Last updated: 06/10/2023
A. Introduction – Data Controller
Welcome to our website, almazois.gr.
This Website is owned by Hellenic Association of Women with Breast Cancer "Alma Zois", hereinafter referred to as "Organization" or just "we" or "us".
Phone: +30 210 4180006, +30 210 8815444
Email: breastca@otenet.gr
Address: Epirou 11, P.O. 10433, Athens
We take the protection of your personal data very seriously. For this reason, we created this policy, in order to provide you with adequate information regarding the processing of your data by our Organization.
In order to be able to provide you with our services, while also complying with our legal obligations, we process information concerning the Website visitors, which may lead, directly or indirectly, to their identification. According to the respective legal framework, some of this information is "personal data", while you, the visitors or members, are characterised as "data subjects" and we, the Organization, are the "controllers" of your data.
The purpose of this policy is to explain in plain and simple words:
- Which personal data we process
- What are the purposes and the legal basis for our processing
- Who are the recipients of your data;
- How long do we store your data;
- What are your rights regarding your data and how can you exercise them?
B. Our basic principles for processing your dataς
We are committed to ensure that your personal data will be processed in a fair and transparent manner, according to the legal framework, particularly the General Data Protection Regulation (GDPR).
In plain terms, this means that:
- We process your data only for specified, explicit and legitimate purposes (purpose limitation)
- We process only data which are adequate, relevant and limited to what is necessary in relation to the purposes set (data minimisation)
- We make every effort in order to ensure that your data are accurate (accuracy)
- We keep your data in a form which permits your identification for no longer than is necessary for the purposes set (storage limitation).
- We make every effort in order to ensure the security of your data (integrity and confidentiality).
In order to ensure the protection of your data, the Organization takes all appropriate technical and organisational measures, trains its staff and uses technologies which ensure the security of your data (for example SSL certificate, encryption, certified hosting providers). We monitor the security measures on a regular basis and, if deemed necessary, we align them with the new best practises.
C. What data can we process and under which conditions
Basically, we process your data through the Website only when you provide them in an active manner to us, e.g. by filling out a contact form.
Τhis does not apply to your data that are automatically collected while visiting the Website or/and through cookies or similar technologies (check our cookies policy).
D. Information we obtain automatically
When you visit our Website, your IP address, alongside other information, such as the date and time of your visit, the browser type and the operating system you use, is recorded by our server. These are personal data via which we are in no position to uniquely identify you. Some other, non personal data, are collected as well, like the browser you are using, the url of the page you are visiting and the timestamp of the visit.
Purpose and legal basis
Although we cannot identify you by this information, it is considered personal data under the GDPR. Τhe processing of this data is based on our legitimate interest, given that it is technically necessary for running the Website as well as for protecting the networks, the information and the services against unforeseeable circumstances, or illegal and malicious actions that compromise the availability, authenticity and confidentiality of stored or transmitted data (e.g. control of denial of service attacks), without entailing serious risks for your rights and liberties.
E. Information you provide to us
We process the personal data provided by you in the following cases:
E.1. Contact the Organization via contact form/email
When you contact us via contact form/email, we process your:
- Name
- Surname
- Brand name
- Email address
- Phone number
Important note: Your message should include only the necessary information related to your request and not your or a third person’s personal data.
Purpose and legal basis
We process this data in order to be able to contact you in response to your message. Sending an email or submitting a form does not make you our client, however it might show intention to enter into a contract.
We process your data based on your consent (article 6 (1) (a) GDPR), which you have the right to withdraw at any time and you can also request the erasure of your data. In case you withdraw your consent, the lawfulness of the processing already carried out will not be affected. Your withdrawal prevents us from communicating with you in the future.
Important Note: The obligation to submit accurate data falls upon the person who provides the data. Find out about your right to rectification of your inaccurate data by reading the policy section regarding your rights.
E.2. Newsletter
In order to be able to send you our newsletter we process your:
- Full name
- Email address
Purpose and legal basis
We process this data in order to be able to send you our news and updates.
We process your data based on your consent (article 6 (1) (a) GDPR), which you have the right to withdraw at any time and you can also request the erasure of your data. In case you withdraw your consent, the lawfulness of the processing already carried out will not be affected. Your withdrawal prevents us from communicating with you in the future.
The accuracy and authenticity of the data submitted in all cases are the responsibility of those who submit them. You may find more on your rights pertaining to this in the section about your rights.
Purpose and legal basis
We process these data for the purpose of serving you in your request to get updates from us and be able to contact you. If we are not offering any other services, sending simple emails does not make you a “client” of ours and therefore does not include you in our client database.
/**************/
E.3. Regular member registration
For female visitors/users with breast cancer experience to register online with the Association as regular members, the following mandatory information is requested when filling out the relevant form:
- Full name
- Address of a person
- City
- Postal code
- District
- Phone
- Type of surgery performed
- Credit Card Details (if the bank account deposit option is not selected).
The relevant information is also required for the issuance of the relevant tax documents and is kept in the website's financial file. These details are absolutely confidential, are not disclosed to third parties and will not be used by third parties for any purpose.
E.4. Register as a supporting member or make a donation to the Organization
In order to register online with the Organization as a supporting member for the purpose of financial support for the Organization's work, or to make a donation for this purpose, it is necessary to fill in the following information in the available form:
- Name of a person or name of a legal entity
- Address of a person or registered office of a legal entity
- City
- Postal code
- District
- Phone
- Credit Card Details (if the bank account deposit option is not selected).
The relevant information is also required for the issuance of the relevant tax documents and is kept in the website's financial file. These details are absolutely confidential, are not disclosed to third parties and will not be used by third parties for any purpose.
E.5. Credit card details
The use of a credit card by the visitor/user for the above purposes (registration online of a regular member, registration online of a supporting member or making a donation to the Organization) is charged only once and only for the specific transaction. Credit card details are not archived and cannot be used for any other purpose. The Website is not responsible for the terms of use of personal data adopted by the financial institutions with which it cooperates to complete the above transactions.
/**************/
F. Who has access to your data
Typically, access is permitted to authorised members of the Organization staff, who process your data in a strictly confidential manner, and only to the extent and in the context of the purposes which you have already been informed about.
Furthermore, in order to be able to provide our services to you, we share some of your data with other companies. These companies (called processors under the GDPR) process your data only for the purposes mentioned above and only on behalf and for the Organization, with the exception of any legal obligations. During the transfer of your data, the Organization takes all appropriate technical and organisational measures in order to ensure the best possible level of security.
Respect for the rules regarding the security of the processing of your data is one of the most important criteria when choosing our partners. In addition, our partners are contractually bound to provide the necessary safeguards and to take all appropriate technical and organisational measures so as the processing to be lawful and to ensure the protection of your data and rights.
These companies provide us with a variety of services, such as web hosting services, marketing services and others. If you want to find out more information about the recipients of your data, feel free to contact us at breastca@otenet.gr.
G. Where and for how long we store your data
Your data is stored in our servers, hosted in a data center located within the EU. The data is stored strictly for a period of time considered necessary for each processing purpose.
For example, if you contact us we store you data for a period of twelve (12) months after your last message.
H. What rights you have as data subjects and how you exercise them
Under the current legal framework, you have a set of rights regarding the processing of your rights by the Organization.
In particular, you have the right:
- To submit a request to the Organization to be informed whether we process data and, if so, what types of data (right of access).
- To request the rectification of the data (right to rectification).
- To request, under conditions, the erasure of the data (right to erasure).
- To request, under conditions, the restriction of the data processing (right to restriction of processing).
- To object, under conditions, to the processing of your data by us (right to object), mainly regarding the processing relating to marketing purposes (e.g. newsletter).
- To request the data that you have provided to us in a structured, commonly used and machine-readable format (right to data portability), as long as it is technically feasible.
- In case of a data breach, which is likely to result in a high risk to your rights and freedoms and as long as it does not fall under any of the exceptions provided in General Data Protection Regulation, the Organization has the obligation to communicate the breach to you without undue delay.
Compliance with the legal framework regarding the processing of personal data and, in this context, the exercise of your rights, are our top priority. Therefore, we have the right to request additional information, which are considered necessary for your identification confirmation before exercising your rights.
Compliance with the legal framework regarding the processing of personal data and, in this context, the exercise of your rights, are our top priority. Therefore, we have the right to request additional information, which are considered necessary for your identification confirmation before exercising your rights.
In case your requests are manifestly unfounded or excessive, in particular because of their repetitive character,the Organization may either charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the action requested, or refuse to act on the request.
In case you consider that we do not comply with the personal data protection laws, you have the right to lodge a complaint with the Hellenic Data Protection Authority (www.dpa.gr).
For any questions or issues concerning your rights, we should always feel free to contact us at breastca@otenet.gr.
I. Hyperlinks
Within our Website you can find hyperlinks which allow you to access third party websites. These links have the sole purpose of facilitating your surfing the Web and they do not show, in any way, our endorsement or approval to the content of these websites.
Accessing these websites through hyperlinks in our Website takes place on your sole responsibility and we encourage you to read each website’s privacy policy carefully.
J. Minors
The Organization directs its services exclusively to individuals over 18 years of age. When a request to the Organization is submitted, the user/visitor is presumed to be over 18 years of age or, if they are under 18, they are presumed to have obtained the necessary consent from the person having parental responsibility, and it is also presumed that said person’s information will be provided if requested by the Organization.
Since it is not technically feasible to effectively control the age of the visitors/users of the Site, we are committed to deleting all relevant information if a submission of personal data relating to minors is reported.
This deletion is without prejudice to the need to keep the data in the event of provision of grounds for, or exercise or support of our legal claims or the fulfillment of a legal obligation.
K. Changes in policy and updates
This policy may be changed at any time and without prior notice. Guided by the principle of transparency, we are committed to notifying you of any major changes in our policy. In any case, however, you should periodically review our policy, since the use of our services implies acceptance of its terms by you.