• calendar


HELMEPA is committed to safeguarding the integrity and safety of your personal data. We promise to respect any personal data you provide to us and keep it safe. We aim to be transparent when we collect and process your personal data by putting your rights and freedoms first.


This Privacy Policy outlines the categories of personal data we obtain, the reasons why we process them, the way in which these personal data are processed, the principles of processing, the legal basis on which the processing is based, your rights, as well as any transfers that we may make of them.


We truly hope that this Privacy Policy is presented to you in a transparent, eligible way and that you are able to clearly understand what exactly happens to your data. Nevertheless, we also provide our contact details for you to get in touch in case you have any questions about your personal data, which we will aim to address as soon as possible.


Please keep in mind that this Privacy Policy will be updated from time to time in order to keep with all developments in the field of privacy and data protection.



The contact details of our business are as follow:

Business Name: Hellenic Marine Environment Protection Association - HELMEPA         

Registered Seat: 7, Imittou Street, 17564 Paleo Faliro, Greece

Telephone Number: +30 210 9343088

Contact us: This email address is being protected from spambots. You need JavaScript enabled to view it.


In case you have any queries regarding the processing of your personal data, please do not hesitate to contact us either at the above email address or telephone number.



Personal data: Any information relating to an identified or identifiable individual an identifiable individual is one who can be identified, directly or indirectly, in a particular by reference to an identifier.

Special Category of data: A person’s personal data relating to his racial or ethnic origin, his or her political opinions, his religious or philosophical beliefs, his involvement in a trade union, his health, his social welfare, his personal life, criminal prosecutions and convictions, as well as participation in such unions.

Processing: Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, listing, organizing, structuring, storing, adapting or altering, retrieving, searching for information, use, dissemination or any other form of disposal, association or combination, restriction, deletion or destruction.

Data Subject: The individual whose data are subjected to processing.

Data Controller: An individual or legal entity, public authority, agency or other body which determines the purposes and means of the processing of personal data.

Data Processor: An individual or legal entity, public authority, agency or other body which processes personal data on behalf of the controller.

Recipient: A natural or legal person, public authority, agency or another body, to which the personal data are disclosed.

Consent: Any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies to the processing of personal data relating to him or her.

Personal Data Breach: A breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.

Supervisory Authority: An independent public authority which is established by a Member State and is responsible for overseeing data protection laws and regulations.



HELMEPA processes personal data in accordance with the following principles and in compliance with the requirements of the GDPR:


Lawfulness, Fairness, Transparency: Personal data is processed lawfully, fairly and in a transparent manner.

Purpose Limitation: Personal data is collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.

Data Minimization: Processing relates to data that is adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed.

Accuracy: Personal data is accurate. Every reasonable step is taken to ensure that any personal data that are inaccurate are rectified without delay.

Storage Limitation: Personal data is held for no longer than is necessary for the purposes and scope of processing. However, in some cases HELMEPA may hold the personal data for longer periods in order to comply with its legal obligations.

Confidentiality and Integrity: Personal data is processed in a manner that ensures appropriate security, including protection against unauthorized and unlawful processing, access, loss etc.

Accountability: HELMEPA complies with transparent data protection processing and adheres to its legal obligations in relation to data protection and privacy



The personal data we collect from you is limited to what we consider necessary in order to provide our services to you. In detail, the personal data we collect are the following:


  1. Personal identification and contact details (name, surname, address, fixed and/or mobile phone, email, date and place of birth, nationality, marital status etc.)
  2. Unique identifiers (ID, passport number, etc.)
  3. Competency certificates and endorsements
  4. CV’s details (application forms and references, education, working experience, correspondence with or about you
  5. Degrees, diplomas



The purpose of processing your personal data is specific and we only process your personal data in order to fulfil this purpose in accordance with the applicable legal basis:


The legal basis for processing your personal data is:

1. Fulfilling our contractual obligations in order to provide you with the services you wish to receive from us, such as training seminars / webinars, wider environmental initiatives and campaigns, etc.


2. The processing of your personal data on the basis of our legitimate interest, unless the legitimate interest, fundamental rights and freedoms of yours prevail over those interests. Such processing of data refers to the following purposes:


  1. Monitoring the performance of our websites for security purposes
  2. Improving the user’s experience
  3. Developing our business services
  4. Archiving purposes and record-keeping


3. The consent you provide us with in order to process some of your personal data, as in the case of processing your data for newsletter subscription purposes or for evaluation purposes during the recruitment process or in order to browse our website accepting specific categories of cookies, provided we have your clear permission to do so.



HELMEPA will only keep your personal data only for as long as is necessary to fulfil the processing purposes and provide its services to you. As such, HELMEPA has decided that it will keep your data for 3 years.


However, there may be times that we are required to keep your personal data for longer time periods due to a legal obligation we need to adhere to.


The retention period is decided on the basis of the following specific criteria, as appropriate on each case:


  1. when processing is required as a requirement under provisions of the applicable legal framework, your personal data will be stored for as long as required by the relevant provisions;
  2. when processing is done on the basis of a contractual relationship, your personal data will be stored for as long as is necessary to perform the contract and for the foundation, exercise, and / or support of legal claims under the contract;
  3. for promotional and marketing purposes, your personal data is retained until your consent is withdrawn. This can be done by you at any time. Withdrawal of consent does not affect the legality of consent-based processing in the period before its revocation.


Once the retention period outlined above has passed, the personal data that we hold will be deleted, if retained electronically, or safety disposed off if retained in hard copy.



As a general policy, we do not send your personal data to any third party without first informing you about it, explaining you the reason for the intended transfer and requesting your consent. However, we may also need to disclose your personal data in order to comply with a legal obligation.



HELMEPA educates its employees on matters of data protection, either by training seminars or by informative emails, in order to build general awareness of GDPR across the organization. Training programs are covering information on data protection in general and in areas that are specifically relevant to the business. Those training programs are repeated on a regular basis for all employees to keep up with new developments on data protection.




10.1 Right of Access

You shall have the right to be aware and verify the legitimacy of the processing. So, you have the right to access the data and get additional information about how your data is processed.


Accordingly, you shall have the right to obtain from us (the controller) confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data and the following information:


  1. the purposes of the processing;
  2. the categories of personal data concerned;
  3. the recipients or categories of recipients to whom the personal data have been or will be disclosed, especially to those of third countries or international organizations;
  4. the envisaged period for which the personal data will be stored;
  5. the existence of the right to request from us rectification or erasure of your personal data or restriction of processing of your personal data concerning to such processing;
  6. the right to lodge a complaint with a supervisory authority;
  7. where the personal data are not collected from you, any available information as to their source;
  8. the existence of automated decision-making, including profiling, provided in Article 22 (1) and (4) GDPR and, at least in such cases, important information on the reasoning followed as well as the significance and predicted consequences of such processing for the data subject.


10.2 Right to Rectification

You shall have the right to obtain from us (the controller) without undue delay the rectification of inaccurate personal data concerning you. So, you shall have the right to study, correct, update or modify your personal data by contacting us at This email address is being protected from spambots. You need JavaScript enabled to view it. .


10.3 Right to Erasure

You shall have the right to obtain from us (the controller) the erasure of personal data concerning you without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:


  1. the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed, according to the article 6 (1). a) or the article 9 (2). a) GDPR and there is no other legal basis for the processing;
  2. the data subject withdraws consent on which the processing is based;
  3. the data subject objects to the processing according to the article 21 (1) GDPR and there are no overriding legitimate grounds for continuing such processing or the data subject objects to the processing according to the article 21 (2) GDPR;
  4. the personal data were unlawfully processed;
  5. the personal data have to be erased in order to comply with a legal obligation
  6. the personal data have been collected in relation to the provision of information society services referred to in article 8 (1) GDPR


10.4 Right to Restriction of Processing 

You shall have the right to obtain from us (the controller) the restriction of processing where one of the following applies:


  1. the accuracy of the personal data is contested by the data subject, for a period of time which allows the controller to verify the accuracy of the personal data
  2. the processing is unlawful and the data subject opposes the erasure of the personal data and requests the limitation of their use instead;
  3. the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
  4. The data subject has objected to processing according to article 21 paragraph 1 GDPR and the verification of whether the legitimate grounds of the controller override those of the data subject is pending.


10.5 Right to Data Portability

You shall have the right to obtain from us (the controller) the personal data concerning you, which you provided in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller, where:


  1. the processing is based on consent according to the article 6 (1).a) or the article 9 (2).a) GDPR or a contract according to article 6 (1).b) GDPR; and
  2. the processing is carried out by automated means.


10.6 Right to Oppose Processing (object)

You shall have the right to oppose at any time and for reasons related to your particular situation to the processing of your personal data, which is based on article 6 (1).e) or st) GDPR, including profiling of those. We (the controller) no longer process personal data unless we demonstrate compelling and legitimate reasons for processing that override your interests, rights and freedoms or to establish, exercise or uphold legal claims.


10.7 Right to Lodge a Complaint

Without prejudice to any other administrative or judicial remedy, you shall have the right to lodge a complaint to the Greek Data Protection Agency (www.dpa.gr) if you consider that the processing of your personal data infringes your rights under the GDPR.


In order to exercise any of the above-mentioned rights you may send us an email at This email address is being protected from spambots. You need JavaScript enabled to view it.. We will take in account your request and we will proceed to all possible actions in order to respond to you the soonest.


11. Personal Data Breaches

HELMEPA implements appropriate technical and organizational measures aimed at the safe processing of personal data and the prevention of accidental loss or destruction and/or unauthorized access to, use, modification or disclosure thereof. In any case, the way in which the internet operates and the fact that it is free to anyone cannot guarantee that unauthorized third parties will never be able to violate the applicable technical and organizational measures by gaining access and possibly using personal data for unauthorized and/or unfair purposes.


In the event of a breach in the safety and integrity of your personal data, HELMEPA will take into account the following:


  1. Steps needed to limit the breach
  2. Assessment of the risk and its impact on individuals’ rights and freedoms
  3. Mitigating the damage
  4. Breach Notification, if required
  5. Privacy Impact Assessment and appropriate measures to avoid recurrence of the breach.


12. Do you have queries?

We truly hope that this Privacy Policy explained to you in a clear and eligible way the way we process your personal data.


However, if things are still unclear or if you have further inquiries you would like to make, please contact with us in This email address is being protected from spambots. You need JavaScript enabled to view it. to address them.


Your acceptance of this Policy, and our right to change it

HELMEPA is required to adhere to the requirements of the GDPR. HELMEPA takes its responsibilities under GDPR very seriously and ensures the personal information that obtains is held, used, transferred and otherwise processed in accordance with the Regulation and all other applicable data protection laws and regulations. 


HELMEPA promises to respect your personal data and keep it safe. HELMEPA will be clear when collects your data about why collecting it and what intends to do with it, and not do anything you wouldn’t reasonably expect. 


HELMEPA will regularly review and update this policy and will update, modify, add or remove sections at our discretion.  


So, HELMEPA reserves the right to modify the present Privacy Policy, always in accordance with the applicable laws. Interested parties should periodically review this Privacy Policy in order to be informed of any change that takes place while HELMEPA is committed to making the necessary updates by any appropriate means in compliance with the conditions set forth the GDPR.


- -
Last update: 9/11/2022