Skip to main content

Privacy Policy

Controller details

Α public limited company (societe anonyme) under the corporate name "National Infrastructures for Technology and Research S.A." and the distinctive title "GRNET S.A."

Controller's Contact Details

dpo at grnet.gr

Processor Details

ARGO Support Team

Processor's Contact Details

argo at grnet.gr

Scope of this Privacy Statement

National Infrastructures for Technology and Research S.A. (hereinafter referred to as "GRNET SA") is bound by European Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation -- hereinafter referred to as "the GDPR") and Law 4624/2019 (Government Gazette 137/A/2019) on "Data Protection Authority, measures for the implementation of Regulation(EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and for the incorporation into national law of Directive(EU) 2016/680 of the European Parliament and of the Council of 27 April 2016 and other provisions", as in force at any time (hereinafter referred to as "the Law").

This Privacy Statement details all information necessary for the processing of personal data carried out in the context of Argo Service Monitoring., as well as the policies and procedures implemented by GRNET SA for the protection of the EOSC Recommender Service - Metrics service users privacy. This Privacy Statement sets out the criteria as well as the terms and conditions under which GRNET SA collects, processes, uses, stores and transmits the personal data of the service users, how it ensures the confidentiality of such information, including any law and/or regulation implemented or enacted in accordance with Union and national laws on personal data protection and electronic privacy, as well as any law and/or regulation amending, replacing, issuing or consolidating any of the latter, including any other applicable Union and national laws on the processing of personal data and privacy, which may exist in accordance with applicable law. GRNET SA reserves the right to amend and update this Privacy Statement whenever necessary, whereas any such updates shall become effective five (5) days after they have been posted on the EOSC Recommender Service - Metrics service website.

For the purposes of this Privacy Statement, the terms "processor", "controller", "third party", "supervising authority", "personal data", "processing", "data subject" shall have the meaning ascribed to them by applicable legislation on the protection of personal data.

In addition, for the purposes of the present, the following definitions shall also apply:

  • "Website" -- the website accessible via domain name web-ui-url including the entirety of the web pages thereof.
  • " EOSC Recommender Service - Metrics " - web-ui-url
  • "User"- the EOSC Recommender Service - Metrics online service user. The acces is restricted to specific user. The dentity is unknown or may not be verified.

A. Purpose/s for processing the data collected:

i. GRNET SA-- as processor -- processes its "users" personal data as referred to in the following section, for the following purposes:

  • Providing the EOSC Recommender Service - Metrics service
  • Technical support to the "coordinators" of the EOSC Recommender Service - Metrics service
  • Easy and user friendly operation of the "EOSC Recommender Service - Metrics service".
  • Proof of Acceptance of the Terms of Use and the Privacy Statement
  • Creation of statistical reports and charts to monitor the EOSC Recommender Service - Metrics service service
  • Statistical reports and charts data do not contain any "users" personal data, as they result from anonymized information.

ii. GRNET S.A. -- as the processor -- collects and processes personal data of "users" using its infrastructure for the purpose of providing the EOSC Recommender Service - Metrics service.

iii. Special categories of personal data

GRNET SA does not collect, process or gain access in any way to specific data categories, as set forth in the provisions of the legislation in force (in particular data relating to racial or ethnic origin, religion, health data, etc.). In the event that a "user" posts any such special category data on the "website" or on the Argo Service Monitoring, such data will be removed as soon as the management team become aware thereof.

The processing of "users" personal data is necessary for the performance of the Agreement on the provision of EOSC Recommender Service - Metrics service, in accordance with the needs (technical and organisational) to provide the best possible services, to serve the "users".

C. Access to personal data:

For providing EOSC Recommender Service - Metrics service and the seamless operation of such services, access to the "users" personal data shall be granted to the following:

  • To the EOSC Recommender Service - Metrics service support team, consisting of personnel engaged
  • in a contractual relationship of either a project or an independent service agreement with GRNET SA. hereinafter referred to as "GRNET associates".

The processing of EOSC Recommender Service - Metrics service "users" personal data by the aforementioned, is carried out under the supervision and only at the request of GRNET SA, within the scope of the mission and the role of each associate. Such associates undertake to comply with the same privacy and personal data requirements as GRNET SA itself in accordance to the present Privacy Statement

D. Recipients of collected personal data:

GRNET SA shall in no way transmit or in any way disclose the EOSC Recommender Service - Metrics service "users" personal data to any third-party entities, private businesses, natural persons or legal entities, public authorities, agencies or other organizations, other than as expressly set out herein. The Argo Service Monitoring service "users" personal data may be disclosed or transmitted to governmental authorities and/or law enforcement officials, only if necessary for the abovementioned purposes, in the context of enforcement of a court decision or a provision of law or if necessary to secure the legitimate interests of GRNET SA in its capacity as processor, in compliance with the terms and conditions of applicable law.

E. Personal data retention periods

The EOSC Recommender Service - Metrics service users personal data shall be retained no longer than it is necessary for the needs of the service and the audits the service is subjected to.

More specifically:

Categories of personal data collectedTime and place of retention of personal data
  • IP address
  • Data from website navigation through Cookies
18 months (log retention)

F. Privacy and Security of Information:

The processing of personal data by GRNET SA is performed in a manner that ensures both confidentiality and security thereof. All appropriate organisational and technical measures shall be taken to safeguard data against any accidental or unlawful destruction, accidental loss, alteration, prohibited dissemination or access or any other form of unfair processing. The services provided by GRNET SA are constantly evaluated to be in line with the safety requirements of international standards. GRNET's Information Security Management System (ISMS) has been certified by the accredited certification body, EUROCERT SA In particular:

  • Access to technical log data is restricted and can only be accessed in a secure way by the EOSC Recommender Service - Metrics service staff.
  • When accessing the EOSC Recommender Service - Metrics servicee adequate security controls are in place to keep your personal data safe in accordance with the classification of the personal data we have collected from you.
  • We use encryption (HTTPS) to keep data private while in transit. Data sent using HTTPS is secured via Transport Layer Security protocol (TLS), which provides:
    1. Encryption---encrypting the exchanged data to keep it secure from droppers.
    2. Data integrity---data cannot be modified or corrupted during transfer, intentionally or otherwise, without being detected.
    3. Authentication---proves that your users communicate with the intended website.
  • The implementation of the EOSC Recommender Service - Metrics service ensures that no unauthorized user can log into the service. An authorised user means a service user, who has an active account with the Federated AAI service, having passed the authentication process mentioned above.
  • We review our information collection, storage, and processing practices, including physical security measures, to prevent unauthorized access to our systems

Although we follow best security practices to ensure your personal data remains secure, there is no absolute guarantee of security when using services online. While we strive to protect your personal data, you acknowledge that:

  • There are security and privacy limitations on the internet which are beyond our control and can have a negative impact on the confidentiality, integrity and availability of the information.
  • We cannot be held accountable for activity that results from your own neglect to safeguard the security of your login credentials and equipment which results in a loss of your personal data. If you feel this not enough, then please do not provide any personal data.

Your personal data will be protected according to the Code of Conduct for Service Providers , a common standard for the research and higher education sector to protect your privacy.

G. Contact:

For any questions or clarifications regarding the present Privacy Statement and as well as in the event of any violation related to personal data issues, "users" may contact the Competent Department of GRNET SA at the e-mail address mentioned hereinabove. They may also contact the Data Protection Officer (DPO) of GRNET S.A., Ms. Vera Meleti, and/or the deputy DPO, Ms. Vasiliki Konstantinopoulou at the e-mail address: dpo@grnet.gr.

H. Recourse/Complaint:

In the event that any EOSC Recommender Service - Metrics service "user" request is not satisfied by the processor, the "user" may at any time address to/ file recourse with the Competent Supervisory Authority, namely the Data Protection Authority https://www.dpa.gr .