Privacy Notice Regarding the Processing of Personal Data

Last updated: 05/08/2025

This notice (hereinafter the “Privacy Notice“) is intended to inform visitors (hereinafter also “you“) of the website https://inn.demokritos.gr/ (hereinafter the “Website“) of the Institute of Nanoscience and Nanotechnology (hereinafter “INN“) of the National Center for Scientific Research “Demokritos” (hereinafter “NCSR “D” or “we/us”) about how we process your personal data through the Website and INN’s activities. It also outlines your rights under the applicable data protection laws, particularly the GDPR (General Data Protection Regulation (EU) 2016/679) and Greek Law 4624/2019.

Data Controller

National Center for Scientific Research “Demokritos” (Public Entity)
Patriarchou Grigoriou E’ & Neapoleos 27
Agia Paraskevi, Attica, PC 15341
Tel: +30 210 650 3000
Email: support@egov.demokritos.gr

Key Definitions

For your better understanding, the following terms and acronyms are used with the meanings described below:

1. GDPR: Regulation (EU) 2016/679 of the European Parliament and the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC;
2. Personal Data: Any information relating to an identified or identifiable natural person (“Data Subject”), such as full name, ID number, tax number, residential address, phone numbers, age, gender, physical characteristics, family status, profession, interests, etc;
3. Processing: Any operation performed on personal data, such as collection, recording, organization, storage, modification, retrieval, transmission, deletion, etc;
4. Data Controller: The natural or legal person, public authority, agency, or other body that determines the purposes and means of the processing of personal data and bears responsibility towards the Data Subjects;
5. Data Logs: Electronic records of Website activity stored on the servers used by NCSR “D” for the Website’s functionality;

Data You Submit – Purpose and Legal Basis

A) Educational Programs and Activities: The INN of NCSR “D” provides high-level education and support in the fields of Physical, Chemical, and Engineering Sciences, with an emphasis on Nanotechnology and Nanoscience. These include undergraduate, graduate, and doctoral research, postdoctoral research, student internships, seminars, public lectures, and events addressed to both the academic community and the general public.

For student and researcher programs (e.g. The Erasmus+ Project AMASE or Materials for a Sustainable Future), we process the necessary personal data to fulfill our public interest obligation to ensure high-quality educational services (Article 6(1)(e) GDPR and Article 5 of Greek Law 4624/2019). Such data may include identity and contact information, university or research institution certifications, insurance information, and other data necessary for specific tasks or research activities.

For other activities such as Summer Schools, conferences, seminars, and public events, processing is based on the consent of the participants (Article 6(1)(a) GDPR), or—when minors are involved—their parents’/guardians’ consent. Data processed may include identity and contact information and, in specific cases, exam papers or scores (e.g. “Junior Researcher” program).

Please note: INN events may be recorded and published on the Website for outreach and awareness purposes. This processing is based on our public interest mission (Article 6(1)(e) GDPR and Article 5 of Greek Law 4624/2019), in support of scientific and technological research development for the benefit of Greek society and the economy.

B) Scholarship Programs: INN designs and implements significant academic and industrial scholarship programs, either independently or in collaboration with public and/or private entities. As part of these programs, we collect and process personal data such as identification details, resumes, deliverables, etc., to evaluate candidates, monitor scholarship progress, and facilitate stipend disbursement.

This processing is justified under Article 6(1)(e) GDPR and Article 5 of Greek Law 4624/2019, as it serves the public interest by promoting merit-based selection and supporting scholars in alignment with predefined quality criteria for the benefit of society and the economy.

C) Application for European Research Projects (ERC, ERA Chair, Marie Curie): INN processes personal data (e.g. full name, contact details, CV, cover letter, research interests) for the purpose of evaluating researchers interested in collaborating or submitting joint proposals for European funding opportunities. The purpose is to assess the suitability of applicants and explore possible collaboration.

This processing is carried out in accordance with Article 6(1)(e) GDPR and Article 5 of Greek Law 4624/2019, as it supports the public interest by ensuring a high level of research excellence and integrity.

D) Communication with INN: If you choose to contact INN via email or fax, your personal and contact information will be collected for the purpose of responding to your request. We recommend providing only the essential information and avoiding the inclusion of special categories of data.

Processing in this context is based on your consent (Article 6(1)(a) GDPR), and your data is retained only until your request has been addressed.

Data Collected Automatically – Purpose and Legal Basis

A) Logging of Website Traffic (Data Logs): INN does not directly collect personal data through the Website. However, data logs are automatically recorded on the server, including information typically collected by all websites worldwide, such as your IP address, browser type, operating system, visited pages, and selected links.

This data is processed for the technical functionality and cybersecurity of the Website, based on our legitimate interest in maintaining operational integrity and preventing malicious activity in accordance with Article 6(1)(f) GDPR. These logs do not contain personally identifiable information unless malicious use is detected, in which case identification may be necessary.

B) Use of One (1) Cookie: The Website installs a single technical cookie (strictly necessary cookie), named pll_language, to enable language functionality (i.e the English version), with a duration of one (1) year. The legal basis is our legitimate interest (Article 6(1)(f) GDPR) in ensuring the Website’s proper operation. This cookie is essential, does not track identifiable information or IP addresses, and does not require user consent under electronic communications legislation (Article 4(5) of Greek Law 3471/2006 and ePrivacy Directive 2002/58/EC, as in force and applied).

Cookies are small text files that are stored via your browser on the device you use to access a website. Depending on their retention period, they can be retrieved by the website’s server each time you visit the site. Cookies are categorized as either “session cookies,” which are stored on your device only until you close your browser, or “persistent cookies,” which remain on your device until they expire or are manually deleted. Cookies cannot access other files on your computer, nor can they cause any damage to your system.

The Website does not use “preference cookies” to tailor its content to your preferences, “analytical/performance cookies” to measure user interaction and optimize its functionality, or “advertising cookies” to display personalized advertisements.

Links to third-party websites or social media may install cookies beyond our control. Please consult their respective cookie policies as NCSR “D” bears no responsibility for them. You may adjust your browser settings to reject cookies, but this may affect functionality.

Retention Period of Personal Data

Personal data is stored in a form that allows identification only for the duration necessary to fulfill the purpose of processing, in line with public records legislation.

Exceptionally, NCSR “D” may retain data for longer periods exclusively for archiving in the public interest, scientific or historical research, or statistical purposes, applying appropriate safeguards and organizational and technical measures to protect Data Subjects’ rights and freedoms.

Recipients of Personal Data

The processing of personal data within the framework of the mission of NCSR “D” is limited to the organization itself, and personal data is accessible only to the authorized personnel of NCSR “D”. Transfer of personal data to third parties occurs only if it is necessary for the fulfillment of the purpose for which the data were collected and provided there is a relevant legal obligation or a cooperation agreement (e.g., IT service providers, event organizers etc.) or, in exceptional cases, upon a consent request from the Data Subject.

For more information on potential recipients, you may consult the Privacy Policy of NCSR “D”.

Links to Third-Party Websites & Social Media

The Website includes links to third-party websites and social media platforms managed by separate data controllers who may process your data independently. NCSR “D” is not liable for their practices.

INN maintains a page on LinkedIn. Any personal data that may be submitted to us via our profile on this social media platform is subject to the terms and conditions of the respective platform. We use such data solely for the purpose of communicating with you and providing better support. For more information regarding the purposes of collection, further processing, and use of personal data by the LinkedIn platform, as well as your rights and the available settings to protect your privacy and personal data, please refer to LinkedIn’s Privacy Policy.

Your Rights

You may contact the Information Systems & User Support Office of E-Goverment Department at support@egov.demokritos.gr to confirm whether we process your personal data and if so, to exercise your rights of access, rectification, erasure, restriction of processing, objection, data portability, or withdrawal of consent. For more details regarding your rights, you may consult the Privacy Policy of NCSR “D”.

In case you exercise any of the above rights, NCSR “D” will respond within 30 days and without undue delay. If the legal conditions for fulfilling the request are not met, a full and specific justification will be provided.

Furthermore, if you believe that your personal data are being violated in any way, you have the right to file a complaint with the Hellenic Data Protection Authority (https://www.dpa.gr/, 1-3 Kifisias Avenue, 11523 Ampelokipoi, Tel: +30 2106475600).

For any questions regarding the protection of your personal data, you can contact the Data Protection Officer (DPO) of NCSR “D” via email at dpo@central.demokritos.gr.Revisions
The Privacy Notice is revised whenever deemed necessary to ensure the effective protection of your personal data and the safeguarding of your rights. For this reason, please refer to this page regularly to stay informed.