Privacy Statement

Introduction – Data Controller

Welcome to the personal data protection policy of the Non-Profit Organisation "SciCo" (hereinafter the "Policy").

The website located at www.scico.gr (hereinafter the "Website") is owned and operated by the Non-Profit Organisation "SciCo" (210 Kifisias Ave. | Chalandri | Athens | 15231 | Tel: (+30) 210 6775892 | Email: [email protected]) (hereinafter "SciCo", the "Organisation", "we", "us", "our").

The purpose of this Policy is to explain:

Which data we collect and process;
The purposes for which we process them and the legal basis for such processing;
Who the recipients of your data are;
How long we retain your data; and
What your rights are regarding your data and how you can exercise them.

The Organisation respects the privacy of visitors to its Website, as well as those who seek to communicate via this Website and/or via email or telephone, by applying all the requirements of European Regulation EU 679/2016 (hereinafter "GDPR") as well as the currently applicable national legislative framework regarding Personal Data Protection.

The term "personal data", as used in this Policy and in accordance with the applicable legal framework, refers to information of a natural person, such as name, contact number, and electronic address (e-mail), which identify their identity directly or indirectly (hereinafter "Personal Data" or "Data").

You, as visitors, users, volunteers, job applicants, participants in our activities, or partners, are referred to as "data subjects", while the Organisation is the "data controller" of your Personal Data.

"Processing of Personal Data" means any operation or set of operations performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.

Core Principles for Processing Your Data

We are committed to processing your data in a fair and transparent manner, always in accordance with the current legal framework, including the General Data Protection Regulation.

In practice, this means:

We collect and process your Data only for specified, explicit, and legitimate purposes.
We collect and process only the Data that is necessary for the purposes we set.
We make every effort to ensure your data is accurate, providing you, where appropriate, with the possibility of rectification and/or erasure.
We retain your Data for a limited period, determined as necessary either by law or by our corporate policy to fulfill the processing purposes set by the Organisation.
We make every effort to safeguard the security of your data against unauthorised or unlawful processing and against accidental loss, destruction, or damage.

Source of Your Data

Data you provide to us

As a rule, the Organisation collects and processes your data only when you provide it directly and voluntarily. If you choose to send us your CV or an expression of interest regarding our volunteer actions, or generally contact us (either by filling out the contact form via our website or by phone), you consent to us collecting and processing your personal data for the purposes mentioned below. You have the right to withdraw your consent at any time without justification by making a relevant statement to our Organisation. In this case, the lawfulness of the processing that took place up to the moment of withdrawal is not affected. Any withdrawal of your consent will result in the inability of further communication and service from our Organisation.

Data collected automatically

However, the above rule cannot apply absolutely in two cases within the context of the Website's operation: i) data collected with the help of cookies (see details here) and ii) certain data collected automatically during your visit to our website.

Due to the nature and way the internet operates, as soon as you visit our website, our server records your IP address, which constitutes personal data, even if we as a website cannot identify you on our own based on this element.

The reasons we collect your IP address, along with the date and time of connection, and maintain it in special files (log files) are:

Our legitimate interest in processing this data to guarantee the security of networks, information, and services from accidental events or illegal/malicious actions that jeopardise the availability, authenticity, integrity, and confidentiality of stored or transmitted data (e.g., controlling "denial of service" attacks).
The legal obligation to provide the most secure environment possible for the processing of your personal data.

What Data We Process, for What Purpose, and on What Legal Basis

Our Website is an "electronic space" where we showcase the activities and goals of our Organisation as well as our provided services (organisation of educational programs, seminars, talks and workshops, executive training, etc.). Our purpose is to make our actions and services known through this Website and to establish an easier way to communicate with you via the internet.

The current legislative framework requires a legal basis for processing your Personal Data. Generally, this will be one or a combination of the following:

Processing is done with your consent;
Processing is necessary for the performance of a contract with you;
Processing is done for the Organisation to comply with a legal obligation; and/or
For the pursuit of the legitimate interests of the Organisation, unless these interests override your interests or fundamental rights and freedoms.

You can visit and browse our Website without revealing any Personal Data. However, if you wish to contact us via the contact form on our Website, you will be asked for personal information such as your name, email address, and your capacity/status.

Furthermore, certain sections of our Website may provide links to social media platforms using the corresponding social media plug-ins (e.g., Facebook, LinkedIn, Twitter). When accessing our page via a social media account, the Organisation may (based on the users' applicable privacy settings) have automatic access to the information provided by you on the relevant social media platforms. The Organisation may use this information within the framework of its activities, specifically to provide information about its actions and services, and to communicate with you by responding to messages you send us. The legal basis for the above processing is your consent. You provide your consent by "liking"/"following" our page and can withdraw it just as easily by "unliking"/"unfollowing." The Organisation is not responsible for the manner or means by which social media platforms process your data. You can read the privacy practices of LinkedIn, Facebook, and Twitter for more information.

The processing of Personal Data by the Organisation is carried out for the following purposes:

To serve your requests of all kinds (e.g., to be able to contact you, responding to your message and your request for more information regarding our services);
To serve our contractual relationship;
To contact you to schedule an in-person meeting;
For the more successful organisation of educational programs, seminars, festivals, workshops, etc.;
For our compliance with legal and regulatory obligations.

Processing of Personal Data of Job Applicants

The Organisation processes personal data in the context of your participation in the recruitment process. In this context, we process relevant information to identify job applicants, evaluate employment applications, and for other human resources processes necessary to evaluate and examine applications and not for further purposes. The information collected includes:

Your personal details (name, address, age) and contact details (email, phone number).
Information included in your CV (job title, education, professional qualifications, work experience, publications, scientific activities, social media professional profiles, programs/activities you participated in).

We collect data directly from you, but may also collect data from third parties, such as previous employers. Further information will be collected directly from you at the start of employment (ID number, bank account details, marital status, disability/accessibility needs, etc.).

If your application is unsuccessful, we will keep your data on file for 6 months for future job openings. After this period, your data is permanently deleted or destroyed. If successful, the data will be transferred to your personnel file for HR management purposes.

Processing of Personal Data of Volunteers

The Organisation collects Personal Data of volunteers upon their expression of interest. This includes name, contact info, email, age, gender, and information regarding status (student, teacher, etc.), field of study, or previous volunteer experience. This information forms a record for organizing volunteer actions and is processed only by authorised personnel. By expressing interest, you consent to this processing. The Organisation retains this data for as long as the volunteer wishes to participate.

Recipients of Your Data

Your Personal Data will be disclosed to third parties acting on our behalf for further processing (marketing, data management, technical support, etc.). Examples include associated companies, authorised staff, volunteers under a duty of confidentiality, external partners, sponsors, suppliers, and third-party service providers. These parties are contractually bound to confidentiality and lawful processing. We will also disclose data to Supervisory and Administrative Independent Authorities if requested or required by law. We do not transfer data to third parties for their own marketing/advertising purposes.

Data Transfer Abroad

Data may be processed and stored in countries inside and outside the European Union. If we transfer data to third countries without the same level of protection, we guarantee that appropriate measures are in place to protect your data in accordance with this Policy and applicable law.

Retention Period and Place of Storage

We retain data for as long as required to serve you and fulfill obligations arising from tax, community, and other legislation. Afterward, data is securely and permanently deleted. We use servers located within the European Union. We use third-party security applications (e.g., firewalls) to ensure data protection.

Cookies

We use "cookies" to facilitate navigation and remember preferences. You can view our detailed Cookie Policy here.

Data Security and Hyperlinks

We implement technical and organisational measures (SSL certificates, encryption, staff training) to protect data. However, since internet confidentiality cannot be 100% guaranteed, we urge caution when disclosing info online. Our website may link to third-party sites; we are not responsible for their privacy practices.

Your Rights Regarding Your Data

Under the GDPR, you have the following rights:

Right of Access: To know if and how we process your data.
Right to Rectification: To correct or complete your data.
Right to Erasure ("Right to be Forgotten"): To request deletion under certain conditions.
Right to Restriction of Processing: To limit how we use your data.
Right to Object/Withdraw Consent: To oppose processing at any time.
Right to Data Portability: To receive your data in a machine-readable format.

To exercise these rights, email: [email protected]. We will respond within 30 days. For complex requests, this may be extended by an additional two (2) months. You also have the right to lodge a complaint with the Hellenic Data Protection Authority (Kifisias 1-3, 115 23, Athens | +30 210 6475600 | [email protected]).

Children's Policy

We do not collect data from minors except within the context of specific actions with parental consent. Visitors under 18 should not submit data. If we discover unauthorised data of a minor, we will delete it immediately.

Applicable Law

Processing is governed by Regulation EU 2016/679 and national law. The Courts of Athens have jurisdiction over any disputes.

Amendments

This Policy is updated as necessary. Significant changes will be posted on our website before taking effect.

Further Information

Date of Posting: October 2020