Implementation date: 14-11-2024

Thank you for visiting the Website https://visit.milos.gr/. The Municipality of Milos (hereinafter referred to as “the Municipality”) attaches great importance to the lawful processing, security and protection of your personal data, in whatever capacity you communicate or cooperate with us. Before using our website, please read this Website Personal Data Privacy Policy carefully.

The Municipality, as data controller, informs you about the way in which information about you is collected and processed when you browse its official website. Your personal data includes any information that can lead, either directly or in combination with others, to your unique identification or identification as a natural person, such as your email address, your IP address and website cookies.

The following information on the protection of your personal data concerns the way in which we process your personal information when you browse the official website of the Municipality of Milosυ.

We inform you about the following:

• for what purpose we process your personal data,
• whether you are obliged to provide us with the relevant data,
• the categories of recipients of your personal data, if any,
• whether we intend to transfer the data in question to another country,
• whether we carry out automated decision-making or profiling, and
• what rights you have in relation to the respective processing, as well as how you can exercise them.

We keep this website Personal Data Privacy Policy under regular review to ensure that it is up-to-date and accurate.

More information about the processing carried out by the Municipality during your navigation on its official website and your rights can be found further down in this information.

For any processing of personal data carried out in the context of any possible interaction you may have with the Municipality of Milos, including your visit to this website, the Data Controller is:

Municipality of Milos
Plaka Milos, P.C. 84800, Plaka Milos, Greece, Tel: 22873 60100,
email: touristinfomilos@gmail.com

The Data Protection Officer (DPO) has been appointed by Computer Studio S.A. You can contact him at dpo@computerstudio.gr for any issue regarding the data processing carried out by the Municipality and included in this notice.

The personal information we process (IP address, Cookies) is provided to us directly by you during navigation. We may collect and publish statistical data but not in a form that allows the identification of individuals.

We also collect your information:

(name, surname, telephone number, e-mail) when you choose to contact us via the contact form that you will find at https://visit.milos.gr/epikoinonia/

The data recorded in log files for each request to the website server from the visitor/user’s browser are as follows:

• the visitor/user’s IP address, which constitutes personal data, even if we cannot identify him/her ourselves based on this data,
• the address (URL) that the user wishes to access and the relevant date
• error file

The data for which an investigation is carried out or is used in the context of legal claims is kept for the period of time required for these purposes.

As a rule, we do not share or transfer data to third parties, other than our processing partners. In some cases, however, we are legally obliged to share your data. For example, in execution of a court order or when we cooperate with other supervisory authorities in handling complaints or inspections. We may also exchange information with other supervisory bodies in the context of performing our duties. If, in the course of exercising our responsibilities, we become aware of a criminal offense, all relevant information may be transmitted to the competent judicial and prosecutorial authorities.

We inform you that we do not share your personal data with third parties for the purpose of promoting products or services.

We do not collect personal data from minors through the website.

This Policy has been written in simple language so that a person aged at least 15 years can understand its main points. For persons under the age of 15, we ask that their parents or guardians also read this Policy.

The Municipality of Milos will use your information for the following lawful processing purposes (according to article 6 GDPR), such as, but not limited to:

• For your communication with its services.
• For the analysis of our website traffic and the improvement of your experience as well as to provide you with information related to our actions.
• For our internal operations and analysis, such as internal management, fraud prevention, use by management information systems, etc.

This Policy aims to inform you about the terms of collection, processing and transmission of your personal data that we may collect during your navigation on our official website as data controllers. The Municipality faithfully applies the Processing Principles of GDPR 2016/679 (lawfulness, objectivity, transparency, purpose limitation, data minimization, accuracy, storage time limitation, integrity, confidentiality and accountability).

We use your personal data to control the security of the website’s information and services, to ensure the availability, integrity and confidentiality of information and data from accidental or illegal or malicious actions or events, to investigate any cyber attacks and incidents and to support any related legal claims.

The hosting space (data center) where your personal data is stored on a server of the company ENARTIA SINGLE-MEMBER SOCIETE ANONYME. In any case, we take the appropriate technical and organizational measures to ensure the confidentiality, integrity, availability of your data. The Municipality has a Data Protection Officer (DPO) because we recognize the importance of protecting your privacy and all your personal information. For this purpose, it has appropriate security policies and uses the appropriate tools.

According to data protection legislation, when we process your personal data you have certain rights of which we must inform you. The rights that you can exercise on a case-by-case basis are as follows:

• The right of access

You have the right to request, at any time, information about the processing of your data by the Municipality or copies of your personal data that we hold on a case-by-case basis.

Individuals (data subjects) have the right to receive:

• confirmation of the processing of their data,
• a copy of their data, and

• information about the processing (relevant articles 12, 15 GDPR).

The right of access allows the data subject to obtain knowledge of his/her data and information about the processing in order to be able to verify its lawfulness. This right does not require justification from the data subject.

The information provided to the data subject in the context of exercising the right of access includes the following:

1. the purposes of the processing,
2. the categories of data concerned,

• the recipients or categories of recipients,

1. if possible, the period for which the data will be kept or, where that is not possible, the criteria determining that period,
2. the exercise of the rights,
3. the origin of the data when they are not collected from the data subject,

1. the existence of automated decision-making, including profiling, and significant information on the logic, significance and envisaged consequences of such processing.

A reasonable fee for administrative costs may be charged by the controller only for additional copies that may request the data subject.

• The right to rectification

You have the right to ask us, at any time, to correct information that you believe is inaccurate. You also have the right to request that information that you believe is incomplete be completed.

• The right to erasure

The right to erasure (“right to be forgotten”) is the right for the data subject to request the erasure of personal data concerning him or her, where he or she no longer wishes the data to be processed and where there is no legitimate reason for the controller to hold them (see Article 17 GDPR and recitals 65 and 66).

In particular, the data subject may withdraw his or her consent on which the processing is based, in which case the data must be erased if there is no other legal basis for the processing.

Also, if the data are no longer necessary in relation to the purposes for which they were collected or are otherwise processed unlawfully or unlawfully, or if the data subject objects to the processing and there are no overriding legitimate grounds for the processing, the data subject may request their erasure. However, other EU rights, such as the right to freedom of expression and the right to information, must also be safeguarded.

Furthermore, this right is particularly relevant where the data subject has given consent as a child, was not fully aware of the risks involved in the processing, and later wishes to have the personal data in question removed, in particular from the internet. The data subject should be able to exercise this right despite the fact that he or she is no longer a child.

It is noted, however, that this is not an absolute right, as the further retention of personal data should be lawful when necessary, for reasons such as exercising the right to freedom of expression and information, as mentioned above, or for compliance with a legal obligation, for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, for reasons of public interest in the field of public health, for archiving purposes in the public interest, for scientific or historical research purposes or for statistical purposes, or for the establishment, exercise or defence of legal claims.

• The right to restriction of processing

You have the right to ask us to restrict the processing of your data in certain cases.

Natural persons (data subjects) have the right to request the restriction of the processing of their data (respectively Articles 18, 19 GDPR). Specifically, the data subject may ask the controller to restrict the processing. This right is an alternative to the right to erasure (Article 16 GDPR) and the right to object (Article 21 GDPR). It is not an absolute right and only applies in specific cases.

• The right to data portability

This only applies to the data you have provided to us. You have the right to request that we transfer the data you have provided to us to another entity or to provide it to you. This right only applies if we process information based on your consent or for the purpose of entering into or performing a contract and the processing is automated.

The right to portability (Article 20 GDPR) offers individuals (data subjects) an easy way to manage their own personal data. It makes it easier for them to easily move, copy or transfer personal data from one IT environment to another.

Data subjects have the right to receive personal data concerning them, which have been processed by automated means by a controller, in a structured, commonly used and machine-readable format (e.g. XML, JSON, CSV, etc.). They also have the right to request that the controller transmit those data to another controller without objection from the original controller. Where technically feasible, they may request that their data be transmitted directly from one controller to another.

The right to portability may be exercised where all of the following apply:

• the personal data are processed by automated means (which excludes paper records),
• the legal basis for the processing is either the data subject’s consent (Article 6(1a) or Article 9(2a) GDPR) or the performance of a contract to which the data subject is a party (Article 6(1b) GDPR),
• the personal data concern the data subject and have been provided by him or her. They are deemed to have been provided by the data subject when they are provided knowingly and actively, such as details of an account submitted by electronic means, e.g. email address, username, age, but also when generated and collected from users’ activities, when using a service or device (e.g. raw data processed by a smart meter, activity logs, website usage history or search history),

• the exercise of the right does not adversely affect the rights and freedoms of others.

The exercise of the right to data portability does not affect the exercise of the data subject’s other rights, which are exercised independently.

You can exercise your above rights in the following ways:

• by letter to the address “Municipality of Milos” (Plaka Milos, PC 84800, Plaka Milos)
• by email to touristinfomilos@gmail.com

The right to file a complaint regarding the processing of your personal data with the Data Protection Authority

We follow high standards for the processing of your personal data. If you have any questions or concerns, you can contact us at the following email address dpo@computerstudio.gr.

If you remain dissatisfied with the way we process your personal data, you can submit a complaint to the Personal Data Protection Authority.

This website includes links to other websites that are under the responsibility of third parties (natural or legal persons). The Municipality is in no way responsible for the terms of personal data protection that these websites follow.

The Municipality may modify this Privacy Policy. Please check the Effective Date at the top of this Policy to see when this Policy was last revised. Any revisions will be effective upon posting of the revised Policy.

If we make material changes to this Policy that expand our rights to use personal information we have already collected from you, we will notify you and provide you with a choice about our future use of that information.