In application of the provisions of the General Data Protection Regulation 2016/679 of the European Union and the relevant Greek Legislation L. 4629/2019, the Chamber of Imathia, as the Data Controller, has formulated this Protection Policy in order to guarantee the protection and respect for the privacy of natural persons who transact with it as well as the protection of their personal data, whether these are kept online or at its facilities, as well as the possibility of exercising the rights arising from the applicable legislation by the data subjects.

The purpose of this Policy is to determine the basic principles and rules according to which the Chamber of Imathia collects, processes and stores personal data, as defined by the applicable legislation.

The protection policy, in addition to internal procedures, concerns natural persons who carry out any transaction with the Chamber, mainly the subjects, who either themselves or as legal representatives of legal entities have membership status.

The Chamber of Imathia takes the necessary technical and organizational measures in order to ensure the protection of personal data and their secure storage and is committed to protecting personal data at every stage of the processing procedures.

This personal data protection policy is valid and applicable to all facilities and digital environments that belong to the Chamber of Imathia and are related to its activity.

1. Basic concepts of the Personal Data Regulation

•          Personal data: Any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.
•          Special categories of personal data: Personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, as well as the processing of genetic data, biometric data for the purpose of unambiguously identifying a person, data concerning health or data concerning the sex life or genitals of a natural person. orientation.
•          Processing of personal data is any operation or set of operations which is performed upon personal data or upon sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction (Art. 4 GDPR). The processing concerns personal data that come to the attention of the Chamber, in the context of the exercise of its activities provided for by the Law and the provision of high-quality services to its members.
•          Controller is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; when the purposes and means of such processing are determined by Union law or Member State law, the controller or the specific criteria for his appointment may be provided for by Union law or Member State law.
•         Processor is the natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller. processing.
•          Consent of the data subject: Any freely given, specific, explicit and informed indication of the data subject’s wishes by which he or she signifies agreement, by a statement or by a clear affirmative action, to be subject to processing of personal data.personal data concerning him/her.
•          A personal data breach is a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of or access to personal data transmitted, stored or otherwise processed.
•          Anonymisation: The processing of personal data in such a way that the data can no longer be attributed to a specific data subject.
•        Pseudo-identification: The processing of personal data in such a way that the data can no longer be attributed to a specific data subject without the use of additional information, provided that the this additional information is kept separately and is subject to technical and organizational measures in order to ensure that it cannot be attributed to an identified or identifiable natural person.
•          Existing legislation: The provisions of the respective existing Greek, EU or other legislation to which the Chamber of Imathia is subject and which define Personal Data Protection issues, such as:

a) Law 2472/1997 on the protection of individuals from the processing of personal data, as in force.

b) Law 3471/2006 on the protection of personal data privacy in the electronic communications sector and amending Law 2472/1997, as in force.

c) Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on the protection of privacy in electronic communications) as amended.

d) Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) Data Protection Regulation, GDPR) and any applicable laws.

e) The Chamber of Imathia complies with all Chamber Legislation, such as Law 2081/1992 on the regulation of the institution of Chambers, as amended and in force by Law 4497/2017 on the modernization of Chamber legislation, including the operation of the General Chamber of Commerce, as well as all relevant Ministerial Decisions and Circulars, the legislation governing its operation as a public legal entity and the obligation to post documents in the Public Registry (Law 3861/2010), etc. The above legislative framework may also regulate issues concerning the observance of the obligation of confidentiality, privacy and protection of personal data.

The relevant documents are attached.