The Greek Film Centre (GFC) is a legal entity governed by private law which is supervised by the Hellenic Ministry of Culture. In the context of its activities, it processes the personal data of natural persons (managers, Board members, employees, external collaborators, film professionals, journalists, programme participants, ordinary users of the website, et al.).
The processing of personal data is conducted in full compliance with the General Regulation for Data Protection (EU) 2016/679 (GKPD), Law 4624/2019 as this is applicable in a given context, and the recommendations, guidelines and decisions of the Personal Data Protection Authority.
The GFC assigns especial importance to the protection of personal data. Consequently, the GFC takes the appropriate measures to protect the personal data it processes, and to ensure that its collection and processing is always carried out in accordance with the obligations set by the applicable legal framework, both by the GFC itself and by its partners or other third parties who process personal data on its behalf.
Categories of Personal Data
The GFC only processes personal data provided by the natural persons who come into contact with it in the context of its legal competencies and for the purposes its activities seek to achieve, along with professional personal contact details that have been included in publicly accessible industry databases in Greece and abroad. Such data includes, for example, the name, contact details or other information that is absolutely necessary for managing an individual’s relationship with the GFC, and only when there is a legitimate reason for doing so.
For what purposes do we process personal data?
The GFC processes personal data for the following lawful and legitimate purposes:
1. The exercise of the GFC’s responsibilities as these are defined by law.
Specifically, in the context of its legal competencies, and through the specialized directorates HELLAS FILM, the HELLENIC FILM COMMISSION, and MEDIA-CREATIVE EUROPE, the GFC processes personal data for the following specific purposes, among others:
- Managing calls for participation and funding requests
- Promoting films
- Promoting the work of Greek film-makers
- Issuing script certificates and shoot facilitation letters
- Managing applications from Greek and international producers
- Managing the LOCATIONS database
- Managing the CREATIVE EUROPE programme
- Organizing events
- Providing updates in relation to Greek directors.
2. Executing employment or project contracts with employees and partners, respectively, of the GFC, and managing the related obligations.
3. Executing contracts signed in the context of the undertaking of and/or performance or participation in actions and programs which the GFC is implementing or involved in.
4. Complying with the GFC’s obligations as these are imposed by law and, in particular, by insurance and/or labour legislation.
5. For the purposes of historical or scientific research, or for statistical purposes.
6. For communication with film professionals and with the Press.
The legal bases of data processing
The EKK’s processing of personal data is underpinned by the following legal bases:
- To be in compliance with the obligations accruing to it on the basis of the current legal framework, and to engage in its legitimate activities.
- To perform a duty which is in the public interest, or to exercise a public power that may have be delegated to it.
- Provided that the data subject has given their consent, when this is required.
- To protect its legal interests in general.
Who has access to your personal data?
Access to your data and the right to process it is only given to specially authorized members of the staff who have committed to maintaining the confidentiality of the personal data they process or which they become aware of in the course of their duties; this obligation continues after their departure or termination.
Who do we share your data with?
In the context of the GFC’s activities, personal data may be passed on to associates, other bodies with whom the GFC cooperates in joint actions or programs, or to third parties or companies that provide services to the GFC, but only when this is absolutely necessary for it to perform its legitimate activities and, more generally, its contractual obligations.
Furthermore, personal data is not transferred to third parties other than the competent public authorities when this is required by law, banking institutions for the purpose of making payments, or the legal advisers of the GFC so they may support or refute legal claims.
Where personal data has to be transmitted outside the EU in the context of the GFC’s activities, this transmission shall take place only with the consent of the data subjects or through the application of one or more of the legal bases set out in Chapter V of the GDPR.
How long is personal data kept?
Personal data is kept for only as long as is required to process it for the purpose it was stored.
Where the data processing or storage is imposed as a obligation within the extant legal framework, personal data shall be stored for as long as the relevant provisions so require.
What rights do individuals have in relation to their personal data?
Every natural person (data subject) has the right to access data which relates to them, and can receive additional information regarding its processing.
In addition, data subjects have the right to correct and delete, restrict the processing or data portability of, and object to the processing of their data, under certain conditions set out in the GDPR.
To exercise the above rights, or to request information or pose a question regarding the processing of your personal data, data subjects may send an email to [email protected]
If, having exercised this right, the data subject is still not satisfied, they may appeal to the Personal Data Protection Authority.
The GFC applies appropriate technical and organizational measures with a view to securing personal data processing and to preventing accidental loss or destruction, unauthorized and/or illegal access, use, amendment or disclosure thereof. In any event, the way the internet functions and the fact that it is accessible to anyone cannot assure that unauthorized third parties will never be able to violate the applicable technical and organizational measures by gaining access to personal data and possibly using these for unauthorized and/or unlawful purposes.