Data Protection Policy

The data processing on the byDesign-project website is pursuant to the provision of the EU General Data Protection Regulation (GDPR) and specific data protection regime applicable in Greece. For further information, please check Section 2 of the present data protection policy. 

Personal data, as defined by Article 4(1) General Data Protection Regulation (GDPR) include any information relating to an identified or identifiable living natural person. Personal data can be your first name, last name, e-mail address, email format and IP address. Hereinafter, by using the terms “we” and “our”; we refer to the data controller, as member of the byDesign consortium. Hereinafter, by using the terms “you” and “your”, we refer to the byDesign website visitor.

1. General information: What is byDesign?

byDesign is a project that has received funding from the Rights, Equality and Citizenship Programme of the European Union under grant agreement No. 101005833. The project started on 1 November 2020 and ends on 31 October 2022. The byDesign consortium consists of three partners from Greece that represent three areas: regulatory, academic and software industry. Coordinator of the project is the Hellenic Data Protection Authority (HDPA), whereas the other members are the University of Piraeus Research Center (UPRC) and ICT abovo PC (ABOVO).

The present website is part of the dissemination and communication activities undertaken by the byDesign consortium within the aim to successfully communicate its results to a wider public. 

2. Contact information of the data controller and of the Data Protection Officer

Hellenic Data Protection Authority
Kifisias 1-3, 115 23 Athens Greece


Data Protection Officer


3. Data processing

a) When visiting the byDesign-project website

You may access the website without having to disclose any data about your person. Nevertheless, the installed browser on your device sends automatically information to the server of the byDesign-project website, including information about your browser type and version, as well as the date and time of access, so as to establish a connection and permit your access to the website.

The legal basis for this data processing is article 6 par. 1(e) of GDPR, and especially for the Hellenic Data Protection Authority duties arising from article 57 article 1 b) and d) of GDPR and 13 par. 1 b) of Greek law 4624/2019.

b) When filing our contact form

We offer the possibility to our website visitors to contact us or register an enquiry by submitting an online form through our website. Please notice that your data will be stored for as long as necessary for the fulfilment of the purposes specified (reply to your inquiry) and any statutory requirements, unless you ask for deletion of your data.

Our contact form requires the minimum information needed in order to be able to respond back to your request. When registering, you need to enter the following mandatory data:  

  • First name and surname, and 
  • Email address 

and, optionally, your phone number. The data processing takes place exclusively at your request and in line with article 6(1)(a) of the GDPR. The submitted message, your full name/nickname and email address and phone number are processed based on your informed consent. You may withdraw your consent at any time with future effect, by sending an informal email to, requesting the removal of your data.  

4. Cookies

We are not using any cookies in our web site.

5. Data subjects’ rights

As a data subject, you have the following rights: 

  • pursuant to Article 7(3) GDPR, to withdraw your consent at any time and without any consequences for you. This means that in future we may no longer continue to process the data as based on this consent; 
  • pursuant to Article 15 GDPR, to obtain information about whether your personal data are processed by us and where that is the case, access to those personal data. In particular, you may obtain information about the purpose of processing, the category of the personal data, the categories of recipients, to whom your data has been or is disclosed to, the storage period planned, the existence of a right to request from the controller rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint and the source of your data if it has not been collected by us. Pursuant to Article 12, we must provide any communication relating to the processing to the data subject in a concise, transparent, intelligible and easily accessible form, using clear and plain language. 
  • pursuant to Article 16 GDPR, to obtain the rectification of inaccurate personal data without undue delay or the completion of your personal data stored with us; 
  • pursuant to Article 17 GDPR, to obtain the erasure of your personal data stored with us unless processing is necessary to exercise the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or to establish, exercise or defend legal claims; 
  • pursuant to Article 18 GDPR, to obtain the restriction of the processing of your personal data; 
  • pursuant to Article 21 GDPR, to object, on grounds relating from your particular situation, at any time to processing of your personal data, which is based on data processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller. If you file an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or unless processing serves the establishment, exercise or defence of legal claims. 
  • pursuant to Article 77 GDPR, to lodge a complaint with a national supervisory authority. You can contact the supervisory authority of your habitual residence or workplace. In any case, the competent Authority is the Hellenic Data Protection Authority, who will handle your complaint independently from its role in byDesign project.
  • If you wish to exercise any of your rights or you wish to receive more information, please go to Section 2. Contact information of the data controller and the Data Protection Officer, where you can find the most updated contact information. 

7. Data security

All your personal data are transferred in an encoded manner using the widely used and secure TLS (Transport Layer Security) encryption standard. You will recognise a secure TLS connection by the additional “s” after “http” (i.e., https://..) in the address bar of your browser or from the lock icon. Moreover, we use suitable technical and organisational measures, which are being continuously enhanced, to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorised access by third parties. 

8. Amendments to this Data Protection Policy We keep our Data Protection Policy under regular review to make sure it is up to date and precise. Thus, it may become necessary to change it due to the potential addition of new features to the byDesign-project website or due to further legal requirements.