PRIVACY POLICY
INFORMATION REGARDING THE PROCESSING OF PERSONAL DATA DURING THE OPERATION AND USE OF THE SPECIAL ELECTRONIC APPLICATION MyCoast app
Purpose of this Information Notice
1.1. The General Directorate of Public Property and Charitable Property of the General Secretariat of Public Property of the Ministry of Economy and Finance acts in the capacity of Data Controller for the personal data processed during the operation of the special electronic application MyCoast app.
1.2. The MyCoast app allows its users to electronically access diagrams of sections of the shoreline and beach and to submit reports if they observe unauthorized occupation of these areas, excessive use beyond the scope of the permit, or violation of the general terms and restrictions of the permit for simple use under Article 8 of Law 5092/2024.
The user identifies the area of interest by navigating the map within the app, either using GPS or scanning the QR Code of the specific permit. If there is an active permit in the area, it is highlighted on the app’s map with specific markers. By selecting the permit, the following details are displayed:
a) PERMIT code
b) Municipality and location
c) Start and end dates of the PERMIT
d) Purpose and usage of the permit
e) Area of the permit
f) permit registration number on the “DIAVGEIA” site (ADA)
g) Area Polygon of the permit
If the user observes unauthorized occupation of the shoreline or beach, exceeding the permit scope, or a violation of the general terms and restrictions of simple use under Article 8 of Law 5092/2024, they may submit a complaint through the app by selecting the specific permit or map point (if no active permit exists).
Reporting is subject to two limitations:
a) Only one complaint per type can be submitted per day from the same device and for the same permit.
b) Complaints must be submitted from a mobile device located within proximity to the permit area (“On-site Report”).
Personal data processing occurs during the use of the MyCoast app.
1.3. For this reason, and within the context of applicable EU and national legal frameworks for personal data protection—specifically the EU General Data Protection Regulation 2016/679 (GDPR) and Law 4624/2019 (Government Gazette A’ 137/2019)—the Data Controller provides this data protection information to ensure that users (“data subjects”) are properly informed about how their personal data is processed.
1.4. Full contact details of the Data Controller:
General Directorate of Public Property and Charitable Property, General Secretariat of Public Property, Ministry of National Economy and Finance
Postal Address: ————
Email: ————
Phone: ————
Purpose and Legal Basis of Processing
2.1. According to Articles 15 and 16 of Law 5092/2024 (A’ 33), and Joint Ministerial Decision 62566 EX 2024 (B’ 2602), the purpose of personal data processing is to provide a system for electronic reporting for anyone observing unauthorized shoreline/beach occupation or permit violations.
2.2. The processing is necessary to comply with a legal obligation (Art. 6(1)(c) GDPR), and to perform a task carried out in the public interest or in the exercise of official authority (Art. 6(1)(e) GDPR).
Categories of Personal Data Processed
To submit a report via the app, users select the specific permit or map location. To prevent misuse, users must allow the app access to their device’s location to confirm proximity (within 10km) to the report point.
Users then specify the reason for the report, provide a brief description of the issue, and choose whether to submit the report anonymously or with identification. Users must not include any personal data (their own or others’) in the issue description field—such as names, addresses, phone numbers, etc.
For identified reports, users must log in using their Taxisnet credentials. Optionally, they can provide contact details for follow-up by authorities. After successful submission, a unique report ID and date are displayed.
Thus, processed data includes:
Location
(Only for identified reports): Full name and optional contact details
Users can view their report history, including:
a) Unique ID and submission date
b) Complaint reason
c) Issue summary and contact info
d) Municipality and location
e) permit code or complaint location (if no active permit exists)
f) Complaint’s status
Data Transfers – Recipients
All submitted reports are displayed in the subsystem “Registry of Simple Use permits of Shoreline and Beach” to be reviewed by the competent Services (Article 2(5) of JMD 62566 EX 2024). Reports are also entered into the control registry of the system “Digital Services of Public Property and National Bequests” (Ψ.Υ.ΔΗ.ΠΕ.Ε.Κ.).
Land Registry Services may assess the complaints based on:
a) Number of complaints per location
b) Severity of alleged violations
c) Specificity or anonymity of the complaint
Other relevant agencies (as listed in Article 17(1) of Law 5092/2024) that have been designated as recipients may also access the reports and user details.
Data Retention Period
All data stored in the MyCoast app is deleted after the app is removed from the user’s mobile device. Additionally, data is deleted following the completion of a withdrawal process requested by the user, as per Article 80(7) of Law 4954/2022 (A’ 136). The IT provider GGPSDD retains a log of document presentation actions for twelve (12) months.
Data Controller and Processor Details
6.1. The General Directorate of Public Property and Charitable Property is the Data Controller under Article 4(7) GDPR. Public sector entities mentioned in Section 5 act independently as Controllers for fulfilling their legal duties.
6.2. The General Secretariat for Information Systems and Digital Governance (GSISDG) of the Ministry of Digital Governance is designated as the Data Processor under Article 28 GDPR. GSISDG implements technical and organizational measures, including access logging, traceability, and data protection against breaches or threats.
Data Subject Rights
7.1. Data subjects can exercise their rights under EU and national law, unless app functionality limits their exercise. These include:
Right of Access – Know what data is processed and why
Right to Rectification – Correct inaccuracies
Right to Restrict Processing
Right to Object – Withdraw consent without affecting prior lawful processing
7.2. Requests are reviewed within 1 month of receipt, extendable by 2 months in complex cases or high volumes.
7.3. Users may contact the Data Protection Officer (DPO) at:
Email: dpo@mindigital.gr
Phone: +30 210 9098000
Mail: Fragkoudi 11 & Alexandrou Pantou, 101 63, Kallithea (mark envelope “To the Data Protection Officer”)
Right to Lodge a Complaint
Data subjects have the right to file a complaint with the Hellenic Data Protection Authority (HDPA) for issues related to personal data processing. Full information on jurisdiction and complaint submission is available at: www.dpa.gr