PRIVACY POLICY

The present terms fully comply with the current European Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)and so latter pursuant to the provisions of the General Data Protection Regulation 2016/679 (GDPR) and in accordance with its specific regulatory framework.

The GRACE CHARITABLE FOUNDATION, henceforth GCF, is committed to protecting your privacy and will only use the information that we collect about you lawfully. This policy is designed to provide transparency into our privacy practices and principles and to inform you of the way your information is collected and used.

If you have questions about this policy, please contact us through contact@gracecharitablefoundation.org.

Please read the following carefully to understand our practices regarding your personal data and how we will treat it. BY USING OUR WEBSITE OR PROVIDING US WITH YOUR PERSONAL INFORMATION, YOU AGREE TO YOUR PERSONAL INFORMATION BEING USED AND STORED IN A MANNER SET OUT IN THIS POLICY. We may update this policy periodically so please check it regularly.

Ι. GCF’S GENERAL PRINCIPLES ON THE PROCESSING OF PERSONAL DATA

In the context of its operations, GCF ensures that the processing of personal data is effected under the following general principles:

  • your data have been collected fairly and lawfully, with your consent where required, for a specific, explicit and legitimate purpose, and are fairly and lawfully processed in light of such purpose,
  • the collected data are adequate, relevant and not excessive in relation to the purpose for which they are processed,
  • the data are reviewed for accuracy and are regularly updated in accordance with the appropriate procedures,
  • your data are kept in a form which permits identification of your identity for the period required for the purposes of processing,
  • adequate security measures are taken to protect your data against such risks as loss, unauthorized access, destruction, unlawful processing or disclosure,
  • before the processing of your personal data, you are properly informed and you provide your consent, where required, actively and on a voluntary basis . Your consent can be withdrawn at any time, without of course affecting the lawfulness of processing based on consent before its withdrawal.

While we generally seek consent to process your data at the point we collect it, in some cases, we may process data without consent where we are legally allowed to do so, and where we have legitimate reasons for doing to, provided we respect your legal rights.

If you request to receive no further contact from us or request to have your personal data deleted from our system, we will keep some basic information in order to avoid sending you unwanted communications in the future. If we do not retain this information, then this could result in us contacting you again as we would no longer have a record of your request not to be contacted.

We will keep your personal data for no longer than is necessary for the purposes for which it is processed, in accordance with our internal policies

Il.       HOW WE COLLECT INFORMATION ABOUT YOU AND WHAT PERSONAL DATA CAN BE PROCESSED

GCF collects, maintains and processes the personal data you disclose for the provision of the services of the website. It is noted that GCF processes each time only the personal data which are necessary for such purpose.

We may collect information from you in the following ways:

  • (a) Our use of cookies (please see our policies regarding cookies in section X);
  • (b) You make a donation to us (which may be financial or non-financial/in-kind), or respond to our mailings and appeals;
  • (c) You request information or materials from our organization;
  • (d) You contact us in relation to volunteering or fundraising on our behalf;
  • (e) You apply for a job with us, become an employee, or provide consultancy services directly to us; or
  • (f) You contact us with inquiries or other correspondence (including via social media) or become involved with us in another way.

If you interact with us in one of the ways listed above, we may collect and process personal information about you such as:

  • (a) demographic data (sex, nationality, family status), contact details (address, telephone number or mobile phone, email address), your age;
  • (b) Information you enter onto our website or other hard copy forms at an event;
  • (c) Records of your correspondence with us, if you have contacted us;
  • (d) Details of your visit to our website, including your IP address;
  • (e) Financial information such as your bank or card details and specifically the card number, its expiry date as well as the 3-digit security code of your card.;
  • (f) Whether you have a relationship to another supporter (e.g. husband/wife)

It is noted that you are required to inform GCF timely for any possible change on the aforementioned data.

The personal data processed by GCF are held in physical and/or electromagnetic form.

 

III. WHERE WE STORE YOUR INFORMATION

The information we collect from you will be stored in the EU. However, there may be times when we need to transfer your data to a destination outside the EU to provide you with requested services (e.g. You request information from one of our worldwide office). If we send your personal data outside the EU or other areas outside the European Economic Area (EEA), we will take reasonable steps to ensure that the recipient implements appropriate measures to protect your information. By submitting your details, you agree to this use of your data.

Online payment transactions will be encrypted.

The transmission of information via the internet is not completely secure (though note that our online payment transactions are securely encrypted). Although we do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try and prevent unauthorized access (please see our policies regarding  online payment transactions in section XII);

IV. WHICH MIGHT BE THE PURPOSES OF PROCESSING

GCF  may process the aforementioned personal data of yours, for the following purposes:

A)In the context of the performance of any transaction, in particular:

  1. for the identification and verification of your information,
  2. for communicating on issues related to your transactional relationship with GCF,
  3. for the service, management, monitoring, and process of your transactions and in general for the offer of the requested product and/or service of GCF,

B)In the context of GCF ‘s lawful operation, the safeguarding of its interests and the overall orderly functioning and protection of your transactions, in particular with regard to the collection and/or analysis of data relating inter alia to:

  1. resolving potential requests/complaints of yours

V.WHY AND HOW WE USE  YOUR INFORMATION AND ON WHAT BASIS

We will process your personal information in accordance with this policy and our obligations under applicable data protection laws and regulations, for one or more of the following reasons:

  • To administer your donation;
  • To confirm receipt of donation and to say thank you and provide details of how your donation might be used;
  • To provide you with the services, activities or information you have indicated you want to receive or which you have asked for;
  • To comply with applicable laws and regulations, and requests from statutory agencies;
  • For our own internal administrative purposes and to keep a record of your relationship with us;
  • Where you have provided your consent to publish your personal data;
  • To provide you with information about volunteering opportunities;
  • To provide you with details about our campaigns;
  • To provide essential event information where you have signed up to attend;
  • To manage your communication preferences with us generally;
  • To notify you about changes to our services and/or donor opportunities;
  • To ensure that content from our website is presented in the most effective manner for you and for your compute/mobile device.

VI.DURATION FOR WHICH YOUR DATA IS HELD

GCF processes your personal data throughout the duration of each transaction with the website and after its termination or expiration as long as it is defined by the applicable legal and regulatory framework.

We retain personal information for as long as we reasonably require it for legal or business purposes. In determining data retention periods, GCF takes into consideration data protection regulations, local laws, contractual obligations and the expectations and requirements based on the nature of the relationship with GCF’s.

In particular, your data processed by GCF must be held throughout the period required for the purposes of processing in accordance with the purpose of their processing and/or the applicable legislative and regulatory framework.

After the end of this period, the data are held in accordance with the applicable legislative framework for the period provided from the termination of a business relationship or for the period required to protect GCF ‘s rights before a Judicial or other competent Authority.

VII.ACTION TAKEN WHEN THE PERIOD OF KEEPING YOUR DATA HAS PASSED

In the event that the duration for keeping your data has expired, GCF pays special attention to how this data will be destroyed. For this purpose, it has established and implements a relevant procedure applied after having examined that it is not necessary to keep archives material for compliance with legal and regulatory requirements or for the protection of GCF’s interests and is based on the instructions of the European Data Protection Authorities. GCF shall ensure that the above process of file destruction containing personal data also binds third parties providing services in the name and on behalf of it and any other persons with whom it cooperates in the context of outsourcing or other kind of agreements.

VIII. YOUR RIGHTS ON THE PROTECTION OF YOUR PERSONAL DATA

Following the verification of your identity, you, as a Data Subject, have the following rights:

Right to Information: GCF must provide you with any information in relation to the processing of your personal data, including what data GCF processes, for which purpose, for how long GCF keeps them, in a concise, understandable and easily accessible form using clear and simple wording.

Right of Access: You have the right to obtain from GCF  confirmation as to whether or not personal data of yours are being processed, and, if so, you have the right to access to the personal data.

Right to Rectification: You have the right to obtain from GCF the rectification of inaccurate or incomplete personal data of yours and the right to have incomplete personal data completed.

Right to Erasure: You have the right to obtain from GCF the erasure of your personal data, which can be met if certain conditions are met.

Right to Restriction: You have the right to obtain from GCF restriction of processing under certain conditions.

Right to Object: You have the right to object, at any time, to processing of personal data concerning you. GCF shall then no longer process your Personal Data unless it demonstrates compelling legitimate grounds for the processing, which override the interests, rights and freedoms of yours or for the establishment, exercise or defense of legal claims.

Right to Obtain Human Intervention: You have the right to ask from GCF not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

Right to Portability: You have the right to ask from GCF and receive your Personal Data that you have provided in a structured, commonly-used and machine- readable format or to ask GCF to transmit those data to another controller.

Right to Correction

Information we receive from other sources

Your information may be given to us by third parties, such as online tracking technologies. Collecting information in this manner allows us to collect statistics about our websites’ usage and effectiveness and to personalize your experience while you are on our third-party websites.

These third parties are subject to their own policies on data protection and privacy. It is a good idea to check their privacy policy when you provide your information to them to fully understand how they will process your data and may share it with others.

These third parties are often processing your data on your behalf so as the data controller, GCF is responsible for the security and proper processing of your personal data.

IX. CHILDREN’S ONLINE PRIVACY – IN PARTICULAR REGARDING THE PROTECTION OF MINORS

We are concerned about the privacy of young children, and we do not collect any more personal information than is reasonably necessary to enable them to participate in the activities we offer on our sites. We encourage you to become involved with your child’s access to the Internet and to our site in order to ensure that his or her privacy is well protected.

GCF acknowledges the need to protect minors’ data as defined by the current regulatory framework. Minors’ data are stored by GCF only if provided by those having the custody of the minor and only for the fulfillment of a relevant business relationship for the benefit of minors. It is noted that under no circumstances does GCF deal directly with minors, nor its products and services are directed for immediate use by minors, and GCF deals only with those having the custody of minors.

In accordance with our Child Protection Policy and our commitment to protect vulnerable children from all forms of exploitation and abuse, we may share details, including personal data, relating to serious breaches of our Child Protection Policy and procedures with statutory authorities such as the police.

X. COOKIES AND HOW WE USE THEM

This website uses cookies. Disabling cookies shall render the easy browsing through this website impossible and therefore users should accept this operation from the beginning. When a user visits the website for the first time, a permanent “cookie” (a small text file) will be created and stored on their hard drive. Cookies do not harm your computer. Cookies may involve the transmission of information from us to you and from you directly to us, to another party on our behalf, or to another party in accordance with its privacy policy. We may use cookies to bring together information we collect about you. Cookies are used during future visits to the website for its “personalization”. You may visit this website without allowing the use of cookies, however, you shall not be able to use the full capabilities of the website or to enjoy certain features. So, if you turn cookies off, you may not have access to many features that make your guest experience more engaging and some of our services may not function properly. You can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies. You do this through your browser settings. Each browser is a little different, so look at your browser Help menu to learn the correct way to modify your cookies. The visitor / user of the website may set its web browser in such a way as to either warn him or her about the use of cookies on specific services, or not allow the acceptance of cookies in any way. To do so, please refer to your network browser or help screen instructions to learn more about these features. For example, in Internet Explorer, you can go to Tools / Internet Options / Security and Privacy to customize the browser to its requirements.

Disabling cookies

By using our website, you consent to our use of cookies as updated from time to time and the cookies we use will be stored on your device (unless rejected or disabled by your browser).

Internet browsers normally accept cookies by default. However, it is possible to set an internet browser to reject cookies. If you do not accept our use of cookies as set out in this policy, please set your internet browser to reject cookies. This may impair your ability to use our website so that some features may not work.

We may update our use of cookies from time to time so please check this policy regularly.

XI. UPDATE-AMENDMENT OF THE SAID STATEMENT ON PERSONAL DATA PRIVACY

GCF may update, supplement and / or amend this Privacy Statement in accordance with the applicable regulatory and legislative framework. In this case, the updated Statement will be posted on the GCF ‘s website (https://www.gracecharitablefoundation.org).

XII. SECURITY

The GCF website uses the SSL protocol for safe online business transactions. In this way, all credit card information is encrypted so that it may not be read or changed while transferred in the Internet.

SSL protocol (Secure Sockets Layer) is now a global Internet standard for the certification of websites to Internet users and for the encryption of data between Internet users and web servers. An SSL encrypted communication requires all information interchanged between a customer and a server to be encrypted by the sender’s software and to be decoded by the recipient’s software; in this way, personal data are protected while transferred in the Internet. Furthermore, all information sent via SSL protocol is protected by a mechanism that automatically verifies if such data have been changed while transferred.

The GCF has taken the proper organizational and technical steps to ensure the safety of data and its protection from any accidental or illicit destruction, accidental loss, alteration, illegal distribution or access, as well as any other form of illicit processing. These steps guarantee a level of safety that is proportionate to the dangers that the processing and the nature of the data to be processed entail. If an electronic purchase is carried out, the company uses SSL (Secure Sockets Layer) technology to ensure the security of your transactions and the protection of your personal data.

 During your electronic donations, the website does not save or store in any way any data that is related to your credit card, except, for reasons pertaining to the security of the transaction.

 For payments through PayPal, the email of the PayPal account is stored. SSL is the most reliable protocol for secure Internet transactions worldwide. Every transaction you make through the website is subject to the relevant provisions of the Consumer Protection Law (L. 2251/1994), which regulates issues pertaining to distance selling, as well as to the provisions of the European and International law on electronic commerce.

 Every user is entitled to know whether their personal data is or has been processed by the company. To this end, the company is obliged to reply in writing. The subject of the data is entitled to request and receive by the processing entity, without delay and in a way that is clear and easy to understand, the following information:

  1. a) Any personal data concerning that person, as well as their source.
  2. b) The purposes of this processing, the receivers or types of receivers.
  3. c) Any processing changes made since that person was last updated or notified.
  4. d) The logic behind automated data processing systems
  5. e) on a case by case basis, the person may request the correction, erasure or blocking of data, the processing of which does not take place in accordance with the provisions of Law 2472/1997, especially due to the incomplete or inaccurate nature of the data, and
  6. f) notification to third parties, to whom the data has been communicated, of any correction, erasure or blocking that is carried out on a case by case basis, provided that this is not impossible or does not involve disproportionate efforts.

The right of access can be exercised by the subject of the data with the assistance of an expert. The GCF will reply to access requests within fifteen (15) days, in accordance with the provisions of article 12 of Law 2472/1997.

The subject of the data may at any time object to the processing of the data that concerns them. These objections must be addressed directly to the company via email and must include a proof of the identity of the applicant, as well as a request for a specific action, such as correction, temporary stop of use, binding, non transmission or deletion. The GCF will respond in writing to the objections within fifteen (15) days. In its response it shall inform the subject for its actions or perhaps explain why the request was not satisfied. If these objections are rejected, the GCF will copy the Personal Data Protection Authority in the response.

In order to exercise their rights, the subject of the data or their legal representative should lodge a complaint via e-mail (contact@gracecharitablefoundation.org), in which they should state:

  1. a) their identity, by submitting a relevant identification document issued by a public authority,
  2. b) the specific personal data that is related to their complaint, while also specifying the web address where this personal data has been posted,
  3. c) their contact details (phone number, email address, home address).

Compliance with the above stated procedure is a binding contractual term that should precede any other action before a public authority or a court of law and this pre-trial phase concerns users who accept the binding effect of this procedure when entering the website.