General Information

At “International Airport of Heraklion Crete S.A.” we stress the importance of privacy and are committed to adopting and implementing high standards for the protection of personal information in accordance with the Regulation (EU) 2016/679 (General Data Protection Regulation or “GDPR”) and other applicable data protection legislation.

The present Website Privacy Notice (“this Notice”) applies for the use of the website of “International Airport of Heraklion Crete S.A.”. Its purpose is to provide information about the collection, storage, use and any other type of processing of visitors’ data by “International Airport of Heraklion Crete S.A.”, in its capacity as “Controller” as well as your rights in accordance with applicable legislation.

This Notice outlines the type of personal information/data we collect and receive through the use of this website, the circumstances in which we collect or receive personal information, the procedures we have established outlining its use and storage, and for sharing certain types of personal information in certain limited circumstances, the procedures you should follow if you have any questions or requests in respect of your personal information and where such questions or requests should be directed, and the means by which to communicate with us.

In this notice “International Airport of Heraklion Crete S.A.” means “International Airport of Heraklion Crete S.A.” and its affiliated companies, as they may exist from time to time, which include, without limitation, the subsidiaries which carry on business that use the following names: {Company Name} and {Company Name}. The words ‘we’, ‘us’ and “International Airport of Heraklion Crete S.A.” are used interchangeably in this Notice and does not include any third parties .

In this Notice, the following definitions shall apply:

“Personal Information/Data” means information about you (or another physical person) where you/or other person are already identified or that is personally identifiable like a person’s name, an identification number, address, location data, e-mail address or phone number.

“Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal information/data.

“Processor” means a natural or legal person, public authority, agency or other body which processes personal information/data on behalf of the controller.

Data Subject” means the physical person, for which the Controller collects and processes personal information.

“Processing” means any operation or set of operations which is performed on personal information/data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

You are the Data Subject within the context of this Notice.

“International Airport of Heraklion Crete S.A.”, [address], [corporate details], is the “Controller” of your personal data that may be collected, received, processed and retained.

“International Airport of Heraklion Crete S.A.” does not collect or process special categories of personal data, as these defined in the provisions of the applicable data protection legislation (such as indicatively data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or data concerning health or data concerning a natural person’s sex life or sexual orientation).

 

HOW YOU MAY PROVIDE US YOUR PERSONAL INFORMATION

1.By providing the information to us by subscribing to our newsletter or participating in a marketing initiative.

2.By visiting our website.

  1. By _______ [TBD whether visiting the website for Investor Information and for Tenders will have potential collection of personal information].

Below we will outline the type of information normally collected in each of these circumstances, the reasons for doing so, how we will use it and store it.

 

 

TYPE (CATEGORIES) OF PERSONAL INFORMATION

“INTERNATIONAL AIRPORT OF HERAKLION CRETE S.A.” OFFERS YOU THE ABILITY TO SUBSCRIBING TO OUR NEWSLETTER AND /OR RECEIVE TARGETED, TIMELY NOTIFICATION OF TIME SENSITIVE OFFERS

For subscribing to our newsletter or to sign up for this marketing service we require you to provide us with your e-mail address, first name, last name, language preference, and country of residence. You may unsubscribe at any time using the link provided on every e-mail message and you will no longer receive the newsletter or e-mail offers and promotions for the specified subscription or website.

You may at any time in the future opt-in to subscribing to our newsletter and/or receive e-mail offers.

You can opt out from receiving our newsletter or of our advertising and marketing communications at any time by any of the following methods:

  1. Selecting the UNSUBSCRIBE link included in our emails.
  2. Contacting our Marketing Team at [email protected]

 

BY VISITING OUR WEBSITE

For information as to the  use of “cookies” on our website please refer to our Cookies Policy.

We may also evaluate our content and services and tailor our website, for visitors, based on other information we collect, such as IP addresses, which are numbers assigned to your computer whenever you use the Internet, pixel tags (or clear gifs), and the type of Internet browser or operating system you are using. This information is collected in the aggregate, but we may tie it to your personal information through cookie use as described above.

 

WHY WE COLLECT PERSONAL INFORMATION AND ON WHAT BASIS WE USE YOUR PERSONAL INFORMATION

  1. To provide you with our newsletter, send you offers and promotions you have requested. The legal basis for this processing is your consent.
  2. To understand your needs and preferences, to develop, enhance, market or provide products and services, to manage and develop our business and operations. The legal basis for this processing is the legitimate business purposes of “International Airport of Heraklion Crete S.A.”.
  3. To protect your legitimate interests as visitors to “International Airport of Heraklion Crete S.A.” website, of our employees and our company as well as to protect the image and reputation of “International Airport of Heraklion Crete S.A.”. The legal basis for this processing is the legitimate business purposes of “International Airport of Heraklion Crete S.A.”.
  4. To meet legal and regulatory requirements. The legal basis for this processing is the fulfilment of legal obligations of “International Airport of Heraklion Crete S.A.”.

WHEN DO WE DISCLOSE PERSONAL INFORMATION

We disclose personal information only in these limited circumstances:

1.Personal information may be shared with a third party retained by “International Airport of Heraklion Crete S.A.” website to perform functions on its behalf such as web or email hosting, data processing or storage, user surveys or research. Such services might be Information Technology services (system maintenance, website development or hosting), support and maintenance of data bases (CRM) and software, etc.

2.Personal information may be shared with a public authority as necessary for compliance with a legal obligation of “International Airport of Heraklion Crete S.A.”, for the protection of the rights, property or security of “International Airport of Heraklion Crete S.A.” , its website visitors and its employees, if in the reasonable judgment of “International Airport of Heraklion Crete S.A.” it appears that there is an imminent danger to life or property which could be avoided or minimized by disclosure of the information, or which disclosure is compelled by legal authority.

Any such disclosure of a user’s personal information by “International Airport of Heraklion Crete S.A.”  to a third party will be made on terms and conditions corresponding to each particular case and only on a confidential basis conditioned upon the information being used only for the purpose for which it has been disclosed.

HOW LONG WE KEEP YOUR PERSONAL INFORMATION

Your personal information will be retained for as long as required for the purposes for which the information is collected and used, taking into account legal and regulatory requirements to retain the information for a minimum time period, limitation periods, for taking legal action and “International Airport of Heraklion Crete S.A.” business purposes.

For website visitor we may keep your data for a period of [five (5) years] from their collection. Following this time period, “International Airport of Heraklion Crete S.A.” will proceed with the secure destruction and/or deletion of your data.

WHICH COUNTRIES WE TRANSFER YOUR PERSONAL INFORMATION

In order to operate our website and any activity over our website, we may need to transfer your personal information to locations outside Greece. We will only transfer your data within the European Economic Area (EEA).

In the event where we need to transfer your personal information to a location outside the EEA, we will implement appropriate measures to ensure that your personal information remains protected and secure in accordance with applicable data protection legislation.

PRINCIPLES

  1. “International Airport of Heraklion Crete S.A.” will not collect, use or disclose your personal information for any other purpose than those identified above, except with your consent.
  2. “International Airport of Heraklion Crete S.A.” will protect your personal information with a variety of appropriate technical and organizational security measures and safeguards from unauthorized access, use, disclosure, alteration or destruction consistent with applicable data protection legislation.
  3. “International Airport of Heraklion Crete S.A.” will take appropriate steps to protect the confidentiality of your personal information when dealing with third parties.
  4. “International Airport of Heraklion Crete S.A.” will strive to keep your personal information as accurate and up to date as is necessary for the purposes identified above.
  5. “International Airport of Heraklion Crete S.A.” will honour your request to access your personal information or exercise any of your other rights over your personal information in as timely fashion as is reasonably possible.

You are always free to refuse to provide personal information to us, or exercise any of your rights provided below.

You may also withdraw your consent with respect to the use of your personal information for subscribing to our newsletter or to sign up for marketing purposes at any time as indicated above in the relevant section of this notice.

However,  in the event you refuse to provide personal information to us or withdraw your consent or exercise certain of our rights provided below, this may limit our ability to serve you.

Withdrawal of previously given consent will have effect for the future and will not affect the lawfulness of processing based on consent until the time of its withdrawal. Please note however that, even after you have chosen to withdraw your consent we may be obliged or able to continue to process your personal information to the extent required or other wise permitted by law.

 

Website and System Security:

The website and the system infrastructure of “International Airport of Heraklion Crete S.A.” utilized for the collection and storage of personal information use security mechanisms providing sufficient security and are operated by trained and authorized personnel in order to achieve the maximum possible protection of personal information within today’s digital environment.

Nevertheless, it is your responsibility to ensure that the equipment (e.g. personal computer, tablet, etc.) software, telecommunication equipment that you use is sufficiently secure and protected from malware (e.g. viruses). You should be aware that, by not using sufficient security measures (e.g. secure settings in your browser, updated malware protection software, avoidance of use of software and hardware from non-legitimate sources, etc.), entails the risk that the data, as well as the passwords you use, can be disclosed to non-authorized third parties. Further, the transmission of information over the internet is not completely secure and we cannot thus guarantee the security of your information transmitted to our website. Any such transmission is at your own risk.

YOUR RIGHTS REGARDING YOUR PERSONAL INFORMATION

GDPR and other applicable data protection legislation provide you with certain rights with respect to the processing of your personal information.

You may exercise a right to request:

  • Access to the personal information we hold about you (such as to the categories of personal data, the purposes, etc.).
  • Rectification or Erasure of your personal information we hold about you if these are insufficient or contain inaccuracies (for Rectification) or because the information is no longer necessary for the purposes that such has been collected (for Erasure).
  • Restriction of the processing we do of your personal information in accordance with the law.
  • Objection to the processing we do of your personal information in the context of our legitimate interests.
  • Transmission of your personal information to another controller in an electronic manner.

Following receipt of a request as an exercise of your rights, we will reply and treat such request in accordance with the applicable data protection legislation and within the framework of the law.

Change of our Website Privacy Notice

If we decide to change our website privacy notice, we will post any changes on this page of the site so that you always know how we use the information we collect and under what circumstances we disclose it to others.

List of Processors:

Website: Mozaik

Contact

You can contact us anytime either regarding clarifications on our privacy notice/practices or regarding questions you may have on the use of your personal information  or if you wish to make a request in respect of your personal information.:

“International Airport of Heraklion Crete S.A.” Privacy Officer

Address: XXXXX

Phone number:  XXXXX

e-mail: XXXXX

In the event where you are under the impression that your rights under the applicable data protection legislation are infringed, you may file a complaint with the Hellenic Data Protection Authority:

Hellenic Data Protection Authority

Address: 1-3 Kifisias Ave., 115 23, Athens

Call Center: +30-210 647 5600

Fax: +30-210 647 5628

Email: [email protected]