Personal Data Protection Information

As mentioned before, the study surveys will be collected anonymously. We have taken measures to ensure that the collected data is minimized, and we do not need to identify you personally to achieve the study results. However, due to current and future technological developments, it might be possible for some of your data to be identifiable in the future. For this reason, we take measures to treat all the information which you will provide us through the survey as personal data and protect them accordingly.

This section will provide you with information regarding the processing of your personal data in the context of your participation to this study.

Who is the Controller?

The University of Thessaly is the controllerof your personal data in the context of this study. The contact details of the Controller may be found below:

University of Thessaly:

Which of my personal data will you collect?

We collect exclusively the personal data which you provide us with directly by filling in the study survey (indicatively: age group, region of origin, information about crew experience, professional/crew rank, sex, marital status, information on whether you have children, survey answers related to gender equality habits or gender bias incidents within the shipboard environment).

Your sex is the only special category of personal data collected for the purposes of this survey.

What is the purpose and legal basis for the processing of my data?

Your personal data are processed exclusively for the purposes of this study, namely to identify potentially widespread gender bias phenomena on board of cruise ships, and introduce measures and policies to increase diversity awareness and reduce gender bias within the shipboard environment.

To the extent that you have decided to participate in this study, all personal data processing which will take place is carried out on the basis that the processing is necessary for a task carried by the controllers in the public interest or in the exercise of the official authority vested into them as Academic and Research Institutions (Art.6 par.1e GDPR).

In terms of the special categories of your personal data (sex), the legal basis for the processing is that the processing is necessary for the purposes of scientific research, carried out in Accordance with the requirements of Art.89 GDPR.

How long will my data be stored for? In order to ensure the scientific integrity of the study results and to help inform future outbreaks and epidemic preparedness, your survey data will be stored securely for up to 10 years after the end of the research for this study, at which point they will be irrevocably deleted.

Please note that the study results and aggregated statistics, which will be completely anonymized and will include none of your personal data, will be retained for as long as they are scientifically valuable.

Will my personal data be shared?

Your personal data will only be processed by UTH. Anonymized study results and aggregated statistics may be shared as explained in the study participation consent form.

Data Protection Rights

You have the right to request access to and rectification of your personal data. However, please note that if the survey data cannot be attributed to you, due to the survey being fully anonymous, the data therein are not considered personal data and we will not satisfy the abovementioned requests.

Also note that your right to erasure of your personal data is restricted in the context of this study, since its exercise could hinder the integrity of the study and its public interest-related results and benefits (Art.17 par.3d GDPR).

Personal Data Questions/Concerns

If you have any questions about data protection and your rights, related to this study, please contact us at

You may also contact the Data Protection Officers of UTH in the following email addresses:

-University of Thessaly:

You also have the right to lodge a complaint, about our processing of your personal data, to a competent Data Protection Authority. If  you wish to do so you may either contact your local/national Data Protection Authority or lodge a complaint with the Hellenic Data Protection Authority (