Privacy Policy

1. Introduction

1. Controller and Data Protection Officer

This policy provides information on the processing and protection of your personal data when using the “Greek Farms” web portal of the Ministry of Rural Development & Food.

The controller of the data submitted for processing to this web portal is the Ministry of Rural Development & Food, seated in Athens at 2, Acharnon Street, GR-10176 (TIN 090169560).

You can contact the Data Protection Officer of the Ministry of Rural Development & Food concerning any issue relating to this policy or the processing of your personal data at dpo@minagric.gr

2. Key Definitions

1. “Personal Data”: any information relating to an identified or identifiable natural person or non-natural person (‘data subject’); an identifiable natural person or non-natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
2. “Processing”: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
3. “Restriction of processing”: the marking of stored personal data with the aim of limiting their processing in the future;
4. “Filing System”: any structured set of personal data which are accessible according to specific criteria, whether centralised, decentralised or dispersed on a functional or geographical basis;
5. “Controller”: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
6. “Processor”: a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
7. “Recipient”: a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;
8. “Third Party”: a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;
9. “Consent” of the data subject: any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
10. “Personal Data Breach”: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed;
11. “Special categories of data”: personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.
12. Purposes and Legal Basis for Processing

The purpose of the web portal is to develop the openness of the primary and secondary sectors of Greek agriculture, operating under the auspices of the Ministry of Rural Development & Food pursuant to Contract No 2237. More specifically, visitors/users of the “Greek Farms” web portal may:

• apply for the issuance of export certificates for agricultural products (veterinary and phytosanitary);
• issue export certificates for agricultural products (veterinary and phytosanitary);
• register agricultural products produced in Greece;
• create virtual exhibitions of agricultural products;
• register job offers (job advertisements);
• seek work;
• obtain import data from ICISnet, with the data being obtained via interoperability services;
• obtain data from the Registers of the Ministry, with the data being obtained via interoperability services.

The above processing (making available) of data is carried out as being necessary for the performance of a task carried out in the public interest (Article 6(1)(e) of the GDPR).

The above making available of data is also a form of facilitating the exercise of the right of access by the data subject, in accordance with the first sentence of Article 12(2) and Article 15 of the GDPR.

Furthermore, as the Ministry is part of the Central Government and, more specifically, belongs to Central Administration bodies (in accordance with Article 14 of Law 4270/2014 and the Register of Services and Bodies of the Greek Administration), after the completion of processing, further processing also applies for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, which shall not considered to be incompatible with the initial purposes in accordance with Article 5(1)(b) and Article 89(1) of the GDPR.

Finally, the Ministry of Rural Development & Food does not use the consent of data subjects as a legal basis for processing (whether ordinary data or special categories of data), in accordance with WP29 recommendations (currently European Data Protection Board). In exceptional cases and where applicable, the consent of data subjects may be requested as a legal basis for processing (e.g., to send information messages to monitor the course of the user’s account) when processing cannot be carried out on a different legal basis. In these cases, too, data subjects are notified prior to processing in order to grant their consent, and they reserve full rights, including the right to revoke the consent granted, without prejudice to processing prior to such revocation.

4. Categories of personal data collected

The Ministry of Rural Development & Food, in the context of its remit and its function in the public interest, collects personal data of visitors/users of the web portal and, more specifically, employees of the Ministry of Rural Development & Food, employees of Regional Directorates of Rural Economy and Veterinary Medicine, administrators of the information system of the Ministry, citizens – farmers/producers, visitors, prospective land workers, legal representatives of companies – buyers, founders of agricultural cooperatives.

CATEGORIES OF DATA SUBJECTS	CATEGORIES OF ORDINARY OR SPECIAL CATEGORIES OF PERSONAL DATA
Internal/Authorised users – Employees of the Ministry of Rural Development & Food	The following data are drawn via the “Public Administration Codes” and interoperability with the General Secretariat for Information Systems & Digital Governance and the Civil Servant Census Register: – Full name – Father’s name – Mother’s name – TIN – Identifying Document number (e.g., police-issued identity card) – Details concerning Role and Access Rights: Data concerning their post as Ministry employees and the specific rights assigned to them within the authorisation information system.
		Natural Persons (Visitors, Farmers, Producers)	The following data are drawn from the National Tax Register managed by the Independent Authority for Public Revenue (IAPR): – First name – Last name – Father’s name – Mother’s name – TIN – Year of birth
			Other data which may be requested: Type of identity card or passport Identifying Document number Region Regional Unit Municipality Address Postcode Foreign country of residence (for residents abroad)
			Upon entering the project, the following data are drawn from the National Communication Register of the General Secretariat for Information Systems & Digital Governance, provided a relevant entry has been previously made: Contact landline number Contact mobile telephone number E-mail address Social security number (AMKA) Landline number (if different from the one above) Mobile telephone number (if different from the one above)
			After the interested party has logged into the system and the relevant authentication process has been completed using the OTP service provided by the General Secretariat for Information Systems & Digital Governance, they are requested to enter the following data: – First name – Last name – Passport number – Country which issued the passport – Country of residence – Contact mobile telephone number – E-mail address – Nationality – Language of communication – Communication method – Proficiency in Greek (level) – Proficiency in English (level) – Proficiency in a different language (level)
Not subject to the provisions of the General Data Protection Regulation (GDPR)
Founders of Agricultural Cooperatives	Not subject to the provisions of the General Data Protection Regulation (GDPR)
		Legal representatives of legal persons / Legal representatives of commercial companies (buyers), processing companies, hotel enterprises, companies involved in any manner with Greek agricultural products or processed agricultural products.

5. Method of collection of personal data

A significant number of data are received by the web portal via interoperability services (Web Service) with the following bodies:

• General Secretariat for Information Systems & Digital Governance (concerning user authentication). Following successful authentication, the mechanism returns the following to the web portal: Full name, father’s name, mother’s name, TIN and identifying document number. Usernames and passwords are neither kept nor received from project applications.
• National Communication Register.
• Register of Farmers and Agricultural Holdings kept at the Ministry of Rural Development & Food.

6. User authentication method

The user authentication method is presented below in detail.

Certified users	User authentication process
(Authorised users) Employees of the Ministry of Rural Development & Food	The foregoing log in to the system using the “Public Administration Codes” in accordance with the provisions of decision No 29810 ΕΞ/23.10.2020 of the Minister of State. The process for authorising such employees takes place via the appropriate authorisation platform of the General Secretariat for Information Systems & Digital Governance which interoperates with the Civil Servant Census Register. When they access the system, the rights assigned to them in the aforesaid manner are checked.
(Authorised users) Employees of Regional Directorates of Rural Economy & Veterinary Medicine	The foregoing log in to the system using the “Public Administration Codes” in accordance with the provisions of decision No 29810 ΕΞ/23.10.2020 of the Minister of State. The process for authorising such employees takes place via the appropriate authorisation platform of the General Secretariat for Information Systems & Digital Governance which interoperates with the Civil Servant Census Register. When they access the system, the rights assigned to them in the aforesaid manner are checked.
(Natural persons) Citizens (Farmers, Producers, Visitors)	The foregoing are authenticated using their codes – credentials (TaxisNet) managed by the Independent Authority for Public Revenue.
Founders of Agricultural Cooperatives	The foregoing are authorised using their TIN by the Agricultural Cooperative via the appropriate authorisation platform of the General Secretariat for Information Systems & Digital Governance. The foregoing are authenticated using their codes – credentials (TaxisNet) managed by the Independent Authority for Public Revenue.
Legal representatives of legal persons	They can access the system following authentication using the codes – credentials of the General Secretariat for Information Systems & Digital Governance (TaxisNet) of the legal person.
Prospective Temporary Land Workers (Aliens)	The authentication of natural persons (Prospective Land Workers (Aliens)) shall take place via Google Gmail, their Microsoft Account or LinkedIn, depending on how each end user wishes to log in.

7. Data Recipients

The recipients of personal data include, within the framework of their role and remit, the authorised personnel of the Ministry of Rural Development & Food and of the Regional Directorates of Rural Economy & Veterinary Medicine (DAOK) that have access on a need-to-know basis, as well as public authorities and bodies with which the web portal interoperates (e.g., Independent Authority for Public Revenue, General Secretariat for Information Systems & Digital Governance, National Communication Register), exclusively for the purposes of authentication and drawing the necessary data, in accordance with the legislation in force from time to time.

8. Rights of Data Subjects

The Ministry of Rural Development & Food respects the rights of natural persons regarding the protection of their personal data. Natural persons or non-natural persons have the following rights:

1. to be informed about the processing of personal data;
2. to request access to the personal data which concern them;
3. to request the rectification of inaccurate personal data or supplement incomplete personal data;
4. to submit a request for the erasure of personal data when they are no longer necessary or if their processing if unlawful. Where the legal basis for processing is Article 6(1)(e) or Article 9(2)(b) or (g), the right of erasure may not be satisfied and shall be determined on a case-by-case basis in accordance with the applicable provisions. Moreover, in accordance with recital 4 of the GDPR, the right to the protection of personal data is not an absolute right; it must be considered in relation to its function in society and be balanced against other fundamental rights, in accordance with the principle of proportionality;
5. to object to the processing of personal data on grounds relating to their particular situation, without prejudice to Article 21(6) of the GDPR;
6. to submit a request to restrict the processing of personal data in specific cases;
7. to lodge a complaint with the Hellenic Data Protection Authority (1-3, Kifisias Avenue, GR-11523, Ambelokipi, tel.: +30 2106475600, www.dpa.gr), or with the supervisory authority of the EU Member State where they reside or work, or with the supervisory authority of the place of the alleged infringement.

9. Communication by Natural Persons

The above rights as well as any right relating to personal data shall be exercised following a request filed in writing at any point accessible to the public, or via electronic communication, by sending a message to the Data Protection Officer designated by the Ministry of Rural Development & Food, at the e-mail address dpo@minagric.gr.

10. Security of Personal Data

The Ministry of Rural Development & Food takes all the necessary technical and organisational measures to protect personal data from accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access. Strict security protocols, including cryptographic methods and access controls, are applied in order to safeguard the confidentiality, integrity and availability of data.

Particular emphasis is placed on the security of authentication processes, which are provided by the General Secretariat for Information Systems & Digital Governance, ensuring that users’ usernames/passwords remain under the control of the General Secretariat for Information Systems & Digital Governance and are not kept on the “Greek Farms” web portal.

11.  Data Retention

Personal data are retained for the period absolutely necessary to fulfil the processing purposes for which they were collected and to comply with any legal obligations (e.g., taxation, archiving). After this period of time elapses, the data are erased or anonymised in a secure manner.

12.  Acceptance of Terms and Conditions

By accessing and using the Greek Farms Portal, users declare that they have read, understood and unreservedly accepted these Terms of Use and the Privacy Policy. If users do not agree with any of the terms, they must not use the Portal.