Privacy Statement on the protection of personal data within the scope of the procedure "Application for HPC access"

Data Controller details:


Department in charge of this processing operation:


Data Controller Contact details:

Scope of this Privacy Statement:

The National Infrastructures for Research and Technology SA (GRNET SA) is bound by the European Regulation 2016/679 of the European Parliament and the European Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Regulation on Data Protection – GDPR), as well as by any legislation and/or regulation implementing or created pursuant to the GDPR and the e-Privacy legislation, or which amends, replaces, re-enacts or consolidates any of them, and all other national applicable laws relating to processing of personal data and privacy that may exist under applicable law. The criteria as well as the terms and conditions under which GRNET SA collects, processes, uses, stores and transmits the personal data of the applicants regarding HPC Access are laid down in the present Privacy Statement. For the purpose of this statement, “personal data”, “data controller”, “data processor”, “third party”, “supervisory authority”, “processing”, “data subject”, shall have the meanings set out in the applicable Data Protection Legislation.

Purpose(s) of the processing operation:

The purpose(s) of processing the personal data is to: Provide HPC service, for evaluation purposes, collect service statistics/quality of service, reporting and for audit reasons,

Categories of data processed:

GRNET holds and processes the following personal data of the Students, Professors, Researchers.

Lawfulness of the processing operation:

The current processing operation is necessary for the performance of a contract, according to Art. 6 para 1 (b) GDPR, within the scope of the “Application for HPC access”.

Access to the collected data:

HPC administrators.

Recipients of the collected data:

The personal data collected during this processing operation is likely to be communicated with external reviewers for evaluation purposes and for fulfilling our commitments and obligations contained in contracts or other agreements.
Your personal data may also be shared with government authorities and/or law enforcement officials if required for the purposes above, if mandated by law or if required for the legal protection of the data controller(s) legitimate interests in compliance with applicable laws. We do not transfer personal data outside of the EU/EEA.

Data Subjects’ Rights:

Once data subjects have provided their personal data, several rights are recognized, which might be exercised in principle exercise free of charge, subject to statutory exceptions. In particular, you have the following rights:

  • Right to access, review, and rectify your data: you have the right to access, review, and rectify your personal data. You may be entitled to ask us for a copy of your information, to review or correct it if you wish to review or rectify any information like your name, email address, passwords and/or any other preferences, you can easily do so by [add details on how this can be done in practice]. You may also request a copy of the personal data processed as described herein by sending an email to You can access and review this information and, if necessary, ask to rectify your information.
  • Right to erasure: you have the right to erasure of all the personal data processed by as described herein in case it is no longer needed for the purposes for which the personal data was initially collected or processed, in accordance with the Data Protection Legislation.
  • Right to object or restriction of processing: under certain circumstances described in the Data Protection Legislation, you may ask for a restriction of processing or object to the processing of your personal data.
  • Right to data portability: you have the right to receive the Personal Data processed in a format which is structured, commonly used and machine-readable and to transmit this data to another service provider.

These rights may be limited, for example if fulfilling your request would reveal personal data about another person, or if you ask us to delete information which we are required by law to keep or have compelling legitimate interests in keeping.
To exercise any of these rights, you can get in touch with us using the details set out below.

Storage of the collected data:

The databases and backups of these databases are located in locked facilities and only previously selected individuals have access to these data.

Retention Period of the collected data:

The collected personal data will be kept no longer than is necessary for the service provision, statistics and audit, up to 10 years.

Security Measures:

Appropriate technical and organisational measures are implemented in order to ensure an appropriate level of security of the applicants’ personal data, including (but without limitation): The data is collected into databases that are protected by firewalls, passwords and other technical measures. The databases and backups of these databases are located in locked facilities and only previously selected individuals have access to these data.


In case of any violation referring to personal data issues, you may contact the Department in charge of the processing operation at the email address mentioned herein above. You may also contact the Data Protection Officer of GRNET S.A, Dr. Dimitris Nikitopoulos, at the email address:

Recourses/ Complaints:

Should your request be not satisfied either by the data controller or its DPO, you may file a complaint/ recourse with the Competent Supervisory Authority, the Hellenic Data Protection Authority .