Purpose
The present text describes the personal data protection policy pursued by the University of Western Macedonia.
Exemptions - Scope
The document includes UoWM’s policy for personal data processing either in digital or printed form through a structured filing system, in compliance with the General Data Protection Regulation. The text is part of UoWM’s compliance with GDPR. The specific policy is addressed to UoWM’s staff and external partners, to any person who processes personal data in the University, and to citizens who interact with the University for any transaction, request or communication purpose.
Privacy Policy
Application Statement
The implementation of the General Data Protection Regulation (GDPR) is a priority for the University of Western Macedonia (UoWM). UoWM accepts as personal data: Any information relating to an identified or identifiable natural person alive, such as name, home address, ID number, Internet Protocol (IP) code, information about their health and insurance, employment status, etc. Special categories data, such as health, racial or ethnic origin, trade union activity, etc., receive special protection. The rules are applied when collecting, using, and storing personal data is digital or printed through a structured filing system. This policy is in line with the EU General Data Protection Regulation (GDPR), and the opinions/decisions issued by the Hellenic Data Protection Authority. The specific policy is in line with the EU General Data Protection Regulation (GDPR), as well as with opinions / decisions issued by the Hellenic Data Protection Authority.
Definitions

• "Personal Data" means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person,
• "Processing" means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction,
• "Restriction of Processing" means marking of stored personal data with a view to limiting their processing in the future,
• "Profiling" means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements,
• "Pseudonymisation " means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person,
• "Filing system" means any structured set of personal data which is accessible on the basis of specific criteria, whether that set is centralized, decentralized or distributed on a functional or geographical basis,
• "Controller" means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law,
• "Processor "means the natural or legal person, public authority, service or other entity that processes personal data on behalf of the controller;
• "Recipient" means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing,
• "Third party" means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data,
• "Consent" of the data subject: any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her,
• "Personal Data Breach" means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored, or otherwise processed,
  
• "Special categories data" means personal data disclosing racial or ethnic origin, political views, religious or philosophical beliefs, or trade union affiliation, as well as the processing of genetic, biometric data for the data relating to health or data relating to the natural sexual life or sexual orientation of a person,
• "Main Establishment" means a) as regards a controller with establishments in more than one Member State, the place of its central administration in the Union. b) as regards a processor with establishments in more than one Member State, the place of its central administration in the Union.
• "Supervisory authority" means an independent public authority which is established by a Member State pursuant to Article 51.