The Hellenic Mediterranean University adheres to the General Data Protection Regulation (2016/679), as well as to national legislation on privacy protection with regards to data processing, and thus establishes a private policy that presents to any interested or involved parties the university’s fundamental principles.
This Policy, along with all the procedures it entails, was based on the following cornerstones:
- Personal data are sole property of each individual and must be protected from wrongful or unauthorized processes.
- Privacy is a fundamental right of every individual and under no circumstances it should be violated.
- The methodology for digital and/or hard copy data protection is primarily to secure controlled access and to maintain proper infrastructure operation.
- In all cases, privacy, integrity, data access and authenticity ought to be safeguarded.
The HMU selects procedures and security methods as part of the broader strategic plan on the basis of the following key points:
- identifying data and their flow;
- assessing practices and actions according to legal requirements;
- implementing risk-assessment study from data processing (DPIA) to calculate their ultimate impact to individuals, when necessary;
- defining a plan of actions based on the results of the aforementioned analysis.
Therefore, in order to secure compliance with legislation and principles, the HMU employs standard procedures, mechanisms, and measures:
- physical access control policy in the university premises, specifically in areas of private data process and/or storage: classified employee access, guest escort, access logs, etc;
- logical access control policy, i.e. distribution of roles and corresponding assignment of access rights, user accounts, information systems security policy;
- active and passive fire protection measures;
- division of responsibilities, i.e. job descriptions, segregation of duties, operational analysis;
- personnel selection and evaluation, i.e. qualification criteria and recommendations, non-disclosure agreements;
- information systems security measures, i.e. firewall customized policies, traffic control, traffic logs, antivirus for servers & client computers, UPS systems, computer locking, access control, etc;
- systematic inspection, i.e. internal and external investigations, certification bodies, ongoing internal monitoring for compliance with control measures;
- surveillance of premises, i.e. security alarm, rapid-response team and patrol services, motion and smoke detectors;
- supplier collaboration management, i.e. procedures and criteria for selection, evaluation, monitoring, and forming binding non-disclosure agreements.
The HMU has appointed Advanced Quality Services Ltd (AQS) as Data Protection Officer (DPO), under the supervision of Themistokli Sioro. Should you wish to contact the university’s DPO, please send an email dpo@hmu.gr.
- Health and Safety Policy
The HMU provides all necessary tools and supplies for facilities maintenance, to ensure a safe and healthy working environment.
The HMU is obligated to:
- regulate security and risk control measures in using, storing and transferring materials and substances;
- offer information, instructions, education, and guidance for the protection of health and safety in the working environment of staff and faculty members, students, and guests;
- preserve safety in all workspaces under its jurisdiction, as well as access and exit, and eliminate health risks;
- provide and maintain a safe working environment, adequately equipped to guarantee proper conditions for all employees and students;
- supply employees and students with essential protective gear for occupational health and safety reasons;
- encourage staff and faculty members to set high standards of health and safety and to exemplify them by means of their conduct, which ultimately sets a paradigm that students can follow in relation to health and safety practices;
- review and revise Health and Safety Guidelines and publicize revisions.
Legislation and approved codes of conduct often define the minimum standards for occupational health and safety. However, the HMU acknowledges that these standards should be maintained and improved in consult with the safety technician and the occupational physician and academic units are encouraged to collaborate with these professionals in implementing and improving on health and safety measures.
Occupational health
“Workplace Health Promotion (WHP) is the combined efforts of employers, employees and society to improve the health and well-being of people at work.” (abstract from The Luxembourg Declaration on Workplace Health Promotion in the European Union)
Workplace Health Promotion exceeds mere compliance with legal requirements on health and safety. It requires employers to take actions on improving their employees’ general health and well-being. It is also important to encourage employees to participate in the decision-making process by stating their needs and views on matters relating to the workplace.
By improving employees’ health and well-being, Workplace Health Promotion brings many positive results, such as less resignations and sick leaves, increase of motivation and productivity, as well as improved working relationships between employer and employee.
Occupational physician
The occupational physician’s qualifications and duties are fully described in law 3850/10 and relevant Presidential Decrees; primary responsibilities are consulting services to the employer and supervision of the employees’ health.
More specifically, the occupational physician offers recommendations and advice to employer, employees and their representatives, in oral or written form, on measures to protect physical and mental health. Written recommendations are logged in a special registry, as per article 6 of the same law, and the employer is given notice of all logged recommendations.