PRIVACY POLICY

The present Privacy Policy (hereinafter the ‘Privacy Policy’) was posted on 1.2.2023. We frequently review the Privacy Policy to ensure that it is updated and accurate pursuant to the applicable laws.

About us

Welcome to www.insete.gr, a website which belongs to and is managed by the civil law non-profit company under the name ‘INSTITUTE OF GREEK TOURISM CONFEDERATION’ and the trade name ‘INSETE’, which has its registered office in Athens (32 Voukourestiou Street, 10671 Athens), holder of VAT Number 997419805 [hereinafter referred to as ‘we’, ‘us’, ‘our’, ‘company’, ‘INSETE’].

Use of our website [hereinafter the ‘Website’] is subject to the Terms and Conditions (hereinafter the ‘Terms of Use‘) and the present Privacy Policy. The Privacy Policy has been updated in order to ensure compliance with the General Data Protection Regulation [Regulation (EU) 2016/679] (hereinafter ‘GDPR’), implementation Law 4624/2019, and any and all recommendations and guidelines of the Hellenic Data Protection Authority (HDPA).

By using the Website, you declare that you have reviewed, understood and accepted all terms contained in the Terms of Use and in the Privacy Policy. If you do not agree with any of the terms contained in the Terms of Use and/or the Privacy Policy, you should refrain from visiting and using the Website and its services.

The Privacy Policy may be subject to amendments and updates from time to time, whenever deemed necessary and without prior notice, which shall apply from the date they are announced on the Website. We encourage you to frequently review the Privacy Policy, inasmuch as your continuing to use the Website entails your acceptance of such changes and amounts to your declaration that you have accepted such changes.

If you do not agree with the use of your data, in accordance with the Privacy Policy, you are kindly requested to refrain from using the Website.

INSETE undertakes to respect and protect your privacy.

The Privacy Policy describes how INSETE, in its capacity as ‘controller‘, in the sense of the GDPR, collects and processes personal data and other information about you, the users of the Website, and how our Website uses cookies and other identification technologies.

The full particulars of our company, which is responsible for processing your personal data, are:

INSTITUTE OF THE GREEK TOURISM CONFEDERATION (INSETE)

Εmail address: dpo@insete.gr

Postal Address: 32 Voukourestiou Street, 10671 Athens, Greece

Telephone: 210-3244368

Scope of the Privacy Policy

The Privacy Policy explains how we process your personal data when you contact us or when you use any of the services of our Website. Specifically, by reading the Privacy Policy you will be able to understand, among other things:

  • the reason for which we process your personal data;
  • which personal data we collect directly from you and which we collect from third parties;
  • how long they are kept;
  • the categories of recipients – if any – of your personal data;
  • if we intend to transmit said data to a country outside the European Union (EU) or the European Economic Area (EEA);
  • if we perform automated decision-making or profiling; and
  • your rights in relation to the processing of your personal data and how you can exercise such rights.

Units-Chapters of the Privacy Policy

To facilitate your perusal, the present Privacy Policy is divided into the following units-chapters:

  1. Who we are and how you may contact us
  2. When and why we collect your personal data
  3. What data we collect about you, how we collect such data and how we use them:
    • Data we collect directly from you
    • Data we collect through the use of cookies
    • Data we collect from third parties
    • Anonymized and statistical data
    • Special data categories – Sensitive data
  4. Which of your data we share with third parties
    • Service Providers
    • Other recipients
    • Transmissions of data outside the European Union (EU) or the European Economic Area (EEA);
  5. What the legal basis for the processing of your personal data is
  6. For how long we keep your personal data
  7. How we safeguard the security of your personal data
  8. What your rights are on your personal data
  9. Other Terms

INSETE is a civil law non-profit company which was established early in 2013 on the initiative of the ‘GREEK TOURISM CONFEDERATION – SETE’ by four partners with a strong involvement in crucial sectors of the Greek tourism market, viz. the ‘GREEK TOURISM CONFEDERATION – SETE’ (MAIN PARTNER), the ‘HELLENIC HOTELIERS FEDERATION – HHF’, the ‘HELLENIC ASSOCIATION OF TOURIST AND TRAVEL AGENCIES – HATTA’, and the ‘GREEK CONFEDERATION OF TOURIST ACCOMMODATION ENTERPRISES – SETKE’.

INSETE’s actions comprise:

the study, protection and promotion of the status and contribution of the tourism sector in the sustainable economic, social and cultural development at national and European level;
the support and promotion of entrepreneurship (conventional and social) in the tourism sector and in any other services sector which is directly or indirectly linked to it;
the enhancement of development mechanisms and policies for human resources in the tourism sector and in any other services sector which is directly or indirectly linked to it;
the provision of any kind of scientific, technical and other support to SETE with regard to any issue which pertains to the scope and objectives of its activities and which contributes to the accomplishment of its goals.

Our Website provides information, updates, consultancy, and technical support to parties engaging in business in the tourism sector. Specifically, in the INSETE INTELLIGENCE unit, users may find studies and statistical data pertaining to the tourism sector and access crucial information – anonymous, in the form of statistical results – about the competitiveness of tourism businesses and the level of the services they provide, the significance of tourism for the Greek economy, the products and markets of Greek tourism, the human resources, the institutional framework and tourism policy, and the Greek and international economy. Moreover, INSETE organizes seminars and congresses and enters into strategic partnerships aimed at the enhancement and development of the skills, qualifications and culture of the people involved in the tourism sector. In the TRAINING AND COACHING unit of our Website, users may find information about our training and coaching actions which are available in various forms (daily events, congresses, seminars, workshops, etc.). In the PROJECTS unit, users of the Website may find information about the projects we are carrying out in the context of the Partnership Agreement for the Development Framework (PA) business programmes, which are funded by the European Structural and Investment Funds, the most important of which are the European Social Fund (ESF) and the European Regional Development Fund (ERDF). Pursuant to the law, INSETE participates in the PA programmes as an implementation beneficiary who performs the processing of your data as per the guidelines of the Ministry of Development and Investment, which fulfils the role of the ‘Controller’, pursuant to article 53 par. 1 of Law 4914/2022. In the UPDATES unit, users may find information about important news, presentations, speeches, forthcoming daily events, and invitations to/announcements about actions in the tourism sector.

If you have any doubts or questions about the Privacy Policy or if you wish to exercise any of your rights, as outlined in the ‘What your rights are’ chapter further down in the present Privacy Policy, you may contact us by post at the address ’32 Voukourestiou Street, Athens, Greece’, or by email at dpo@insete.gr, or by calling us on 210-3244368.

The Website contains links to other websites, platforms and/or applications which we do not control (hereinafter ‘Third-party Websites’), such as tourism sites, information sites, etc. The Privacy Policy does not cover information collected from Third-party Websites which you visit through links contained in the Website. The aforesaid Third-party Websites have their own privacy policies and their own terms and conditions of use. We encourage you to read their privacy policies and terms and conditions of use before navigating and/or using them.

Most of the personal information we process is provided directly by you for one of the following reasons:

You directly contact us for whatever reason (e.g. through our Website or using our other contact particulars provided on our Website).
You subscribe to our newsletter in order to receive information material (e.g. information reports, announcements about institutional actions we undertake, forthcoming events) from our company.
You send us an application as potential employees or partners to cover a position in INSETE, either after we have placed an advertisement/post or on your own initiative.
You request to participate in and attend an event, seminar or workshop which we organize.
When you simply navigate our Website, initially we do not collect any personal data. Regarding the use of cookies, please refer to our Website’s .

When you request to and participate in projects carried out by INSETE in the context of the Partnership Agreement for the Development Framework (PA) business programmes, it should be noted that INSETE functions in accordance with the law as processor of your data, which means that it processes your data on instructions by the Ministry of Development and Investment, which fulfils the role of the ‘Controller’ in the said processing activity, pursuant to the law (see article 53 of Law 4914/2022).

When you visit the Website and when you contact us, we may collect and process specific personal data about you, so that you may benefit from the functions and services provided through the Website and in order to understand the demand for our services and improve the way in which we operate. Through the Website, INSETE generally collects and processes basic personal data and not special categories of your personal data (sensitive data), unless required to do so by the law.

The said data may include ‘personal data’, in other words information which pertains to you as identified or identifiable natural persons, meaning natural persons whose identity may be ascertained, whether directly or indirectly, especially through reference to an identification particular, such as a person’s full name and contact information.

The Website is not intended for use by underage persons (persons under the age of 18) and we do not knowingly collect personal data pertaining to underage persons.

Data we collect directly from you

Most of the personal information we process is provided directly by you.

We collect some personal data about you for the purpose of communicating with you, for instance in order to respond to your requests for the provision of information and in order to better understand your expectations and needs.

Specifically, when you contact us in any way (e.g. by email or telephone), we collect and process information about you, which you provide directly and which may include your full name, email address, the reason for which you contact us and the content of your message to us. We shall use this information in order to contact you so as to address any issue or question you may have.

When you subscribe to receive our newsletter, we collect and process information you provide about yourself by filling in the relevant form in the ‘NEWSLETTER- SUBSCRIPTION’ unit (e.g. email address).

We also collect your data as potential employees and partners (see here in particular INSETE information policy of job applicants), following your application in response to our advertisement for a job vacancy or following your application for a job sent on your own initiative. In such cases, INSETE collects and processes only the personal data that are required for the assessment of the candidate’s appropriateness for the specific post/partnership (e.g. name, surname, contact details, education, previous experience, etc.). These are data you provide to us with the application you submit as candidates in any way (e.g. by sending us your CV by email, as may requested in a relevant announcement/invitation posted on the Website) and in the course of any interview in which you may participate. The said data are required for the selection process, although you do not have to provide all the information we ask for in an announcement/invitation. If you do not provide adequate information about your professional experience and education, this may impact the course of your application, inasmuch as its evaluation is based on the information and particulars which are provided.

For your participation in our seminars and training/coaching actions (daily events, congresses, workshops, etc.), we collect the particulars required for your identification as a participant (e.g. full name) and your contact particulars (postal address, email, contact telephone number), including the name of the body you may be representing. When a participation fee is required, we collect data in relation to its payment when the provision of such data is mandatory pursuant to the tax legislation (e.g. VAT Number, IBAN to confirm your payment). Also, when we seek partners to carry out our training and coaching actions (e.g. coaches, speakers) or when you apply to participate in our actions in this capacity on your own initiative, we collect and process information pertaining to the education/training and qualifications of potential partners, their previous experience, their CV, any references from previous employers/partners, etc. If you do not wish to share with us all your data which may be required for your participation, you may be unable to participate in the training/coaching action or event.

Also, subject to your agreement, we may process image data (of your face) and audio data (of your voice), if the training/coaching action or event is recorded on photographs or video. The provision of said data, viz. image data (of your face) and audio data (of your voice), is not mandatory, inasmuch as said data are only collected upon your consent by means of a special form which you fill in prior to an event.

When you participate in projects carried out by INSETE in the context of the Partnership Agreement for the Development Framework (PA) business programmes, INSETE may process, in its capacity as processor on instructions by the Ministry of Development and Investment, which, pursuant to the law, fulfils the role of the controller in the processing of your personal data (see article 53 of Law 4914/2022), and depending on the category of each business programme, basic or sensitive personal data [e.g. beneficiaries’ microdata, full name, father’s name, ID card number or passport number (and copy of the ID or passport), contact particulars (address, telephone number, email), information pertaining to education and professional status (e.g. CV, employers’ references), replies to questionnaires, signatures (attendance registers), required data and documents (pursuant to the relevant legislation of public contracts and invitations to tender – participation terms of the PA) for participation in the tender procedures, such as tax and social security clearance certificates, income tax returns, registration of a new business and of any subsequent changes with the competent tax office, and any changes in the criminal record].

Data we collect through the use of cookies

We also use cookies and collect information about how you use the Website, technical information, which includes information about the access time, the volume of information which was transmitted, the transmission status, the browser type, version and language, the browser plug-in type and version, the IP address, the operating system and the system interface, the time zone and location settings, and profile information, including the referral website, the pages you visit, the actions you carry out, and the webpage visit and navigation motifs.

Kindly refer to our detailed , which is available on our Website.

Data we collect from third parties

Your personal data which we collect from third parties are primarily technical data which pertain to particulars about your device (e.g. manufacturer, model, monitor features, operating system, etc.) or particulars about your conduct (e.g. clicks, selections. For example, we receive some of the aforesaid data from statistical data providers, such as Google.

Anonymized and statistical data

We may process anonymized and statistical data for any purpose and in particular for statistical purposes and in order to improve the services and information provided by the Website. Although said data may be derived from your personal data, they are not considered personal data, inasmuch as they do not reveal, whether directly or indirectly, your identity (for example, we may collect data about the use of the Website in order to calculate the percentage of users who have access to specific elements of the Website).Special Data Categories – Sensitive Data

Through our Website, we generally do not knowingly collect or process special personal data categories (‘sensitive’ personal data), such as information about your health, race, nationality, religious or philosophical beliefs, sexual life, etc.

In special and exceptional cases, we may process special data categories (e.g. your criminal record) which you directly share with us in the context of the implementation of PA programmes, in which we participate as processor on instructions by the controller, viz. the Ministry of Development and Investment, in order that we may fulfil our obligations under the law, e.g. the legislation about public contracts and the applicable (national and EU) regulatory framework, including the tender terms-invitations and the Invitations to the PA programmes in which you participate.

We generally do not transmit data to third parties or share data with third parties. INSETE may transmit data to third parties either on account of its obligation when this is prescribed by the applicable laws or, alternatively, in accordance with the guarantees prescribed by the applicable laws.

Service Providers

INSETE may appoint independent/third-party service providers, who shall act as processors and shall provide specific services to INSETE, such as internet service providers, or service providers who provide technical and operational support (e.g. to facilitate serving you and ensuring the most efficient communication through the present Website, to serve its actions, for accounting support). When such support services are provided to us, the independent service providers may process your personal data as processors. The processors may not proceed to any further processing of your personal data, unless we have expressly instructed them to do so, and they may not transmit your personal data to third parties.

We do not share your personal data with third parties for the purpose of promoting products or services.

Other recipients

In compliance with the applicable legislation about personal data protection, INSETE may share your personal data with court and/or prosecuting authorities, independent authorities, government authorities, and its legal consultants.

In particular with regard to personal data processed by INSETE in the context of the implementation of co-financed programmes, it is specified that said data are generally not transmitted to third parties, apart from the competent audit and administrative authorities and the agencies involved, when required in accordance with the orders and instructions of the Ministry of Development and Investment and the relevant legislative and regulatory national and EU provisions that shall apply in the implementation of co-financed programmes.

In accordance with the law, INSETE may transmit data to affiliated businesses, viz. the Greek Tourism Confederation – SETE and the company under the name Marketing Greece Société Anonyme for the Promotion and Development of Tourism (Marketing Greece S.A.) for internal administrative purposes, including the processing of personal data of users of its services or of employees.

In case INSETE should merge with or be acquired by another organization, your personal data may be transmitted to third parties related to the said merger or acquisition (e.g. to the said organization and to its legal consultants and auditors).

Transmissions of data outside the European Union (EU) or the European Economic Area (EEA)

INSETE transmits personal data in accordance with the legislation in force. In case that the extent, the context and the needs of the aforesaid purposes require that your personal data be transmitted outside the European Union or the European Economic Area, transmission of such data shall be made in accordance with the legislation in force and INSETE shall ensure an adequate level of data protection. By entering into appropriate data transmission contracts, based on Standard Contractual Clauses, which you may access by submitting a request to dpo@insete.gr, or by taking other steps in order to provide an adequate level of data protection, INSETE ensures or ascertains that recipients provide an adequate level of protection for your personal data.

We process your personal data when the law so permits, in other words when we have a legal basis for such processing. We proceed to process your personal data pursuant to any of the following legal bases:

You have provided your consent for the processing of the data for one or more specific purposes, e.g. when you directly contact us, when you subscribe to our newsletter, when you participate in our training/coaching actions, when you consent to the shooting of photographs and videos when attending our training/coaching actions. If you have provided your consent about a specific collection, processing and use of your personal data, you may revoke such consent at any time with effect for the future; in other words, any processing acts prior to such revocation shall not be impacted.

Processing is required for compliance with INSETE’s legal obligation, e.g. when you participate in a training/coaching action which requires the payment of a fee, as described above, we process information about you regarding the payment of the fee because this is required for our compliance with the tax legislation, when you participate in PA programmes, we collect and process data which are required by the relevant legislation of public contracts, as mentioned above (e.g. tax and social security clearance certificates, income tax returns, registration of a new business and of any subsequent changes with the competent tax office). Specifically with regard to PA programmes, INSETE functions as ‘processor’, in other words it processes your personal data on the basis of the instructions of the Ministry of Development and Investment, which fulfils the role of the Controller in the processing of your personal data pursuant to article 53 of Law 4914/2022. With regard to PA programmes, it is the processing of your personal data especially for compliance with a legal obligation or discharge of a duty which is performed to serve a public interest or an assigned public authority.

Processing is required for purposes related to the lawful interests pursued by INSETE (or the lawful interests of third parties), on condition that your fundamental rights do not prevail over said interests. Such lawful rights include:

(a) monitoring, in order to ensure the efficient and secure operation of our Website and to prevent fraud and its misuse;

(b) optimization of our services and of our Website;

(c) monitoring how our Website operates, e.g. through its statistical data, in order to improve its design and the information we provide through our Website, our services, and our relations with users of our Website.

If you choose to not provide your personal data in specific instances, this may result in some disadvantages for you, e.g. we may be unable to provide you with a service or respond to one of your requests.

We do not make decisions exclusively on the basis of automated processing (including profiling) which (decisions) produce legal results which concern you or which significantly impact you in a similar manner.

We generally keep your personal data for as long as the law requires, depending on the purpose and type of processing.

Specifically, your personal data shall be kept for as long as necessary in order for the purposes for which we collect them to be fulfilled, e.g. for as long as necessary in order that we may provide you with the functions of our Website and with the services which were requested.

As soon as the purpose for which the data are processed is fulfilled, we shall either delete your personal data or anonymize your personal data, unless there are reasons prescribed by the law (e.g. by the tax legislation) for such data to be kept.

Specifically:

We keep your personal data which we collect from you when you subscribe to our Newsletter (e.g. email address) for as long as you remain subscribed on our recipients’ list and we delete them if you revoke your consent.
We keep your personal data which we collect from you when you submit a query or complaint, when you contact us via our Website or by any other available means of communication, for as long as necessary and until the relevant issue is duly addressed.

We keep your personal data which we collect from you when you send us a CV in the course of the recruitment process, if we have posted a job vacancy announcement, until the relevant vacancy has been filled.

If you send an application for employment on your own initiative (unsolicited by us) and if we are not interested in such cooperation, your personal data shall be deleted one month from receipt.

If your application – whether sent on your own initiative or in response to our advertisement – is approved, you shall be informed when you assume your post about how we will be processing your data as your employer from that time onwards (see here in particular INSETE information policy of job applicants).

The time for which we keep your personal data which we collect from you in the context of the implementation of PA programmes is determined on the basis of the purpose of the processing, in other words the management and control of each Action and its evaluation. Thus, data are kept for as long as required for such purposes to be fulfilled and/or in accordance with data keeping requirements in each programme.

Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing, as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons from processing, INSETE implements appropriate technical and organizational measures to ensure a level of security appropriate to the risk of processing.

Subject to the conditions prescribed in the relevant legislation (GDPR), you have the following rights with regard to the protection of personal data pertaining to you:

Right of access

You may contact INSETE if you would like us to inform you about and explain if we keep data about you and which data we do keep, as well as the way in which we process them. You may also request a copy of your personal data which INSETE keeps about you.

Right of rectification

If you believe that your data are not accurate or that they should be updated, you are entitled to request the rectification of inaccurate personal data and the completion of incomplete particulars.

Right to erasure

Under certain conditions, e.g. when data are no longer required, when you have revoked your consent, or when data have been subjected to illegal processing, you may request INSETE to erase them.

Right to restriction of processing

If you believe that your data are not accurate or that their processing is illegal or if you believe that such data are no longer required by INSETE, you may request that processing be restricted.

Right to object

You may object to the processing of your personal data by INSETE for reasons which concern you and which pertain to your particular status , unless – among other things – there are imperative and legal reasons for processing, which should prevail over your interests, rights and freedoms.

Right to data portability

You may also request to receive the data pertaining to you in a structured, commonly used and machine-readable format and to have such data transmitted to another organization (controller) which you will make known to INSETE.

For additional and more detailed information about your rights, you may visit the website of the Hellenic Data Protection Authority by clicking.

In order to exercise your rights, you may contact INSETE in any of the ways specified above in the unit ‘Who we are and how you may contact us’.

Right to appeal to the authority

We inform you that you have the right to appeal to the Hellenic Data Protection Authority (HDPA) for issues pertaining to the processing of your personal data. The HDPA’s offices are in Athens (1-3 Kifisias, 11523 Athens). For information about the scope of the HDPA and the way in which complaints may be lodged, you may visit the website of the HDPA ().

INSETE may from time to time amend the present Privacy Policy in order to comply with changes in regulations and for operational reasons.

Updated versions of the present Privacy Policy shall be posted on the Website and shall indicate the date, so that you may identify the most recent updated version.

Time for the provision of information once a right has been exercised

We are obliged to respond without delay and at the latest within one month from your submission of a request to exercise one of your aforesaid rights to INSETE. The one-month period may be extended by two months, in the event that your request is complex or if the number of requests is big. In the event of an extension, we shall in any case inform you within one month from your submission of a request. Your requests are generally submitted and addressed free of charge. Taking into account any administrative expenses for the provision of information, INSETE may impose a reasonable charge in the event that a clearly unfounded or excessive request is submitted, especially due to the repetitive character of such request, or it may refuse to satisfy an inappropriate request. In the event that your request should be declined, INSETE shall inform you in detail about the reasons that your request was declined and about your right to appeal to the Hellenic Data Protection Authority or to the courts of law.

The Privacy Policy, in any amendment thereof, and the processing of your personal data by our company in general shall be governed by Greek Law 4624/2019, as well as by the General Data Protection Regulation [Regulation (EU) 2016/679], and generally by the applicable national and European legislative and regulatory framework about personal data protection, including the guidelines, recommendations, consultation papers, and acts of the Hellenic Data Protection Authority (HDPA).The Privacy Policy is available in Greek and in English. In case of any inconsistencies between the two versions, the Greek version shall prevail.