Data Protection Policy

The John S. Latsis Public Benefit Foundation (hereinafter referred to as “Foundation”) sets as high priority the protection of privacy and is committed to provide sufficient guarantees, securing the protection of the collected personal data. This Data Protection Policy provides information about the nature of personal data collected through the Foundation’s official website, https://www.latsis-foundation.org/eng/, (hereinafter referred to as "Website”) or through the Foundation’s contact e-mails,  the data processing purposes, the way of managing data as well as the rights of data owners according to the General Data Protection Regulation (GDPR) EU 2016/679, the current Greek legislation, and the Regulatory Acts of the Hellenic Data Protection Authority. 

  • Who is the Data Controller?

The Data Controller is the public benefit foundation under the name “John S. Latsis Public Benefit Foundation”, which is based in Vaduz, Liechtenstein and has an office located in Kifissia Attica, 59 Diligianni St., post code 14562.

 

  • In which cases and what personal data do we collect;

The Foundation collects personal data in the following cases:

i. When you contact the Foundation through the Website’s online Contact Form, or through a social media account, or when you contact the following email addresses: [email protected][email protected][email protected][email protected], entering data such as your name and surname, e-mail address and/or postal address and contact phone number.

ii. When you submit an application for funding through the Website’s specially designed form, entering data such the name and surname of the representative of the organization, profession, e-mail address and/or postal address and contact phone number. Please note that the application for funding includes specific text fields (where applicants enter their data and edit text only if necessary) in order to ensure that only necessary data are collected for the defined processing purpose.

iii. When you voluntarily subscribe to the newsletter: you fill in your e-mail address in order to receive updates about grants, new programs, events and the charitable activities of the Foundation in general.

iv. When you submit an application for the grant or renewal of a scholarship: in order to submit such an application, you are required to create an account entering your name and surname, e-mail address and contact phone number. Once your registration has been completed, you will be directed to the online scholarship application form, where you will have to fill in personal data such as: date of birth, postal address, ID number, VAT number, father’s name, mother’s name, financial data, data concerning your education and training, as well as any additional data that you may wish to fill in, in the free fields of the application, in support of your candidacy.

v. When submitting supporting documents to us, in support of an application for a scholarship or for funding.

vi. When you visit the Website we use Cookies and Google Analytics to collect data in order to improve user’s experience and monitor the Website’s traffic and the pages you visit. For more information about Cookies used by the Website, read the Terms of Use.

vii. When you visit the Website, the server logs your IP address into a log file, which is deemed personal data, even if we are unable to identify the data subject. Log files help us record information about the type of browser you are using and other information, such as the date and time of your visit on Website. The above data is stored for seven (7) days in order to ensure the network security and safety of data from accidental events and illegal or malicious conduct which may risk the availability, authenticity, integrity and confidentiality of the stored data and the operation of the Website. During the seven (7) days, only the authorized server administrator has access to the files. At the expiration of the retention time, the data are automatically deleted.

 

  • For what purposes do we collect your personal data?

The Foundation collects personal data only to the extent that is necessary in relation to the processing purposes and these data are not subject to further processing in any incompatible way with the purpose originally collected. The Foundation does not transmit or disclose in any way subject’s personal data to third parties except for specific cases and always in relation to the purpose for which were initially collected. These specific cases are mentioned in the following section.

We process your personal data for the following purposes:

i. In order to contact you upon your request or question or in case of comments through the Website and the social media accounts.

ii. In order to send you updates about grants, new programs, events and the charitable activities of the Foundation in general, upon newsletter registration.

iii. In order to process and evaluate applications for funding, scholarships and the financial support of charitable activities in general.  

iv. In order to carry out annual reports.

v. In order to retain historical archive and conduct statistical analyses.

vi. In order to protect the legitimate interests of the Foundation, as well as to fulfill contractual or statutory obligations.

 

  • Who are the recipients of your personal data?

The recipients of your personal data are the authorized employees and/or authorized external partners of the Foundation and/or independent consultants/experts of recognized standing, who are involved in a specific program or action of the Foundation, acting in the name and on behalf of the Foundation, while all the aforementioned natural persons or legal entities are bound by confidentiality and protection of the personal data statements for the data they may receive and/or process in any way, always in accordance with the purpose for which the data were collected. As a rule, collected data are not disclosed to third parties under no circumstances, not made public and not be exploited in any way, except for specific third parties who are strictly mentioned in this Policy.

By way of exception, the Foundation may transmit collected personal data, being processed according to the purposes of this Policy, to third parties in the following cases:

i. When it has obtained explicit consent from the data subjects to disclose their personal data in any way.

ii When transmitted to third parties, who process your personal data solely for the fulfillment of their obligations arising from their contractual relationship with the Foundation, and from their capacity as Processors, provide guarantees regarding their compliance with the appropriate security measures enforced by the current legislation. Third-party providers may be natural persons or legal entities, that provide consulting or applications development and maintenance services and are used by the Foundation.

iii. When it complies with current legislation or orders of a Public or an Independent Administrative Authority.

iv. When it defends legitimate interests and the rights of the Foundation.

Where and for how long do we keep your data?

Your data is stored in the Foundation’s electronic system, hosted on a server within a specially configured and predefined computing center (hereinafter referred to as «Data Center»), which is located in the Koropi region of Attica, Greece. Server management is carried out by a service provider company bounded to apply all the appropriate methods and international best practices, ensuring that only its authorized personnel has access to the data collected by undertaking an explicit obligation of confidentiality and protection of personal data.

As a general principle, the Foundation holds the subject's personal data in an identifiable form only for the absolute necessary period required, which is defined by the purposes of the processing for which they are collected, as well as the fulfillment of tax and other legal or contractual obligations. Each category of personal data has a different retention period. For instance, data processed under a contractual relationship are retained for a longer period, even after the fulfillment of the contract, in order to protect the Foundation’s legitimate interests. In other cases, the Foundation may retain non-identifiable personal data for statistical and research purposes.

Retention periods are in compliance with the current legislation about Personal Data Protection, international best practices and the Foundation’s Retention Policy in order to minimize and erase the personal data collected.

 

  • What guarantees do we take to protect your data?

The Foundation is implementing the necessary technical and organizational security measures providing technical protection mechanisms of content in order to ensure as much as possible a safe environment for your data, according to the relevant legislative provisions. In this scope, the Foundation regularly monitors security systems and restricts access to the subject's personal data only to the authorized personnel, who need to be aware of those data and are committed with confidentiality and personal data protection statements.

 

  • What are your rights regarding the protection of your personal data and how can you exercise them?

In accordance with the General Data Protection Regulation (GDPR) EE 2016/679 (hereinafter “the Regulation”), you have the following rights regarding the personal data collected and processed by the Foundation:

Right to Access: you are entitled to ask the Foundation if your data is being processed, and if so, request access to your data being processed, the recipients of your data, the purpose of processing etc.

Right to Erasure (“the right to be forgotten”): you have the right to ask for rectification of inaccurate data or erasure of your data, under certain conditions according to the Regulation.

Right to Restriction of Processing: you have the right to ask for restriction of processing of your personal data in particular cases explicitly mentioned in the Regulation.

Right to Data Portability: you have the right to obtain the personal data you provided to the Foundation, in a structured commonly used and machine-readable format, according to the Hellenic Data Protection Security Guidelines.

Right to Object: you are entitled to object to the processing of your data any time.

Right to Lodge a Complaint: you have the right to lodge a complaint with the supervisory authority in case of unlawful processing of your data.

It is hereby clarified that Foundation can refuse the restriction or erasure of personal data processed in case it is necessary for the establishment, exercise or defense of its legitimate interests or the fulfillment of its obligations.

Additionally, exercising the right to data portability does not imply the erasure of your data, which is applied only in relation to the above paragraph and the specific requirements of the Regulation.

If you wish to exercise any of your rights above, or you have any questions in relation to our Privacy Policy, or you need assistance concerning the management of your personal data, you can contact our Data Protection Officer (DPO) directly. The Foundation will correspond to your requests within thirty (30) days from the date of submission. This period may be extended to sixty (60) additional days, upon your prompt notice, if it is deemed necessary in the Foundation’s sole discretion, taking into account the complexity and the amount of other relative requests.

  • Data Protection Officer (DPO)

The Foundation has designated a DPO who is responsible for the implementation of the present Privacy Policy, the sub-policies and procedures applied by the Foundation and the compliance with the current European and national legislation.

For any matter relating to the management of your personal data or in case you wish to exercise any of your rights above you can contact our DPO by sending an email to [email protected] or at the address of the Foundation, 4 Xenias St. 14562 Kifisia, Greece. Or contact miss Christina Ataroglou by phone, at +30-210-628-2253.                                 

 

  • Data Protection Supervisory Authority

The Greek supervisory authority monitoring the application of the Regulation is the Hellenic Data Protection Authority. You can contact the above authority directly for personal data management issues through the following contact details:

by post: 1-3 Kifisias Av.,11523, Athens

by phone: +30-210-647-5600

by e-mail: [email protected]

Website: www.dpa.gr

 

  • Amendments to Data Protection Policy

The present Policy, which is effective as of 25.5.2018 and has been published on the Website, aims at the protection of your privacy in the most effective way. Being respectful and dedicated to personal data protection, we thoroughly monitor the implementation and update our policies and procedures, aiming at continuous improvement of our operations as well as the development of new, best internationally recognized practices. This Policy may be modified at any time without prior notice of data subjects.

You are, therefore, advised to review it regularly in order to ensure you are aware of any modifications.