The Hellenic Mediterranean University (ELMEPA), in compliance with the General Data Protection Regulation 2016/679, as well as the national legal framework governing the protection of personal data, which it processes either as a Data Controller or as a Processor, has established this policy in order to communicate the basic principles of the University to any interested party or person involved in data management processes.

The Institution’s Policy as well as all the procedures followed have been established based on the following pillars of values:

Personal data is the unique property of each natural person and must be protected from incorrect or unauthorized processing.

Privacy is a basic right of each natural person, which should not be violated under any circumstances.

The main way to protect data, whether in electronic or printed form, is primarily to ensure controlled access and maintain appropriate infrastructures for their processing.

In any case, the confidentiality, integrity, availability and resilience of the data must be maintained.

Hellenic Mediterranean University selects the procedures and security mechanisms to adopt for each individual infrastructure or process by implementing a broader strategic plan based on the following stages:

Identification of data and their flows.

Evaluation of existing practices based on legal requirements.

Preparation of a Data Processing Risk Impact Assessment Study to calculate the final impact of the effects on natural persons, where required.

Determination of mechanisms based on the results of the above analysis and calculation of the residual risk.

Based on the above, in order for the institution to be able to comply with both the legal framework and the principles, the following mechanisms, procedures and measures have been adopted:

Physical access control policy to the institution’s premises where personal data is processed and/or stored: classified employee access, constant visitor escort, access logs, etc.

Logical access control policy (role allocation and corresponding assignment of access rights, user accounts, protection policy for all information systems).

Active and passive fire protection measures.

Segregation of duties procedures (job descriptions, separation of duties and areas of responsibility, detailed procedures for operation).

Personnel selection and evaluation procedures (qualification requirements and recommendations, signing of confidentiality – non-disclosure – banking secrecy agreements).

Information systems protection measures (custom firewall policies, traffic control, traffic logs, antivirus on servers & clients, UPS systems, computer locking, access control, etc.).

Systematic control procedures (internal inspections, external inspections, certification bodies, internal continuous controls for compliance with control measures).

Infrastructure monitoring practices (security alarm, emergency response team and patrol services, motion detectors, fire detectors).

Partner – supplier management (procedures and criteria for selection – evaluation, conducting audits on suppliers and partners, concluding binding cooperation contracts with special terms regarding confidentiality  and data protection).

The Foundation has appointed the company ADVANCED SERVICE SYSTEMS LTD as Data Protection Officer, with the responsible natural person being Mr. Themistokles Sioros. If you wish to communicate directly with the Foundation’s DPO, you can use the email dpo@hmu.gr