Data Protection Policy

The John S. Latsis Public Benefit Foundation (hereinafter "the Latsis Foundation") places the highest priority on the protection of the personal data it collects and undertakes to provide appropriate safeguards for the protection of such data. This Privacy Policy provides you with information on the type of personal data collected on this website (hereinafter "the Website") or through the email addresses maintained by the Latsis Foundation, the purpose of processing of such data, how the data is managed, as well as your rights under the General Data Protection Regulation (GDPR – Regulation (EU) No 2016/679), Greek Law No 4624/2019 and the applicable Regulatory Acts of the Hellenic Data Protection Authority.

 

  • Who is the Data Controller?

The public benefit entity "John S. Latsis Public Benefit Foundation", incorporated in Vaduz, Liechtenstein, having offices in Greece, 59 Diligianni Str., post code 14562, Kifissia, Athens, Greece, is the data controller in respect of your personal data.

 

  • In which cases is data collected? What kind of data?

The Latsis Foundation collects personal data as follows:

i. When you fill in the online contact form or send a social media message or email to [email protected] or [email protected], and you enter data such as your full name, email and/or postal address, telephone number.

ii. When you submit a grant application using the relevant standard form on the Website and enter data, including but not limited to the name of the organisation’s representative, the professional capacity, the postal and/or email address or telephone number. Please note that the grant application includes text fields only where necessary, in order to ensure that the data collected are strictly necessary in relation to the purpose of their processing.

iii. When you voluntarily subscribe to our newsletter: you fill in your email address to receive updates on funding opportunities, new programmes, events and in general the public benefit activity of the Latsis Foundation.

iv. When you apply for a scholarship or for the renewal thereof: to apply, you will need to create an account by entering your full name, email address and mobile phone number. Once registered, you will be directed to the online scholarship application form where you will fill in your personal data, such as your date of birth, home address, ID card number, TIN, father’s name, mother’s name, financial data, education and training data, as well as any additional data that you may choose to fill in using the free text fields of the application in support thereof.

v. When submitting to us the necessary documentation in support of a grant or scholarship application.

vi. During your navigation on the Website, where we collect data using cookies and Google Analytics in order to improve user experience and collect data on traffic and the type of pages you browse. For more information about the cookies used on our Website please read the Terms of Use.

vii. When you visit the Website, the server records in a special file (log file) your IP address, which constitutes personal data, although we are not able to identify you on this basis. Log files help us record information about the type of browser you use and other information, such as the date and time of your visit to the Website. The information is stored for seven (7) days in order to ensure network and information security against random events or illegal or malicious actions that may compromise the availability, authenticity, integrity and confidentiality of the stored data and the operation of the Website. During the seven-day (7) period, the files may be accessed by the authorised server administrator only; they are automatically deleted thereafter. 

 

  • What do we collect your data for?

The Latsis Foundation only collects such personal data as strictly necessary in accordance with their intended purpose; the data are not further processed in any way that is incompatible with the purpose for which they were collected. The Latsis Foundation does not transmit or send personal data of subjects to third parties in any way whatsoever, except in specific cases exhaustively listed below (in the following section), and in any case in accordance with the purpose for which they were collected.

The data we receive shall be processed for the following purposes:

i. To contact you in response to your query/comment via the Website.

ii. To send you updates on new programmes, funding opportunities, events and our public benefit activity in general, following your subscription to our newsletter.

iii. For the processing and evaluation of grant applications, the award of scholarships and, in general, the financial support of public benefit actions.  

iv. For the purpose of preparing an annual report of activities.

v.To keep a record of activities as well as for statistical analysis purposes.

vi. To protect the interests of the Latsis Foundation and ensure compliance with its contractual and statutory obligations. 

 

  • Who are the recipients of your data?

The recipients of your personal data are the officers and/or authorised external collaborators of the Latsis Foundation and/or independent consultants/experts of recognised competence, who participate in a specific programme or action of the Latsis Foundation, are instructed by it and act on its behalf; all such individuals or legal entities are bound by a Confidentiality and Data Protection Declaration to the Public Benefit Foundation with regard to any personal data they receive and/or process in any way whatsoever, pursuant to the purpose for which such data has been collected. The data collected may under no circumstances be disclosed to third parties nor be made public or exploited in any way.

The Latsis Foundation may, by way of exception, disclose the data processed to third parties in a manner compatible with the purposes of processing set out in this Policy, in the following cases:

i. Where it has obtained explicit consent to the disclosure, in any manner whatsoever, of the personal data of subjects.

ii. Where such data is disclosed to third party operators, acting in the capacity of Processor, solely in the context of their legal relationship with the Latsis Foundation; said operators shall guarantee that they have taken appropriate security measures in accordance with the applicable legislation. Third party operators may be individuals or legal entities providing consultancy or development and maintenance services in respect of systems and applications used by the Latsis Foundation. 

iii. In the context of compliance with a law or an order issued by a public or regulatory authority.

iv. To protect the interests and defend the rights of the Latsis Foundation.

 

  • Where and for how long is your data retained?

Your data is stored in the Latsis Foundation system, which is hosted on a server inside a specifically configurated and predefined area in a computer center (hereinafter ‘the Data Center’ located in Koropi, Attica. The server is managed by the relevant operator in accordance with the appropriate methods and international practices, ensuring that access to the information is granted exclusively to the operator’s authorised personnel; the operator explicitly undertakes an obligation of confidentiality and data protection in respect of such personnel.

As a general principle, the Latsis Foundation retains the personal data of subjects in an identifiable form only for such time as deemed necessary pursuant to the purposes of processing for which such data is collected, as well as for the fulfilment of tax and other statutory or contractual obligations. There are clearly defined storage periods for each category of data. For example, data processed under a contractual relationship shall be retained for a longer period, including after the expiry of the contract, in order to protect the legitimate interests of the Latsis Foundation. In other cases, personal data may be retained anonymously, rendering identification impossible, for statistical and research purposes.

The rules on retention periods are derived from compliance with the applicable data protection legislation, international best practices and the Data Retention Policy implemented by the Latsis Foundation as regards minimisation and deletion of personal data.

 

  • What safeguards do we have in place to protect your data?

The Latsis Foundation has taken the necessary technical and organisational measures by applying the most appropriate technical mechanisms for the protection of content, in order to ensure that you are provided with the safest possible environment, pursuant to the relevant legislation. In this context, it regularly checks the security systems and only grants access to the personal data of subjects to persons acting as its agents insofar as such access  is necessary, ensuring that such persons expressly undertake, by means of a confidentiality and privacy declaration, to keep the relevant data strictly confidential.

 

  • What rights do you have regarding your data? How can you exercise such rights?

Pursuant to the General Data Protection Regulation (GDPR – Regulation (EU) No 2016/679; hereinafter ‘the Regulation’) and Greek Law No 4624/2019, you have the following rights regarding the processing of your personal data by the Latsis Foundation:

a) Right of access: you may be informed by the Latsis Foundation on whether your data is being or has been processed and if so, what data, who are the recipients, what is the purpose of processing, etc.

b) Right to rectification and erasure (‘right to be forgotten’): you may request the rectification and/or erasure of any inaccurate data, which will be carried out under certain conditions in accordance with the Regulation and the applicable Greek legislation.

c) ) Right to restriction of processing: you may request the restriction of processing of your data where expressly provided for under the Regulation and the applicable Greek legislation.

d) Right of portability: you may request to receive the data you have provided in a structured, commonly used and machine-readable format, where technically feasible, in accordance with the Regulation and the applicable Greek legislation.

e) Right to object: you may at any time object to the processing of your data.

f) Right to lodge a complaint: with the Hellenic Data Protection Authority in case of unlawful processing of your data.

It should be noted that the Latsis Foundation has the right to refuse to comply with your request for restriction of processing or erasure of your personal data or objection to processing, where the processing or retention of the data is necessary for the establishment, exercise of or reliance on legal rights or the fulfilment of its obligations.

Furthermore, the exercise of the right to portability does not entail deletion of your data from our records, which shall be subject to the terms set out in the immediately preceding paragraph and the conditions of the Regulation and Greek Law No 4624/2019.

In order to exercise the rights referred to above, or if you need assistance in exercising or understanding such rights or have questions about our privacy policy, you may contact the Data Protection Officer. The Latsis Foundation shall make every effort to respond to your request within thirty (30) days thereof. The Latsis Foundation may, where necessary and in its absolute discretion, extend this time limit for sixty (60) additional days, taking into account the complexity of the request and the number of other requests, after having informed you in due time.

 

  • Data Protection Officer (DPO)

The Latsis Foundation has designated a Data Protection Officer (DPO) to monitor compliance with the Privacy Policy, the individual Policies and Procedures for the processing of personal data, and in general the implementation of and compliance with the applicable European and national legislation.

For any matter relating to the processing of your personal data or in case you wish to exercise the rights referred to above, you may send the DPO your written request by email at [email protected] or by post at Latsis Foundation, 4 Xenias Str., Kifissia or by calling at +30210-6282256.                           

 

  • Supervisory Authority

The independent Hellenic Data Protection Authority is the Greek supervisory authority for the implementation of the General Data Protection Regulation (GDPR – Regulation (EU) No 2016/679) and Greek Law No 4624/2019. You may contact said Authority with regard to any matter pertaining to the management of your personal data: : 1-3 Kifissias Ave., GR-11523 Athens, tel. +30 210-6475600, [email protected], www.dpa.gr.

 

  • Amendments to our Privacy Policy

This Privacy Policy entered into force on 25.5.2018 and was posted on the Website. In order to ensure optimal protection of your personal data, we systematically monitor our policies and procedures and seek to continuously improve our policies and to adopt new, internationally recognised best practices. This Policy may therefore be amended at any time and without prior notice; thus, we recommend that you revisit it regularly to check for amendments.