PRIVACY POLICY

The civil non-profit company under the name “HAGAR MINISTRIES Civil Non-Profit Company” (“Data Controller“) with Greek Companies’ Registry number 168456401000 and seat at the Municipality of Athens, respects the confidentiality of your personal data and ensures their protection, in conformity with applicable legal provisions. The purpose of this policy is (a) to
inform you about the way we process your personal data under your capacity as visitor/user of the website www.hagar.gr, (b) to provide you with more general information about the way we process personal data and information, and (c) to inform you about your rights and how you can exercise them.

(1) PERSONAL DATA

Personal Data means any information relating to an identified or identifiable natural person (“Data Subject”) (e.g. name, surname, telephone number, email address).

Special categories of personal data are data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, as well as genetic data, biometric data, data concerning a natural person’s health, sex life or sexual orientation.

In the context of our statutory purposes, we process personal data that are necessary for each purpose that we are pursuing on a case-by-case basis. Please find below, indicatively, the categories of personal data that we collect and in general process:

  1. Identification data: e.g. name, surname, title, date of birth.
  2. Contact data: e.g. phone number, email, address.
  3. Financial/tax data and payment data: e.g. Tax ID number, Tax Office, bank account details.
  4. Personal data to fill a job vacancy e.g. CV data, CV supporting documentation.
  5. Personal data in the context of the employment relationship e.g. social security number, employee’s file details.
  6. Special categories of data: e.g. health data or data related to the sexual life of a person only in special cases and if such are absolutely necessary.
  7. Data on criminal convictions and offences only in specific cases and if such are absolutely necessary (e.g. for sex offences, crimes against sexual freedom and crimes of economic exploitation of sexual life).
Through our website we collect data of above categories 1,2,4 and (potentially) 6.

(2) PURPOSES OF PROCESSING

We process personal data of natural persons in the context of the intended purpose in each case. The purposes for which we process personal information are indicatively set out below:
  1. Communication with individuals in order to fulfill our statutory purposes.
  2. Entry into agreements: in the context of our activities we collect all necessary personal data in order to enter into agreements mainly with third parties/partners/suppliers or public bodies.
  3. Compliance with legislation: We collect personal data of individuals to comply with applicable legislation (e.g. tax obligations, obligations under labor and social security law).
  4. Recruitment of personnel: In the context of filling a job vacancy, we collect CVs of candidates in order to carry out the necessary assessment and evaluate which candidate is suitable for a specific job position. After hiring, we process personal data of personnel for the purpose of managing our needs and carrying out our day-to-day operations.
  5. Informing and raising awareness of family, school, work and other social groups on issues related to our activities.
  6. Cooperation and liaison with other persons and organizations with similar objectives.
  7. Organization of and participation in workshops, conferences, seminars, lectures, performances, events etc. in Greece or abroad related to our statutory purposes.
  8. Raising funds from donations, offers, sponsorships and any kind of contributions from our members/partners, but also from third parties, supporters, individuals, groups and legal entities, both national and foreign.
  9. Other objectives related to our respective statutory purposes.
As regards the processing of Personal Data of candidates or existing members of our personnel, the more specific provisions of the Policy for Processing Personal Data of Personnel apply, which is communicated by us to such persons.

(3) METHOD OF COLLECTION

In relation to our website, we collect personal data through the natural person himself/herself,
through the contact form where the natural person enters his/her contact details, through the
newsletter subscription, through the online process for donations to us, through messages sent to our general email address and through the technical functions of our website as detailed below.

If a person provides to the Data Controller personal data on behalf of a third party, he/ she should ensure that the third party has been previously notified with this Policy.

(4) LEGAL BASIS FOR PROCESSING

We only process your personal data if at least one of the following legal bases is applicable:
  1. Performance of a contract/ agreement: personal data are processed in order to perform a contract/ agreement or to take steps at the request of the Data Subject prior to entering into a contract [indicatively purposes 2.2, 2.4, 2.7, 2.8 above].
  2. Legitimate interest: the processing is necessary for the purposes of the legitimate interests pursued by the Data Controller, provided that there is no serious impact on the fundamental rights and freedoms of the Data Subjects [indicatively purposes 2.1, 2.5, 2.6 above].
  3. Legal obligation: in some cases, personal data are processed for the purposes of the Controller's compliance with legal provisions (e.g. tax obligations) [indicatively purpose no.2.3 above].
  4. Vital interests: processing is necessary to safeguard the vital interests of the Data Subject or another natural person in particular where it is manifest that it cannot be based on any other legal basis [e.g. purpose 2.9 above].
  5. Consent: the data subject has clearly and unambiguously consented to the processing of his/ her personal data for one or more specific purposes after having been fully and in a clear manner informed about the processing and the purpose in question (e.g. for sending by the data subject of an online contact request or an expression of interest in volunteering or for sending a newsletter by the Data Controller). The relevant consent may be withdrawn at any time. Such withdrawal does not affect the lawfulness of the processing based on the consent prior to the withdrawal.

(5) DATA OF PERSONS BELONGING TO SENSITIVE SOCIAL GROUPS

Persons of Sensitive Social Groups are persons who come from or belong to one or more of the following social groups: victims of trafficking, sexual exploitation, violence or any kind of abuse, prostituted people, persons who are drug addicts, alcoholics, physically or mentally ill, and to whom we offer assistance.

In general, we do not process Personal Data of Persons of Sensitive Social Groups with whom we cooperate and to whom we offer our charitable work, either in an automated way or in a non-automated way through a filing system.

In the event that any information that identifies or could identify the persons in question is communicated to us in writing by the Persons of Sensitive Social Groups themselves (indicatively via email or website contact form), the procedure set out in paragraph 10 below applies. Based on the principles of Article 5 GDPR, we process the minimum possible data of
the persons concerned for the sole purpose of timely providing them assistance and communicating to resolve the issues for which they contact us. Once their data is no longer necessary, we deleted them immediately.

(6) RECIPIENTS

Your data are processed with special care only internally by our company and by the personnel
absolutely necessary for this purpose, following all necessary strict conditions of confidentiality and secrecy. In the event that we use other natural or legal persons who process personal data on our behalf and in accordance with our instructions (e.g. accountants), we will ensure that the party carrying out such processing has undertaken all appropriate security and protection measures for personal data as required by law.

Personal data collected may be disclosed or transmitted to third parties, if this is required to fulfil obligations by law, or if explicitly requested by the Data Subject or if necessary for the fulfilment of the functions of our website. In any case, care is taken to ensure that the guarantees of the relevant legislation are observed.

Anonymized data may be sent to third parties for statistical, scientific and research purposes and provided that appropriate technical and organizational measures are in place to ensure that such remain anonymous.

(7) DURATION OF PROCESSING

We retain the Personal Data of natural persons for the relevant period of time necessary to fulfil the specific processing purpose and any other permissible related purpose (for example, dispute of a claim brought against us). Where the data is used for two purposes, we will keep it until the purpose with the longer duration ends, but we will stop using it for the purpose with the shorter duration once the relevant time period has lapsed. Information that is no longer necessary will either be made anonymous (and information that has been made anonymous may be retained) or securely destroyed.

It is also noted that Personal Data of Data Subjects are kept throughout the duration of their relationship with us and, after such ends, for as long as it is provided by applicable law that claims may be raised by the parties or, in case a claim is raised, until the irrevocable resolution of any dispute.

Especially for the data that the Data Controller processes on the basis of the Data Subject's consent (e.g. for newsletter purposes), the Data Subject may withdraw his/her consent at any time and his/her personal data will no longer be processed for the particular purpose after the withdrawal of consent. For maintaining Personal Data of Data Subjects provided through the
Contact Form of our website please see paragraph 10 below.

(8) TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES

The data we collect is processed within the European Union. If your data is transferred to countries outside the EU/EEA, all necessary measures will be taken to ensure an adequate level of protection of personal data in accordance with applicable law.

(9) COOKIES/ GOOGLE ANALYTICS

Cookies are small text files that are stored in your computer or mobile device when you visit a website. Our website only uses cookies from Google Analytics. The cookies banner provides further details on the use of cookies and ways in which you can delete or prevent specific cookies from being stored on your computer or mobile device.

Like most websites, this uses Google Analytics (GA) to keep track of its users’s activity. We use this data to know the number of people using our website, to better understand how they find and use our website, and to get more information about their browsing within the website. Although Google records data such as your geographic location, your device, your web browser and your operating system, none of this information makes you identifiable to us. Google also records your computer’s IP address, which could be used to identify you, but Google does not provide us with access to this information.

Google Analytics cookies are analytics/performance tracking cookies that allow us to collect anonymous information about how visitors use our website. These cookies can tell us about how many visitors use the site, the time and duration of access, and also provide information about how visitors navigate to different parts of the site. This information helps us to improve the
way our website works. It is anonymous information and does not contain any personal data.

The information collected by Google Analytics cookies about our website is transferred to and stored on Google’s servers in accordance with Google’s privacy policy. For more information regarding Google Analytics, please click on https://support.google .com/analytics/answer/6004245

You can turn off Google Analytics by clicking https://tools.go ogle.com/dlpa ge/gaoptout?hl=en=GB

If you disable these cookies, your use of the website will not be counted, nor will it be used in the statistics we collect to improve the services we provide through the website. The functionality of the website will not be affected.

(10) CONTACT FORM AND E-MAIL LINKS

If you choose to contact us using a contact form or a link to our email address, none of the data you provide will be stored by this website or transferred or processed by any third party data processor. Instead, this data will be sent to us by an email message via the SMTP (Simple Mail Transfer Protocol). Our SMTP servers are protected by TLS (sometimes known as SSL) security protocol, which means that email content is encrypted before it is sent over the internet. Email content is decrypted by our local computers and devices.

Especially for the contact form on our website:

10.1 In order to contact us electronically for any issue you wish (indicatively for assistance to Persons of Sensitive Social Groups, general questions, information to the general public about our work, expression of interest for internships), and for us to answer you, it is necessary to enter the following personal data on our website: your full name and email. Optionally you can choose to enter a text in the "message" field and enter your telephone number. As this is a unified form and due to the nature of our activities, we consider it quite possible that sensitive data under Special Categories of data will be communicated to us: e.g., health data or data related to sexual life. Therefore, the processing of all personal data provided by you through the contact form is carried out on the basis of your consent in accordance with Art. 6 para. 1(a) or Art. 9 para. 2(a) GDPR and for the purpose of managing and satisfying your request for contact.

Consent is only given if you check the relevant box (“tick box”) on our website. If you do not provide the relevant consent, you cannot send us the relevant form.

10.2. In case that Persons of Sensitive Social Groups communicate themselves with us via a website contact form (or email) data belonging to Special Categories’ of Data: e.g. health data or data related to their sexual life, we will immediately delete the relevant email from our electronic files (without possibility of retrieval) and consequently we delete the data belonging to the Special Categories’ in question. We will only keep plain data (name, email, telephone number) of the persons concerned for a period of up to one (1) month from the receipt of the request, solely for the purposes of communication and assistance to these persons. If the
communication with these persons needs to last more than one month, the relevant contact data will be kept on the basis of the consent provided.

10.3 In case of requests from other persons (e.g. the general public, internship applicants) we estimate that data belonging to Special Categories’ of data will not be provided. Such request for contact will be fulfilled as soon as possible and the Personal Data will be deleted within one (1) month of receipt of the request. It is clarified that the processing of data of internship candidates who at a later stage submit a specific application/form to us, will be processed in accordance with the provisions of our Policy for Processing Personal Data of Personnel.

10.3. We do not transfer the above personal data to any third party, unless you agree to this at a later stage, depending on the issue you raise with us. The company providing us with website management/maintenance services may have access to your personal data above to the extent necessary for the provision of its services.

10.4. At any time, you may exercise the rights set out in paragraph 12 below regarding your personal data (right of access, rectification, erasure, objection, restriction of processing of your data and portability, as well as withdrawal of consent, by means of a written statement to us in the details in paragraph 12 below).

(11) NEWSLETTER

If you choose to participate in our email newsletter, the email address you submit will be used exclusively for our activities and for sending informative material from our email. The email address you submit will be stored in the database within the website by our internal IT systems. Your email address will remain in our database for as long as you wish and participate in our actions. You can delete it by using the unsubscribe link contained in all email newsletters we send you. As long as your email address remains in our database, you will receive periodic email updates from us.

(12) RIGHTS OF NATURAL PERSONS

As a data subject of personal data, you have the following rights:
Right of access: you have the right to be informed by us, among other things, if and how we process your personal data, for what purpose we collect and use your personal information, which personal data we hold about you, for how long we store this data and whether automated decision-making is carried out.

Right of rectification: you have the right to request from us to correct your personal information that is inaccurate or to complete incomplete personal information, under the conditions set by law.
Right to erasure: You have the right to request from us to delete your personal data if there is no reason for us not to delete it.
Right to restrict processing: You have the right to request from us to restrict the processing of your personal data under the conditions set out by law.
Right to object: you have the right to object at any time to the processing of your personal data or to withdraw the consent you have given us, in which case we will stop the respective processing if there are no legitimate and compelling reasons to justify further processing of your personal data.
Right to portability: You have the right to request from us to receive in a readable format the personal data you have provided to us or to request that we transfer it to another controller.
Right to object to automated processing: you have the right to request from us not to subject you to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or significantly affects you in a similar way.
Right to withdraw consent: you have the right to withdraw the consent you have provided to us for the processing of your data at any time.
You may exercise your rights at any time by sending a request to contact@hagar.gr or by letter to 15 MAYER STR, ATHENS, GR 10438. We will consider your request and respond to you accordingly within thirty (30) days from receipt and confirmation of your identity, unless the request is unusually complex and complicated, in which case, the time period may be extended for an additional sixty (60) days, in which case you will be informed accordingly. Satisfying your request is generally free of charge. However, if a request is manifestly unfounded or excessive, a reasonable fee may be charged. In any case, we would like to inform you that if we do not respond to your request and you believe that the legislation on the protection of your personal data has been violated, you have the right to file a complaint with the Hellenic Data Protection Authority (Hellenic Data Protection Authority): 1-3 Kifissia Street, Athens / www.dpa.gr, tel. 2106475600.

(13) SECURITY

We ensure that we implement all necessary technical and organizational measures to protect personal data from unauthorized access and misuse. The measures taken include preventive security procedures, control of access rights to authorized personnel and technical and physical mechanisms to restrict access.

We implement appropriate security measures to protect Personal Data from accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access. The IT systems we use to process data are technically isolated from other systems in order to prevent unauthorized access.

All web traffic (file transfer) between this website and your browser is encrypted and transferred via the HTTPS protocol using SSL (Secure Sockets Layer).

(14) CONTACT

For any information or clarification regarding the processing of your personal data, you can contact us either by post at 15 MAYER STR, ATHENS, GR 10438, or by e-mail at contact@hagar.gr

(15) AMENDMENTS TO THIS POLICY

From time to time it is necessary to adjust the content of the information included in this policy. In the event of future modifications, we will post the modified version here so we encourage you to check this page occasionally for any changes to this privacy policy. Your continued use of the www.hagar.gr website even after any changes to this Privacy Policy, means your unconditional acceptance of these terms.