Contact

Privacy Policy

Effective date: 20/03/2026

1. INTRODUCTION

This Policy describes and explains how the personal data of visitors and registered users of the website www.larissa.gov.gr (hereinafter referred to as the “Website” or “www.larissa.gov.gr”) is collected and used.

Individuals visiting www.larissa. gov.gr may browse the Website and use its services and content either as simple visitors or as registered users, and this Policy applies to the processing of their personal data based on such access.

Please read our Policy carefully to clearly understand how we collect, use, protect, or otherwise process your personal data.

2. CONTACT INFORMATION FOR THE DATA CONTROLLER - MUNICIPALITY

The Municipality of Larissa (hereinafter referred to as the “Municipality”) is the Data Controller for the purposes of the General Data Protection Regulation 2016/679 (hereinafter referred to as the “GDPR”). Where the terms “Municipality,” “us,” “our,” or “we” appear, they refer exclusively to the Municipality.

For any information regarding your data, as well as its processing and protection, you may contact the Municipality using the contact details below:

Data Controller: Municipality of Larissa

Address: 1 Ionos Dragoumi Street, 41222 Larissa

Tax ID: 997844860 (Larissa Tax Office)

Phone: +30 2413 500 200

Email: protokolo@larissa.gov.gr

Data Protection Officer (DPO): dpo@larissa.gov.gr

This Policy applies exclusively to the processing of data carried out by the Municipality of Larissa through the website www.larissa.gov.gr and the services it manages. For services that redirect to gov.gr or third-party providers, only the respective privacy policies of those websites/platforms apply.

3. DATA SOURCES AND CATEGORIES BY SERVICE AND USER CATEGORY

The Municipality collects personal data from various sources and for various purposes, depending on the user category and the service being used. Specifically:

3.1. Regular Website Visitor (Without creating an account)

  1. Directly from you: We collect personal data directly from you, such as your name, phone number, email address, and any information you include in a message when you visit the Website, request information, or submit a request when you register for an event or activity.
  2. Through automated means via the use of the Website: when you visit the Municipality’s Website, we may collect data from you based on your browsing activity and your use of our services. This data may include search history, IP address, screen resolution, browser used, operating system and settings, access times, and referring URLs, as well as data collected via cookies. (See: Cookie Policy).

3.2. Registered User

  1. Directly from you when you:
    a) Create an account on the Municipality’s e-services platform: full name, father’s name, email, phone number, address, password.
    b) Submitting an application (administrative services) such as for the issuance of municipal registry or civil registry certificates through Municipal services or KEP: full name, father’s name, Tax Identification Number (AFM), Social Security Number (AMKA), date of birth, copy of ID card or passport.
    c) Application for social welfare (e.g., KAPI, “Help at Home” program): full name, marital status, income, as well as health data where legally required.
    d) Registration for sports programs (participation in sports programs via the e-services platform): full name, date of birth, email, phone number.
    e) Participation in e-learning programs (Education and Lifelong Learning programs via the corresponding digital platform) (such as personal information, identification data, contact information, educational/professional information, billing/invoicing data)
  2. Through automated means via the use of the application: when you visit the Municipality’s Website, we may collect data from you based on your browsing activity and your use of our services. This data may include search history, IP address, screen resolution, browser used, operating system and settings, access times, and referring URL, as well as data collected via cookies (See: Cookie Policy)
  3. Through a third-party provider (Novoville) when you submit a request or complaint (location, photo, and description of the issue).

Please note that for services provided through the gov.gr system that require login with TaxisNet credentials, login data is not collected by the Independent Authority for Public Revenue (AADE) via interoperability, and the Municipality does not process such data.

3.3. Business

The following categories apply to sole proprietorships or legal representatives of legal entities conducting business within the municipality. The data is collected:

  1. Directly from the applicant
    a) Application for a business license through the relevant municipal department: The following information is collected: business name, Tax Identification Number (TIN), Tax Office, Limited Liability Company Registration Number (LLC RN), details of the legal representative, registered office, and business activity.
    b) Zoning permits: Collected: property details, architectural plans, technical and other supporting documents.
    c) Permits for the use of public spaces: Collected: business name, Tax Identification Number (TIN), contact information, location details.
    d) Contact form / Submission of requests: The following are collected: representative’s name, email, phone number, and description of the request.
  2. Via an external system (gov.gr — NotifyBusiness)

Data is collected from the systems of the Independent Authority for Public Revenue (AADE) or the General Commercial Registry (GEMI) via the gov.gr platform, without any processing by the Municipality.

4. SPECIAL CATEGORIES OF DATA

As a general rule, the Municipality does not process special categories of data (health data, biometric data, criminal conviction data, etc.) through the Website. Exceptions:

  • For social welfare services (KAPI, Home Care), health data may be requested only when specifically provided for by law. The processing of such data will be carried out pursuant to Article 9(2)(g) of the GDPR (processing is necessary for reasons of substantial public interest, based on Union or Member State law).
  • For the assessment of specific eligibility requirements or exemptions: proof may be requested without storage or further processing.

In any case, health data is collected only to the extent required by law and with the data subject’s full consent.

5. PURPOSES OF PROCESSING AND LEGAL BASES

Data CategoryPurpose of ProcessingLegal Basis
Identification and contact information, technical documentsProvision of municipal services (urban planning, municipal registry, licensing, etc.)Performance of a public duty (Article 6(1)(e) of the General Data Protection Regulation)
Identification and contact information, income, health data (in exceptional cases)Provision of social servicesPublic interest / Health (Art. 6(1)(e), 9(2)(g) of the GDPR)
Identification and contact informationUser Registration/Create an AccountPerformance of a contract / Performance of a public task (Art. 6(1)(b), 6(1)(e) of the General Data Protection Regulation),
Identification data, contact information, educational dataRegistration and participation in educational programsPerformance of a public duty (Article 6(1)(e) of the General Data Protection Regulation)
Identification and contact information, ageRegistration for sports teamsPerformance of a contract (Article 6(1)(b) of the GDPR)
Company details, legal representativeBusiness Licensing (Retail Establishments, Public Spaces)Legal obligation (Article 6(1)(c) of the GDPR)
Identification and contact information, Tax ID number, tax office, business nameΈκδοση φορολογικών παραστατικώνLegal obligation (Article 6(1)(c) of the GDPR)
Name, phone number, email, subjectDigital appointment (myDIMOSlive)Performance of a public duty (Article 6(1)(e) of the General Data Protection Regulation)
Location, photos, contact informationReport a problem (Novoville)Consent (Article 6(1)(a) of the GDPR)
Email, full nameUpdates (newsletter, announcements)Consent (Article 6(1)(a) of the GDPR)

6. RECIPIENTS OF PERSONAL DATA

With regard to the data necessary to fulfill each of the above processing purposes and within the scope of each recipient’s responsibilities, the recipients of the user’s data may include:

  1. The relevant municipal employees in the course of their duties.
  2. The provider of the Moodle educational platform
  3. Public authorities, such as, for example, tax authorities, judicial, public, and independent authorities, and law enforcement agencies, provided that this is strictly necessary to protect the Municipality’s legal rights or fulfill its obligations.
  4. To the extent that this is necessary to fulfill our contractual obligations, provide you with better service, and meet your requests, your data may be shared with partner providers, such as companies providing legal, consulting, and auditing services, IT companies, companies that provide internet services, or other services necessary for the operation of the website and the provision of the Municipality’s services (e.g., Novoville).
  5. To the extent that this is necessary to fulfill our contractual obligations and to better serve you, your personal data may be transferred to service providers or other partners who act as data processors and are involved, for example, sending messages and updates via email and multimedia.

It should be noted that when recording, accessing, and/or processing the user’s personal data, the Municipality’s employees and agents fully comply with the provisions of the European General Data Protection Regulation 2016/ 679 on Data Protection, as well as with applicable Greek legislation and case law regarding the protection of personal data. The Municipality requires its employees, website maintainers, and third-party partners to take all necessary technical and organizational measures (including appropriate policies and procedures) to prevent the disclosure of the personal data of its visitors/registered users-customers that they process and handle, and to implement procedures for managing and processing personal data in a lawful manner and protect them in accordance with the GDPR.

Important: The data you enter directly on gov.gr (e.g., using your TaxisNet credentials) is processed exclusively by gov.gr/AADE. The Municipality of Larissa receives only the verification result (pass/fail) or the issued document, not the TaxisNet credentials.

7. DATA RETENTION PERIODS BY CATEGORY

Data is retained only for as long as is necessary for the purpose of processing or to comply with a legal obligation.

  • Account registration data for eServices are retained for as long as the account remains active and for an additional three (3) years after its deactivation, in the context of the performance of public duties.
  • Municipal registry and civil registry applications are retained for twenty (20) years, in accordance with the Municipality’s record-keeping obligations and the relevant legal obligation arising from the Municipal Code.
  • Data related to social services (such as KAPI and “Help at Home”) are retained for five (5) years after the service has ended, in accordance with applicable social policy provisions and regulations.
  • Educational data collected as part of e-learning programs are retained for the entire duration of the program and in accordance with the relevant Privacy Policy available at e-learning.larissa.gov.gr, for purposes of certification and serving the public interest.
  • Data regarding participation in sports programs are retained for the duration of participation and for an additional two (2) years, in accordance with the relevant contract.
  • Business licensing information is retained in accordance with the legal obligation set forth in the Tax Code.
  • Tax documents are retained for ten (10) years, as required by tax legislation.
  • Data submitted via a digital appointment request (myDIMOSlive) is retained for three (3) months after the request is completed.

In addition, the data will be retained for as long as necessary until the relevant claims become time-barred and, in any case, for as long as required by the applicable legal and regulatory framework and approved codes of conduct. Specifically, we will retain personal data:

  • to the extent required by applicable law,
  • in order to comply with legal proceedings,
  • to establish, exercise, or defend our legal rights, those of the platform’s users, and those of the public.

However, certain necessary personal data related to registration and the contractual relationship with the website and the services provided, as well as the notification or lawful obtaining of consent (if required) for the processing of your data, may be retained as user information to ensure proof of the lawfulness of the processing of your data by the Municipality and to safeguard the legal claims of the parties.

In any case, the data is retained until any related claims become time-barred or for as long as expressly provided for by the applicable legal framework.

8. COOKIES AND SIMILAR TECHNOLOGIES

This website uses cookies or similar technologies. For more information, please visit our Cookie Policy.

9. SOCIAL MEDIA (social media share button)

The Municipality of Larissa maintains official social media accounts, specifically on Facebook and YouTube. On the platform, the Municipality incorporates social media share buttons for Facebook and YouTube, encouraging website visitors to follow it on those platforms (Follow/Like) as well as to post and comment. When you are redirected to the respective social media platform, we may collect certain data from you (such as your profile data on that platform).

Based on the case law of the European Court of Justice, the Municipality is considered a joint controller of your data together with the social media platform. In this context, the Municipality declares that it complies with its obligations regarding the protection of personal data by taking appropriate technical and organizational measures to ensure the secure processing of data (see below under ¶9)

The purpose of processing this data is to showcase and promote the Municipality’s image and services, to provide updates, or to communicate with you by responding to the messages/comments you send us.

The legal basis for the processing is your consent, which you provide by actively clicking the “like” or “follow” button on the Municipality’s social media accounts. You may withdraw your consent at any time in the same manner in which you provided it, i.e., by

10. TECHNICAL AND ORGANIZATIONAL SECURITY MEASURES

The Municipality, its employees, agents, contractors, and representatives undertake to implement appropriate technical and organizational measures to ensure, to the greatest extent possible, the most appropriate protection of personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access to such data, and any unlawful processing, as well as to ensure the ability to restore the availability of and access to such data. These measures also serve to demonstrate that the processing is carried out in accordance with the GDPR, taking into account the nature, scope, context, and purposes of the processing, as well as the risks of varying likelihood and severity to the rights and freedoms of natural persons, by implementing appropriate procedures for the regular monitoring, assessment, and evaluation of the effectiveness of technical and organizational measures.

For example, the Municipality implements appropriate technical and organizational measures to protect data, such as:

  • Communication encryption: secure HTTPS (SSL/TLS) connection on all pages.
  • Controlled access: role-based access control for each employee.
  • Regular backups with secure storage.
  • Regular software security updates.
  • Audit logging of critical actions for audit and transparency purposes.
  • Data breach incident response plan.

11. YOUR RIGHTS

Under the GDPR (Articles 12–22), you have the following rights:

  1. Request a copy of your personal data.
  2. Withdraw your consent when it is the legal basis for the processing of your personal data.
  3. Request that your personal data be corrected if it is inaccurate.
  4. Request the erasure of the personal data you have provided, in accordance with the conditions set forth by law.
  5. Request the restriction of processing, under the conditions set forth by law.
  6. Request the portability of your personal data, provided that you have provided the data yourself, the processing is based on consent or the performance of a contract, and the processing is carried out by automated means.
  7. To object to any form of processing of your personal data by the Municipality.

The Municipality will grant any request you submit in accordance with the conditions set forth by law. The ability to exercise a right granted to you by law does not always mean that your request will be fully granted, especially when there are other legal provisions that restrict it. If we are unable to fulfill your request, we will inform you of the reasons.

Any request regarding personal data and the exercise of your rights must be submitted in writing to the Municipality of Larissa and the Data Protection Officer (DPO):

Data Protection Officer for the Municipality:

  • Email: dpo@larissa.gov.gr
  • Mailing Address: Municipality of Larissa, Attn: DPO, 1 Ionos Dragoumi Street, 41222 Larissa

Once the validity of your request has been verified, we will respond to it within thirty (30) days of receipt. In the event that an extension of the above deadline is required to investigate and/or process your request, we will notify you accordingly, explaining the reasons why the extension is necessary.

In any case, if you feel that the protection of your personal data has been violated in any way, you have the right to file a complaint with the Personal Data Protection Authority regarding issues related to the processing of your personal data. For information on the Authority’s jurisdiction and how to file a complaint, please visit its website, where detailed information is available.

12. MINORS

The Website is not intended for minors under the age of 18 for services that require registration. If it is determined that a minor has submitted personal data without parental consent, such data will be deleted immediately upon notification.

13. CHANGES TO THE POLICY

The Municipality may amend this Policy. Any amendments will be posted on the Website, with the date of publication updated accordingly. In the event of material changes, the Municipality will notify registered users via email or through an announcement on the Website.

Search