We value the trust you show to the Foundation when you share your personal data. The security of this data is very important to us. In this document, we will explain how we collect, use and protect your personal data. We will also explain your rights regarding your personal data and how to exercise these rights.
The Board of Directors of the Foundation is the body responsible for processing personal data that determines what data is collected, how these data are to be used and how they are protected.
This policy also covers any additional personal data collected in a different way that have been passed to the Foundation outside of its website. They include personal data that arrive at the Foundation by hand and by post.
Protection of Data Privacy
The management and protection of the personal data of the visitor, applicant / user of the Foundation’s website is subject to the terms of this notice as well as to national, Community and international law on the protection of individuals from the processing of personal data, as applicable at the given time. Any future relevant regulation will be the subject of this communication. In any case, the Foundation reserves the right to change the terms of protection of personal data in accordance with the applicable legal framework in force at any time. Therefore, these privacy terms may be reviewed and updated at any time and without notice. Users of the site are kindly requested to check these terms at regular intervals for any changes, as the continued use of the Foundation’s website implies acceptance of all possible modifications. The Foundation collects personal data of the visitors, applicants / users of the site only when they voluntarily provide them with the purpose of becoming recipients of the benefits specified in the Foundation’s Purposes, as provided for in the Presidential Decree 426/1977 (GG 130 A /14.05.1977) 245 B /10/4/1989 & 1100B, GG 1100/29/12/1995, namely financial support of financially weak patients regardless of age, in need of medical treatment in Greece or abroad and are not covered by any social security to meet the costs of their hospitalization abroad, the financial support of economically weak families and other charities. Personal information is the information that can be used to identify or communicate with a person as well as other information about that person. The personal information collected on the website is as follows:
- Full name
- Address and phone number
- Email address
- Health problem
The Foundation will not sell or otherwise transmit or disclose personally identifiable information to visitors, applicants / users of the website or otherwise hold and process, to third parties not related to it without the consent of the visitor, applicant / user, or recipient charitable benefits of the Foundation, with the exception of the performance of an obligation arising from relevant legal dictates and to the competent authorities alone. The Foundation may process part or all of the data sent by visitors, applicants / users for the causes and purposes provided for in the aforementioned Presidential Decrees and linked to the terms and conditions provided therein, the verification of which determines the provision of charitable benefits.
The visitor, applicant / user can contact the Foundation administrator in order to cross-check the personal file, correct it, change it or delete it. We manage a data retention policy for all data, whether printed or digital.
The information security management system of the Foundation applies all technical and organizational measures (Article 32 of the General Data Protection Regulation 679/2016). We apply all the appropriate security controls to protect your personal data. Risk assessment, including the assessment of risks to the rights and freedoms of the data subjects, is at the heart of our IT Security Policy. However, we have no control over what’s going on between your device and the limits of our information infrastructure. You should be aware of the many information security risks that exist and take the appropriate steps to safeguard your own information. We accept no responsibility for violations that occur beyond our sphere of control.
In particular, your rights as a data subject
As a subject of the personal data we hold, you have certain rights that are as follows:
The right to information
The right of access
You may request a free copy of the personal data we hold for you. Once we have verified your identity and, if necessary, the identity of any of your legal representatives, or third applicant, if there are any doubts about the identity of the applicant, we need to ask for more information; we ask for only those necessary to confirm who you are and will provide access to the personal data we hold for you and the following information:
- a) The purposes of the processing;
- b) The categories of the relevant personal data;
- c) The recipients to whom the personal data have been disclosed;
- d) The retention period or the foreseeable retention period of such personal data;
- e) When personal data has been collected from third parties, the source of personal data.
If there are exceptional circumstances that mean we can refuse to provide the information, we will explain it so. If your requests are frivolous or inconvenient, we reserve the right to refuse. If the response to requests may require extra time or circumstances without reasonable expense (you may need to meet), we will inform you.
The right to correct
When you believe that we have inaccurate or incomplete personal information about you, you can exercise your right to correct or fill in this data. This can be used at the same time as the right to restrict processing to make sure that incorrect / incomplete information is not processed until it is corrected.
The right to delete your data (the “right to be forgotten”)
If there is still no overlapping legal basis or legitimate reason for processing personal data, you may ask to delete your personal data. This includes personal data that may have been processed illegally. We will take all reasonable steps to ensure that they are deleted.
The right to restrict processing
You may request that we stop processing your personal data. We will retain the data, but we will not process it any further. This right is an alternative to the right of deletion.
If one of the following conditions is true, you may exercise the right to restrict the processing of your data:
- a) The accuracy of the personal data is contested;
b) The processing of personal data is illegal;
c) We no longer need the personal data for processing but the personal data is required for part of a legal process;
d) The right of objection has been exercised and processing is limited pending decision-making on the status of the processing.
Data transfer rights
You may request that all of your personal data be transferred to another controller, provided in a commonly used and machine readable format. This right is only available if the initial processing was done on the basis of consent, processing by automated means and if the processing is based on the fulfillment of a contractual obligation.
Right to object / oppose against the processing of your data
You have the right to oppose the processing of your data if:
o The processing is for direct marketing;
o Processing is for scientific or historical research;
o Processing includes automated decision-making and profile creation.
Data Protection Officer
Please be advised that the appointed Data Protection Officer (DPO) for the Foundation is Mr. Ioannis Avarkiotis, Lawyer. You can contact him regarding any privacy issue and send your personal data comments and/or questions online at email@example.com or visit us in person to submit your request to the DPO, or submit a written request to the Foundation, 18 Charilaou Trikoupi Street, 10679 Athens.
If you wish to discuss a complaint, do not hesitate to contact us using the information listed above. All complaints will be treated confidentially.
Appeal to the Data Protection Authority
If you feel unhappy with handling your data or about any complaint you have made regarding the handling of your data, you are entitled to escalate your complaint to the Supervisory Authority.
Postal Address: www.dpa.gr
Personal Data Protection Authority, Offices: 1-3 Kifissias Str. 115 23 Athens Call Center: +30-210 64 75 600 Fax: + 30-210 64 75 628