Privacy policy
All information about the use of www.aurora-together.gr
1. Introduction
Whenever you come into contact with our Association, you disclose personal information (PD), personal data) to us.
The purpose of this Privacy Policy is to inform you (as a natural person) of what personal data (PD) we collect, why we collect them, what is the legal framework that allows them to be processed, and how you can exercise your rights, namely how to ask us for information, the erasure, the possible update of your personal data, etc.
It also demonstrates our compliance with the legislation and in particular with the EU Regulation 679/2016 on the Protection of Personal Data (PD), and our respect for the protection of the privacy and security of PD.
This Privacy Policy applies to the PD you provide to us as well as to the PD we collect within the framework of the exercise of our activities acting as a Data Controller.
This Privacy Policy addresses any natural person who has or intends to have any kind of relationship with us.
Because the Privacy Policy may be amended from time to time, we suggest that you read it every time before you use our web pages. In case we amend substantially this Privacy Policy, we may inform you personally on such amendments, by sending you an e-mail.
2. Who we are
Our Association was founded in 2018 with the aim of providing assistance to people suffering from hematological diseases.
3. What Personal Data (PD) we process
Personal Data (PD) is any information that can be used to identify, directly or indirectly, your identity individually, as a specific natural person.
We mandatorily process (i.e. collect, record, store, delete) Personal Data (PD) in the context of our activities and often within the framework of our compliance with laws and regulations.
You (as a natural person) are not obliged to provide us with the Personal Data (PD) we may request from you.
When you contact us, visit our webpage, collaborate with us, or ask us questions, we may ask you for relevant personal information (PD), such as: name, address, email, phone number, etc. depending on the type of relationship between us.
You may also choose to voluntarily disclose to us - via printed or electronic messages or in person - additional Personal Data (PD), or additional information (such as tax or commercial information, in the context of your update or collaboration inquiry).
4. How we collect the Personal Data (PD) we process
The information we collect may be:
As a rule, the PD we process arise from their voluntary disclosure for one of the following reasons:
We also receive personal information indirectly in the following scenarios:
· We have collected personal information as part of a research.
· From the partners or organizations collaborating with us.
· One of our employees gave us your contact information.
· We may use information from ad networks to inform you on topics that may interest you.
· Your personal information is publicly available.
When you contact us, we keep a record of our communication messages to resolve any problems you may have. We do not allow unauthorized entities, especially without your consent, to access your information.
Our website collects the following information through third services’ computer code:
· Search engine
· IP Address
· Language
· Country
· City
· Time zone
· Operating system
· Device
· Screen resolution
· Time of visit of the website
· Browsing pages
· Internet Service Provider
· Connection Speed
The third services that collect these data are as follows:
· AT Internet
· Google Analytics
· Google Maps
· Google AdWords
· Google AdExchange
· Facebook Pixel
· IO Analytics
· ADMAN
In addition, we ask for your email in order for you to subscribe to our newsletter.
5. How we use Personal Data (PD)
We use (process) the information we collect, as described above, only for a specific purpose. In addition, we use your own data when there is a legal basis for their processing, and in order to:
• respond to any complaints or questions you have raised,
• implement the framework of this Privacy Policy,
• develop and improve our methods of communication and the functionality of our webpages.
6. How long we retain your personal data
We retain your personal data only for as long as necessary, depending on the purpose of processing and the present Privacy Policy.
For example, we may need to use your own Personal Data (PD) to respond to your requests or queries. We may also need to retain your personal data for a period determined by tax authorities or financial research units.
If we no longer need Personal Data (PD), we erase them or anonymize them by removing all the details that identify you.
In addition, the duration of retention (storage) of personal data depends on the legal basis of the processing, such as:
· In the case where the legal basis of the processing is the pursuit of our legitimate interests, the processing of personal data will take place for as long as necessary to achieve the intended purpose and for as long as required until the limitation period for any relevant claim elapses.
· If we requested your authorization (consent) to process your personal data and we have no other legal reason to continue such processing, and you withdraw your consent, we will erase your personal data. Unless otherwise provided for by tax authorities or financial research units.
· In case the legal basis of the processing is the implementation of a contract (contractual relationship) or the implementation of measures upon your request prior to the conclusion of a contract, then we will retain your data for as long as you maintain a contractual relationship with us and for as long as required by tax and financial authorities or we will retain them for as long as required until the limitation time for any relevant claim elapses.
You can also terminate a subscription or other communication via the webpage’s options such as ''unsubscribe '' by clicking on the appropriate link.
7. With whom we share your Personal Data (PD)
We do not disclose or share Personal Data (PD) with other companies, organizations, and individuals for direct or indirect advertising and communication purposes. We use your data only for the purpose for which you submitted or we collected it within the framework of this Privacy Policy.
We communicate or share Personal Data (PD) with third parties in the following cases:
• With your consent: We share Personal Data (PD) with companies, organizations and individuals when we have your explicit consent. In this case, the Company does not assume any responsibility for what other users will do with your personal data.
• For external processing: We provide Personal Data (PD) to our external partners and to enterprises or individuals we trust to process them for our own use (e.g. accounting or IT support) and in accordance with our Privacy Policy and appropriate confidentiality and security measures as defined by the EU Regulation 679/2016. Indicatively, such external partners may be providers of services: webpage management, software support and maintenance, automation & management of emails or newsletters, posting of comments, etc. In such cases there are mutually binding contracts (of Data Controller and Data Processor) as required by the Regulation.
• For legal purposes: We share Personal Data (PD) with competent public services where this is reasonably necessary and in order to comply with laws, regulations etc.
• In the context of scientific research: We may provide anonymized Personal Data (PD) in the context of scientific or statistical studies.
• The processing of PD is taking place only within the EU/EEA, where an adequate level of data protection is ensured. All the above data recipients are also located within the EU/EEA. Should the case arise, where we need to transfer your PD to a third country, the Association will promptly inform you thereof and will implement appropriate safeguards in accordance with applicable data protection laws, in order to conduct such data transfer and ensure that your personal information remains protected and secure, such as Adequacy Decisions and Standard Contractual Clauses adopted by the European Commission.
8. Your rights
Visitors to our webpage have the following rights under the General Data Protection Regulation EU 679/2016 (which should not be inconsistent with the relevant legislation). We may ask you to verify your identity before proceeding to your request on exercising one of your rights, (see also §10).
Your rights, regarding the PD, are the following:
· Right to information: You have the right to receive clear and understandable information on how we use your personal data and your rights. This Privacy Policy provides you with relevant information.
· Right to access & rectification: You have the right to access, rectify or update your personal data at any time.
· Right to portability: You can receive the PD you have provided us with in a structured, readable and interoperable format, and you can transfer it to another organization. This right is granted to you when your personal data has been provided on the basis of your consent or within the framework of the execution of a contract.
· Right to erasure of PD: In some cases, you have the right to request the erasure of your personal information. The exercise of your right may always be conducted under the conditions of the relevant legislation (e.g., you cannot request an erasure of PD when labor law or tax authorities require otherwise).
· Right to restrict the processing of PD: You have the right to ask us to restrict the processing of PD, in certain circumstances, including processing for direct marketing.
· Right to object: You have the right to object at any time to the processing of PD concerning you, based on the performance of a task carried out in the public interest or to the processing necessary for the purposes of the legitimate interests pursued by us, including profiling according to those provisions. In such case we will no longer process PD concerning you, unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.
· Right to lodge a complaint with the Hellenic Data Protection Authority (HDPA), Kifissias 1-3, 115 23 Athens, Greece http://www.dpa.gr/ =.
· Right to withdraw your consent: If you have provided your consent to the processing of PD, you have the right to withdraw your consent at any time (if you do so, it does not mean that what we did with your valid consent until the date of its withdrawal is illegal). You may withdraw your consent to the processing of PD at any time, by contacting us via the information specified in §13 "Contact Us".
Regarding the way of exercising your rights, see § 10.
More information and advice regarding your rights may be found on the webpage of the Hellenic Data Protection Authority (http://dpa.gr/).
9. Our obligations
Among our obligations, as regards to the principles governing the processing of PD (legitimacy, objectivity and transparency, limitation of the purpose of processing, minimization of PD, accuracy of PD, storage limitation, security, integrity and confidentiality) the principle of accountability is included.
We only process PD if one of the following legal conditions (legal basis) applies. We determine the legal basis, for the processing of PD, depending on the purpose for which we have collected and used your personal data.
In any case, the legal basis may be:
· CONTRACT PERFORMANCE: when the processing of PD is necessary for the performance of a contract, where the natural person (you) is a contracting party or for taking measures upon the request of the natural person prior to the conclusion of the contract, such as in cases of registration . Furthermore, this is the legal basis in the case where as registered user or partner there is a relevant contract between us.
· CONSENT: the data subject (you) has, for example, consented to the use of cookies or to receiving of messages/newsletter. You may withdraw your consent to the processing of PD, at any time, by contacting us via the information specified in §13 ''Contact Us''.
· COMPLIANCE WITH THE LEGISLATION: when processing is necessary for our compliance with legal requirements (e.g., labor or tax legislation).
· OUR LEGITIMATE INTERESTS: the processing is necessary for the purposes of the legitimate interests pursued by the data controller (us) unless the natural person’s (you) interest or fundamental rights and freedoms prevail. When it is necessary to understand our user and to effectively operate our websites. For example, we will rely on our legitimate interest when we analyze content displayed on our websites and applications in order to understand how they are used. In addition, we implement the appropriate technical and organizational measures to protect the Company (us), natural persons (you) and our partners from unauthorized access or alteration, breach or destruction of the PD we possess.
Especially:
· We encrypt some of our processes.
· We monitor data collection, storage and processing practices, including physical security measures, for the protection against unauthorized access to systems and processes.
· Access to PD is limited and monitored and people with access are subject to strict contractual confidentiality obligations.
· In case external partners (for maintenance and support purposes) have potential access to PD, relevant appendices to the existing collaboration agreements meet the requirements of the Regulation.
Throughout the entire PD processing cycle (from the collection to the destruction of PD), we implement the appropriate technical and organizational measures to ensure the confidentiality, integrity and availability of the PD. We require similar measures from third parties handling or processing PD on our behalf.
Our services and our webpage can be accessed by children under the age of 16. We do not knowingly process PD of children under the age of 16.
10. Access to your information
Within the framework of the rights provided to you by the Data Protection Regulation EU 679/2016, you may request inter alia the information, correction or restriction of the processing or erasure of your own PD (see your rights in detail in Section 8).
You can exercise your rights by sending an email to the address mentioned in "Contact Us" (section 13) by requesting the Subject Access Request (SAR) form, by completing and sending it to us. We are required to respond to you within one month of receipt of your request.
11. Information about cookies
We use cookies to improve the speed and quality of our service, whenever you visit our webpage.
Cookies are information, in file format, stored on your computer and used to improve the performance of the webpage regarding your service. They are widely used to make websites work more effectively and provide information to us, namely the website owners.
The following information explains which cookies we use and why:
Session identifier (Session ID): This cookie (sessKey) is used for basic website operations and remembers visitor’s preferences such as language settings. Disabling this cookie may have unexpected side effects while browsing our website.
Cookie preference: this type of cookie (cookiePreferences) is used to remember a user's choice regarding cookies on our website. Where users have previously indicated a preference, the user preference will be stored in this cookie.
Universal Analytics (Google): These cookies are used to collect information about how users use our website. We use the information to conduct reports and improve the webpage. Cookies (_ga, _gat, _gid) collect information in an anonymous form; including the number of visitors to the website, the previous webpage and the pages they visited (Read Google’s overview of privacy and safeguarding data).
YouTube cookies: We embody videos from our own YouTube. This option may select types of cookies (such as: PREF -* Expires after eight months, VSC -* expires at the end of your session, VISITOR_INFO1_LIVE-* expires after eight months, remote_sid-* expires at the end of your session) on your computer when you select the YouTube video player, (read more on the YouTube information page).
NOTE: For the establishment of cookies on your computer the provision of your consent is required, except for those considered as technically necessary for the realization of the connection to the webpage or for the internet services provision. As subscriber or user you have the possibility to withdraw your consent in the same way with which you declared it. Even after your initial option, you can change the cookie settings for our website at any time by visiting the cookie settings. Most web browsers allow cookies to be monitored through browser settings. To learn more about cookies, including the way you can see which cookies have been set, visit the page www.aboutcookies.org or www.allaboutcookies.org.
12. Links to other websites
In case we provide links to websites of other organizations, this Privacy Policy does not cover the way that the other organization processes personal data. We encourage you to read the Privacy Policy of the other website you visit.
Nevetheless, the transfer of information over the Internet is not entirely safe. Although we will do our best to protect your data, within the framework of our cooperation, we cannot guarantee the safety of PD at the stage of their transfer, and therefore you provide them at your own risk.
The Association has implemented every possible measure in order to protect your personal data against any kind of attack or breach. Although we have taken all reasonable measures, there is no unmistakable security system. Therefore, we cannot guarantee that your personal data will not be arbitrarily and illegally accessed.
13. Contact us
“AURORA - WORKING TOGETHER AGAINST HEMATOLOGICAL DISEASES”
Data Protection Officer: Villios Konstantinos
Address: 9, Fragkoklisias Street, Marousi
Email: dpo@aurora-together.com