in compliance with the General Data Protection Regulation (GDPR 2016/679)
What do we call personal data and what do we collect?
“Personal data” are defined as any information regarding an identified or identifiable person (“data subject”). Anonymous information is not defined as being a part of personal data.
We collect your personal data at the time you use our electronic services, when:
a) you sign up to receive a newsletter,
b) you use an embedded contact form on our website
c) you use or order our products and/or our services
d) you complete an online form/CV in the case of an assessment procedure regarding a new job position,
e) you use the electronic platform for providing financial support to the SPP
The personal data collected are the minimum required to complete the above actions, which consist of identification data, contact data and/or your financial data.
It is possible the following data may also be collected and processed, such as information related to your computer, your visits to our website and your activity, which aim at the proper formulation of your connection, your easy usage of our website and the security of the system, (e.g. IP address, date and time of connection, type and version of your browser, the operating system, the pages you preferred etc.). Of course, these data will only be used if we are allowed to do so by law.
We do not collect particular categories of your personal data, in other words data “that reveal race or ethnic origins, political opinions, religious or philosophical beliefs or trade-union membership, as well as genetic data, biometric data, aiming to the undeniable identification of an individual, data concerning health or sex life of the individual or the sexual orientation” (article 9(1) GDPR), or data concerning criminal convictions or offences (article 10 GDPR).
We do not collect personal data from minors without the consent of their legal guardian/s. In the event that we realise that a minor is seeking to submit his/her personal data, we will remove these data from our archives. If you are the parent/legal guardian of a minor who has submitted his/her personal data, you may contact us to delete them.
Are you obliged to give us your personal data?
In cases where the use of your personal data is necessary and you do not consent to their collection, it will be impossible to achieve the fundamental aim for which the data are collected, and we may not be able to provide you our services in the best possible way.
Provided we have your explicit consent, and depending on the personal data you have submitted, we will send you our newsletter about the aims of the SPP, its activities and the projects being carried out. The legal basis of this process is article 6(1a’) of the GDPR. You can choose to stop receiving our newsletter at any time, either by using the corresponding unsubscribe link, which you can find at the bottom of our email, or by contacting the secretariat by telephone on: 2385051211, or by sending an e-mail to: firstname.lastname@example.org
Disclosure of your personal data to third parties
Typically, we do not disclose your personal data to third parties. An exception is made for data that are subject to data processing by processors at our request. These processors are carefully selected and controlled by us, and bound by contract, in accordance with article 28 of the GDPR. In addition, we may consider it necessary to disclose sections of your request to some of our contract partners in order to process that request. These may be auditors and professional consultants and/or companies that relate to the transportation of products, professional service providers, and companies providing web support, website improvement and hosting services, payment control services, the Cybercrime Task Force, the Consumer Protection Office and electronic fraud prevention services, in cases of deliberate abuse. In individual cases where the disclosure of your personal data is considered necessary, we will inform you in respect of the matter, in order to obtain your consent. We do not disclose your personal data to addressees outside of the European Union.
Our website does not store your credit card number, in the event that you choose to submit your financial support in this way; it only retains the data necessary for the verification of each transaction via the online payment systems Viva Payments and PayPal.
Protection of your personal data
Both at the time when the means by which we process data were determined, and when data processing takes place, we have successfully applied the appropriate technical and organisational measures, which were designed to apply data protection principles and the integration of the necessary guarantees in data processing, in such a way as to meet all the requirements of the GDPR and protect your data. Moreover, we have applied appropriate technical and organisational measures to ensure that, by definition, only the personal data necessary for each separate data processing purpose are being processed. We provide active control procedures to detect possible misuses of personal data, and in such an event, we will directly inform both you and the competent supervisory authority.
For how long do we keep your personal data?
The computers and programmes used by our company are created in such a way that the use of personal data and identification data is restricted to the minimum. These data are subject to processing only to the extent that is necessary to attain the aims mentioned in this Policy, and they will only be stored for as long as is absolutely necessary in order to attain these aims. In any event, the criteria used to determine the storage period are based on compliance with the deadlines dictated by law and the principles of data minimisation, the restriction of data storage or the proper management of our archives.
Learn about your rights according to the GDPR
If you are a resident of the European Union, your rights, in plain language, are the following:
The right to obtain information relating to the way we use your personal data.
The right to access your data, that is, to ask for a copy of your retained personal data.
The right to revise your data, that is, to have us revise the personal data that may be incomplete or inaccurate.
The right to delete your data (right “to be forgotten”), that is, to ask us, in particular cases, to delete your retained personal data (unless there is a legal reason that forbids us from doing so).
The right to restrict the processing of your personal data.
The right to portability of your data, that is, to ask for a copy of your personal data in a common file format and transfer them to another organisation.
The right to object to the processing of your personal data.
The right, as the subject of the data, not to be subject to decisions taken exclusively based on automated data processing, including profiling, which has legal effects that concern you or affect you significantly in any similar way.
The right to complain to the competent supervisory authority for personal data protection, in the Member State where your habitual residence or your place of employment is.
The above-mentioned rights are subject to specific regulations related to the time you may exercise them. You do not have to pay in order to obtain access to your personal data (or to exercise any of your rights), unless your request is unsubstantial, repeated or exaggerated, in which case we may refuse to comply. Note that, we may request some additional information to confirm your identity when you request either to access your data, or, to exercise any other of your rights, as a safety measure to ensure that your personal data will not be disclosed to others. We will respond within one (1) month to any of your requests; in the event that we need some more time, on account of the complexity or the number of the requests, we will let you know.
Any interconnection of the SPP website, through individual links and redirections (links, hyperlinks, banners) to another website, does not imply that the SPP takes any responsibility for the policy in each website, with regard to the protection of personal data.
Amendment to the present terms
The SPP may proceed at any time to amend these terms for the protection of personal data, in the framework of the relative legislation in force. Any amendment will be in force once it is posted on the SPP website.
The Data Processing Officer
Society for the Protection of Prespa,
Agios Germanos, Prespa,
Tel.: 23850 51211 Fax: 23850 51343