Email: alumni@mail.ntua.gr

Register
Facebook Instagram Linkedin Youtube X-twitter

www.ntua.gr

Email: alumni@mail.ntua.gr

Facebook Instagram Linkedin Youtube X-twitter

www.ntua.gr

Sign in / Register

Privacy Policy

(Personal Data Protection)

Introduction

The General Data Protection Regulation (EU) 2016/679 strengthens the framework for the protection of data subjects with regard to the processing of personal data within the European Union.

Law 4624/2019 (Government Gazette Aʹ137/2019) sets out measures for the implementation of the General Data Protection Regulation and incorporates Directive (EU) 2016/680 into national legislation.

The National Technical University of Athens, with respect for personal data, complies within the framework of its purpose, activities and operations with all legislation relating to Personal Data Protection, stemming from Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 and Law 4624/2019, and takes the required technical and organisational measures, both at the time of determining the means of processing and at the time of processing, to effectively safeguard the protection of personal data.

Please read carefully these terms and the relevant Security and Personal Data Protection Policy of our Organisation. By using our websites and/or signing the relevant consent declaration, where applicable, you unconditionally accept the practices described herein, the terms of which shall govern our contractual relationship and are incorporated into the terms of use of each of our services.

1. What your personal data are

Your personal data include any information, on paper or electronic media, that can lead, either directly or in combination with other data, to your unique identification or to your identification as a natural person. This category includes, as applicable, details such as your full name, physical & electronic addresses (emails), Academic Education & Professional experience details, fixed and mobile telephone numbers, and any other information that allows your unique identification pursuant to the provisions of the General Data Protection Regulation (GDPR 2016/679), the applicable Greek Legislation, and the decisions of the Hellenic Data Protection Authority (HDPA).

2. What personal data we collect

The National Technical University of Athens collects and processes only the personal data you have provided and which are necessary for each specific and clearly defined purpose.

The processing that takes place concerns the personal data provided to NTUA at the time of your registration, or when submitting an application, such as:

Identity Data such as username, full name, father’s name, mother’s name, photograph, Communication Data such as postal address, contact telephone numbers, email address.
Demographic Data such as biographical data.

In cases where processing is based on obtaining consent, NTUA follows the procedures prescribed by law to obtain such consent.

3a. Processing with your explicit consent

Our Organisation will use your personal data for the following lawful purposes of processing, within the framework of our Agreement or provided that you have given us your explicit and specific consent, per service (which you may freely withdraw at any time), namely:

  • For the management of your data & details within the framework of member registration and networking.
  • For supporting / informing you about our Organisation’s services / responding to your requests and queries, as well as updating and responding to your suggestions and comments regarding the improvement of our services.
  • For “internal” quality assurance of our services.

For website traffic analysis and improving your experience, and to provide you with information related to services, educational programmes, general / technical updates, etc.

In any case, you may change your preferences at any time by sending an email to alumni@mail.ntua.gr or by using the unsubscribe link found at the bottom of each email you receive from us.

3b. Alumni Consent for the Processing of Personal Data by the platform of the Alumni Office of the National Technical University of Athens
During the process of registering with the Alumni Office of NTUA you are asked to consent to the processing of your personal data, which
The processing of these data is carried out for purposes related to:

  • the management of the alumni register,
  • communication with the alumni network,
  • information on actions, events and initiatives of NTUA,
  • strengthening professional and academic networking among alumni.

Your personal data will be handled in accordance with the General Data Protection Regulation (GDPR) and the applicable national legislation. You retain the right of access, rectification, erasure, restriction of processing and withdrawal of your consent at any time, without affecting the lawfulness of processing based on consent prior to its withdrawal.
Withdrawal of consent may be effected by contacting the competent service managing the Alumni Office platform.

4. What are the principles of collection and processing

This Personal Data Protection Policy aims to inform you of the terms for the collection, processing and transfer of your personal data that we may collect as Controllers or Processors.

Our Organisation and its trained Personnel apply all the Processing Principles of the GDPR 2016/679 (lawfulness, fairness, transparency, purpose limitation, data minimisation, accuracy, storage limitation, integrity, confidentiality and accountability).

At the same time, our Organisation protects and safeguards your Rights with regard to the use of your Personal Data (information, access, rectification, erasure, restriction of processing, portability, objection and non-automated decision-making based on profiling), as these are specified in the GDPR and Greek legislation. The above apply without any distinction and are enforced in all processing operations carried out and in all services provided by our Organisation.

5. How we collect your personal data

Our Organisation collects your personal data with your consent and acceptance of the terms of use of each of our services, and specifically:

  • when you call our numbers, when you send us an email or fill in an application for information or for a programme,
  • when you voluntarily register in printed or electronic directories, so that you receive printed, electronic or SMS informational material or renew these preferences,
  • when you visit our websites through which we collect, via cookies, the necessary information from your terminal device and your browser.

6. Minimisation, storage and deletion of your data

Our Organisation will always request the minimum personal data required by law for the implementation of our Services and for serving you in the best possible way.

Our Organisation retains your personal data only for as long as required by the contractual terms of each service, in combination with the applicable legislation and regulatory framework for Educational Bodies as well as the general telecommunications, tax and other legislation, based on the applicable purpose of processing, after which it anonymises or destroys them. You may ask us and find out what data we collect about you and have them corrected or deleted, unless their retention is required by law for tax, evidentiary or judicial purposes and for the prosecution of unlawful acts.

7. Rights of the Data Subject

The data subject has the following rights:

  • The right to information and transparency, pursuant to Arts. 12–14 of Reg. 2016/679
  • The right of access, pursuant to Art. 15 of Reg. 2016/679
  • The right to rectification of data, pursuant to Art. 16 of Reg. 2016/679
  • The “right to be forgotten”, or otherwise the right to erasure, pursuant to Art. 17 of Reg. 2016/679
  • The right to data portability, pursuant to Art. 20 of Reg. 2016/679
  • The right to object, pursuant to Art. 21 of Reg. 2016/679
  • The right to restriction of processing, pursuant to Art. 18 of Reg. 2016/679
  • The right to withdraw consent, pursuant to Art. 14 of Reg. 2016/679

8. Transfer of your data to third parties

As a rule, our Organisation does not transfer your personal data to third parties, except where clearly required by the applicable Legislation / Regulatory framework or where we act as “intermediaries” and to the extent required to complete one of our services and fulfil requests relating to the services we provide.

Such third parties may include, for example, official University / Supervisory / State Bodies (e.g. NTUA, HDPA, etc.), when we are called upon to comply with Legislation / Regulations for Educational Bodies and/or to prevent unlawful acts against us and against our Trainees (e.g. fraud, defamation, violation of personality rights, etc.).

We work with reputable Academic and other Partners (Lecturers / Trainers) and endeavour to impose contractual restrictions on third parties who may receive your personal data, so as to ensure, to the extent possible, that they use them in accordance with this Policy and the applicable data protection laws in Europe and internationally.

In order to process your data, we may need to transfer your information to other countries, including countries primarily within and exceptionally outside the European Economic Area (EEA) on the basis of EU adequacy decisions, binding corporate rules, standard contractual clauses and approved codes of conduct.

9. Security of your personal data

In all cases, we take appropriate technical and organisational measures to ensure that your personal information is transferred, stored and processed in accordance with the appropriate security standards and procedures and in accordance with the terms of this Policy and the applicable data protection laws.

Our Organisation has trained and responsible Personnel, and we recognise the importance of protecting the privacy and all of your personal information. To this end, we have appropriate security policies in place and use appropriate technical and operational tools, such as data encryption, use of firewalls, establishment of access levels, authorised staff, staff training, periodic audits, compliance with international Security and Business Continuity Standards.

Any Partner of ours who has access to the above information uses it exclusively to serve the purposes described above. We share the information you give us solely in the ways described in this Policy and in accordance with your explicit and specific consent per type of processing, which you may freely withdraw at any time by contacting us.

10. Sending Targeted Communications

We may use your personal data together with other information we have collected (basic contact details, such as name / company / telephone / address / email), in order to carry out, for your better information / awareness, relevant communication activities (emails, informational newsletters, etc.).
However, we do not use automated tools to identify and evaluate your consumer profile and general preferences with other personal information (such as your email address) to display advertisements or send you personalised offers. Furthermore, we do not share your personal details with third parties so that they can send you corresponding advertisements, unless you have explicitly consented to such.

If you wish us to stop sending you updates, you may use the unsubscribe link found at the bottom of each email you receive from us.

11. Unsolicited commercial communication

Our Organisation does not permit the use of our website or our services for the transmission of bulk or unsolicited commercial email messages (spam). Furthermore, we do not permit the sending of messages to and from our Trainees that use or contain invalid or falsified headers, invalid or non-existent domain names, techniques for concealing the origin of each message, false or misleading information, or that violate website terms of use.

We do not permit or authorise any attempt to use our services in a manner that could damage, disable, or burden any part of our services or obstruct anyone wishing to use our services.

If we consider that any unauthorised or inappropriate use is being made of any of our services, we may, without notice, at our absolute discretion, take appropriate measures to block messages from a particular internet domain, an email server, or an IP address. We have the ability to immediately delete any account using our services which, at our absolute discretion, transmits or is associated with the transmission of any messages that violate this policy.

13. Contact for questions or comments

If you have questions or comments regarding this Security and Personal Data Protection Policy, or if you believe that we have not followed the principles set out therein, please send us an email to alumni@mail.ntua.gr

14. Validity of the Security and Personal Data Protection Policy

This Policy was published by our Organisation on 15/11/2021 and is subject to periodic improvement and revision.

Any changes to this Policy will apply to information collected from the date on which the revised version is published, as well as to existing information in our possession. Use of the website following the publication of changes constitutes your acceptance of those changes.

The Data Protection Officer of NTUA

1. What the Data Protection Officer is

The Data Protection Officer (DPO) is an independent expert in the field of personal data, with proven knowledge and experience in the legislation and practical application of Personal Data, who reports directly to the head of the institution.

The definition and scope of the role of the Data Protection Officer is provided for in the General Data Protection Regulation (Regulation (EU) 2016/679) (Arts. 37–39), as well as in Directive (EU) 2016/680 (Arts. 32–34).

2. The role of the Data Protection Officer (DPO)

The Data Protection Officer is designated by the controller and the processor in the following cases, pursuant to the GDPR (Art. 37):

  • Where processing is carried out by a public authority or body, except for courts acting in their judicial capacity,
  • Where the core activities of the controller or the processor consist of processing operations which, by virtue of their nature, scope and/or purposes, require regular and systematic monitoring of data subjects on a large scale, or
  • Where the core activities of the controller or the processor consist of large-scale processing of special categories of data pursuant to Article 9 and of data relating to criminal convictions and offences referred to in Article 10 of the GDPR.

Furthermore, where the controller or processor is a public authority or body, a single DPO may be designated for several such authorities or bodies, taking into account their organisational structure and size.

The DPO is designated on the basis of professional qualifications and, in particular, expert knowledge of data protection law and practices, as well as the ability to fulfil the tasks referred to, and may be a member of staff of the controller or processor, or may fulfil tasks on the basis of a service contract.

Additionally:

The Data Protection Officer must, with the assurance of the controller and the processor, be involved in a proper and timely manner in all matters of the Institution relating to the protection of personal data.

Furthermore, the DPO must have the support of the above in carrying out their tasks by being provided with the necessary resources and information.

The DPO reports directly to the highest management level of the controller or processor, and in this case to the Rectorate of the National Technical University of Athens.

The DPO may fulfil other tasks and duties provided it is ensured that such tasks and duties do not result in a conflict of interests.

3. Contact with the Data Protection Officer (DPO)

The controller or processor shall publish the contact details of the DPO and communicate them to the competent supervisory authority.

Data subjects may contact the Data Protection Officer on any matter relating to the processing of their personal data and to the exercise of their rights under this Regulation.

4. Obligation to maintain secrecy and confidentiality

The DPO is bound by the obligation to maintain secrecy or confidentiality with regard to the performance of their tasks, in accordance with Union or Greek law.

5. What are the tasks of the DPO

The Data Protection Officer, pursuant to Article 39 of the GDPR, has at least the following tasks, which are carried out with due regard to the risk associated with processing operations, taking into account the nature, scope, context and purposes of processing:

  • informs and advises the controller or processor and the employees who carry out processing of their obligations pursuant to the GDPR, European Directive (EU) 2016/680, Law 4624/2019, and other Union or Member State provisions relating to data protection,
  • monitors compliance with the GDPR, with other Union or Member State provisions relating to data protection and with the policies of the controller or processor in relation to the protection of personal data, including the assignment of responsibilities, awareness-raising and training of staff involved in processing operations, and the related audits,
  • provides advice where requested with regard to the data protection impact assessment and monitors its implementation,
  • cooperates with the supervisory authority,
  • acts as the contact point for the supervisory authority on issues relating to processing, including prior consultation, and conducts consultations, where appropriate, on any other matter.

6. The Data Protection Officer of NTUA

The Data Protection Officer for the National Technical University of Athens was appointed as the Assistant Professor of Law at the School of Applied Mathematical and Physical Sciences of NTUA and Attorney at the Supreme Court, Evgenia Tzannini.

Contact with the DPO is made via electronic correspondence at the email: dpo(at)mail(dot)ntua(dot)gr or by written correspondence to ‘Data Protection Officer NTUA, Polytechnioupoli Zografou, 15780, Athens’.

Privacy Policy

(Personal Data Protection)

Introduction

The General Data Protection Regulation (EU) 2016/679 strengthens the framework for the protection of data subjects with regard to the processing of personal data within the European Union.

Law 4624/2019 (Government Gazette Aʹ137/2019) sets out measures for the implementation of the General Data Protection Regulation and incorporates Directive (EU) 2016/680 into national legislation.

The National Technical University of Athens, with respect for personal data, complies within the framework of its purpose, activities and operations with all legislation relating to Personal Data Protection, stemming from Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 and Law 4624/2019, and takes the required technical and organisational measures, both at the time of determining the means of processing and at the time of processing, to effectively safeguard the protection of personal data.

Please read carefully these terms and the relevant Security and Personal Data Protection Policy of our Organisation. By using our websites and/or signing the relevant consent declaration, where applicable, you unconditionally accept the practices described herein, the terms of which shall govern our contractual relationship and are incorporated into the terms of use of each of our services.

1. What your personal data are

Your personal data include any information, on paper or electronic media, that can lead, either directly or in combination with other data, to your unique identification or to your identification as a natural person. This category includes, as applicable, details such as your full name, physical & electronic addresses (emails), Academic Education & Professional experience details, fixed and mobile telephone numbers, and any other information that allows your unique identification pursuant to the provisions of the General Data Protection Regulation (GDPR 2016/679), the applicable Greek Legislation, and the decisions of the Hellenic Data Protection Authority (HDPA).

2. What personal data we collect

The National Technical University of Athens collects and processes only the personal data you have provided and which are necessary for each specific and clearly defined purpose.

The processing that takes place concerns the personal data provided to NTUA at the time of your registration, or when submitting an application, such as:

Identity Data such as username, full name, father’s name, mother’s name, photograph, ID or Passport number, issuing authority, date of issue
Communication Data such as postal address, contact telephone numbers, email address.
Demographic Data such as nationality, citizenship, religion, date of birth, place of birth, country of birth, municipal register)
Health Data such as medical reports, medical certificates
Biographical data

In cases where processing is based on obtaining consent, NTUA follows the procedures prescribed by law to obtain such consent.

3. Processing with your explicit consent

Our Organisation will use your personal data for the following lawful purposes of processing, within the framework of our Agreement or provided that you have given us your explicit and specific consent, per service (which you may freely withdraw at any time), namely:

  • For the management of your data & details within the framework of member registration and networking.

  • For supporting / informing you about our Organisation’s services / responding to your requests and queries, as well as updating and responding to your suggestions and comments regarding the improvement of our services.

  • For “internal” quality assurance of our services.

    For website traffic analysis and improving your experience, and to provide you with information related to services, educational programmes, general / technical updates, etc.

  • For internal operations and analysis such as internal management, fraud prevention, use by management information systems, invoicing, accounting, billing and auditing.

In any case, you may change your preferences at any time by sending an email to alumni@mail.ntua.gr or by using the unsubscribe link found at the bottom of each email you receive from us.

4. What are the principles of collection and processing

This Personal Data Protection Policy aims to inform you of the terms for the collection, processing and transfer of your personal data that we may collect as Controllers or Processors.
Our Organisation and its trained Personnel apply all the Processing Principles of the GDPR 2016/679 (lawfulness, fairness, transparency, purpose limitation, data minimisation, accuracy, storage limitation, integrity, confidentiality and accountability).
At the same time, our Organisation protects and safeguards your Rights with regard to the use of your Personal Data (information, access, rectification, erasure, restriction of processing, portability, objection and non-automated decision-making based on profiling), as these are specified in the GDPR and Greek legislation. The above apply without any distinction and are enforced in all processing operations carried out and in all services provided by our Organisation.

5. How we collect your personal data

Our Organisation collects your personal data with your consent and acceptance of the terms of use of each of our services, and specifically:

  • when you call our numbers, when you send us an email or fill in an application for information or for a programme,

  • when you send us the postal address for the issuance or dispatch of an invoice or service receipt, as well as delivery details for a document (e.g. a Training Certificate).

  • when you voluntarily register in printed or electronic directories, so that you receive printed, electronic or SMS informational material or other marketing material or renew these preferences,

  • when you visit our websites through which we collect, via cookies, the necessary information from your terminal device and your browser.

6. Minimisation, storage and deletion of your data

Our Organisation will always request the minimum personal data required by law for the implementation of our Services and for serving you in the best possible way.
Our Organisation retains your personal data only for as long as required by the contractual terms of each service, in combination with the applicable legislation and regulatory framework for Educational Bodies as well as the general telecommunications, tax and other legislation, based on the applicable purpose of processing, after which it anonymises or destroys them. You may ask us and find out what data we collect about you and have them corrected or deleted, unless their retention is required by law for tax, evidentiary or judicial purposes and for the prosecution of unlawful acts.

7. Rights of the Data Subject

The data subject has the following rights:

  • The right to information and transparency, pursuant to Arts. 12–14 of Reg. 2016/679

  • The right of access, pursuant to Art. 15 of Reg. 2016/679

  • The right to rectification of data, pursuant to Art. 16 of Reg. 2016/679

  • The “right to be forgotten”, or otherwise the right to erasure, pursuant to Art. 17 of Reg. 2016/679

  • The right to data portability, pursuant to Art. 20 of Reg. 2016/679

  • The right to object, pursuant to Art. 21 of Reg. 2016/679

  • The right to restriction of processing, pursuant to Art. 18 of Reg. 2016/679

  • The right to withdraw consent, pursuant to Art. 14 of Reg. 2016/679

8. Transfer of your data to third parties

As a rule, our Organisation does not transfer your personal data to third parties, except where clearly required by the applicable Legislation / Regulatory framework or where we act as “intermediaries” and to the extent required to complete one of our services and fulfil requests relating to the services we provide.
Such third parties may include, for example, official University / Supervisory / State Bodies (e.g. NTUA, HDPA, etc.), when we are called upon to comply with Legislation / Regulations for Educational Bodies and/or to prevent unlawful acts against us and against our Trainees (e.g. fraud, defamation, violation of personality rights, etc.).
We work with reputable Academic and other Partners (Lecturers / Trainers) and endeavour to impose contractual restrictions on third parties who may receive your personal data, so as to ensure, to the extent possible, that they use them in accordance with this Policy and the applicable data protection laws in Europe and internationally.
In order to process your data, we may need to transfer your information to other countries, including countries primarily within and exceptionally outside the European Economic Area (EEA) on the basis of EU adequacy decisions, binding corporate rules, standard contractual clauses and approved codes of conduct.

9. Security of your personal data

In all cases, we take appropriate technical and organisational measures to ensure that your personal information is transferred, stored and processed in accordance with the appropriate security standards and procedures and in accordance with the terms of this Policy and the applicable data protection laws.
Our Organisation has trained and responsible Personnel, and we recognise the importance of protecting the privacy and all of your personal information. To this end, we have appropriate security policies in place and use appropriate technical and operational tools, such as data encryption, use of firewalls, establishment of access levels, authorised staff, staff training, periodic audits, compliance with international Security and Business Continuity Standards.
Any Partner of ours who has access to the above information uses it exclusively to serve the purposes described above. We share the information you give us solely in the ways described in this Policy and in accordance with your explicit and specific consent per type of processing, which you may freely withdraw at any time by contacting us.

10. Display of Targeted Advertising

We may use your personal data together with other information we have collected (basic contact details, such as name / company / telephone / address / email), following human intervention by our Commercial Department or other staff, in order to carry out, for your better information / awareness, relevant marketing activities (emails, informational newsletters, etc.).
However, we do not use automated tools to identify and evaluate your consumer profile and general preferences with other personal information (such as your email address) to display advertisements or send you personalised offers. Furthermore, we do not share your personal details with third parties so that they can send you corresponding advertisements, unless you have explicitly consented to such.
If you wish us to stop sending you updates or offers, you may use the unsubscribe link found at the bottom of each email you receive from us.

11. Links to third-party websites

Our Organisation’s websites may contain links leading to other websites of third parties, independent bodies, such as, by way of example, companies providing advisory or related services, which are operated and maintained exclusively by them, and which we do not control, as mentioned above. Consequently, we bear no responsibility whatsoever for the content, actions or policies of those websites. We encourage you to read carefully the respective data protection policies on the different websites you visit, as they may differ significantly from our own.

12. Unsolicited commercial communication

Our Organisation does not permit the use of our website or our services for the transmission of bulk or unsolicited commercial email messages (spam). Furthermore, we do not permit the sending of messages to and from our Trainees that use or contain invalid or falsified headers, invalid or non-existent domain names, techniques for concealing the origin of each message, false or misleading information, or that violate website terms of use.
We do not permit or authorise any attempt to use our services in a manner that could damage, disable, or burden any part of our services or obstruct anyone wishing to use our services.
If we consider that any unauthorised or inappropriate use is being made of any of our services, we may, without notice, at our absolute discretion, take appropriate measures to block messages from a particular internet domain, an email server, or an IP address. We have the ability to immediately delete any account using our services which, at our absolute discretion, transmits or is associated with the transmission of any messages that violate this policy.

13. Contact for questions or comments

If you have questions or comments regarding this Security and Personal Data Protection Policy, or if you believe that we have not followed the principles set out therein, please send us an email to alumni@mail.ntua.gr or contact us at the following postal address: Polytechnioupoli Zografou, Iroon Polytechniou 9, 15780, Zografou.

14. Validity of the Security and Personal Data Protection Policy

This Policy was published by our Organisation on 15/11/2021 and is subject to periodic improvement and revision.
Any changes to this Policy will apply to information collected from the date on which the revised version is published, as well as to existing information in our possession. Use of the website following the publication of changes constitutes your acceptance of those changes.

The Data Protection Officer of NTUA

1. What the Data Protection Officer is

The Data Protection Officer (DPO) is an independent expert in the field of personal data, with proven knowledge and experience in the legislation and practical application of Personal Data, who reports directly to the head of the institution.

The definition and scope of the role of the Data Protection Officer is provided for in the General Data Protection Regulation (Regulation (EU) 2016/679) (Arts. 37–39), as well as in Directive (EU) 2016/680 (Arts. 32–34).

2. The role of the Data Protection Officer (DPO)

The Data Protection Officer is designated by the controller and the processor in the following cases, pursuant to the GDPR (Art. 37):

  • Where processing is carried out by a public authority or body, except for courts acting in their judicial capacity,

  • Where the core activities of the controller or the processor consist of processing operations which, by virtue of their nature, scope and/or purposes, require regular and systematic monitoring of data subjects on a large scale, or

  • Where the core activities of the controller or the processor consist of large-scale processing of special categories of data pursuant to Article 9 and of data relating to criminal convictions and offences referred to in Article 10 of the GDPR.

Furthermore, where the controller or processor is a public authority or body, a single DPO may be designated for several such authorities or bodies, taking into account their organisational structure and size.

The DPO is designated on the basis of professional qualifications and, in particular, expert knowledge of data protection law and practices, as well as the ability to fulfil the tasks referred to, and may be a member of staff of the controller or processor, or may fulfil tasks on the basis of a service contract.

Additionally:

The Data Protection Officer must, with the assurance of the controller and the processor, be involved in a proper and timely manner in all matters of the Institution relating to the protection of personal data.

Furthermore, the DPO must have the support of the above in carrying out their tasks by being provided with the necessary resources and information.

The DPO reports directly to the highest management level of the controller or processor, and in this case to the Rectorate of the National Technical University of Athens.

The DPO may fulfil other tasks and duties provided it is ensured that such tasks and duties do not result in a conflict of interests.

3. Contact with the Data Protection Officer (DPO)

The controller or processor shall publish the contact details of the DPO and communicate them to the competent supervisory authority.

Data subjects may contact the Data Protection Officer on any matter relating to the processing of their personal data and to the exercise of their rights under this Regulation.

4. Obligation to maintain secrecy and confidentiality

The DPO is bound by the obligation to maintain secrecy or confidentiality with regard to the performance of their tasks, in accordance with Union or Greek law.

5. What are the tasks of the DPO

The Data Protection Officer, pursuant to Article 39 of the GDPR, has at least the following tasks, which are carried out with due regard to the risk associated with processing operations, taking into account the nature, scope, context and purposes of processing:

  • informs and advises the controller or processor and the employees who carry out processing of their obligations pursuant to the GDPR, European Directive (EU) 2016/680, Law 4624/2019, and other Union or Member State provisions relating to data protection,

  • monitors compliance with the GDPR, with other Union or Member State provisions relating to data protection and with the policies of the controller or processor in relation to the protection of personal data, including the assignment of responsibilities, awareness-raising and training of staff involved in processing operations, and the related audits,

  • provides advice where requested with regard to the data protection impact assessment and monitors its implementation,

  • cooperates with the supervisory authority,

  • acts as the contact point for the supervisory authority on issues relating to processing, including prior consultation, and conducts consultations, where appropriate, on any other matter.

6. The Data Protection Officer of NTUA

The Data Protection Officer for the National Technical University of Athens was appointed as the Assistant Professor of Law at the School of Applied Mathematical and Physical Sciences of NTUA and Attorney at the Supreme Court, Evgenia Tzannini.

Contact with the DPO is made via electronic correspondence at the email: dpo(at)mail(dot)ntua(dot)gr or by written correspondence to ‘Data Protection Officer NTUA, Polytechnioupoli Zografou, 15780, Athens’.

7. Data Subject Request Submission Form

The attached form may be used to submit a request, in accordance with the provisions of the General Data Protection Regulation of the European Union, and should be forwarded signed to the e-mail dpo@mail.ntua.gr.

Scroll to Top