Privacy policy

March 2024

Society for the Protection of Prespa (SPP) is committed to protecting your privacy. This notice describes how we collect and use personal information about you.

This notice applies to personal information that we collect in connection with our website and other websites operated by us (e.g. polisprespa.gr), and our various social media accounts (“Websites”).

This notice also applies to personal information that is collected from you by our Support Team.

The data controller of your personal information collected through the Websites is Society for the Protection of Prespa, Agios Germanos, Prespa, Greece, Tax ID Number 090248099, Business Registry Number 154847555000.

Please read this notice carefully to understand how and why we are using your personal information.

  1. The kind of information we may hold about you

We may collect, store, and use the following categories of your personal information:

Personal contact details such as name, title, address, email address and telephone number.

Date of birth.

Country and language.

Information submitted as part of a competition operated through the Websites.

Information submitted as part of a survey operated through the Websites.

Records of correspondence with you whether by telephone, email, social media or otherwise.

Telephone call information, including call recordings, phone number and length of call.

Social media profile information, including profile name and picture.

Photographs you may submit to our Websites.

Details of your visits to the Websites, and information about how your device has interacted with our Websites, including search and browsing history, the pages accessed and links clicked.

Information collected automatically from your device, including IP address, device type, operating system, unique device identification numbers, browser-type, broad geographic location (e.g. country or city-level location) and other technical information.

  1. How is your personal information collected?

We collect information that you provide voluntarily. Certain parts of our Websites may ask you to provide personal information voluntarily, to register an account with us, to subscribe to a service from us, to subscribe to a newsletter from us, and/or to submit enquiries to us.  We also collect information that you provide voluntarily to our Support Team, whether in writing or by telephone or email.

The personal information that you are asked to provide, and the reasons why you are asked to provide it, will be made clear to you at the point we ask you to provide your personal information.

We also collect some information automatically when you visit the Websites. Collecting this information enables us to better understand the visitors who come to our Websites, where they come from, and what content on our Websites is of interest to them.

  1. Why do we collect your personal information?

The situations in which we will process your personal information are listed below:

  • To create an account for you to help us provide a more personalised service suited to meet your preferences.
  • To ensure that the Websites are presented in the most effective manner for you and your device.
  • To send you newsletters or provide you with information that you request from us, or which we feel may interest you.
  • To carry out our obligations arising from any contracts entered into between you and us.
  • To check the authenticity of applications.
  • To interact with you and handle and respond to communications with you.
  • To allow you to participate in interactive features of our Websites, when you choose to do so.
  • To promote Member interactions, activities and engagement.
  • To notify you about changes to our service.
  • To operate competitions on the Websites and communicate with entrants.
  • To obtain and analyse your feedback as part of Member/Visitor surveys.
  • To analyse behaviour within the Websites and improve the quality and relevance of our Websites to our visitors.
  • To facilitate the improvement and optimisation of our services to you.
  • To store information about your preferences to allow us to customise our site and newsletters according to your individual interests.
  • To monitor delivery and viewing of our newsletters to facilitate the improvement and optimisation of the delivery of the newsletter to you.
  • To handle any disputes which we may have with you.
  • To detect and/or prevent illegal or undesirable activities within the Websites.

Our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it, such as: (i) for the purpose of performing a contract with you, (ii) where the processing is in our legitimate interests and not overridden by your rights, (iii) where we have your consent to do so, or (iv) where we have a legal obligation to collect personal information from you.

If we collect and use your personal information in reliance on our legitimate interests (or those of any third party), this interest will normally be for our legitimate interest to operate the Websites and make these available to you as necessary to provide our services to you, for interacting with you, responding to your queries, for monitoring our communications with you, handling disputes, staff development and for the purposes of detecting or preventing illegal or undesirable activities.  We may have other legitimate interests and if appropriate we will make clear to you at the relevant time what those legitimate interests are.

If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us (section 14).

  1. What if you fail to provide personal information?

If you fail to provide certain information when requested we may not be able to provide our services to you, or we may be prevented from complying with our legal obligations.

  1. What if we want to use your information for a different purpose?

We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and will explain the legal basis which allows us to do so.

Please note that we may process your personal information without your knowledge or consent where this is required or permitted by law.

  1. How secure is your information?

We have put in place appropriate technical and organisational measures to prevent your personal information from being accidentally lost, used, accessed, altered or disclosed. The measures we use are designed to provide a level of security appropriate to the risk of processing your personal information and include:

  • Site access controls – only authorised personnel are able to gain access to premises, buildings and rooms where your information is being processed.
  • IT access controls – only authorised personnel are able to gain access to your information stored electronically within our IT systems.
  • IT security controls – use of appropriate technology and security measures to ensure secure storage of your information.
  • Policies & procedures – comprehensive data protection and IT security policies and procedures setting out the way in which your information must be handled by staff.
  • Training – delivery of ongoing data protection and IT security training to all staff handling your information.
  1. Who might we share your information with?

We may share your personal information in the situations detailed below:

– Service providers

We share your personal information with third parties who provide services to us. The following activities all involve the processing of personal information and are carried out by third party service providers: website hosting, website optimization and analytics, edge caching services, maintenance of call recording system, hosting and maintenance of social media platforms, document and information collaboration and sharing, IT services. Further details in respect of our third party service providers are available on request. Please contact us (section 14) for further information.

All service providers are required to take appropriate security measures to protect your personal information. We do not allow third party service providers to use your information for their own purposes. We only permit them to process your personal data for specified purposes in accordance with our instructions.

– Law, legal rights and vital interests

We may also need to share your information with a law enforcement body, regulator, government agency, court or other third party where we believe disclosure is necessary (i) as a matter of applicable law, (ii) to exercise, establish or defend our legal rights, or (iii) to protect your vital interests or those of any person.

– Consent

We may share your personal information where you have specifically consented to such disclosure. This includes, for example, publication of Gift Lists.

  1. Do you transfer my information outside of the European Union?

No. Our Websites are hosted on servers within Europe.

  1. How long do we keep hold of your information?

We only retain your information for as long as necessary for the purposes described above, including for the purposes of satisfying any legal, accounting, or reporting requirements.

When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymise it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which it has been processed, and whether we can achieve those purposes through other means, and the applicable legal requirements.

In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.

  1. What are your rights in connection with your personal information

Under certain circumstances, by law you have the right to:

  • Request access to a copy of the personal information we hold about you.
  • Request correction of any incomplete or inaccurate information we hold about you.
  • Request erasure of information where there is no good reason for continued processing.
  • Object to processing of your information where we are relying on a legitimate interest to process your information.
  • Where we are processing your information for a particular purpose based on your consent, you have the right to withdraw your consent at any time.
  • Request restriction to suspend our processing of your personal information.
  • Request transfer of your personal information to another party which you have provided to us.
  • Opt out of newsletters which we send you at any time.

If you want to exercise any of these rights please contact us (section 14).

You will not have to pay a fee to exercise any of your rights, however we may charge a reasonable fee if your request is unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

Please note that we may need to request information from you to confirm your identity and establish your entitlement to these rights.

If you are not satisfied with our processing of your personal information, you also have the right to make a complaint to the relevant supervisory authority. Please see here for the relevant contact details:

Hellenic Data Protection Authority (HDPA)

Postal Address: Data Protection Authority Offices: Kifissias 1-3, 115 23 Athens, Greece

Call Centre: +30210 6475 600

Fax: +30210 6475 628

E-mail: contact@dpa.gr

  1. What we ask of you?

It is important that the personal information we hold about you is accurate and current. Please contact us (section 14) immediately and inform us of any changes to the personal information which we hold about you.

  1. Change to this privacy notice

We may update this notice from time to time. When we update this notice, we will take appropriate measures to inform you, consistent with the significance of the changes.  We will obtain your consent to any material changes if and where this is required by law.

You can see when this notice was last updated by checking the date displayed at the top of this notice.

  1. Under Age Users

SPP restricts the use of the Websites only to adult users. Furthermore, SPP intends not to collect personal data of minors who may have access to its websites in violation of the above. However, as this is not feasible for SPP to fully ensure / confirm that any minor users of the site who transmit their personal data to SPP are obliged and expected to have received the consent of their parental care or their potential commissioners. Adults are required to exercise proper supervision of minors under their responsibility when browsing the web on the Internet and in particular on this Site. Article 21 of Law 4624/2019 regarding the consent of minors above 15 years of age applies as normal. The above article stipulates that the processing of personal data of a minor, when being offered information society services directly to him or her, is lawful if the minor has reached the age of 15 and gives his or her consent.

  1. Contact us

If you have any questions, complaints or requests please make contact with Zenia Anastasiadou by email: contact@spp.gr