Corallia considers the security of personal data as a high priority. For this reason, this Privacy Policy is in place and recognizes the right to the protection of personal data and ensures the application of the current legal framework (in particular Regulation 2016/679 and Law 3471/2006). Briefly, you must be aware that your personal data is collected and maintained by Corallia for a certain period of time and for specified, explicit and legitimate purposes. Personal data shall be treated fairly and in a transparent manner in accordance with the applicable legal framework and in such a way as to guarantee their security.
For further information, you can contact us at:

1. Data Controller
Data controller of the Website (pursuant to art. 26 GDPR) is Corallia Unit of the Research Center Athena Research and Innovation Center in Information, Communication and Knowledge
Technologies whose registered office is situated at Kifissias Ave. 44, Maroussi (Hereinafter referred to as “Data Controller”).

2. How we collect your personal data
We collect personal data both directly and indirectly:
Directly: we obtain personal data directly from individuals in a variety of ways, including but not limited to the following cases: a) an individual registers via MS Forms to attend in meetings (physical or online) and events we host and during attendance at such events; b) an individual subscribes to our newsletter; c) we establish cooperative relationships with an individual.
Indirectly: we obtain personal data indirectly about individuals from a variety of sources, including
a) our networks and contacts; b) social and professional networking sites (e.g., Facebook, Instagram, LinkedIn, YouTube, Twitter).

3. What types of data do we collect?
The personal data that the Data Controller collects, and processes fall primarily within the following categories: some of these categories may not concern you to the extent that the type and number of the necessary collected personal data depend in any case on the capacity of the data subject, i.e., if the subject is a participant or simply a candidate participant. These data fall into the following categories:

  • contact  details (name/ surname, e-mail address, street address, mobile phone number);
  • personal information (company name, position in the company);
  • videos and photos (from people that attend our events, courses, etc).

Where appropriate we may also ask your interests and motivation for supporting Corallia, we will never make this question mandatory, and only want to know the answer if you are comfortable providing us with that information. In limited circumstances, the personal information that Corallia collects may include information that is considered “sensitive data”. This may include personal information regarding health and If you are under sixteen (16) you should ask permission of a parent or guardian before sending personal or sensitive information to anyone online.

4. What we do with your personal data
We process your personal data with the purpose of:

  • Disseminating the results of our projects to several types of stakeholders;
  • Sending invitations and providing access to guests attending our events, workshops and webinars;
  • Administering, maintaining, and ensuring the security of our information systems, applications, and websites;
  • Processing online requests/ queries and responding to communications from individuals;
  • Complying with contractual, legal, and regulatory obligations;
  • Conducting research (e.g., interviews, surveys).

5. How we secure your personal data when we process it
We continuously apply a personal data risk assessment process to identify, analyse, and evaluate the security risks that may threaten your personal data. Based on the results of this risk assessment, we define and apply a set of both technical and organisational measures to mitigate the above security risks, including but not limited to:

  • Data Protection Policies to guide our personnel when processing your data;
  • Written contracts with organisations that process personal data on our behalf;
  • Non-Disclosure Agreements with our personnel;
  • Back up process, antimalware protection, access control mechanisms, etc.
  • Our partners have appointed a Data Protection Officer.

6. Do we share personal data with third parties?
We may occasionally share personal data with trusted third parties to help us deliver efficient and quality services. When we do so, we ensure that recipients are contractually bound to safeguard the data we entrust to them before we share the data. We may engage with several or all the following categories of recipients:

  •   Parties that support us as we provide our services (e.g., cloud-based software services such as Dropbox, Microsoft SharePoint, Google Drive);
  •  Our professional advisers, including lawyers, auditors, and insurers;
  •  Dissemination services providers (e.g., Mailchimp);
  •  Law enforcement or other government and regulatory agencies or other third parties as required by, and in accordance with applicable law or regulation;

7. Do we transfer your personal data outside the European Economic Area?

We do not own file servers located outside the European Economic Area (EEA). However, some partners may use cloud and/ or marketing services from reputable providers such as SharePoint, Dropbox, Mailchimp, Google, etc., situated both inside and outside the EEA. We always check that such providers comply with the relevant GDPR requirements before start using their services.

8. Do we use cookies?
Our websites use cookies. Where cookies are used, a statement will be sent to your browser explaining the use of cookies. To learn more, please refer to our cookie policy. The following typesof cookies may be created: 

  • cookies to improve site performance;
  • cookies for anonymous traffic statistics;
  • cookies for Google Advertising Features.

Then we provide detailed information on each of these types of cookies.

9. How long do we retain personal data?
We retain personal data to provide our services, stay in contact with you, and comply with applicable
laws, regulations, and contractual obligations to which we are subject. Any personal information
gathered, regarding the visitors to this website are kept only for a certain period of time and then

10. What are your rights regarding the protection of your personal data?
You have the following rights regarding our processing of your personal data:   

  • Right of information – You can request to be informed about the categories of your personal data that we store and process, where they come from, the purposes of their processing, the categories of their recipients, the period of their storage as well as about your relevant rights (right of access).
  • Right to withdraw consent – You can withdraw consent that you have previously given to one or more specified purposes to process your personal data. This will not affect the lawfulness of any processing conducted before you withdraw your consent.
  • Right of access – You can ask us to verify whether we are processing personal data about you and if so, to have access to a copy of such data.
  • Right to rectification – You can ask us to correct our records if you believe they contain incorrect or incomplete information about you or ask us to erase your personal data after you withdraw your consent to processing by providing any necessary supplementary documentation that justifies the need for rectification or completion.
  • Right to erasure – You can demand the erasure of your personal data from the Data Controller’ records under certain circumstances, such as in case these data are no longer necessary or you have withdrawn your consent, or in case the data have been unlawfully processed etc.
  • Right to restriction of processing – You can ask us to temporarily restrict our processing of your personal data if you contest the accuracy of your personal data, prefer to restrict its use rather than having us erase it, or need us to preserve it for you to establish, exercise or defend a legal claim. A temporary restriction may apply while verifying whether we have overriding legitimate grounds to process it. You can ask us to inform you before we lift that temporary processing restriction.
  • Right to data portability – In some circumstances, where you have provided personal data to us, you can ask us to transmit that personal data (in a structured, commonly used, and machine-readable format) directly to another entity.
  • Right to object – You can object to our use of your personal data for direct marketing purposes, including profiling or where processing has taken the form of automated decision-making. However, we may need to keep some minimal information (e.g., e-mail address) to comply with your request to cease marketing to you.
  • Right to Complaint – You have the right to lodge a complaint with the Hellenic Data Protection Authority (1-3 Kifissias Ave., 115 23 Athens, Tel: +30 2106475600) in case you consider that your rights are in any way violated. For the Authority’s competence as well as the way to lodge a complaint you can find detailed in-formation on its website ( – Individuals – Complaint to the Hellenic DPA).

You can read the General Policy of Personal Data (GDPR) at the following link:

Please note the following as regards your rights:    

  • The Data Controller preserve in any case the right to deny your request for restriction of processing or erasure of your data, if their processing or storage is necessary for the establishment, exercise or defence of its legal rights or the fulfilment of its obligations.
  • The right to data portability (point of above) does not include the erasure of your data from the Data Controller’ records. The erasure is regulated under point e above.
  • The exercise of these rights is valid for the future and does not affect any previous data processing.

11. How can you exercise your rights?
For the exercise of your rights, you may send an email to In this framework and to facilitate the Data Controller in examining your request, you are kindly asked to specify which of your right(s) you are exercising. The Data Controller shall use their best endeavors to address your request within thirty (30) days of its receipt. The abovementioned period may be prolonged for sixty (60) more days, if deemed necessary, according to the Data Controller’ judgment and considering the complexity of the issue and the number of the requests. The Data Controller shall inform you within thirty (30) days of the request’s receipt in any case of prolongation of the abovementioned period. The abovementioned service is provided by the Data Controller free of charge. However, in case the requests manifestly lack foundation and/or are repeated and excessive, the Data Controller may, after informing you, impose a reasonable fee or refuse to address your request(s).

12. Data Protection Officer
You may contact Corallia’s Data Protection Officer for any matter regarding the processing of your personal data at the address 44 Kifissias Ave. Maroussi or by sending an email to

13. Disclaimer of liability for third party websites

Although our site may contain links to third-party sites we are not responsible for the privacy practices or content of these sites, and we expressly disclaim any liability for any loss or damage that may be caused using these links. We do not monitor the privacy practices or the content of these sites. If you have any questions about the privacy practices of another site, you should contact the site's responsible personnel. We suggest you read the privacy policy of each website you interact with, before allowing the collection and use of your personal data. We may also provide social media features that allow you to share information on your social networks and interact with our project on various social media sites. The use of these social media features may result in the collection or sharing of information about you. We recommend that you check the privacy policies and regulations of the social networking sites you interact with, so that you can be sure that you understand what information may be collected, used, and disclosed by these sites.

14. Children
We do not knowingly collect, use, or disclose information from children under the age of sixteen (16). If we learn that we have collected the personal information of a child under sixteen (16) we will take steps to delete the information as soon as possible. Please immediately contact us if you become aware that a child under sixteen (16) has provided us with personal information.

15. Amendments of this Information
The present Information may be periodically amended so that it is always compliant with the legal requirements and the actual data processing taking place. In case there are significant important amendments, you will be notified accordingly by any appropriate means, indicatively by a relevant notification on the website It is recommended that you regularly check the website where this notice is available to be informed on its most recent / updated version in case there are minor amendments.

Do you have an incident to report? Please submit it here .

This Information was updated on 10.10.2022 and is always available on the Website

Skip to content