Privacy Policy

Personal Data Protection Policy of the Public Administration’s Single Digital Portal: www.gov.gr

  1. INTRODUCTION

    2. The General Regulation on the Protection of Personal Data Regulation (EU) 2016/679 (the ‘GDPR’) became applicable in the European Union as of 25 May 2018. The text of this regulation can be accessed via the following URL: https://eur-lex.europa.eu/legal-content/EL/TXT/?uri=CELEX:32016R0679.

    This policy for the protection of personal data (the ‘Data Policy’ or ‘PDPP’) relates to the Single Digital Portal of the Public Administration (‘the Portal’) of the Ministry of Digital Governance (‘the Ministry’), which operates under the domain name: www.gov.gr.

    The Ministry places particular importance on the protection of citizens’ personal data, as well as the data of visitors to the website. For this reason, the data protection policy has been developed in order to inform the aforementioned individuals on how their personal data is collected, used and disclosed.

  2. DEFINITIONS RELATING TO PERSONAL DATA

    3. (Note: The definitions follow Article 4 of the GDPR)

    «personal data»: means any information relating to an identified or identifiable natural person (‘data subject’).

    «data controller»: means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

    «processor»: means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller

    «data subject»: means natural persons, whose personal data are collected and processed by the controller (in the context of the data policy; the users of the above website, whether identified or not when making use of the service, are data subjects.

    «recipient»: means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not.

  3. PERSONAL DATA COLLECTION

    4. Whenever a visitor or user visits the Ministry’s website and for as long as

    1. they interact with the site, or
    2. use its document issuing services,

    certain information may potentially be collected, including:

    Α. For the identification of electronic service users

    The identification of ‘users’ of the ‘service’ is provided by the interoperability centre of the General Secretariat of Information Systems for Public Administration (G.S.I.S.P.A.) of the Ministry of Digital Governance, with the credentials assigned to the ‘user’ by the TaxisNet system as determined by Minister of State Decision No 3981ΕΞ2020 ‘Provision of an OAuth2.0 User Authentication Service to Information Systems of third parties’ (Government Gazette, Series II No 762/10.3.2020). The Ministry, acting as Data Controller, receives and processes the following personal data for the sole purpose of identifying the ‘users’ (via the OAuth2.0 user authentication protocol) who are using the ‘service’:

    1. first name
    2. surname
    3. TaxisNet username
    4. father’s name
    5. mother’s name
    6. year of birth
    7. Tax ID number

    Β. For the provision of electronic services

    For the provision of the ‘service’ and for the effective and lawful provision of said service, the Ministry, acting as Data Controller, processes the following personal data:

    1. The IP address assigned to the device with which the ‘user’ connects to the ‘service’.
    2. Browsing data within the ‘website’, through the installation of cookie-type data extraction software.
    3. Timestamp relating to use of the ‘service’.
    4. Data regarding the connection device (operating system, browser software).
    5. All information contained in the document (application, solemn declaration or authorisation) submitted by the ‘user’.

    C. Special categories of personal data

    The Ministry of Digital Governance does not collect or process special categories of personal data, as defined in accordance with applicable law (such as race or ethnicity, religion, health data, etc.) for identification purposes or provision of service. However, it may possibly process special categories of data if such information is entered by users themselves in the ‘free text’ fields of documents when using the electronic services, for instance in online applications, authorisations or solemn declarations.

  4. PURPOSES FOR WHICH PERSONAL DATA PROCESSING TAKES PLACE

    5. The Ministry of Digital Governance processes your personal data in order to lawfully exercise its responsibilities, in full compliance with all its legal obligations under national and EU law, in order to fulfil its duties in the public interest, and to exercise the powers of public authority assigned to it.

    Legal basis for processing

    The processing of the personal data of ‘users’ is essential to the operation of the ‘service’ and is based on the provisions of Law 4635/2019 (Government Gazette, Series I No 167) and the Act of Legislative Content adopted on 20 March 2020.

    Processing purposes

    Personal data collected by the portal facilitates fulfillment of the following purposes:

    a) fulfillment of the purpose of the portal’s operation, namely provision of its services to users (citizens),

    b) provision of information regarding portal services and the manner in which they operate and

    c) to extract statistical data on how the website is used.

    In particular, personal data collected and stored by the website in the respective database or the Single Government Cloud (G-Cloud Services), are intended to be used for the purposes stated above, namely the following:

    1. To identify ‘users’ of online services such as online applications or declarations or authorisations
    2. To identify ‘users’ through the interoperability centre of the General Secretariat of Information Systems for Public Administration (G.S.I.S.P.A.), with the credentials ascribed to the ‘user’ by the TaxisNet system
    3. To provide online services, such as electronic applications, declarations and authorisations.
    4. To ensure the seamless operation of the ‘website’ and the ‘services’.
    5. To provide technical support to the ‘declaration administrators’ of the ‘service’.
    6. To ensure the website functions in a user-friendly and easy-to-use manner.
    7. To improve website experience during the performance of the ‘service’.
    8. To create statistical reports and graphs in order to monitor operation of the service.
    9. The information contained in statistical reports and graphs does not include personal data from ‘users’, given that this is derived from anonymised data.

    In order to provide the ‘service’, the Ministry of Digital Governance collects and processes ‘users’ personal data exclusively for the abovementioned purposes and only to the extent absolutely necessary to effectively serve these purposes. In each case, the data is relevant, suitable and limited to what is necessary in view of the aforementioned purposes. Moreover, it is accurate and subject to updating as necessary

    Furthermore, such data is retained only during the period required to fulfil the purposes of their collection and processing, and are deleted after this period has elapsed, in accordance with the General terms & conditions of use.

  5. CONFIDENTIALITY

    6. The Ministry does not provide or otherwise transmit or publish personal data of visitors or users of the website to third parties, without their consent, with the exception of aforementioned recipients to facilitate functioning of the portal, with the exception of application of relevant legal requirements and only to the competent authorities.

    Personal data held may be disclosed to the competent judicial, policy and other administrative authorities, subject to lawful request and in accordance with applicable legal provisions. Furthermore, in the case of a legal order by a public prosecutor or other authority or when criminal investigations or preliminary examinations are conducted, the Ministry is obliged to provide access to the relevant data and to make them available to the requesting authority.

    The Ministry does not forward the personal data of users to third countries or international organisations.

  6. TRANSFER AND STORAGE OF PERSONAL DATA

    7. Any transfer or transmission of the personal data of data subjects is done through electronic systems and the data in question is transferred in encrypted form.

    Data is stored on servers or on the Single Government Cloud (G-Cloud Services), all of which are located within the European Union.

    Authorised employees of the Ministry of Digital Governance, and in particular of the General Secretariat of Information Systems for Public Administration (G.S.I.S.P.A.), may have access to users’ data in the context of their duties and responsibilities.

    National Infrastructures for Research and Technology SA (GRNET) acts as processor and provides the Ministry and the General Secretariat of Information Systems for Public Administration (G.S.I.S.P.A.) with support services for the public administration’s single digital portal.

    The Ministry of Digital Governance, in the context of the purposes described above, may transfer, if the user so chooses, certain personal data to third parties which users themselves have chosen to submit online applications or solemn declarations or authorisations, in relation to their use of the electronic services provided.

  7. RIGHTS OF DATA SUBJECTS

    8. In full compliance with the provisions of the GDPR, the Ministry satisfies and facilitates the exercise of the rights of data subjects thereunder, in relation to the use of the portal and its services, given that such rights can be effectively exercised in the context of the portal’s operation, namely:

    1. The right of access so that you can receive information regarding your personal data which is processed by the Ministry of Digital Governance, for what reason, and the recipients thereof.
    2. The right to rectification so that you can correct mistakes, inaccuracies and deficiencies in your personal information.
    3. The right to erasure of this data, in accordance with the provisions of the GDPR, so that your data can be deleted from the files of the Ministry of Digital Governance.
    4. The right to restriction of processing where the accuracy of the information is contested, where you have previously objected to processing and the relevant decision is still pending, or in the event that retaining your data is no longer necessary for its initial purpose, but cannot be deleted yet for legal reasons.
    5. The right to data portability so that you can receive your data in electronic form and transmit it to third parties.
    6. The right to object to the processing of your personal data by withdrawing your consent, if this has been granted, without this withdrawal affecting the legality of the processing during the period of time that elapsed before the withdrawal of consent.
  8. SATISFACTION OF RIGHTS – GUARANTEES – RETENTION PERIOD

    9. Overall, the Ministry shall ensure that:

    1. Procedures are in place, which allow the easy exercise of the rights of data subjects, so that all necessary actions are immediately initiated.
    2. It will respond to requests submitted by data subjects without undue delay and, in any event, no later than 30 calendar days. Should the Ministry be unable to satisfy a right that has been exercised by the data subject, it shall ensure that specific, adequate and complete justification is provided.
    3. Except where a request is clearly unfounded or excessive, all actions relating to the satisfaction of data subjects’ rights shall be undertaken free of charge.
    4. The personal data collected is recorded by computer systems which provide adequate security and are operated by specially trained and authorised employees in order to achieve the maximum protection possible of the recorded data, within a modern digital environment.
    5. The Ministry of Digital Governance maintains and processes your personal data for the abovementioned purposes no longer than is necessary for the purpose for which they were collected under the terms of use of the service or in accordance with applicable law.
  9. COOKIES POLICY
    1. General

      2. The portal website uses cookies in compliance with applicable legislation. cookies are small pieces of data (files) in simple text format, which are stored in the user’s computer (or other devices with internet access, such as smartphones or tablets), whenever the user visits any website on the internet. Cookies do not damage the user’s computer or the files stored on it. Without cookies, it is not possible to save users preferences.

      Cookies help gather necessary information to measure the effectiveness of a website, to improve and upgrade its content, to adapt it to the demands and needs of users, and to measure the effectiveness of the website's presentation and promotion on websites of third parties. Cookie files used by websites do not collect information that identifies individual users, or acquire information regarding any document or file retained on the user’s computer.

      Data collected by cookies may include the type of browser used by the user, the type of computer, its operating system, the internet service provider (ISP), and other similar information. Furthermore, the website's information system automatically collects information about sites visited by the user and links to third party websites that may be located on the portal's website.

    2. Which cookies does the portal use?

      3. The portal website, like all websites, uses cookies to ensure it functions smoothly and offer users the best possible service. The following four categories are used:

      Α) Necessary

      Necessary cookies help render the website useful by allowing basic functions, such as browsing and access to secure areas of the website. Without these cookies, the website cannot function properly.

      Β) Preference

      Preference cookies allow the website to remember information which may change the way in which the website behaves or its appearance, including used of the preferred language or the region where the user is located.

      C) Statistics

      Statistics (performance) cookies help the website’s owners understand how visitors interact with the website, collecting and reporting information anonymously.

      DIRECTORY – RECORDING – CATEGORISATION OF PORTAL COOKIES

      NAME SOURCE (Source) DESCRIPTION OF PURPOSE (Cookie Purpose Description) EXPIRY (Expiry)

    3. How to manage and delete cookies

    Most browser menus provide options for the management of cookies. Depending on the settings options given by the browser to users, the installation of cookies may be permitted, existing cookies may be disabled or deleted, or users may be notified every time cookies are installed. Instructions for managing and deleting cookies are usually found in the browser menu under ‘Help’, ‘Tools’, or ‘Edit’. Also, the user can find more detailed guidance in www.youronlinechoices.com/gr, which explains in detail how to check and delete cookie files in most browsers.

    Users should take into consideration the fact that rejecting or deactivating the website's cookies affects functionality of the website, which may be partially disabled. Furthermore, by deactivating cookies or a category of cookies, the respective file is not deleted from the browser. Such actions should be performed by users themselves, by modifying the internal operating features of the browser they use.

  10. Contact

You may contact the Ministry’s Data Protection Officer by email at: dpo@mindigital.gr or by letter to the following address: 11, Fragkoudi Street & Al. Pantou Street, Kallithea, in order to submit any questions you may have with regard to the processing of your personal data.

If any of the aforementioned rights is exercised, the Ministry of Digital Governance shall take every possible measure supply a satisfactory response within 30 calendar days from the receipt of the respective application, with notification in writing of satisfaction of your request, or explanation of the reasons preventing it. If, due to the complexity or the number of requests, this proves not to be possible, the deadline shall be extended for another two months, of which you shall receive due notification.

If you remain unsatisfied with the response or consider that the processing of your personal data violates the applicable regulatory framework regarding the protection of personal data, you have the right to file a complaint with the Hellenic Data Protection Authority (Postal address: 1-3 Kifissias Avenue, Athens 115 23; Tel. 210 6475600; email: contact@dpa.gr).

© Copyright 2025 - Created by the Ministry of Digital Governance

ENGLISH | ΕΛΛΗΝΙΚΑ
We use cookies to help us improve your site browsing experience. By clicking on "Accept", you agree to their use in accordance with our guidelines. Privacy Policy.