In this policy:
§ User is a natural or legal person using the Norwegian Institute at Athens website and services.
§ GDPR means Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
§ Personal data, Processor and Controller will each have the meaning given to them in Article 4 of the GDPR.
We are committed to protecting your privacy. For the Norwegian Institute at Athens, the protection not only of personal but of all data that flows through our systems is the top priority. As part of this effort, we process personal data in accordance with the EU’s General Data Protection Regulation (“GDPR”), and in accordance with the data protection regulations applicable to the Norwegian Institute at Athens.
We collect information in three ways:
§ Information you provide to us directly
§ Registration information: e.g. for accommodation booking and payment
§ Usage information: in form of confidential and impersonal statistics of the number of visitors to our web-based services
We are committed to doing our very best to protect your data and keep it confidential. We employ advanced security practices to keep your data safe and secure:
§ The connection between the Norwegian Institute at Athens and your browser is always encrypted (HTTPS).
§ Every connection between the Norwegian Institute at Athens and a third party service is established in the most secure way that is supported by the given service. In some cases (e.g. FTP, databases, etc.) you have the option to set the security level manually.
§ Our WiFi network is secured and encrypted.
§ We handle all your paper-based documents with outmost care and confidentially.
§ To protect our secure HTTPS website from downgrade attacks, we have SSL certification, on the web security policy mechanism.
§ All passwords that you provide us with are stored in encrypted format, so that they cannot be read and/or reproduced. No one is able to read them, not even us.
§ We use persistent IP addresses so that you can limit access or make tunnels.
§ For your protection, we do not support outdated browsers. The latest browsers are more secure and ensure the highest security standards.
§ Our servers are housed and safe locked.
Your data is stored in a secure location following standards that define the requirements for the quality management system and the information security management system that applies to GDPR standards.
The Norwegian Institute at Athens collects this personal data for the following purpose
§ Anonymous quantification of users
In the event that it is our duty to keep a record of some of your personal information, for example, for accounting purposes, this information is retained. We will irrevocably remove all other information within 60 days of your request.
We do not sell, rent, or otherwise disclose your personal information to third parties for their marketing and advertising purposes without your consent.
We may disclose:
Your information to third parties working for and with the Norwegian Institute at Athens: We work with third party service providers (for example hosting services) to help us provide, improve or advertise our services. The Norwegian Institute at Athens may give relevant persons working for these third parties access to your information, but only to the extent necessary for them to perform their services for us. All such third parties must agree to observe the privacy of our users, and to protect the confidentiality of their personal information.