The mAIGreece application (hereinafter “Application”) developed by the Ministry of Tourism of the Hellenic Republic is designed with respect for the right to protection of users’ personal data, in accordance with the General Data Protection Regulation (EU Regulation 2016/679, hereinafter “GDPR”), Law 4624/2019, and Law 3471/2006. This policy document describes the terms of collection and processing of users’ data during the use of the Application and aims to inform users, in accordance with the requirements of Article 13 GDPR. Please read this document and the application’s terms of use carefully before using the Application.
1. Data Controller
The data controller is the Ministry of Tourism, located in Athens, 12 Amalias Avenue, P.C. 105 57, tel. +30 2103736001.
2. Data Protection Officer
The Ministry of Tourism has appointed a Data Protection Officer (DPO), whose contact details are as follows: dpo@mintour.gr.
Users of the application are invited to contact the Data Protection Officer of the Ministry of Tourism for any issue related to the processing of their personal data.
3. What are personal data
According to the law, personal data is any information that concerns an identified or identifiable natural person (“data subject”), such as name, email address, VAT number, etc. An identifiable person is one whose identity can be determined, directly or indirectly, especially through reference to an identification element, such as a name, identity number, location data, online identification (IP address, email, etc.), or one or more factors specific to the physical, physiological, genetic, psychological, economic, cultural, or social identity of that natural person.
4. What is personal data processing
Personal data processing is any act or set of acts performed with or without the use of automated means on personal data, such as collection, registration, organization, structuring, storage, adaptation, alteration, retrieval, information search, use, transmission to third parties, dissemination, correlation, combination, restriction, deletion, and destruction of personal data.
5. What personal data do we collect
A. General
The Ministry of Tourism, as the data controller, collects and processes personal data of the users of the Application for the purpose of serving them and providing the offered service. This processing is designed to collect only the absolutely necessary personal data for the operation of the application and is carried out by adhering to appropriate technical and organizational measures for data security and protection by design and by default.
B. Registration in the Application
To use the Application, a user account must be created, which is done exclusively using a Facebook, Google, or Apple account. For account creation, the application will retrieve specific personal data from these companies that are necessary for the above purpose: in the case of Google and Facebook, these data are the email address and full name, while in the case of Apple, the only data that will be collected is the email address.
User registration is carried out through automated secure communication between the application and the respective provider. When creating an account, the user is informed about the data that is transferred.
C. Use of the Application
C.1 Selection of thematic units
Immediately after creating an account, the user is invited to choose among the proposed thematic units (tags) to personalize the content that will be presented by the personal assistant (chatbot) of the application. These choices also constitute the user’s personal data, which are collected for the purpose of providing the service in the best possible way and personalizing the user’s experience.
C.2 Data collection during the use of the Application
During the use of the Application, the IP address of the user’s device and connection data are automatically recorded, through which, however, no identifiable elements of the user’s physical identity are disclosed, but they are used exclusively for statistical purposes. Additionally, data is collected through cookies, as explained in a subsequent section of the policy. Data processing is done to provide access to the Application in the best possible way.
Important note: The Application does not need personal data to answer your questions. Even if users include personal information in their questions, technical and organizational measures are taken to ensure that personal data is not stored on the server hosting the application. Specifically, the text of the questions undergoes an irreversible anonymization process before being stored using appropriate software. At the same time, a series of measures are implemented to ensure the protection of users’ personal data and privacy, and the information you submit is not used to train another Artificial Intelligence model. During the use of the application, no automated decision-making takes place, nor are user profiles created.
C.3 Communication with 112
The application provides users with the ability to communicate with the Single European Emergency Number 112, to report any issue they encounter. For this communication, the application retrieves the user’s device location data, with their consent, information that is necessary for locating them in case of emergency.
C.4 Purpose and legal basis for the processing of personal data
The main purpose of collecting and processing users’ data is the operation of the Application and the provision of the offered service. The legal basis for data processing for this purpose is the performance of a contract under Article 6(1)(b) GDPR, as this consists in providing the service offered through the application. It is noted that the application does not collect or process special categories of data under Article 9 GDPR.
Further purpose in the case of communication with 112 is to provide assistance to the application user, upon their request. The legal basis for data processing for this purpose is the performance of a task carried out in the public interest under Article 6(1)(e) GDPR, as this duty consists in the obligation of the Ministry of Tourism to provide assistance and support to the country’s visitors.
An incidental purpose of processing users’ data of the application is to satisfy a related request submitted by the competent judicial or police authority. The legal basis for this processing, which consists in the transfer of data collected through the application, is compliance with a legal obligation under Article 6(1)(c) GDPR and the performance of a task carried out in the public interest under Article 6(1)(f) GDPR.
6. Data recipients
To operate the Application, the Ministry of Tourism allows access to your data to the company that supports its operation, on behalf of and on the instructions of the Ministry and only for the purposes mentioned in this notice. In this context, the said company acts as a processor on behalf of the Ministry of Tourism.
Data collected through the application is hosted on the infrastructure of the Government Cloud (G-Cloud), provided by the General Secretariat of Information Systems and Digital Governance (GSISDG). In this context, GSISDG acts as a processor on behalf of the Ministry of Tourism.
Data recipients include the Ministry of Climate Crisis and Civil Protection, as the competent authority for the management of the Single European Emergency Number 112, in case the user of the application chooses to contact this number, as well as the competent judicial and police authorities, in case they request access to data maintained through the application.
7. Data retention period
The personal data of the users of the Application are retained for as long as the user has the application installed on their device. Personal data is automatically deleted when the user uninstalls the application or after the above period from the last login of the user in the application.
The application is hosted on the infrastructure of the Government Cloud (G-Cloud), where conversations are stored, after the anonymization process of their content is completed, for a maximum period of twenty (20) days, with the sole purpose of training the application, optimizing its functionality, and preventing malicious use.
8. Data security
To protect users’ personal data, we take data security measures to prevent the risk of loss, misuse, unauthorized access, and disclosure of your personal information.
9. Users’ rights
Application users, as data subjects, have the rights recognized by Articles 12-22 GDPR, as applicable. These rights, in the case of the application, are:
- Right of access, i.e., the right to be informed if personal data concerning you are being processed.
- Right to rectification, i.e., the right to request the correction of inaccurate and the completion of incomplete personal data.
- Right to erasure, i.e., the right to request the deletion of personal data concerning you.
- Right to restriction of processing when the accuracy of the data is contested, is illegal, or for other reasons.
- Right to data portability, i.e., the right to request to receive the data concerning you in a structured, commonly used, and machine-readable format and to transfer that data to another data controller.
The Ministry of Tourism ensures that data subjects can exercise these rights. To exercise their rights, data subjects can contact the Data Protection Officer of the Ministry of Tourism, by sending an email to: dpo@mintour.gr or by post to the address mentioned at the beginning of this document.
10. Right to complain
According to the GDPR, data subjects have the right, if they believe that their rights concerning the protection of their personal data have been violated, to lodge a complaint with the Hellenic Data Protection Authority, located in Athens (1-3 Kifissias Avenue, P.C. 115 23) and at tel. 2106475600 and fax 2106475628 or at the email address complaints@dpa.gr.
11. Use of cookies
To ensure the proper operation of the application and monitor its performance, we use cookies and other technologies, as detailed below.
What are cookies?
Cookies are small text files that a website stores on your computer or mobile device when you visit that site. This way, the site remembers your actions and preferences (such as login, language, font size, and other display preferences) for a period of time, so you don’t have to re-enter these preferences whenever you visit the site or browse its pages.
How do we use cookies and related technologies?
Some of our pages use cookies to remember:
- Your display preferences (e.g., brightness or font size)
- If you have already responded to a pop-up survey that asks if the content was helpful or not (so you won’t be asked again)
- Your password
- If you have agreed (or not) to the use of cookies on this service
Also, some videos embedded in our pages use a cookie to collect statistics on how you got there and what videos you visited. Cookies may be installed by the Ministry itself or we may assign their installation and use to third parties on behalf of the Ministry for the purposes mentioned above. We do not collect special categories of personal data about you without your consent. Enabling these cookies is not necessary for the site’s functionality, but through them, you will have a better browsing experience. You can delete these cookies or block access to them, but if you do so, some functions of the application may not work satisfactorily.
Which cookies are used in our service:
| Cookie name | Provider | Duration | Cookie type | Description |
|---|---|---|---|---|
| JSESSIONID | law.mintour.gov.gr | Session | Necessary | Maintains your states across page requests |
| cookielawinfo-checkbox-necessary | mintour.gov.gr | 1 year | Necessary | Identifies essential services as accepted in the context of cookie acceptance |
| cookielawinfo-checkbox-non-necessary | mintour.gov.gr | 1 year | Necessary | Identifies essential services as accepted in the context of cookie acceptance |
| elementor | mintour.gov.gr | Persistent | Necessary | This cookie allows the Application to implement or change the website content in real-time. |
| rc::a | google.com | Persistent | Necessary | This cookie is used to distinguish between humans and bots. This is beneficial for the Application to make valid reports about the use of the website. |
| rc::c | google.com | Session | Necessary | This cookie is used to distinguish between humans and bots. |
| pll_language | mintour.gov.gr | 1 year | Preferences | This cookie is used to determine the visitor’s preferred language and adjusts the language in the Application, if possible. |
| _ga | mintour.gov.gr | 2 years | Statistics | Registers an ID that is used to generate statistical data about how the visitor uses the Application. |
| _ga_# | mintour.gov.gr | 2 years | Statistics | Used by Google Analytics to collect data on the number of times a user has visited the site and the dates of the first and most recent visit. |
| _gat | mintour.gov.gr | 1 day | Statistics | Used by Google Analytics to throttle request rate. |
| _gid | mintour.gov.gr | 1 day | Statistics | Registers an ID that is used to generate statistical data about how the visitor uses the Application. |
| queue-it | mintour.gov.gr | Session | Necessary | Used for the priority system. |
This list will be updated with any changes to the services offered in the Application or any general addition.
Managing cookies
You can allow/prevent the receipt of cookies or delete cookies installed on your computer by adjusting the options in the pop-up window. If you do not allow the use of cookies in your browser, you may not be able to access some of the services and your browsing of our service may be less satisfactory.
