1. General
1. The Civil Non-Profit company under the name “APANEMI STEGI AMKE” has undertaken the obligation to protect the confidentiality and security of the Personal Data of its Volunteer Donors and its Members as much as possible, whether these data are kept online or at the company’s facilities.
2. This document, referred to as the “PERSONAL DATA PROTECTION POLICY”, aims at “APANEMI STEGI AMKE” to provide to individuals (“data subjects”) with sufficient information about the personal data that collects and processes on their behalf, in order to pursue its founding and statutory purpose.
3. This policy defines the basic principles and rules, according to which “APANEMI STEGI AMKE”, processes and stores personal data, in accordance with what is defined in National and European legislation.
2. Definitions
In accordance with the General Data Protection Regulation (GDPR) of the European Union, through this page we would like to inform you about the Personal Data collected during the use of this website, about the way in which all the data is collected, how it is used, for how long they are kept and finally to inform you about your rights.
For the purposes of this texture, the following terms shall be understood as follows:
• “Personal data”: means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
• “Special categories of personal data”: personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, as well as the processing of genetic data, biometric data for the purpose the unmistakable identification of a person, data concerning health or data concerning a natural person’s sex life or sexual orientation.
• “Processing”: means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. This includes data you provide to us, e.g., your address data, contact information, registration data, account data, application data or your identity, but also data processed automatically when you use our website, e.g. Your IP address.
• “Anonymization”: the processing of personal data in such a way that the data can no longer be attributed to a specific data subject.
• “Pseudonymization”: means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
• “Controller”: means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by European Union or Member State law, the controller or the specific criteria for its nomination may be provided for by European Union or Member State law.
• “Processor”: means a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.
• “Consent” of the data subject means any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
• “Personal data breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.
• “Current legislation”: The provisions of the currently existing Greek, European or other legislation, which concern personal data protection issues, such as indicatively:
– Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of individuals against the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation, GDPR),
– Law 4624/2019: Personal Data Protection Authority, implementing measures of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 for the protection of natural persons against the processing of personal data and incorporation into national legislation of Directive (EU) 2016/680 of the European Parliament and of the Council of April 27, 2016 and other provisions, as applicable.
3. More Information
1. In case you need more information, in relation to this “Personal Data Protection Policy”, you may contact the Civil Non-Profit Company under the name “APANEMI STEGI MAKE” at its email address [email protected]
2. In case you are not satisfied with our response, you reserve your right to contact the Personal Data Protection Authority, Offices: Kifisias 1-3, P.O. 115 23, Athens, Telephone Center: +30-210 6475600, Fax: +30-2106475628, E-mail: [email protected].
4. Controller
1. We are the Civil Non-Profit Company under the name “APANEMI STEGI – ASTIKI MI KERDOSKOPIKI ETAIRIA” (APANEMI STEGI – CIVIL NON-PROFIT COMPANY) and under the distinctive title “APANEMI STEGI AMKE”, hereinafter referred to as “APANEMI STEGI AMKE” for brevity.
2. “APANEMI STEGI AMKE”, has its registered offices in Attica, Ilioupoli, 46th Ipeirou Street, Postal Code 16342 and is the controller of your personal data. Your requests regarding the processing of your data can be sent either to the email address [email protected], or by post to the above address.
3. This Personal Data Protection Policy applies to all physical facilities and/or digital environments and applications, which belong exclusively to “APANEMI STEGI AMKE” and are related to its activity, when and as long as it processes personal data (mainly, related to the maintenance and procession of the cyber and physical files of its donors, volunteers and its members).
5. Sources of Information
1. The information and data we receive about the data subjects are mainly provided by the data subjects themselves, when they communicate by any means with “APANEMI STEGI AMKE”.
2. Personal Data may be provided to us, at various times and through various communication channels, such as, but not limited to, by telephone, electronic communication or in writing when you interact with “APANEMI STEGI AMKE”.
6. Use of Personal Data
1. Your personal data is used in order to enable the fulfillment of the various purposes aimed at the proper operation of “APANEMI STEGI AMKE”. The collection of all data is limited to what is absolutely necessary for your safe and efficient service. It aims to improve the experience of using the website, to communicate with you directly and respond to your questions or requests, and to detect spam and security breaches.
2. Indicatively and not restrictively, the purposes for which the data subjects provides to the “APANEMI STEGI AMKE” the above data are the following:
1. Registration as a volunteer, a donor, or a member
2. Identification of the interested party
3. Ensuring that the interested party is 15 years of age or older
4. Creating a member account,
5. Securing the member’s account.
6. Completeness of the database
7. Telephone or cyber communication
8. Sending Mails.
7. Processing of Personal Data
1. The processing of the subjects’ Personal Data by “APANEMI STEGI AMKE” will depend on the reasons for which it processes the information provided by the data subjects.
2. In particular, “APANEMI STEGI AMKE” has a legitimate interest in processing the personal data of the subjects for the purposes of:
A. Registration, identification, recording and maintaining the status of Member, donor, volunteer.
B. Communication, telephone or electronic, of any kind of information with the data subjects.
C. Ongoing management of its relationship with members, donors, volunteers and/or data subjects and maintaining contact with them (e.g., providing annual updates).
3. It may also be necessary for “APANEMI STEGI AMKE” to process the Personal Data of the subjects, in order to comply with its legal obligations. Indicative and not limiting, tax audit or litigation obligations are mentioned as such.
4. “APANEMI STEGI AMKE” will always request the consent of the data subjects, for the processing of their Personal Data, in the cases required by law.
8. Data Collection, Legal Basis, Purposes
1. The collection and processing by “APANEMI STEGI AMKE” of the subjects’ personal data is carried out by the provision of said personal data directly by the data subjects themselves.
2. In order to register the data subject as a member of “APANEMI STEGI AMKE” (either electronically or in paper form), the latter collects and processes the identification data of the data subject/candidate member (i.e. name, surname, father’s name, mother’s name, date of birth, street and residence number, city, telephone, e-mail), while in the event that a member wishes to become a volunteer or donor, then the VAT number (A.F.M.) is additionally requested and Social Security Number (AMKA), in accordance with the applicable legislation. The purposes for which “APANEMI STEGI AMKE” collects and processes the above data are:
1. Registration as a volunteer, a donor, or a member
2. Identification of the interested party
3. Ensuring that the interested party is 15 years of age or older
4. Creating a member account,
5. Securing the member’s account.
6. Completeness of the database
7. Telephone or cyber communication
8. Sending Mails.
Your consent to the Privacy Policy of this website is mandatory in its above basic functions. In order to prove the user’s consent to the processing of personal data, the data and the time when he gave his consent are recorded.
Finally, the legal bases according to which “APANEMI STEGI AMKE” collects and processes the data provided by the data subject are, on the one hand, the legal basis of the subject’s consent to carry out each communication and, on the other hand, the legal basis of achieving the legitimate interest of “APANEMI STEGI AMKE” to maintain an updated and quality database and to ensure the personal data of the members.
3. In case the user/data subject wants to use the contact form found on the website, then the data collected and processed are his identification details (name, surname, telephone, e-mail), while the purpose of providing the above data is to process the request / respond to the subject’s request. Finally, the legal basis according to which “APANEMI STEGI AMKE” collects and processes the data provided by the data subject is the legal basis of the subject’s consent for each communication.
9. Data Retention Periods
1. “APANEMI STEGI AMKE” keeps the data related to the data subject / prospective member / user of the website exclusively for that period of time, which is absolutely necessary to serve the purposes for which they have been collected.
2. The retention periods are defined according to:
a. Legal obligations to retain data for a specific period of time,
b. The time limits of the statute of limitations in accordance with the applicable legislation
c. Possible disputes
d. Guidelines issued by the relevant data protection authorities as well as other supervisory authorities.
3. The data retention period by “APANEMI STEGI AMKE” is defined as the end of five years after the date of deletion of the data subject/member/user of the website. However, if, before the deletion, you have made any public notification in relation to our website, this information will remain publicly available.
4. These times are extended in case of nuisance or legal actions until the issuance of an irrevocable court decision or the final resolution of the dispute in another way.
5. “APANEMI STEGI AMKE” may retain Personal Data even after the collection and processing purposes have been fulfilled, if there is a legal obligation, while securely destroying the data, which no longer needs to be kept, in accordance with the above time limits.
6. In the event that “APANEMI STEGI AMKE” continues to use data for statistical or research purposes, it ensures that the data is anonymous, so that it is not possible to identify the data subject/member/user of the website with or from these in no way.
10. Use of Cookies
1. In the event that the data subjects use the website of “APANEMI STEGI AMKE”, then the said Civil Non-Profit company, processes the data collected, with the use of cookies, in accordance with its cookies policy. Please, click here if you wish to study our cookies policy.
11. Newsletters
1. In case the members, volunteers, donors of “APANEMI STEGI AMKE” wish to receive informative Newsletters, the only personal data that is subject to processing, is the relevant e-mail of the member for conducting the electronic communication. The legal basis is the member’s consent, which is provided when you proceed with the “Get updates from our website” option.
2. It is possible to withdraw your consent to the use of your data for receiving informative Newsletters, at any time to the e-mail address: [email protected]
3. It is clarified that we keep the contact details until you withdraw your consent, request their deletion or object to the processing of your data for receiving Newsletters.
12. Rights of the data subject
Below is a brief description of the subjects’ rights regarding their Personal Data:
1. Information Rights: Data subjects have the right to receive clear, transparent and easily understandable information, related to the way their Personal Data is processed and related to their rights. For this reason, “APANEMI STEGI AMKE” communicates this “Policy”.
2. Right of Access: Data subjects have the right to obtain access to their Personal Data (as long as it is processed by “APANEMI STEGI AMKE”), as well as to other, specific information (corresponding to those provided in this “Policy”). Thus, data subjects can obtain knowledge and control whether “APANEMI STEGI AMKE” is processing their Personal Data, in accordance with the Personal Data Protection legislation. You can access and modify your personal data at any time through your account page. By emailing us at [email protected], you can request details of the information we hold and process about you and the purposes for which it is used. No information is provided if the data subject does not provide information that allows his data to be found and, therefore, the required effort is disproportionate to the data subject’s interest in providing information.
3. Right to Correction: Data subjects have the right to request the correction of their Personal Data if it is inaccurate or incomplete.
4. Right to erasure (Right to be Forgotten): Data subjects have the right to request the erasure or removal of their Personal Data, when there is no compelling reason to continue processing. The right to erasure is not an absolute right. “APANEMI STEGI AMKE” may have the right or the obligation to preserve the information, in cases where it has a specific legal obligation to do so or has another valid legal reason to preserve it.
5. Right to restriction of processing: Data subjects have the right, in certain cases, to “opt out” or limit the further use of their information. When the processing is limited, “APANEMI STEGI AMKE” may still store the information of the subjects but is not allowed to process it further. “APANEMI STEGI AMKE” keeps lists of subjects who have requested to “block” the further use of their Personal Data, in order to ensure that the restriction will be applied from now on.
6. Right to data portability: Data subjects have the right to obtain a copy of any Personal Data held about them and to reuse or share it for their own purposes. You have the right to receive your personal data (relating only to you) in a structured, widely used and device-readable format (“data portability”) and you have the right to transfer this data to another data controller. You can request the transfer of your data by contacting us by email at [email protected]. Without undue delay in receipt of your request, we will comply with your request. If, for any reason, we are unable to comply with your request, we will contact you.
7. Right to Object: Data subjects have the right to object to certain types of processing, which “APANEMI STEGI AMKE” can only do with their consent.
13. Which Rights of Members/Data Subjects/Website Users Apply
1. “APANEMI STEGI AMKE” undertakes to maintain the confidentiality of the Subjects’ personal data and to ensure that the Subjects can exercise their rights.
2. In particular, data subjects can exercise their rights free of charge by writing us an email and sending it to the email address ([email protected]), simply stating the reason for their request and the right they wish to exercise.
3. Specifically, regardless of the purpose or the legal basis on which “APANEMI STEGI AMKE” processes the data of the subjects, they have the following rights:
a. To request access to their data, which is maintained by “APANEMI STEGI AMKE”.
b. To request the correction of their data, which is maintained by “APANEMI STEGI AMKE”.
c. To ask “APANEMI STEGI AMKE” to delete their data, to the extent that they are no longer necessary for the purpose for which their processing needs to continue, or when “APANEMI STEGI AMKE” is no longer legitimated to use them processed.
d. To ask “APANEMI STEGI AMKE” to cancel or limit the processing of their personal data.
4. In case the data subjects have given their consent to the processing of their data for any purpose, they also have the right to withdraw it at any time.
5. Additionally, when the processing of the personal data of the data subjects is based on the legitimate interest of “APANEMI STEGIS AMKE”, they will also have the right to object to the processing of their data.
6. Finally, the data subjects have the right to submit a complaint to the competent regulatory authority, namely the Greek Personal Data Protection Authority (http://www.dpa.gr/portal/page?_pageid=33,15510&_dad=portal&_schema=PORTAL)
14. Security and Confidentiality of Personal Data
1. The security and confidentiality of the Subjects’ Personal Data are extremely important issues for “APANEMI STEGI AMKE” and for this reason, it has established technical, administrative, and physical security measures in order to:
a. Protect your Personal Data from unauthorized access and improper use,
b. Secure IT systems and protect your information.
At regular intervals we take backup copies of our data in order to be able to restore in the event of a technical failure.
15. Modification of “Notice”
“APANEMI STEGI AMKE” may modify this Personal Data Protection Policy unilaterally, at its own and absolute discretion and at any time, for reasons of compliance with regulatory or legislative changes or in order to meet the needs of its operation and its legal obligations. Updated versions of this Personal Data Protection Policy will be posted on the website and related websites of “APANEMI STEGI AMKE”, with a date indication, so that it becomes known to the Users which is the most recently updated version.
16. Applicable Law
The present terms of use and the Privacy Policies are governed by the current Greek and European Legislation.
July 2023