contact details of the Data Protection Officer (DPO):
Controller:
Controller according to the article 4 of GDPR is the Ministry of Maritime Affairs and Insular Policy through the Headquarters of Hellenic Coast Guard.
Contact details:
Address: Akti Vassiliadi, Piraeus, P.S.18510
Call Center: 213-1371700
e-mail: contact@yna.gov.gr
Data Protection Officer:
https://www.hcg.gr/en/contact/
2. Purpose of processing and legal basis for the processing:
The processing of personal data is realized from Hellenic Coast Guard (central and regional services) for the exercise of its competences and governed by the provisions of General Data Protection Regulation, as applicable each time.
The competences of Hellenic Coast Guard are exercised in its area of responsibility, on ships and all types of vessels, in public and private ports and in their port areas, as specifically defined by the existing provisions, especially in the law 444/1970 (Series A, Issue No 39), in article 29 of law 2971/2001 (Series A, Issue No 285), in article 12 of law 2289/1995 (Series A, Issue No 27), as amended by article 163 of law 4001/2011 (Series A, Issue No 179) and as it is valid, and in any case, only in the areas that the current legislation defines as areas of its competence.
The mission of Hellenic Coast Guard and its area of responsibility include in particular:
Processing of personal data:
The collection, use, registration, organization, structure, storage, adaptation or alteration, retrieval, search of information, use, disclosure by transmission, record keeping and generally any processing of personal data within the meaning of article 4 of GDPR.
Personal Data that may be processed:
(a) Name and surname as it appears on the identity card / passport,
(b) Father's name,
(c) Registry name,
(d) Date of birth,
(e) Gender,
(f) Identity card / passport number,
(g) Health data,
(h) Elements of criminal records,
(i) Address,
(j) IP address
(k) Other data as a result of more specific provisions
More information on the personal data being processed can be found in the relevant forms and online applications.
Legal basis for the processing of personal data:
(a) Article 6 par. 1 element (c) "processing is necessary for compliance with a legal obligation to which the controller is subject" of the GDPR.
(b) Article 6 par. 1 element (e) "processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller" of the GDPR and Article 5 of law 4624/2019 (Series A, Issue No 137).
(c) Article 9 par. 2 element (h) “processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services on the basis of Union or Member State law or pursuant to contract with a health professional and subject to the conditions and safeguards referred to in paragraph 3" of the GDPR for the processing of specific categories of personal data.
(d) Article 9 par. 2 element (g) "processing is necessary for reasons of substantial public interest, on the basis of Union or Member State law which shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide for suitable and specific measures to safeguard the fundamental rights and the interests of the data subject” of the GDPR for the processing of specific categories of personal data.
(e) Article 10 of the GDPR
Listed below are the provisions of EU and national law, under which the processing of the above data is a legal obligation:
(a) PD 13/2018 (Series A Issue No 26/20-2-2018), as in force
(b) Law 4150/2013 (Series A Issue No 102/29-4-2013), as in force
(c) Article 5 (Access to Documents) of the Code of Administrative Procedure (Law 2690/1999), as in force.
Source of personal data:
The data subject, other Public Authorities, information systems, databases of Ministry of Maritime Affairs and Insular Policy/HQ HCG and other Public Authorities.
3. Recipients / categories of recipients of personal data:
Ministry of Maritime Affairs and Insular Policy/HQ HCG, where appropriate, transmit personal data to other public authorities which may have access under specific legal provisions. In addition, on a case-by-case basis, access to the data may be provided by companies (processors) exclusively within the framework of contractual obligations with our Agency. The data may be transferred to other natural or legal persons in case article 5 of the Code of Administrative Procedure applies or upon a prosecutor's order.
Transfer of Personal Data to third countries or international organizations:
Ministry of Maritime Affairs and Insular Policy/HQ HCG transmits personal data to international organizations on the basis of Union obligations and, where appropriate, to third countries at the request of a judicial or prosecutorial authority. The legal basis for the transfer is Article 46 / paragraph 2 (a) of the GDPR, meaning that the transfer takes place within the framework of a legally binding and enforceable mean between public authorities.
Transfer of Personal Data:
The Controller will not transmit or disclose personal data to third parties or other recipients, except for the above mentioned recipients, unless it is a transmission or disclosure required by law, court decision or native or foreign prosecutor's order. Third party access to documents with personal data is governed by Greek legislation on access to public documents. Public authorities that may receive information, in the context of a specific investigation, to fulfill their main mission, in accordance with EU law or national regulations, are not considered recipients. The processing of this data by these public authorities is carried out in accordance with the existing provisions for data protection depending on the purposes of the processing.
For the examination of your complaints, its text is communicated to the person to be complained to state his views. If, as a complainant, you do not wish your personal data to be disclosed to the person to be complained, you should state, document and explain the reasons why you do not wish your specific personal data to be disclosed to him/her. Our Service, after contacting you, will decide on this.
4. Data processing time
The required time for the fulfillment of the above purposes. Specifically, your personal data is kept for as long as necessary by law, depending on the purpose and type of processing.
5. Automated decision making
There is no automated decision making.
6. Rights of data subjects and exercise of their rights
Data subjects have the following rights granted to them by the General Data Protection Regulation (GDPR):
(a) the right to information, in accordance with Articles 12, 13 and 14 of the GDPR;
(b) the right of access, in accordance with Article 15 of the GDPR;
(c) the right to rectification in accordance with Article 16 of the GDPR;
(d) the right to erasure ("right to be forgotten"), in accordance with Article 17 of the GDPR, which shall be considered on a case-by-case basis;
(e) the right to restriction of processing in accordance with Article 18 of the GDPR;
(f) the right to notification obligation regarding rectification or erasure of personal data or restriction of processing in accordance with Article 19 of the GDPR, which shall be considered on a case-by-case basis.
(g) the right to object, in accordance with Article 21 of the GDPR, which shall be considered on a case-by-case basis.
(h) the right to communication of a personal data breach to the data subject, where the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, in accordance with Article 34 of the GDPR.
The exercise of the rights by the Data Subject is carried out in the cases and under the conditions described in articles 12-21 of the GDPR, by sending either a written letter to the postal address, or an e-mail to the above contact details.
For further assistance regarding the exercise of your above rights, you can also contact the Data Protection Officer of Ministry of Maritime Affairs and Insular Policy.
7. Right of appeal / complaint to a competent supervisory Authority
We inform you that you have the right to appeal to the Personal Data Protection Authority for issues related to the processing of your personal data. For the competence of the Authority and the manner of submitting a complaint, you can visit its website (www.dpa.gr - Citizens - Submit a complaint to the Authority), where there is detailed information.
8. Review
The Ministry of Maritime Affairs and Insular Policy may modify this personal data processing information for reasons of compliance with regulatory changes or in order to meet the needs of its operation and its legal obligations.
INFORMATION FOR THE DATA SUBJECTS ABOUT THE PROCESSING OF PERSONAL DATA
(Article 53 of law 4624/2019)
HCG pursuant to Article 53 of law 4624/19 informs you that it observes and applies the provisions of Chapter D of law 4624/2019 "Personal Data Protection Authority, measures implementing Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and the transposition into national law of Directive (EU) 2016/680 of the European Parliament and of the Council of 27 April 2016 and other provisions" for the purposes of prevention, investigation, detection or prosecution of criminal offenses or the execution of criminal sanctions.
HCG processes personal data in order to fulfill its mission as defined in law 4150/2013 (Series A Issue No 102/ 29-4-2013), as in force.
Controller is the Headquarters of Hellenic Coast Guard - HCG which is part of the Ministry of Maritime Affairs and Insular Policy with the above contact details.
Contact details of the Data Protection Officer of Ministry of Maritime Affairs and Insular Policy.
The data subject has the right to request from the Controller access, rectification, erasure or restriction of the processing in accordance with the provisions of articles 53-59 of chapter D of law 4624/19.
The data subject has the right to submit a complaint to the Personal Data Protection Authority (www.dpa.gr), at the above contact details.