BECOME A MEMBER

CONTACT

BECOME A MEMBER

CONTACT

BECOME A MEMBER

CONTACT

GREEK TOURISM CONFEDERATION – SETE
PERSONAL DATA PROTECTION POLICY

Welcome to www.sete.gr, a website owned and managed by the association known as GREEK TOURISM CONFEDERATION – SETE, which is based in Athens (34 Amalias Street, P.C. 10558) [hereinafter “we”, “us”, “our”, “SETE“].

In SETE we respect your privacy and undertake to protect your personal data. The purpose of this policy is to inform you about the personal data we collect and process when you contact us, use any of the services on our website, or engage with us in any way.

Our full particulars are:

GREEK TOURISM CONFEDERATION – SETE

Email address: privacy@sete.gr

Postal address: 34 Amalias Avenue, P.C. 10558, Athens, Greece

Contact number:  +30 210 3217165

 

Scope and objectives of the personal data protection policy

The scope of the present Policy is to determine the basic rules and principles according to which SETE collects, processes and stores personal data (hereinafter also referred to as “data”), as defined by the applicable Greek and EU legislation in force and, in particular, Regulation (EU) 2016/679 (hereinafter “the Regulation” or “GDPR”), the implementing Law 4624/2019 and all recommendations and guidelines issued by the Hellenic Data Protection Authority (HDPA).

Concepts / Definitions of Personal Data

For the purposes of this document, the following terms are defined as follows:

“Personal data”:  any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

“Special categories of personal data”:  personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.

“Processing”:  any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

 “Anonymisation”: the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject.

 “Controller”:  the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

 “Processor”: a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

 “Consent” of the data subject:  any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

 “Personal data breach”: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.

 “Data concerning health”:  personal data related to the physical or mental health of a natural person, including the provision of health care services, which reveal information about his or her health status.

 “Applicable law”: The provisions of the Greek, EU or other law to which SETE is subject and which prescribe personal data protection issues, such as:

– Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

– Law 4624/2019, which introduced measures to implement Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data.

-Law 3471/2006 on the protection of personal data and privacy in the electronic communications sector and amending Law 2472/1997, as currently in force.

General Principles of Personal Data Processing

When SETE processes personal data, it ensures that:

-It collects and processes such data lawfully, in accordance with the provisions of the applicable laws and the conditions thereby prescribed.

-It processes personal data only for specified, explicit and legitimate purposes.

-It implements appropriate technical and organizational measures to ensure that personal data are processed in such manner as to warrant the appropriate level of security for personal data, including, inter alia, their protection with regard to unauthorized or illegal processing and accidental loss, destruction or damage. -Moreover, to periodically review the adequacy and efficacy of such measures.

-It makes the required effort so that the personal data it keeps and processes are always accurate and updated.

-It does not keep the personal data it collects for a longer time than required by applicable legislation and the purposes for which they were collected and processed. However, it is possible to retain them for a longer period if the processing of such data is necessary for archiving purposes in the public interest, or for scientific or historical research purposes, or for statistical purposes.

Purposes of processing

As part of its activities, SETE may collect personal data of its Members, its employees, its partners in general, and of natural persons with whom it transacts and with whom it communicates in the context of its institutional responsibilities as a social partner. Such persons may be SETE Members, independent partners, sole traders, legal or other representatives of legal entities, employees, third parties, and in general partners of parties with which SETE transacts.

In principle, SETE may collect and process personal data for the following purposes:

1. In order to meet its obligations as imposed by the law and by the provisions of its Charter for its objectives and actions, such as: The study, protection and promotion of the status and contribution of tourism in the national economy and in the country’s cultural setting and in particular:

I. The study and research of the particular aspects of tourism in Greece, especially in relation to the protection and promotion of the country’s historic features and natural environment.

II. The study of tourism policy and applications and the submission of pertinent proposals to the competent authorities for the introduction of measures and rules aimed at the provision of high-standard tourism services.

III. The active involvement of SETE in the country’s promotion in a tourism and national context.

IV. The study, protection and promotion of the ethical, professional and economic interests of its Members and the fostering of a spirit of solidarity and mutual support among its Members.

V. The representation of the Members of the Confederation in Greece and abroad.

VI. The participation in organizations, associations, chambers, unions and events in Greece and abroad which are in pursuit of the same or of similar purposes or which are related to the purposes which SETE pursues.

VII. The provision of scientific, organizational or administrative support and assistance of all types (technical, professional, educational, organizational and other special consultation and advice) in Greece and abroad in relation to and/or in support of the promotion of the tourism sector and businesses.

VIII. The introduction of ethics and conduct rules to protect the consumer and safeguard the high standards of tourism businesses and the spirit of cooperation among the Members of the Confederation.

IX. Any other responsibility which may be conferred upon it by the provisions of any law and/or regulation.

2. In order to meet its obligations as imposed by the law and in particular by the social security, labour and taxation laws in force with regard to its employees and suppliers and to meet its obligations as a modern social institutional partner.

3. In order to be able to recruit staff or to contract with independent partners.

4. In order to ensure its smooth operation in line with the objectives set out in its Charter and with the applicable laws.

5. In order to ensure the safety of its staff, facilities and equipment.

6. In order to lawfully execute contracts and meet the legal obligations therein prescribed.

7. In order to represent the interests of its Members.

8. In order to perform its tasks as a peer social institutional partner (Article 37 of Law 4144/2013).

9. In order to implement and conduct events and congresses and the General Meetings of its Members.

10. In order to undertake research and studies in the context of the objectives set out in its Charter.

11. In order to contact those who have requested to be contacted by it (e.g. via of the Website or via the other contact details provided on it).

12. In order to send out newsletters and other information to those who have subscribed (e.g. newsletters, announcements regarding our institutional activities, upcoming events).

13. In order to process a prospective member’s application for SETE membership, which is submitted via the website.

Legal basis for the processing of personal data

SETE shall process your personal data with transparency in accordance with the principles of lawfulness, proportionality, confidentiality and integrity, the limitation with regard to the purpose and accuracy, the specific time that data are kept and the minimization of data.

The legal basis for the processing of your personal data may consist in any of the following, as the case may be:

(a) your consent, e.g. when you contact us directly, when you apply to become a member, when you consent to having photographs and videos taken whilst attending our events (General Meeting, Annual Conference, other events, etc.). If you have given your consent to the collection, processing and use of your personal data, you may withdraw that consent at any time, with effect for the future; in other words, this does not affect any processing operations carried out prior to the withdrawal.

(b) the need to process your data in order to fulfil our contractual obligations, for example when we enter into contracts with our partners or employees.

(c) the need to process your data in order to comply with our legal obligations arising from applicable legislation (tax, employment, social security, etc.), to comply with court orders, etc.

(d) the necessity of processing your data in order to safeguard our legitimate interests, provided that your fundamental rights do not override those interests. Our legitimate interests include:

(da) taking the necessary technical security measures for our Website, in order to ensure its effective and secure operation and to prevent fraud and misuse;

(db) optimising our services and our website;

(dc) monitoring how our Website operates, for example through data analytics, so that we can improve the design and the information we provide via our Website, as well as our relationship with our Website users.

For details on how the website uses cookies, please see the cookie policy here: https://sete.gr/politiki-cookies/  

We do not make decisions based solely on automated processing (including profiling) that produce legal effects concerning you or similarly significantly affect you. 

What data are processed 

With regard to the aforesaid objectives, SETE may collect and process personal data which may include, without being limited to, the following:

For prospective and existing SETE members (provided they are natural persons or sole traders): full name, postal address, email address, contact telephone numbers, GEMI number, title, occupation, Tax Identification Number (TIN), bank account number (IBAN), names of the full members (if they are natural persons or sole traders) who, in accordance with the SETE Charter, endorsed the application for the candidate member’s registration as a full member.

Please note that, regardless of the legal form of the prospective member, SETE collects and processes the contact details of the representative of the prospective member company and, where applicable, those of its executives.

Purposes – Legal basis for processing:

– a statutory obligation on SETE to collect the necessary data from prospective members in order to process their application for membership, to obtain approval from the SETE Board of Directors and subsequently to register them in its Members’ database;

– a statutory obligation on SETE to retain its members’ personal data for the purpose of monitoring compliance with their financial obligations (payment of annual membership fees);

– SETE’s legitimate interest in retaining its members’ data in order to keep them informed about SETE’s activities, events, General Meetings and conferences, as well as to send newsletters containing information relevant to members in accordance with its statutory objectives.

For Employees and/or external partners: for example: full name, father’s name, mother’s name, gender, nationality, postal address, email address, contact telephone numbers, Identity Card Number, Tax Identification Number (TIN).

SETE employees are provided with specific and detailed information regarding the processing of their personal data through the internal policy on the protection of employees’ personal data maintained by SETE.

Legal basis for processing:

– The management of the employment relationship. The processing of data is essential for the implementation of the employment contract.

– The fulfilment by SETE of its obligations as employer. The processing of data is essential for SETE’s compliance with legal obligations.

Candidate employees: SETE collects and processes data relating to job applicants following the submission of an application by the applicant for a vacant position or following the submission of an unsolicited application for employment. In such cases, SETE collects and processes only the personal data that are required for the assessment of the candidate’s appropriateness for the specific post (e.g. name, surname, contact details, education, previous experience, etc.). Such data shall be collected on submission of an application in any manner (e.g. by sending an email to SETE’s email address provided with the relevant announcement, by means of recruitment platforms) and from the curriculum vitae which the candidate attaches to his/her application. Moreover, for the assessment of applications for a post, SETE may use additional questionnaires which disclose information about candidates in order to facilitate the further assessment of the candidate’s appropriateness for a specific post.

Purposes – Legal basis for processing:

– Assessing a candidate’s appropriateness for a specific post. The legal basis for processing is SETE’s lawful interest.

-With regard to the retention of a candidate’s application for any future job vacancies, the legal basis for processing is the candidate’s consent.

For participants, speakers and guests at conferences and events:

1. full name, postal address, email address, contact telephone numbers, title, occupation. Where a subscription fee or registration fee is required for the conference/event, etc., the following data will be processed in addition to the above: Tax Identification Number (Greek AFM) and bank account number (IBAN).

2. Image and audio data (photographs/video footage): In connection with the organisation of workshops, events, conferences and General Meetings of SETE members, photographs and/or video footage of the event / workshop / conference / General Meeting, for potential posting on SETE’s social media accounts (Facebook, LinkedIn, Twitter, YouTube, Flickr), and/or in its newsletters, and/or for internal use, and/or to send the whole or extracts thereof via email to the participants

 Purposes – Legal basis for processing:

– Organisation, management, implementation and promotion of all types of events. The legal basis for processing data in this case is consent.

– Maintenance of a record as part of SETE’s historical archive, with the legal basis for processing being SETE’s legitimate interest in preserving its initiatives over time.

Regarding individuals’ contact details: who are in regular contact with SETE with regard to its objectives in the context of the lawful activities of SETE as a social institutional partner, contact data of journalists for the communication of Press Releases and updates about SETE’s institutional actions, positions and events, and contact data of persons who have declared their wish and have provided their consent to receive updates from SETE (full name, email address, post office box, capacity, profession, contact telephone numbers). 

Purposes – Legal basis for processing: 

– the need to process data in order to safeguard the legitimate interests of SETE as a social partner;

– the consent of individuals who wish to receive updates from SETE regarding its events and activities, as well as developments in the tourism sector.

Special categories of personal data: As a general rule, SETE does not collect or process special categories of personal data (“sensitive” personal data), such as information regarding your health, race or ethnicity, your religious or philosophical beliefs, your sex life, etc.

However, SETE may collect and process data which belong to special categories of personal data, such as data concerning the health of its employees, in order to meet its social security obligations. Also, in exceptional cases and when prescribed by the applicable laws, SETE may collect and process data concerning criminal convictions and offences, such as criminal records, invariably respecting the principle of proportionality. 

Purposes – Legal basis for processing:  the need to process data in order to comply with SETE’s legal obligation. 

Data we collect from third parties when you visit our website

Your personal data we collect from third parties when you visit our Website consist primarily of technical data relating to your device (e.g. manufacturer, model, screen specifications, operating system, etc.) or your behaviour (e.g. clicks, selections). For example, we obtain some of the aforementioned technical data from statistics providers, such as Google.

Purposes – Legal basis for processing:  The necessity of processing the data to safeguard and fulfil SETE’s legitimate interests. 

Data Transfer

– Service providers: SETE may transmit data to third parties (legal or natural persons) acting as processors, in support of its operation (e.g. accounting support, technical support, payroll purposes) and in support of its actions. Data processors may not process your personal data further unless we have given them explicit instructions to do so, nor may they disclose your personal data to third parties.

– Other recipients: SETE may transmit personal data to its affiliated legal entities, such as the SETE Institute (INSETE) and the company under the corporate name “Marketing Greece SOCIETE ANONYME FOR THE PROMOTION AND DEVELOPMENT OF TOURISM” (Marketing Greece S.A.), which constitute the training and communications “arms” of SETE for internal administrative purposes.

SETE may also transmit the above data to third parties (judicial and/or law enforcement authorities, independent authorities, government authorities) where this is provided for or required by applicable law, in accordance with the safeguards provided for in applicable law.

In the event that, within the scope and for the purposes of the aforementioned objectives, your personal data needs to be transferred outside the European Union/European Economic Area, such data will be transferred in accordance with applicable legislation, and SETE will ensure an adequate level of data protection. By entering into appropriate contracts for the transfer of data based on Standard Contractual Clauses, which are available to you upon request at privacy@sete.gr or by taking other measures to ensure an adequate level of data protection, SETE ensures or confirms that the recipients provide an adequate level of protection for your personal data.

Rights of Data Subjects

SETE shall ensure that data subjects are able to exercise the rights provided for same by the law with regard to the protection of their personal data. Said rights are:

-The right of access to data. You can contact SETE so that we can inform you and explain whether we hold any data about you, what data we hold, and how we process them. You may also request a copy of the personal data that SETE holds about you.

-The right of rectification of data. If you believe that your data are inaccurate or need to be updated, you have the right to request that any inaccurate personal data be corrected or that any incomplete personal data be completed.

-The right of erasure of data (“right to be forgotten”). Under certain circumstances, such as when the data is no longer necessary, you have withdrawn your consent, or the data has been processed unlawfully, you may request that SETE delete them.

-The right of restriction of processing of data. If you believe that your data are inaccurate or that their processing is unlawful, you have the right to request that the processing of your personal data be restricted.

-The right of portability of data. You may request to receive the data concerning you in a structured, commonly used and machine-readable format, and to have that data transferred to another organisation (data controller) which you specify to SETE.

-The right to object to the processing of data. You may object at any time to the processing of your personal data by SETE on grounds relating to your particular situation, unless, where, amongst other things, there are compelling legitimate grounds for the processing which override your interests, rights and freedoms. 

Any request to exercise the above rights should be submitted to SETE at the following email address: privacy@sete.gr 

In the event that any of the above rights should be exercised, SETE shall take all possible steps to satisfy your request within a reasonable time and in any event within one (1) month from submission of your request and your identification. That period may be extended by two further months where necessary, in the event that your request is complex or if there is a great number of requests. In such case, SETE is obliged, within one month of receipt of your request, to notify you about the delay and the reasons for such delay. Within the said time, SETE is obliged to inform you of any refusal on its part to satisfy, in whole or in part, the request you submitted and about the reasons of such refusal.

SETE may refuse to satisfy, in whole or in part, a request received by the data subject only when this option is provided for under the General Data Protection Regulation (EU 2016/679).

Right to Appeal to the Personal Data Protection Authority

Moreover, if you believe that there is a breach of any of your rights with regard to the protection of Personal Data, you may file a complaint with the competent supervising authority, i.e. the Hellenic Data Protection Authority (DPA). For information on the Hellenic Data Protection Authority’s remit and how to lodge a complaint, please visit the Hellenic Data Protection Authority’s website (www.dpa.gr).

 

Personal data breach:

In the event that any employee or partner of SETE should become aware of or suspect any breach of personal data, s/he shall inform SETE promptly at the following email address: privacy@sete.gr 

Data retention period

Your personal data are retained for as long as required by law, depending on the purpose and nature of the processing, after which your personal data are either erased from our records or anonymised, unless a different retention period is required or permitted by applicable law (e.g. tax legislation).

 

More specifically:

-We retain the personal data we collect from you when you subscribe to the newsletter (e.g. email address), for as long as you remain on our mailing list, and we delete it should you withdraw your consent.

-We retain our members’ personal data for as long as they remain members; their details are deleted should they lose their membership status (with the exception of the corporate name of each business, which is retained for the historical record of the membership database), unless a different retention period is required by applicable legislation (e.g. tax legislation).

-We retain the personal data of employees and partners for as long as required by the applicable legislation. SETE employees are provided with specific and detailed information regarding the processing of their personal data through the internal policy on the protection of employees’ personal data maintained by SETE.

-We retain the personal data we collect from you when you submit an enquiry via our website or through any other available means of communication for as long as is necessary until the matter in question has been fully resolved.

– We retain the personal data we collect from you when you submit your CV as part of the recruitment process, provided that we have published a relevant job vacancy, until the position in question has been filled. If you submit an unsolicited application (without us having requested one) and we are not interested in working with you, your personal data will be deleted one month after the application was submitted. If your application is approved, whether unsolicited or following our advertisement, you will be informed upon taking up your duties regarding the processing of your data that we carry out from that point onwards as your employer, in accordance with the specific personal data protection policy for employees maintained by SETE.

Training

SETE shall make arrangements for the staff involved in the collection and processing of personal data to be adequately informed and trained, taking into consideration available training and information methods in order to select the most appropriate ones at each instance. 

Personal Data Protection Policy Updates

SETE may from time to time amend the present Policy in order to comply with changes in regulations, for operational reasons or in order to respond to the needs of its Members and its institutional role.

Updated versions of the present policy shall be posted on SETE’s website and shall indicate the date, so that you may identify the applicable version.

This policy was published on 25 May 2018. Since then, it has been revised, and the latest amendment was published on 17 April 2026.

Please wait…

Register in our newsletter

In accordance with the provisions of the new General Regulation for the Protection of Personal Data EU 679/2016 (GDPR), SETE needs your consent to contact you in order to receive its newsletters. Please note that SETE contacts you via email.

To see SETE’s Personal Data Protection Policy, please click here.