Privacy Policy

Notification/Consent for Processing of Personal Data by the Research Committee of the University of the Aegean for Electronic Payments

Last updated: 1/11/2024

In accordance with the General Data Protection Regulation (GDPR), Law 4624/2019, and other applicable personal data legislation, the Special Account for Research Funds (ELKE) of the University of the Aegean acts as Data Controller and processes personal data.

Data Controller

The Special Account for Research Funds (ELKE) of the University of the Aegean is the data controller for personal data collected through this electronic payment platform. For data protection matters: dpo@aegean.gr

Collection and Processing of Personal Data

You must consent to the collection and processing of personal data in order to make payment via Credit/Debit/Prepaid Card or via Bank Transfer (DIAS Payment Reference) for participation in University of the Aegean programs such as:

  • Postgraduate programs
  • Lifelong learning programs (K.E.DI.VI.M.)
  • Conferences
  • Summer schools
  • Seminars
  • Other programs accepting electronic payments

The personal data required to process your transaction are:

  • Full name
  • Tax identification number (VAT/AFM)
  • Address
  • A contact phone number
  • Email address

If you pay by card, your card details are not stored on ELKE servers during the transaction — they are entered directly into the secure environment of the payment processing provider.

Purpose of Personal Data Processing

ELKE of the University of the Aegean may process your personal data for the following purposes:

  • For identification and communication with you
  • For completing the financial transaction
  • For fulfilling our legal obligations
  • For fulfilling obligations under applicable law regarding disclosure to Public Authorities (Supervisory, Independent, etc.)
  • For fulfilling duties in the public interest

Legal Basis for Processing

We process your personal data based on: Contract performance (your registration), Legal obligation (tax and accounting requirements), and Legitimate interest (platform security and fraud prevention).

Personal Data Retention Period

Personal data is retained until the administrative closure of the program, within the audit rules imposed by the regulatory framework and applicable legislation. Financial records are retained for the period required by Greek tax law.

Transfer of Personal Data

ELKE of the University of the Aegean is obliged or entitled to disclose your personal data to various third-party recipients. Access to your data is held by authorized ELKE staff within the scope of duties assigned by the University. Third-party recipients include:

  • Public bodies or Independent authorities
  • Tax authorities as required by law
  • Payment processors (Alpha Bank) for completing transactions
  • University departments for program administration

Your data may be disclosed to third parties if required by applicable law, court order, or government act, subject in all cases to confidentiality and professional secrecy obligations.

Your Rights (GDPR)

Under the General Data Protection Regulation (GDPR), you have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Request erasure ('right to be forgotten') where applicable
  • Restrict processing in certain circumstances
  • Data portability
  • Object to processing
  • Lodge a complaint with the Hellenic Data Protection Authority

Right to Withdraw or Modify Consent

If you wish to withdraw your consent or modify your declaration, you may contact the ELKE Secretariat (University Hill) or email rcs@aegean.gr. We will make every effort to comply with your request, to the extent it is consistent with applicable law and professional standards.

Data Security

We implement appropriate technical and organizational measures to protect your personal data, including encryption of data in transit (TLS/SSL), secure payment processing through certified payment gateways, access controls, and regular security audits.

Policy Updates

This policy may change periodically. If we decide to materially change how we process your personal data, you will receive prior notice, or where required, your consent will be sought before the new policy takes effect.

Contact & Data Protection Officer

For any questions, comments, or clarifications regarding your personal data, you may contact the Data Protection Officer at: dpo@aegean.gr or by phone: 22510 36047.