As of 25.5.2018, the General Data Protection Regulation (EU) 2016/679, known as GDPR, has been in effect. It was established on 04/05/2016 and fully implemented on 25/05/2018, after a two-year adaptation period. The goal of the Regulation is to protect the privacy the subjects’ personal data by defining and appropriately reshaping the ways and methods by which organizations process such data (collection, management, storage, deletion, etc.).

As the Data Controller, we at the Municipality of Ioannina recognize the need to protect privacy and personal data. We comply with the GDPR requirements and take effective technical and organizational measures to safeguard the personal data of our Citizens, Residents, partners, and employees.

The processing and protection of your personal data are subject to the provisions of the GDPR, as well as all other provisions of national, EU, and international law related to the protection of individuals from the processing of personal data, as applicable.

At the Municipality of Ioannina, in compliance with GDPR requirements, we process your personal data in lawful and transparent ways, ensuring legality, fairness, and transparency. The personal data processed are only those necessary for each specific and clearly defined purpose, based on a specific legal basis.

In this context, the processing carried out relates to the personal data you provide in real interactive time when you use our services or contact us via e-mail or through the website https://www.ioannina.gr/, the website www.ioanninapark.gr, and the Ioannina Park application.

The personal data you provide include information depending on the service you choose and are categorized as follows:

• Identification Data (e.g., User ID, Full Name, Father’s and Mother’s Name, Photograph, ID Card or Passport Number, Social Security Number, Tax Identification Number, etc.)
• Contact Data (e.g., postal address, landline and mobile phone numbers, email address, etc.)
• Demographic Data (e.g., Nationality, Citizenship, Religion, Date of Birth, Place of Birth, Country of Birth, etc.)
• Health Data and Social Welfare Information (e.g., medical diagnoses, medical certificates, etc.)
• Curriculum Vitae Data (CV)
• Financial Data (e.g., property status, tax forms, income statements, salaries, property assets, IBAN, etc.)
• Data from other sources:
  • Citizen Complaints and Requests (Identification, Contact, and Demographic Data
  • Traffic Violations (vehicle data, area, date and time of violation)
  • Municipality Website cookies (to facilitate access and use of certain services and webpages)

For all processing purposes described above, the legal basis arises from:

• Processing personal data with the subject’s consent.
• Processing required for performing a task carried out in the public interest or in the exercise of official authority.
• Processing necessary for protecting your vital interests or those of another natural person.
• Processing necessary for fulfilling a contract in order to respond to a service request.
• Processing necessary to comply with our legal obligations.
• Processing necessary for the purposes of our legitimate interests or those of a third party.

Your personal data are treated with complete confidentiality and security (with appropriate technical and organizational measures) and are not further disclosed, except in cases where disclosure is legally required.

As data subjects, you may access the personal data we have collected about you. You may also request deletion, correction, restriction of processing, or object to the processing of your data, except in cases where we are obliged to retain your data for administrative, legal, or security reasons.

You also have the right to withdraw your consent at any time. Withdrawal does not affect the legality of processing based on consent before its withdrawal. Your GDPR rights include:

• Right of access – You may request information and access to the personal data we hold.
• Right to rectification – You may request correction of inaccurate data.
• Right to erasure (“Right to be forgotten”) – If no legal framework obliges us to retain your data, you may request their deletion.
• Right to restriction of processing – You may request that processing is stopped or limited.
• Right to data portability – You may request that your data be transferred to another entity.
• Right to object and to not be subject to automated decision-making, including profiling – You may object to processing and withdraw consent at any time.

To exercise your rights, you may submit a request. We commit to responding and providing the relevant information without delay, within one month from confirmed receipt of the request.

This period may be extended by two more months, if necessary, due to the complexity or number of requests. You will be informed within one month of receipt if an extension is required.

If we are unable to respond within the set timeframe, you will be notified within one month with the reasons.

The Municipality of Ioannina may refuse requests for restriction or deletion if processing is required for establishing, exercising, or defending legal claims or for fulfilling legal obligations.

Requests are monitored for size and frequency to prevent misuse, in accordance with GDPR Article 12, paragraph 5.

For any questions regarding the processing of your personal data, you may contact the Data Protection Officer (DPO) at

• Email: dpo@ioannina.gr
• Postal Address: Data Protection Officer, Municipality of Ioannina,
  5 A. Papandreou Square, PO 45221, Ioannina, Greece

Requests must include a clear description, your full name and accurate contact details (email, phone, address).

If you are unable to exercise your rights or have questions, clarifications or complaints, you may contact the Hellenic Data Protection Authority:

Address: Hellenic Data Protection Authority, Kifisias 1-3, 115 23 Athens
Email: contact@dpa.gr
Website: www.dpa.gr