PERSONAL DATA PROTECTION POLICY
SOS Children’s Villages Greece
Data Protection Officer (DPO)
mariamaniati@sos–villages.gr – 210-33 13 661
Deputy Data Protection Officer
dataprotection@sos–villages.gr – 210-3238048
The non-profit Charitable Association “SOS Children’s Villages”, (hereinafter referred to as the “Organization”) respects the privacy of natural persons and attaches great importance to the need of protecting their personal data. This Policy provides information about the way the Organization collects, stores, uses and transmits the personal data of its children, donors, child sponsors, partners and friends the security measures that the Organization takes to protect personal data, the reasons and the time period for which they are stored, but also the type of personal data collected. It applies to any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. The Organization reserves the right to unilaterally update, modify, expand, revise its services and this Policy, at regular intervals, without prior notice, always in accordance with the applicable laws and regulations and any amendments in the legislation on personal data protection. The Organization invites the interested parties to regularly read the Policy in order to stay informed about changes.
“personal data” means any information relating to an identified or identifiable natural person.
“genetic data” means personal data relating to the inherited or acquired genetic characteristics of a natural person, as arising, in particular, from an analysis of a biological sample from the natural person in question, which give unique information about the physiology or the health of that natural person;
“biometric data” means personal data resulting from specific technical processing relating to the physical, physiological or behavioral characteristics of a natural person, which allow or confirm the unique identification of that natural person;
“data concerning health” means personal data related to the physical or mental health of a natural person, including the provision of healthcare services, which reveals information about his or her health status;
“special category personal data” includes genetic data, biometric data and data concerning health;
“personal data processing” means any operation or set of operations which is performed on personal data, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, use, disclosure by transmission, dissemination or otherwise making available, alignment, combination, restriction, erasure or destruction;
“controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data;
“processor” means a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.
Personal data protection legislative framework
The personal data protection legislative framework in this Policy refers to the General Data Protection Regulation (GDPR) (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and any law or regulation issued subsequently or for applying the aforementioned General Regulation, as well as any applicable national law in force on personal data protection in general, especially in the healthcare sector. These include relevant regulatory acts by independent administrative authorities
Personal data are collected as follows:
(a) you provide your data when the organization offers its services to you or any other person you assist, when you address the organization in order to receive medical services yourselves or in assisting another person, when you apply for a job with us, when you fill out electronic forms or send e-mails in order to receive information or use the services available on the following website: https://sos-villages.gr
(b) automatically through the browser or the mobile device you use when accessing the websites.
(c) a third party working with us provides the information with your consent.
When you register with the services provided by the above website, you will be asked to fill in some fields and select a username and password. When your consent is needed for the collection of your personal data, for instance in order to subscribe to a newsletter, you will be explicitly asked to give it and you will have the right to withdraw it at any time.
A “cookie” is a small piece of data that is sent to your browser from our web server and stored on your computer’s hard drive. SOS Children’s Villages uses cookie information to provide better and more personalized content and services to the visitors of this website. For example, we may use the information for tracking which areas of our website you have visited, and how frequently. We may match information obtained from cookies with other data you provided to develop statistics. Please check your computer or software manual for specifics on how cookies work on your computer. It is possible to block cookies from being loaded onto your computer. Please note, however, that blocking cookies can affect the performance of websites. Any change of our policy concerning cookies will be communicated on our homepage and through a new version of this privacy statement.
Sharing information with 3rd parties
Personal data collected is not distributed, shared, rented or sold to companies or organizations that are not a part of the SOS Children’s Villages’ organizational structure. In the case that administrative services such as credit card processing are required from third parties, such services are acquired under the understanding that all personal information is treated confidentially and only for the purpose of SOS Children’s Villages. If compelled by law or some other regulatory authority, SOS Children’s Villages may share personal information. This is also valid if we have good reason to believe that there has been an inappropriate interference with or use of our website. In such cases we maintain the right to disclose personal information as we deem appropriate, or as asked for by a legal or regulatory authority.
Aggregated, statistical and other non-personal information such as the number of visitors to our website and their use of certain features or services may be shared with third parties working with us, for example for the promotion of our website. SOS Children’s Villages sends you additional information by e-mail or snail mail only when you have expressed an interest in this. On our website you can subscribe and unsubscribe to our electronic newsletter at any time, and it is also possible to request one of our offline sponsorships. These sponsorships for a specific child or SOS Children’s Village are serviced by traditional snail mail and not over the Internet.
Rights regarding personal data protection
The legislation on protection of your personal data gives you the following rights, which you may exercise free of charge in principle and based on the provisions of the legislative framework:
- Right of access, i.e. to obtain information on which your data has been collected and processed by the organization, its origin, the purposes and legal foundation for its processing, any recipients or recipient categories, especially in third countries, and the period for which it will be stored.
- Right to rectification of any inaccurate personal data, so as to render it accurate by submitting a relevant form with your accurate personal data to the Organization.
- Right to supplement any incomplete personal data, so as to render it complete by submitting a relevant form with your complete personal data to the Organization.
- Right to erasure of your personal data in the following cases: (i) your personal data is no longer necessary in relation to the purposes for which it was collected or otherwise submitted for processing; (ii) when you withdraw the consent on which the processing of your personal date is based and there is no other legal ground for the processing; (iii) when your personal data was processed without the necessary legitimate grounds; (iv) when your personal data has to be erased for compliance with a legal obligation; (v) when personal data of a child has been collected in relation to the offer of information society services, following its consent, or the consent is given or approved by the persons exercising parental care.
- Right to restriction of processing of your personal data in the following cases: (i) you contest your personal data, until the Organization verifies its accuracy; (ii) you oppose the erasure of the personal data and request the restriction of its use instead; (iii) the organization no longer needs the personal data for the purposes of the processing, but it is required by you for the establishment, exercise or defense of legal claims.
- Right to object to the processing of your personal data, unless there are compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims of the organization.
- Right to data portability, i.e. to receive your personal data which you have provided to SOS Villages Greece, in a structured, commonly used and machine-readable format and transmit it to another controller, provided the processing of your personal data is based on your consent or was necessary for carrying out the agreement between us.
- Right to withdraw the consent you had provided (with no retroactive effect) at any time for an issue relating to the protection of simple personal and health data.
These rights may be restricted due to the obligation to apply another law, as for example in the case you request erasure of data, but we are under the obligation to keep it according to the law. For any of the above or to resolve any issues as to the personal data protection legislation in force, you may contact our Group as follows:
- Through the online contact form to: dataprotection@sos–villages.gr
- By post to: Data Protection Officer, 12-14, Kar.Servias str. 105 62 Athens / Greece
Security of payments
SOS Children’s Villages uses well-recognized and proven technology for payments. Payment information is transferred using an SSL connection which offers the highest degree of security that your browser can support. Data on all on-line transactions are saved on a secure server hosted by an international, experienced, and reputable company. Several layers of built-in security, including an advanced firewall system, encryption of credit card numbers, and use of passwords, protect the collected information.
Your right to submit complaints
If you have a complaint regarding the use of your data by us, we will prefer that you contact us directly so we can examine your complaint. However, you may also contact the Data Protection Agency through its website:
(www.dpa.gr → My rights →Submission of complaint), where there is detailed information, or by post at:
Data Protection Agency, 1-3 Kifissias Ave., 115 23, Athens
Call Center +30-210 6475600, Fax: +30-210 6475628