The present data protection policy clarifies in a layered manner the processing of personal information of visitors of the CREST website. The data processing on the CREST website is pursuant to Regulation (EU) 2016/679 (General Data Protection Regulation) and in accordance with Greek Law 4624/2019 for the protection of personal data, applicable to Center for Security Studies – KEMEA, which is headquartered in Athens, Greece (EU Member State. For further information, please check Section 2 of the present data protection policy.

Personal data, as defined in Article 4(1) General Data Protection Regulation (GDPR) include any information relating to an identified or identifiable living natural person. Personal data can be your first name, last name, e-mail address, email format and IP address. Hereinafter, by using the terms “we” and “our”; we refer to the data controller, as member of the CREST consortium. Hereinafter, by using the terms “you” and “your”, we refer to the CREST website visitor.

1. General information: What is CREST?

CREST is a research project that has received funding from the European Union’s Horizon 2020 – Research and Innovation Framework Programme, H2020-SU-SEC-2018, under grant agreement no. 833464. The project started on 1 September 2019 and ends on 31 August 2022. The CREST consortium consists of 23 partners from Law Enforcement Agencies (LEAs), academia, civil organization, and business. The present website is part of the dissemination and communication activities undertaken by the CREST consortium within the aim to successfully communicate its research output on a rather innovative topic to a wider public and facilitate the creation of synergies with interested stakeholders.

2. Contact information of the data controller and of the Data Protection Officer

KEMEA – Center for Security Studies 4, P. Kanellopoulou str., GR-10177 Greece (hereinafter referred to as “KEMEA”)
E-Mail: dpo <at> kemea-research <dot> gr
Telephone: +30 2107710805
Fax: +30 210 7710805KEMEA’s Data Protection Officer may be reached at the above-mentioned address, in case you have any question about the processing of your data when using the CREST website or your rights as data subject.

3. Data processing

a) When visiting the CREST website

The CREST website is owned by the CREST Consortium and managed by the Center for Security Studies. This Website can provide all (hereafter referred to as ‘users’/‘visitors’) with information, participation, content delivery or content collection services regarding the project CREST, under the terms of use included in this document. Website is the sole responsibility of the Parties of the Consortium and cannot be considered to reflect the views of the European Commission. The use / visit of this website and / or its services is provided under the unconditional acceptance of the terms of use described herein. Navigating through this website, staying on this website, creating links to it (URL) or to its files / services, archiving / bookmarking it, constitute acceptance of its terms of use.

The use of the Website must be conducted solely under legitimate purposes and in a manner that does not restrict or impede its use by third parties. The user / visitor of this Website is obligated to use it in accordance with the law and the present terms of use. The user / visitor of the Website shall not commit any acts or omissions that may cause damage or malfunction and may adversely affect or endanger the provision of services provided through the Website to citizens.

The content of the Website, including (indicatively and not exhaustively) texts, graphics, images, videos, sounds, services, etc. (hereafter referred to as ‘Content’) is legally protected under Intellectual Property Rights Law and we reserve all rights of use and ownership of the Content, all copies created based on it, as well as all intellectual property rights and all other property rights pertaining to it.

We use all endeavours to ensure that the information and content that appears on the Website is as accurate, true and up to date as possible. It also provides the content (e.g. information, names, photographs, pictures, images, data, etc.) and the services made available through the Website ‘AS IS’. Under no circumstances, can we be held liable for any legal claims, civil or criminal or damages of any kind (direct loss, special damage or indirect loss ) to the user / visitor of this website.

The Website may contain links to third party websites for the sole purpose of providing information to the user / visitor. The referral to links belonging to third-party websites does not constitute an endorsement of their views and actions or the acceptance of the content they express, publish or post. Third-parties -owners of the websites/responsible under the law- are solely responsible for the content of their websites or for any damage that may result from their We make all efforts to ensure the proper function of  our network but we do not guarantee that our server operations will be uninterrupted or error-free, free from viruses, malicious software or other similar elements.

The terms and conditions of use of this website, as well as any amendment thereof, are governed by and supplemented by national and European law and the applicable international treaties. Any provision of these terms which is found to be against the above legal framework or is rendered invalid ceases to be valid and enforceable and shall be withdrawn from the present terms, without in any way undermining the validity of the remaining terms.

The terms and conditions of use of this Website constitute the overall agreement between the Consortium and the users / visitors of its webpages and services and bind solely them. No modification of the terms of use is taken into account and is part of this agreement, unless it is expressed in writing and is incorporated in the present Terms of Use. Unless otherwise stated on this Website, the above terms of use are immediately applicable in their entirety. We unilaterally reserve the right to modify, add, alter the content or services of the Website and its terms of use, whenever it deems necessary, without prior notice, through this website, always within the legal framework in force.

The website  is uploaded on Plesk. Plesk is a privately-owned corporation headquartered in Schaffhausen, Switzerland, a country which has an adequacy decision by European Commission for protection of personal data.  You can read the privacy policy of Plesk here.

You may access the website without having to disclose any data about your person. Nevertheless, the installed browser on your device sends automatically information to the server of the CREST website, including information about your browser type and version, as well as the date and time of access, so as to establish a connection and permit your access to the website.

Moreover, we use cookies and analytics services. For more information, please refer to Sections 4. Google Analytics and 5. Cookies. The purpose for implementing all of the above is to maintain and monitor the performance of the CREST website and to optimize our services, as well as to receive aggregate data that we can use in our dissemination reports for the European Commission. The legal basis we rely on to process your personal data is again article 6(1)(f) of the GDPR, which allows us to process personal data when necessary for the purposes of our legitimate interests. In that case, our legitimate interest is to provide a high level of security and ensure, to the extent possible, undisrupted availability of the CREST website, as well as to communicate to the European Commission the efforts we are making to disseminate our research output by providing relevant anonymous statistical data about web visits. We also use social media buttons. For more information, please refer to Section 6. Social media plug-ins.

b) When filing a question via our contact form

We offer the possibility to our website visitors to contact us or register an enquiry by submitting an online form through our website. Submitted queries through the form will be sent to the mailbox of the employees in charge of taking care of your requests and will be stored in their email provider servers. Please notice that your data will be stored for as long as necessary for the fulfillment of the purposes specified (reply to your inquiry) and any statutory requirements.

Our contact form requires the minimum information needed in order to be able to respond back to your request. When registering, you need to enter the following mandatory data, marked as such (e.g. with *). These include:

  • First name and surname, and
  • Email address

The data processing takes place exclusively at your request and in line with article 6(1)(a) of the GDPR. The submitted message, your full name/nickname and email address are processed based on your informed consent. You may withdraw your consent at any time with future effect, by sending an informal email to the email address mentioned in Section 2 of the present policy, requesting the removal of your data. For the use of the Google reCAPTCHA tool, please see Section 7.

4. Google Analytics

The CREST website uses Google Analytics. Google Analytics is a free web analytics service offered by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (Google). Its purpose is to monitor, keep record of website traffic and report website usage statistics. You can read in detail how Google processes your data when you use sites or apps, which employ Google Analytics tools here. When you visit the CREST website, your web browser automatically sends certain information to Google. This includes the URL of the page you are visiting and your IP address. On behalf of the CREST website operator, Google will use this information to evaluate your use of the website, compile reports about website activities, and provide the website’s operator with further services related to website and Internet usage.

For that reason, Google Analytics uses cookies, i.e. small text files that are placed on your device and stored on your browser and are used to collect data, in that case, about your usage of the website. Google Analytics may set new cookies on your browser or read cookies that are already set there. Information generated by the cookies about your use of this website is transmitted to a Google server in the United States and stored there. The CREST website uses Google Analytics exclusively with the extension “_anonymizeIp()”, which ensures an anonymization of the IP address by shortening it. The IP address sent from your browser is not merged with other data by Google.

If you wish to prevent the storage of cookies and clear already set cookies, you can do so by appropriately changing your browser settings, so as to block third-party cookies. By disabling the storage of some cookies, please note that you might not be able to fully use all functions offered by this or other websites.

Moreover, website visitors can permanently prevent data from being used by Google Analytics, by installing the Google Analytics browser add-on.

5. Use of Cookies

Cookies are data files that are transferred from a web server to the Website visitor’s computer, in order to keep statistics. Cookies are an industry standard used by most websites to facilitate the user’s repeated access to a website and its use through the personalisation of the service provided as they can store the personal choices of the user. Cookies are not harmful to the user’s computer system or its files, and apart from the user himself, only the website from which a particular cookie has been transferred to his or her computer can read, modify it or delete it. If the user / visitor does not wish his or her information to be collected through cookies, he or she can use the settings available to most web browsers with which they can delete existing cookies and choose to either automatically reject future cookies or to decide on the rejection or acceptance of every particular cookie of the Website to their computer. It should be noted, however, that discarding cookies may result in making it more difficult or impossible to use certain parts of the Website, and / or that there is a change in its intended appearance and operation, as a permanent connection will be required.

This Website uses cookies to facilitate user / visitor access to the use of specific services and / or webpages for statistical purposes and to determine the areas that are useful or popular.

The user / visitor of this Website may set up his/her web browser in such a way that it either warns him/her for the use of ‘cookies’ regarding certain services or it prohibits the acceptance of “cookies” in any case. In case that the user / visitor of these services and pages does not wish to use ‘cookies’ for his or her recognition, he or she may have limited access to some of the services, uses or functions provided by this Website.

6.Social media plug-ins

We use social media to present and communicate our work through widely used communications channels and maximize the impact of our research activities. Thus, on certain webpages of the CREST website, we use social media plug-ins (the so-called social media buttons) to enable this interaction. These plug-ins are small buttons, which can be recognized by bringing a social media logo, for instance the Facebook or Twitter logo. The function of these buttons is to allow you share the contents of the CREST website in your profile on social networks, to access via links the CREST accounts in other social platforms, or to watch an embedded (or not) YouTube video of CREST activities. As of now, the CREST consortium is active on three social networks: Twitter, LinkedIn and YouTube.

Each social media platform has their own data protection policy when accessing their websites. For example, if you choose to read our news on Twitter, you will be asked for explicit consent to accept Twitter cookies, and the same applies for all the other platforms. Moreover, if you do not wish the social media platforms to track data collected about you via our website back to your personal accounts, then please log out of your social media accounts before visiting our website. Specifically, we use the following social media plug-ins:

a.  Twitter International Company: share/link button

Information is partly transferred to the parent company Twitter Inc. 1355 Market St, Suite 900, San Francisco, CA 94103 (“Twitter”), which is covered by the EU-USA Privacy Shield Framework. For more information on data protection with Twitter, please refer to the Twitter privacy statement.

b. LinkedIn: share/link button

Information is partly transferred to the parent company LinkedIn Corporation LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA (“LinkedIn”), which is covered by the EU-USA Privacy Shield Framework. For more information on data protection with LinkedIn, please refer to the LinkedIn privacy statement.

c. YouTube: link button for YouTube

Information is partly transferred to the parent company Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”), which is covered by the EU-USA Privacy Shield Framework. For more information on data protection with LinkedIn, please refer to the privacy policy of Google. At the moment, there are no embedded videos on the CREST website. If, in the future, there will be such embedded videos, we will be using the “extended data protection mode”, provided by YouTube. In so doing, access to the CREST website visitors´ personal data by solely loading a webpage containing an embedded YouTube video from the CREST official YouTube account is prevented.

7. Google reCAPTCHA

reCAPTCHA is a free service provided by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (Google). This tool, which may have different forms, helps protect websites from spam, malicious behavior and abuse, by checking whether the data entered on the website (for instance, via a contact form) is being entered by a human or by a bot, i.e. an automated program. This determination occurs based on the monitoring and analysis of the behavior of the website visitor. The collected data, which include user and browser information, such as cookies placed by Google, the number of clicks you have made on that screen and installed browser plug-ins, are forwarded to Google and stored in servers in USA. Data processing for the version of reCAPTCHA used by our website (reCAPTCHA v2 – “I am not a robot” sign and ticking box) is based on Art. 6 (1) (f) GDPR. This means that it is our legitimate interest to protect our website from abuse, malicious attacks and spam. For more information, about Google reCAPTCHA, please refer to the privacy policy of Google and its guidelines on the service.

8. Privacy Policy – Protection of Personal Data – Terms of Use

As we respect the private and confidential nature of a person’s personal information, we are committed to protecting your personal data. This section explains the procedure through which  KEMEA acting as Data Controller collects, transfers, processes, uses and discloses user / visitor data and sets its security practices as well as information regarding the actions which a user / visitor of the Website must take if he or she does not wish his or her personal information to be further collected or processed while visiting the Website.

By providing personal information, you agree and consent to their collection, transfer, processing, use and disclosure as described in this Privacy Policy Statement, in accordance with the Law.

These privacy terms may be reviewed and updated at any time and without further notice. The user / visitor is kindly requested to check these terms regularly in order to keep track of any changes, as the continuous use of the website implies full acceptance of any possible modifications.

Data collected/processed

Information sent by the user / visitor himself/herself

When you use the Website, we collect the following information sent by the user / visitor himself/herself:

  • Information, messages and files sent directly to our e-mail address (
  • The forms that you fill and submit (e.g. application for subscription to newsletter, etc.).

The information provided by you may include your name, e-mail address and / or other contact details, expertise or title, area residence, etc.

We shall contain such data in hardcopy and electronic files and / or databases in full compliance with data protection legislation, including security and confidentiality requirements based on the principles of good practice, proportionality and transparency regarding processing.

We may collect information submitted you via posts or when communicating with us, via other webpages that the we use on third party platforms, such as Google Forms, Twitter, LinkedIn, etc.

Statistical browsing information

In some cases, technical information that is not personally identifiable may be automatically (e.g. not through registration) aggregated when the user / visitor visits or makes use of the Website. Examples of this kind of information that can be collected are the type of Internet Browser used by the user / visitor, the type of operating system of the computer used by the user / visitor to visit the Website, the IP used for this access and the URL used by the user / visitor to connect to the Website.

Data recipients for:

            • Elements that the we are obligated or entitled by law, contract, judgement and regulatory decision to notify may be: public and independent administrative authorities, judicial authorities and public officials.

We shall not disclose, assign, exchange, grant or otherwise dispose, without the consent of the user / visitor, to third parties, natural or legal persons, personal data other than the cases mentioned above within the scope of national laws provisions.

Rights regarding personal data

You have the right to request information from the Website Manager on how we use your information and request the deletion of information you may have sent to us. You may at any time request the deletion of individual information or the total amount of information concerning them.

In particular, you are entitled to:

  • request access to personal data stored by the Consortium for him/her;
  • request the correction and / or deletion of his or her personal data;
  • request that the processing of his or her personal data is restricted/limited or to disagree with such processing;
  • withdraw your consent to the processing of his or her personal data (in cases where we process your personal data on the basis of your consent);
  • submit a complaint before the competent Data Protection Authority in case of violation of your rights, or in the event of an unauthorized processing your personal data.

In order to exercise your rights, you may contact us at the following e-mail address:

In order to be exact, the following list presents the articles that state your rights as a Data subject:

  • pursuant to Article 7(3) GDPR, to withdraw your consent at any time and without any consequences for you. This means that in future we may no longer continue to process the data as based on this consent;
  • pursuant to Article 15 GDPR, to obtain information about whether your personal data are processed by us and where that is the case, access to those personal data. In particular, you may obtain information about the purpose of processing, the category of the personal data, the categories of recipients, to whom your data has been or is disclosed to, the storage period planned, the existence of a right to request from the controller rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint and the source of your data if it has not been collected by us. Pursuant to Article 12, we must provide any communication relating to the processing to the data subject in a concise, transparent, intelligible and easily accessible form, using clear and plain language.
  • pursuant to Article 16 GDPR, to obtain the rectification of inaccurate personal data without undue delay or the completion of your personal data stored with us;
  • pursuant to Article 17 GDPR, to obtain the erasure of your personal data stored with us unless processing is necessary to exercise the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or to establish, exercise or defend legal claims;
  • pursuant to Article 18 GDPR, to obtain the restriction of the processing of your personal data;
  • pursuant to Article 20 GDPR, to receive your personal data, in a structured, commonly used and machine-readable format or to obtain the transmission to another data controller (right to data portability);
  • pursuant to Article 21 GDPR, to object, on grounds relating from your particular situation, at any time to processing of your personal data, which is based on data processing for the purposes of legitimate interests. If you file an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or unless processing serves the establishment, exercise or defence of legal claims.
  • pursuant to Article 77 GDPR, to lodge a complaint with a national supervisory authority. You can contact the supervisory authority of your habitual residence or workplace or our company headquarters. In the latter case, you can file a complaint with the Hellenic Data Protection Authority (   

If you wish to exercise any of your rights, please see 2. Contact information of the data controller and the Data Protection Officer.

9. Data retention

Your personal data is retained only for as long it is necessary for the above purposes, as described in detail, or for as long it may be required by a legal obligation. In any case, they will not be retained more than 5 years after the end of the project.

10. Data security

All your personal data are transferred in an encoded manner using the widely used and secure TLS (Transport Layer Security) encryption standard. You will recognise a secure TLS connection by the additional “s” after “http” (i.e., https://..) in the address bar of your browser or from the lock icon. Moreover, we use suitable technical and organizational measures, which are being continuously enhanced, to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties.

11. Amendments to this Data Protection Policy

This data protection policy is effective as of November 2019.

We keep our Data Protection Policy under regular review to make sure it is up to date and precise. Thus, it may become necessary to change it due to the potential addition of new features to the CREST website or due to further legal requirements. You can have access to the latest data protection information on the CREST website at “permanent link of data protection policy”.