By clicking "Accept" you give us your consent to the use of cookies for the purpose of measuring traffic
For more information visit the page PRIVACY & DATA PROTECTION POLICY

Olympic Week in Schools - First Modern Olympic Games: 130 years later | 25 - 29 May 2026

PRIVACY & DATA PROTECTION POLICY

1 Information on the processing of personal data

For the National Olympic Academy (ETHNOA), the protection of the personal data of Athletes, suppliers, partners and staff is of paramount importance. For this reason it takes appropriate technical and organizational measures,in order to protect the personal data processed and to ensure that their processing, is always carried out in accordance with the obligations imposed by the legal framework, both by the HOA, and by third parties who may process personal data on its behalf.

This Privacy and Personal Data Protection Policy applies to the information we provide to our customers, for communication to any interested party and for the website https://hoa.gr and its online services.

2 What is GDPR

The General Data Protection Regulation (GDPR) 2016/679(EE) is the new regulatory framework of the European Union (EU) in this area. The object of the law is to establish the conditions for the processing of personal data, the protection of the rights and freedoms of natural persons, in particular the right to protection of personal data.

Personal data, as defined in Article 4 of the GDPR, is information that can be used to identify, communicate and transact with you, such as your full name, postal address, email address, telephone number, computer ip address and other information when combined with your personal data.

3 Definitions

α. Personal data: Information relating to a living natural person that directly or indirectly identifies him or her, such as, but not limited to, full name, VAT number, contact details (addresses, telephone numbers), ID number, location data, online ID, physical characteristics, age, etc. Information relating to legal entities is not «personal data» and is not protected by the relevant legislation. A subset of personal data are the so-called special categories of personal data (or sensitive data), which relate to the narrow personal nature of the individual (e.g. religious beliefs, political opinions, trade union membership, health, racial origin, sexual life, administrative or criminal prosecutions and convictions, etc.). The natural persons to whom the personal data relate are referred to as “data subjects“.

β. Processing: The collection and use of personal data in any way and by any means, such as storage, transmission to third parties, modification, deletion, etc.

c. Controller: The natural or legal person who determines the purposes and means of processing, either alone or jointly with others («joint controllers»).

δ. Performing processing: The natural or legal person who processes personal data on behalf of the controller.

ε. Consent: A clear, free, specific, explicit and fully informed explicit statement or other affirmative action by the data subject, by which he or she directly consents to the processing of his or her personal data, the existence of which the controller should always be able to demonstrate.

4 ETHNOA as controller

Η HOA as controller of personal data, under the name of «Hellenic Olympic Academy», located in Halandri, 52 Vikelas, P.C. 15233 , for the purposes of carrying out its business activities, collects and processes personal data of Athletes, suppliers, partners and its staff, in accordance with the applicable national legislation Law 4624/2019 and the European Regulation 2016/679 for the protection of natural persons with regard to the processing of personal data and for the free movement of such data as applicable. Therefore, the HOA Acting as controller, in accordance with Article 4(4)(a), (b) and (c). 7 of the GDPR.

5 NTHNOA as processor

Η HOA in the context of its activity as the processor :

  • process personal data only on the basis of written instructions from the controller,
  • ensure that the persons authorised to process personal data have undertaken to respect confidentiality
  • take the necessary technical and organisational security measures
  • does not engage another processor (“subcontractor”) except with the authorisation of the controller which may be general or specific (in the case of general authorisation, the “controller” is informed in case a replacement/addition of a subcontractor is required so that the controller can object to these changes).
  • take into account the nature of the processing and assist the controller with appropriate technical and organisational measures to fulfil the obligation of the controller to respond to requests to exercise the rights of the data subject;.
  • assist the controller in ensuring its compliance with the obligations to keep records of processing activities, security of processing, breach notification and impact assessment study (taking into account the nature of the processing and the information available to the processor),
  • at the choice of the controller, delete or return all personal data to the controller after the end of the provision of processing services and delete existing copies,
  • make available to the controller all information necessary to demonstrate compliance with the obligations laid down in this Article and allow and facilitate checks.

6 Personal data processed by ETHNOA

Η HOA processes personal data only for a legitimate purpose, provided that one of the conditions of Article 6(1) or Article 9(1) of the GDPR is met. 2 of the GDPR. https://hoa.gr   is designed in such a way that users can visit it without having to reveal their identity and without having to provide personal data. In the course of its activities, it may process certain personal data in order to provide certain services to meet the needs of its business operations and its customers. In particular:

6.1 Personal data of athletes

Η HOA collects and processes personal data of the athletes such as full names, maiden names, names, contact numbers, email, address, identification data if any.

The legal basis for the above processing is the performance of its contractual obligations (GDPR Article 6(1)(b)) and the legitimate interest of the HOA GDPR Article 6(1)(f).

6.2 Personal data of staff and prospective employees

  • The staff of the HOA is well trained and aware of its obligations regarding the protection of personal data and the professional secrecy of Athletes, suppliers, partners and its own staff. There is always a contractual relationship between the HOA and its employees, with the necessary confidentiality commitments and the adoption of appropriate organisational and technical measures to protect personal data.
  • When a new job is created, the HOA collect CVs of prospective employees. At this stage, the HOA collects and processes personal data of the candidates, such as full name, identity card/passport details, age, marital status, address, telephone number, email, CV details, degrees, certifications, previous experience, job applied for, etc.The collection of CVs of candidate employees is done by sending an electronic file.
  • THE NATION ensures that each candidate's personal data is kept intact and secure,for 1 year from receiving the CV in order to be considered for future employment opportunities.

The legal basis for the above processing is the performance of the contract (GDPR Article 6(1)(b)), the performance of its legal obligations (e.g. compliance with tax, insurance and labour obligations prescribed by law) (GDPR Article 6(1)(c)) and the legitimate interest of the HOA GDPR Article 6(1)(f), as well as the consent of prospective employees to the sending of their CVs (GDPR Article 6(1a)).

6.3 Personal data of our third party partners/suppliers

Η HOA collects and processes personal data of its partners/suppliers (e.g., web hosting administrator, Information Systems support, building security, accountants/technicians, legal advisors, business consultants, security technicians, occupational physicians, etc.) such as full name, email, phone number, address, VAT number, ID number, Social Security number, Social Security number, IBAN, invoices, documents, contracts, etc. These data are necessary in order to be able to communicate, direct and supervise its partners, always aiming at a perfect cooperation and customer satisfaction.

The legal basis for the above processing is the performance of the contract (GDPR Article 6(1)(b)), the performance of our legal obligations (e.g. compliance with tax, insurance and labour obligations prescribed by law) (GDPR Article 6(1)(c)) and the legitimate interest of HOA GDPR Article 6(1)(f).

6.4 Personal data from video surveillance

The security cameras and the closed circuit CCTV that the NATION, have as their main objective first of all the prevention and then the maintenance of records that help the company to draw safe conclusions in order to have comprehensive knowledge of the risks from which it must protect human life and property. Η HOA ensure that the locations where the cameras are installed and the way the data are collected are specified in such a way that the data collected are not more than is strictly necessary for the purpose of the processing and that the fundamental rights of its customers, partners, suppliers and staff are not affected. Furthermore, the HOA ensure that, before entering the range of the video surveillance system, the person concerned is informed in a visible and understandable manner (sign) that he/she is about to enter a place being filmed. The video-surveillance system shall not be used for the purpose of surveillance of workers within the workplace, but only in the entry/exit area. Personal data resulting from the use of control and surveillance methods shall not be used to the detriment of customers, partners, suppliers and its staff unless they have been informed in advance of the introduction of the control and surveillance methods and of the use of such data. The maximum storage period for video surveillance records is 14 days.

The legal basis for the above processing is the legitimate interest of the HOA (GDPR Article 6(1)(f)).

7 Purposes of the processing of personal data

  • Communication with Athletes and suppliers/partners of the HOA
  • The recruitment, payroll of employees and all general obligations of ETHNOA towards employees, as well as the processing of employees' personal data for tax and insurance purposes and as required by law (e.g. announcement of their recruitment in the ERGANI information system, granting of legal leave, etc.)
  • The management and training of human resources, in the context of the legitimate interest for the sound and effective management of the HOA as well as for the continuous improvement of its operation and efficiency.
  • Video surveillance of the entrance/exit area at the headquarters of the HOA for reasons of safety to human life and property
  • The management of judicial and/or extra-judicial disputes of the HOA, on the basis of its relevant obligations arising from the Law
  • The personal data of the above-mentioned data subjects will not be subjected to any processing other than those mentioned above, except after prior notification or if the needs arising require it.

8 Basic Principles for the processing of personal data

  • The processing of personal data takes place in a lawful, fair and transparent manner.
  • The collection of personal data is only carried out for specified, explicit and legitimate purposes.
  • The storage time of personal data is limited and only for the fulfilment of the purpose of the processing.
  • Personal data is accurate and up to date.
  • Personal data that are not accurate are corrected or deleted.
  • Personal data is kept confidential and stored securely.
  • Personal data is not disclosed to third parties unless it is necessary to provide services for them by agreement.

9 Disclosure of personal data

Η HOA may transfer personal data provided by individuals to third parties in the following cases and for specific purposes.

9.1 To its employees or external partners

These are experienced professionals who are adequately informed about the privacy obligations regarding the personal data of Athletes, partners, suppliers and employees. The employees/external partners of the NATION ,have access only to the personal data of Athletes, partners, suppliers and employees that are considered absolutely necessary for the performance of their duties. There is always a contractual relationship between the HOA and its employees/external collaborators, with the necessary confidentiality commitments and taking appropriate organisational and technical measures to protect the personal data of customers, collaborators, suppliers.

9.2 Other third parties, due to legislation

May the HOA disclose your necessary personal data to social security institutions, the Ministry of Labour, the competent tax authorities and any administrative, judicial or other public authority, as specified in the applicable legislation or in a court order, in order to comply with the law or to respond to a mandatory legal process (e.g. for tax purposes), or to protect the rights or safety of. NATION .

9.3 Other third parties with your consent

In addition to the disclosures described in this Privacy and Data Protection Policy, the following may be forwarded by HOA information about you to third parties, provided that you give us your free and explicit consent.

9.4 Transmission of an ID outside the EEA

Η HOA does not transfer personal data to third countries outside the European Economic Area (European Union, Iceland, Liechtenstein and Norway). However, if such a case arises, it will only transfer personal data to third countries that provide an adequate level of data protection and for which an adequacy decision has been issued by the European Commission. Otherwise, the HOA transfer the data only if the data subject has explicitly consented to the transfer or if the transfer is subject to appropriate safeguards, as regulated in Articles 46 et seq. of the General Regulation (e.g. Standard Contractual Clauses, Binding Corporate Rules). In addition, the HOA will inform the data subjects on this matter and in particular will explicitly mention the third countries to which the data will be transferred as well as the aforementioned mechanisms that allow this transfer in accordance with the General Regulation (e.g. adequacy decision of the European Commission, Standard Contractual Clauses, Binding Corporate Rules, etc.). For the avoidance of doubt, where the United Kingdom is no longer part of the EEA, references in this paragraph to the EEA shall mean the EEA and the United Kingdom.

10 Storage Period

The period of data storage is decided on the basis of the following specific criteria depending on the case:

When processing is imposed as an obligation by provisions of the applicable legal framework, the personal data of Athletes, partners, suppliers will be stored for as long as the relevant provisions.

When processing is carried out on the basis of a contract, the personal data of customers, partners, suppliers are stored for as long as necessary for the performance of the contract and for the establishment, exercise, and/or support of legal claims based on the contract.

The CVs of candidate employees are kept for up to 1 year after receipt. After this period, they are deleted without notice.

The biographies of its employees HOA stored in the Information Systems and in a physical file until the end of their contract for management purposes (e.g. participation in tenders, subsidy programmes)

Regarding the personal data of its customers and employees HOA shall be retained for 20 years from the end of the contractual cooperation, in case of subsidiary claims by the subjects concerned, which shall be subject to the 20-year limitation period.

11 Personal Data Security

Η HOA implement appropriate technical and organisational measures to ensure the secure processing of personal data and to prevent accidental loss or destruction and unauthorised and/or unlawful access, use, modification or disclosure. These technical and organisational measures are taken both in the design of the processing means (e.g. encryption of server and computer data, etc.) and by default, so that only the personal data necessary for the purpose of the processing are processed (principle of personal data minimisation). Η HOA is not resting on the technical security measures it has taken so far, but is constantly seeking new and modern methods in order to protect the personal data it collects and processes.In any case, the way the Internet works and the fact that it is free to anyone, does not allow for guarantees that unauthorized third parties will never be able to breach the technical and organizational measures in place, gaining access and possibly using personal data.In addition, it is not possible to guarantee that unauthorized third parties will never be able to breach the technical and organizational measures in place.

12 Actions in the event of a personal data breach

A personal data breach means a breach of security rules that results in the accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access of personal data transmitted, stored or otherwise processed. A person who becomes aware of a personal data breach shall take appropriate measures to protect the personal data from any further negative impact and shall report the breach without delay to the DPO, who will record the breaches found and assess their causes.

Where a breach of the personal data of data subjects is detected and such a breach is likely to result in a risk to their rights and freedoms, the HOA , undertakes to notify without delay and in any event within 72 hours as soon as it becomes aware of the fact of the infringement, in Personal Data Protection Authority (DPA).

Further, if the personal data breach is likely to result in a high risk to the rights and freedoms of the data subject, the data subject should be informed by the HOA without delay.

13 Your rights

Any natural person whose data are processed by the HOA , has the following rights:

13.1 Right to information

You have the right to be informed about the identity and contact details of us, or our representatives, the purposes of the processing for which the personal data are intended, as well as the legal basis for the processing, the recipients or categories of recipients of the personal data. In the context of the principle of transparency governing the operation of the HOA, you can contact us requesting further information on how your personal data is processed and how to exercise your rights by submitting the relevant requests. Your requests will be answered without delay and in any case within one month of receipt of the request. That period may be extended by a further two months, if necessary, taking into account the complexity of the request and the number of requests.

13.2 Right of access

You have the right to be aware of and verify the lawfulness of the processing and to ask us for copies of the personal data processed. Therefore, you have the right to access the data and to obtain additional information about the processing. You also have the right to access more specific information on the content and how to exercise your individual rights.

13.3 Right of rectification

You have the right to review, correct, update or modify your personal data

13.4 Right of deletion

You have the right to request the deletion of your personal data when we process it on the basis of your consent or in order to protect our legitimate interests. In all other cases (such as, but not limited to, where there is a contract, a legal obligation to process personal data, or a public interest), this right is subject to specific limitations or does not exist as the case may be (e.g. we are entitled to refuse to erase your personal data for the purpose of establishing, exercising or supporting our legal claims).

13.5 Right to restrict processing

You have the right to request restriction of the processing of your personal data in the following cases: (a) when you contest the accuracy of the personal data and until verification, (b) when you oppose the erasure of personal data and request restriction of use instead of erasure, (c) when the personal data are not necessary for the purposes of processing, but are necessary for the establishment, exercise, support of legal claims, and (d) when you object to the processing and until verification that there is no personal data.

13.6 Right to object to processing

You have the right to object at any time to the processing of your personal data where, as described above, it is necessary for legitimate interests pursued by us as data controllers, as well as to processing for direct marketing purposes. In particular, you have the right to object to any decision taken solely on the basis of automated processing, including profiling, which produces legal effects concerning you or significantly affects you.

13.7 Right to portability

You have the right to receive, free of charge, your personal data in a format that allows you to access, use and process them by commonly used processing methods. You also have the right to ask us, where technically feasible, to transfer the data also directly to another controller. This right exists for data that you have provided to us and is processed by automated means on the basis of your consent or in performance of a relevant contract.

13.8 Right to withdraw consent

Where processing is based on your explicit and free consent, you have the right to freely withdraw it, without prejudice to the lawfulness of the processing based on your consent, before you withdraw it.

To withdraw your consent you can contact to the Data Protection Officer DPOof HOA .

13.9 Right to complain to the DPA

In case of a breach of your personal data, you have the right to file a complaint with the Hellenic Data Protection Authority (www.dpa.gr): call centre: +30 210 6475600

E-mail: [email protected]

14 Third party websites

Our Website may provide links to other Websites that are not owned or controlled by us, but which we believe may be useful or interesting to visitors to our Websites. In this case, we are not responsible for the privacy practices employed on the Websites of others or for the validity of their content or for the collection of information by the parties that own and control those Websites, or their use of Cookies. Therefore, therefore, we are not responsible for any damage or problem that may occur to any of you using this foreign Website and ultimately, it is up to you whether or not you use a link to another Website provided by our Website, in case you do not fully trust it.

15 Renewals and changes

We may change or modify this Privacy Policy in order to comply with the evolving legislative environment or the needs of HOA. You are responsible for checking this Privacy Policy when you visit the Website so that you are aware of any changes and updates to this Policy. All amended terms shall automatically become effective 30 days after their initial posting on the Website.

16 Contact details of the Data Protection Officer (DPO):

For any matter relating to the processing of personal data, you can contact the Personal Data Protection Department of HOA to the following contact details:

Email:dpo@hoc.gr

Address:52 Vikelas, P.C. 15233, Halandri, Attica

Phone :+30 210 6878815

Effective date: 08/05/2022

The Administration of the Hellenic Olympic Academy

INTERNATIONAL OLYMPIC COMMITTEE
HELLENIC OLYMPIC COMMITTEE
EUROPEAN OLYMPIC ACADEMIES
INTERNATIONAL OLYMPIC ACADEMY
Facebook of Hellenic Olympic Academy