General Information

This Privacy Policy (“Policy”) explains how the Municipality of Athens (hereinafter: “Authority”, “we”) collects and processes personal data through the website www.exypireto.gr:

  • The Authority acts as the Data Controller within the meaning of the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the relevant applicable Greek legislation.
  • The website «EXYPIRETO» provides information on social programs and services. Access to its content is possible without creating an account or providing personal data.

What Data We Collect

When visiting the Website, certain technical information is automatically collected, such as:

  • IP address
  • Date and time of access

Purposes and Legal Basis for Processing

Personal data processing is carried out for the following purposes and based on the following legal grounds:

  • Website Operation and Security: Monitoring technical performance, detecting malicious activity, and preventing security incidents.
  • Legal basis: Article 6(1)(e) GDPR – performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller.

Data Recipients

The data is not disclosed to third parties unless:

  • Required by law or by a competent judicial/administrative authority.
  • Necessary for the support of the Website by external partners (e.g., hosting providers, technical support staff), who act as data processors under contracts ensuring GDPR compliance.

In any case, such partners have access only to the strictly necessary data and are bound by confidentiality and security obligations.

Data Retention Period

Browsing data (e.g., logs) is retained for the period deemed necessary for system functionality and is then automatically deleted after one hour.

Data Security

The Authority implements appropriate technical and organizational measures to protect personal data from:

  • Accidental or unlawful destruction, loss, or alteration.
  • Unauthorized access or disclosure.

Despite these measures, no data transmission over the internet can be guaranteed as completely secure. Use of the Website is at the user’s own responsibility, and users are advised, among other things, to protect their devices against malicious software.

Your Rights as Data Subjects

Under the GDPR, you have—subject to the legal conditions—the following rights:

  • Right of access (Article 15 GDPR): To obtain confirmation as to whether we process your personal data and, if so, to gain access to such data.
  • Right to rectification (Article 16 GDPR): To request the correction of inaccurate or incomplete data.
  • Right to erasure (Article 17 GDPR): To request, under certain conditions, the deletion of your data.
  • Right to restriction of processing (Article 18 GDPR).
  • Right to object (Article 21 GDPR): To object to processing based on public interest, for reasons relating to your particular situation.
  • Right to data portability (Article 20 GDPR), where applicable.
  • Right to withdraw consent: Where processing is based on your consent, you may withdraw it at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

Right to Lodge a Complaint with the Supervisory Authority

If you believe that your data protection rights have been violated, you have the right to lodge a complaint with:

Hellenic Data Protection Authority
1-3 Kifisias Avenue, 115 23 Athens, Greece
Website: www.dpa.gr

Data Controller – Contact Information

The EXYPIRETO Team, City of Athens

☎: +30 214 4117014, +30 214 4117018
✉: exipireto@athens.gr
Directorate of Social Solidarity
159 Patision Street & Agathoupoleos,
Amerikis Square
11252 Athens, Greece

Changes to the Policy

The Authority may amend this Policy whenever deemed necessary. The date of the latest update will be indicated at the top of the page.

You are advised to visit this page periodically to stay informed of any changes.