Αρχείο Εθνικού Θεάτρου

Privacy Policy

The Private Legal Entity under the name “National Theatre” (hereinafter referred to as the National Theatre), aiming to safeguard your personal and sensitive personal data, has implemented all necessary technical and organizational measures as defined by the General Data Protection Regulation (EU) 2016/679. Protecting your privacy and safeguarding the confidentiality of your information and personal data is our fundamental priority.
This policy outlines the legal framework under which your data is collected and processed, the types of data we collect and process, the procedure and purpose of their collection, the retention period, and the reasons for disclosing them to third-party partners if required. Additionally, it explains your rights and the actions you can take to exercise them.
ΤThis notice provides any person receiving or interested in receiving services from the National Theatre with concise, accurate, and transparent information regarding the practices followed for managing and protecting personal data.
The National Theatre reserves the right to modify and adjust this Policy whenever it deems necessary. Changes take effect once publicly displayed on its website at https://www.nt-archive.gr/ and at the reception points of its facilities.
The Data Protection Officer (DPO) at the National Theatre is Andreas Rodakos, with Deputy Konstantinos Theodoropoulos. You can contact them directly for any related matters at +30 210 5288100 or via email at dpo@n-t.gr.

Introduction

Personal Data
Personal data refers to any information relating to an identified or identifiable natural person (e.g., name, ID number, address, etc.) (“Data Subject”). Data concerning health (physical or mental condition, receipt of medical services, etc.) are included under the general term “personal data” but constitute a special category of data, hereinafter referred to as either “sensitive personal data” or “health data”.
Processing
Processing is any operation or set of operations performed on personal data or sets of personal data, whether by automated means or not, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction.
Data Controller
The Data Controller is the natural or legal person, public authority, agency, or other body that, alone or jointly with others, determines the purposes and means of processing personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or specific criteria for its appointment may be provided for by Union or Member State law.
Processor
The Processor is the natural or legal person, public authority, agency, or other body that processes personal data on behalf of the controller.
Data Protection Officer (DPO)
The Data Protection Officer (DPO) independently oversees compliance with the GDPR (EU) 2016/679 provisions by the data controller and the processor and acts as an intermediary between various stakeholders (e.g., supervisory authorities, data subjects). The DPO's role is advisory (not decision-making), and they do not bear personal responsibility for non-compliance with the Regulation.

Legal Framework for Personal Data Protection

In the National Theatre's Digital Archive, we collect and process your personal data in accordance with this privacy notice and:

in compliance with EU Regulation 2016/679 (GDPR),
current Greek data protection legislation,
the applicable legal framework governing the operation of the National Theatre,
as well as the consents we obtain (in cases where there is no legal basis for processing).

This notice provides you with essential information regarding your rights and obligations and explains how, why, and when we collect and process your personal data.

Personal Data We Collect

During your visit to our website and while providing services through the National Theatre’s Digital Archive, we collect personal data such as, but not limited to: Name, Surname, Email address. These data are collected:

In electronic form through the website,
Through third-party processors and/or controllers operating on behalf of the National Theatre,

in order to provide you with quality services. This information will be added to our database and maintained there, provided you give us your explicit consent.
The National Theatre’s IT staff will have access to your personal data for service purposes. All National Theatre staff are bound by confidentiality, non-disclosure clauses within their employment contracts, and adhere to a Code of Ethics aimed at protecting the confidentiality of information they become aware of. Given the importance of confidentiality and the protection of your privacy, we conduct rigorous regular audits to safeguard your data and provide periodic staff training to ensure compliance with procedures as defined by applicable legislation.
The National Theatre processes only the personal information necessary to fulfill legal, regulatory, and contractual obligations and to provide quality services according to best practices. We will never collect unnecessary personal data from you, nor will we process your data beyond what is stated in this notice. We take all appropriate measures to ensure that data collection and processing include only what is strictly necessary. We acquire, maintain, and process only the data essential for service delivery and legal obligations, retaining it only as long as necessary.
Our systems, staff, procedures, and activities aim to minimize the collection of personal information to what is essential for the specified purpose. Minimizing personal data processing allows us to control and reduce risks and data protection breaches while supporting compliance with applicable data protection laws and regulations.

Categories of Personal Data Collected

Personal Data (Adults and Minors)

Examples include::
Contact Information: First and last name, personal email address.

Conversations with the Digital Assistant.

How Personal Data is Collected

The personal data processed and stored by the National Theatre's Digital Archive may be obtained through the dedicated registration form on the Digital Archive website: https://www.nt-archive.gr/.

Legal Basis for Processing
In its operations and to fulfill its objectives (service provision), the National Theatre collects and processes personal data based on the following legal grounds:

Article 6(1)(b) of the GDPR: Processing is necessary for the performance of a contract to which the data subject is a party or to take steps at the request of the data subject prior to entering into a contract.
Compliance with Legal and Employment Obligations: To fulfill obligations and exercise specific rights of the controller or data subject in the field of employment law, social security, and social protection law.
Article 9(2)(f) of the GDPR: Processing is necessary for the establishment, exercise, or defense of legal claims or when courts act in their judicial capacity.
Public Interest and Research Purposes: Processing is necessary for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes under Article 89(1) of the GDPR, in accordance with Union or Member State law. These measures must respect the essence of the right to data protection and include appropriate safeguards for the rights and interests of the data subject.
Consent: In cases where explicit consent is required for processing personal data not covered by the aforementioned legal bases.

Purposes and Reasons for Processing Your Personal Data
We collect and store your personal data based on the legal bases mentioned previously for the following specific purposes:

Contractual Agreement: To fulfill the contractual obligations between you and the National Theatre.
Historical Record-Keeping: To maintain records for future reference and documentation of our cooperation.
Legitimate Interests: To protect our legitimate interests in managing services and operations.
Compliance Audits: To retain data for responding to audits by regulatory authorities regarding the legality of processes and payments.
Legal Claims: For establishing, exercising, or defending legal claims or when courts act in their judicial capacity.
Legal Compliance: To comply with statutory obligations.
Security and Asset Protection: To protect our premises and assets from unlawful actions, based on our legitimate interest or legal obligation.

Additional Considerations:

Retention of Special Categories of Data: We retain sensitive personal data for as long as required by law.

Third-Party Data Sharing: We may share your information with external entities only when legally required:

In compliance with an official court order.

When you provide explicit authorization for such sharing.

To protect the legitimate interests of the National Theatre or third parties.

When required by law (e.g., tax authorities, social security funds), ensuring you are informed beforehand.

When there is a documented legitimate interest, you will receive prior notice and be given reasonable time to raise objections before any transfer occurs.

Data Sharing and Disclosure of Your Personal Data
We do not share or disclose your personal data without your consent, except for the purposes outlined in this privacy notice or when legally required. The National Theatre collaborates with selected partners (acting either as "data processors" or "joint controllers" under the GDPR) to provide specific services and business functions. All data processors acting on our behalf process your personal data according to our instructions and in full compliance with this privacy notice, the principles of the General Data Protection Regulation (EU) 2016/679, and applicable confidentiality and security measures. Our selected partners have agreed to strict confidentiality and non-disclosure clauses regarding data processing. Key categories of processors with whom your data might be shared include:

IT and Accounting Support Providers: Companies offering support for information systems and accounting functions.
Supervisory Authorities and Ministry of Culture Entities: Relevant regulatory bodies overseeing cultural affairs.
Public Interest Entities (e.g., Hellenic Statistical Authority): Organizations that serve public interests.
External Legal Advisors: Legal consultants for specific cases or disputes.

Data Protection Measures

At the National Theatre, we implement all reasonable technical and organizational measures to protect and safeguard your personal data. Our goal is to shield you and your information from unauthorized access, modification, disclosure, destruction, or any other form of unlawful processing. Key security measures include: defined policies and procedures, role-based access management, strong password controls, network security protocols, perimeter defense tools (e.g., firewalls), business continuity planning, incident response management, data encryption, continuous staff training on technical and organizational security protocols. These measures ensure the integrity, confidentiality, and availability of your data while minimizing the risks of breaches or unauthorized access.

Consequences of Refusing Consent for Data Processing

Your consent is primarily sought to retain data for a longer period than necessary to fulfill the original purpose for which it was collected. Specifically, your explicit consent allows:

The National Theatre to maintain a historical archive.

Key points:

Service Provision: Refusing to give consent does not affect the delivery of services provided by the National Theatre’s Digital Archive.
Operational Impact: However, your consent is considered valuable for the efficient operation of the National Theatre and for facilitating prompt and comprehensive service delivery.

Thus, while your consent is not mandatory for accessing core services, it significantly supports the archival mission and service quality of the National Theatre.

Duration of Data Retention

At the Digital Archive of the National Theatre, we retain personal data only for as long as necessary, adhering to strict review and retention policies to meet our obligations.
According to Greek law, the records of the Digital Archive of the National Theatre are classified as public records. Retention is governed by Presidential Decree (P.D.) 480/1985 regarding the «clearing of archives for public entities». Data retention periods range from 2 years to perpetuity depending on their utility and necessity. Subsequently, records undergo inspection by the General State Archives (GAK). Records deemed historically significant are transferred to GAK storage and Non-essential records are destroyed. This structured approach ensures compliance with legal standards while preserving valuable historical information.

Exercise of Your Rights

Regarding your personal data, you have the right to exercise the following options by submitting a formal request in person, through an authorized representative, or via certified mail to the National Theatre:

a) Right to Information and Access: You can request access to all personal data held by the National Theatre, including the types of processing, purposes, recipients, and retention periods.
b) Right to Rectification: If you believe your data is incomplete or inaccurate, you can request corrections or updates.
c) Right to Erasure (Right to be Forgotten): You can request data deletion under specific conditions:
- When the data is no longer needed for the purposes for which it was collected.
- When you withdraw consent, and there’s no other legal basis for processing.
- When data processing was conducted unlawfully or a legal obligation requires deletion.
d) Right to Restrict Processing: You may request restriction of processing if:
- You contest the accuracy of your data (pending verification).
- You oppose deletion and prefer restricted processing.
- The Theatre no longer needs the data, but you require it for legal claims.
e) Right to Data Portability: You can request a transfer of your data to another organization (in Greece or abroad) or receive it in a standardized electronic format (e.g., CD, DVD).
f) Right to Object: You may object to processing, unless there are compelling legal reasons that outweigh your interests, rights, or freedoms, or for legal claims.

To ensure your data remains protected, identity verification is required (via official ID or authorized documentation).
The National Theatre will process your request free of charge within one month. In complex cases or high-volume requests, this period may extend by up to two additional months. You’ll be informed of any extension and its reasons within the initial month.
If a Request Cannot Be Fulfilled, you’ll receive an explanation within a month, including information on how to lodge a complaint with the Hellenic Data Protection Authority (HDPA) or pursue legal recourse, and presentation of tailored promotional and educational content. Cookies are essential for the proper functioning of the National Theatre Digital Archive website.

Cookies

The National Theatre Digital Archive uses cookies to enhance the functionality and user experience of its website.
Cookies are small text files sent to and stored on your computer. They allow websites, including the National Theatre Digital Archive, to operate smoothly and efficiently. They help recognize frequent users, store user preferences and collect data to improve website content. Cookies do not damage your computer or stored files. Cookies enable eeamless website operation, collection of user preferences .
Types of Cookies Used

Name	Purpose	Type and duration
PHPSESSID	Maintains user session information (e.g., login status).	First party cookie, deleted after 1 hour.
NTCONSENT	Records the user's consent to cookie usage.	First party cookie, deleted after 14 days.

The website also uses local storage to save search data directly in your browser, ensuring quicker retrieval of previously searched information. You can clear these data anytime through your browser settings.
You can configure your browser (Chrome, Firefox, Edge, etc.) to notify you before receiving a cookie and decide whether to accept or reject cookies individually. Disabling cookies may limit your ability to use all website features effectively.
The National Theatre Digital Archive reserves the right to modify this cookie policy at any time. Any changes will take effect as soon as the revised policy is available on the website.

Complaint Submission

The National Theatre processes your personal data in accordance with this privacy statement and applicable data protection laws. If you wish to file a complaint regarding the processing of your personal data or if you are dissatisfied with how we have handled your personal data, you have the right to submit a complaint either to the email dpo@n-t.gr of the the Data Protection Officer (DPO) or with written Submission through the National Theatre's secretariat. Finally you have the right for Submission to the Hellenic Data Protection Authority (HDPA) [1-3 Kifisias Ave., 115 23, Athens, Phone: +30 210 6475600, Email: contact@dpa.gr] if you believe your data protection rights have been violated, you also have the right to file an appeal with the competent judicial authorities to protect your personal data rights.

Last update: October 2024