Privacy Policy

Import

Thank you for visiting the website of the non-profit association under the name "Association for the Enhancement and Safeguarding of Public Health "Prometheus"", (hereinafter "the Association" or “Prometheus”). Prometheus is based in Athens, on Leof. Alexandras 213 B., P.C. 11523 and is represented by its General Manager, Giorgos Kalamitsis. The purpose of Prometheus is to strengthen public health and provide support to vulnerable social groups.

We consider the protection of your personal data to be particularly important and we want you to feel safe when you visit our website.
Before using our website, please read this policy carefully to understand how and why we collect, use and store your personal information.
As reflected in the Terms of Use of the website and the Cookies Policy, the services provided through the website are addressed to a general public, are not aimed at children and do not intentionally collect personal information from persons under the age of 18.
The protection of the personal data and privacy of our partners, employees, volunteers and visitors is an important priority for Prometheus. For us, confidentiality is not only a legal obligation but a basic pursuit and moral commitment, especially towards our beneficiaries. For this reason, on the one hand, we are particularly demanding regarding the privacy policy and the terms of registration of personal data, and on the other hand, we are always at your disposal for any questions, clarifications or observations regarding the protection of your personal data. Without prejudice to the specific provisions of this Policy, no personal information is rented, sold, publicly posted or disclosed to other companies, organizations or websites.

By accepting this protection policy, you agree to the collection, storage and further processing of your personal data by the Association, in accordance with the General Data Protection Regulation (EU) 2016/679 (hereinafter GDPR), national legislation (Law 4624/2019) and this Policy.

You can generally visit the website of Prometheus without us requiring your personal data, other than your IP address, which is automatically collected and is necessary for the creation of the temporary "connection" of a terminal to any website. Other personal data pf yours are only obtained if you provide us with this data, for example, when registering as a supporter, submitting a new member application form, participating in a survey or executing a contract.

1. Definitions 

Personal Data is information or a combination of information that can directly or indirectly lead to the identification of a person. This means that personal data include information such as email address, home address, telephone number, photographs, personal preferences and purchasing habits, financial information, and social welfare information. They may also include unique numerical information identifiers such as your computer's IP address, as well as cookies (see below).

Sensitive Personal Data are information or a combination of information relating to the core of privacy, such as racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data relating to a person's health, sex life or sexual orientation. These data enjoy greater protection and their processing It is only allowed in special cases.

Processing of personal data is any operation or series of operations performed on personal data, such as the collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, search for information, use, transfer to third parties, dissemination, association, combination, restriction, erasure and destruction of Personal Data of natural persons.
A personal data breach is a breach of security that results in accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data transmitted, stored, or otherwise processed.

A Data Controller is the natural or legal person, public authority, agency or other body that determines the purposes and manner of the processing of personal data.

The Processor is the natural or legal person, public authority, agency or other body that processes personal data on behalf of the Data Controller. The Processor processes the data on behalf of and in accordance with the instructions of the Data Controller and does not make decisions in relation to the means and purpose of the processing, but complies with the protection framework set by the Data Controller.

Third party is considered to be any natural or legal person, with the exception of the data subject, the controller, the processor and the persons who, under the direct supervision of the controller or processor, are authorised to process the personal data.

2. Data Controller

The controller is the natural or legal person, public authority, agency or any other body which, alone or jointly with others, determines the purposes, conditions and manner of processing of personal data. With regard to the data you share with us when using our website, the Data Controller is exclusively Prometheus.

For the purposes of this privacy policy, you may contact the controller at the following email address: info@promitheasngo.com , if you wish to object to the collection, processing or use of your personal data by Prometheus or to exercise any of your rights, in accordance with applicable data protection legislation and this policy.

3. General Terms of Personal Data Protection

The processing of your personal data is confidential and Prometheus takes all reasonably necessary technical and other means to ensure the confidentiality of such processing. Access to your personal data is only available to the authorized personnel of Prometheus, on a case-by-case basis and depending on the purpose of the processing.

As a visitor to this Website, you will remain anonymous. The data we store and analyze are used only for statistical purposes, in order, for example, to continuously improve our website and its content. In summary, the data stored in our files are the name of the Internet provider you use, the website from which you visited the Prometheus website, the individual pages of the Prometheus website that you browsed, your IP address as well as the date and duration of your browsing on the website.

4. Data We Collect

To give you an overview of the details, we use tables, which allow us to inform you in a transparent, understandable and easily accessible way in plain and understandable language. Below we present the data we collect. As there is data of different kinds, we have grouped it into categories so that the presentation is easier to understand.

Α. Connection and Communication

When you visit the website Time, date, duration of visit, user's place of origin, language settings, settings and operating system of the device, activity data, time of use, redirect URL, status report, user information (information about browser version), operating system, result and browsing history, type of data viewed, IP address, and other information related to the connection protocol.
When you register on the website Full Name, Email Address
When you apply to register as a member of Prometheus through our website Name
Surname 
Email address
Contact phone number 
Home address
Date of Birth
Vocation
When you make a donation Name
Surname
Bank account, debit/credit card information and payment information
When you fill out a questionnaire Results of questionnaires in which you have agree to respond to or information submitted to us by you during your participationin a survey
When you contact us via email Email address
Any other personal data you share with us

Β. Cookies

Prometheus collects non-personal identification data of users (browser type, type of computer, operating system, internet providers, etc.) and/or monitors Internet Protocol addresses (IP Address) using corresponding technologies (cookies or trackers).

Cookies are small text files that are stored on each user's hard drive without being able to access documents or files from the user's computer. They are used to facilitate user access when using specific services and/or pages of the website, as well as for statistical reasons.

Some cookies are stored by the server on your terminal device (computer, mobile phone, etc.) when you navigate it because they are necessary for the proper and effective functioning of the website, while other cookies are stored on your terminal device only if you give your consent to this (e.g. cookies for measuring and analyzing traffic, cookies for sharing content on other pages, etc.). For more information about the cookies used by the website, please visit the Cookies Policy page.

Γ. Participation in programs

Prometheus conducts programs to support and empower vulnerable social groups, with emphasis on the provision of free health services. In order to participate in these programs, it is often necessary to collect, store and process personal data of the beneficiaries of Prometheus. In addition, these data may be processed in order to draw overall conclusions or provide further health services to the subjects of these data, always after the explicit consent of the latter (Purposes of the processing). Where possible, Prometheus pseudonymizes or even anonymizes these data, so that it is not easy (or even possible) to identify their subjects and generally takes every possible technical and organizational security measure in that direction. In addition, for the implementation of a program and the achievement of one or more of the above processing purposes, such data are sometimes transmitted to the partners or entities with which Prometheus carries out the respective program. Such a transfer is always carried out in the context of a relevant contract, which adequately ensures the protection of such data. All the above processing operations are always carried out after the prior, written and explicit consent of the data subjects – beneficiaries, which is provided by the latter when they register in the respective program and are informed about it or in a later period of time and in any case before their further processing. Prometheus retains these data for a period of 5 years from the end of the respective program or processing purpose, unless otherwise provided for a particular program or the law. Data subjects have the right to request the deletion of their data from the electronic file of Prometheus and in general to exercise their rights in accordance with the applicable provisions and Prometheus will satisfy the relevant requests in a reasonable time. The exercise of the right to erasure does not negate any processing and/or further processing of the data extracted from this processing (e.g. the results of the measurement of the data However, it makes it impossible to identify you in any subsequent processing of this data. In the event that a participant's data has already been transmitted to a third party in accordance with the above, Prometheus will inform the third party about the submitted request, but without establishing an obligation or liability of Prometheus due to the sending of the data already transmitted.

In any case, prior to your participation in a Prometheus program, we will inform you in detail and coherently about all the necessary processing operations of your personal data and any related restrictions on your rights, in particular the right to erasure. We will never collect your data without your prior explicit consent.

The data held by Prometheus are in no case transmitted or distributed or communicated to any other person (legal or natural person) for purposes other than those that the natural person-beneficiary originally sought (indicatively, and not restrictively, purposes such as: advertising, commercial, informational, etc.).

5. Data retention time

The retention period of your personal data is determined as follows:

  • The logs are kept for a period of 24 months.
  • The personal data that you share with us in the context of our communication (contact form, email) is kept for a period of 24 months from the end of our last communication.
  • The personal data that you share with us about your participation in one of our programs is retained for the period of time specified in the information form of the respective program.

For the configuration of Cookies, you can consult the relevant policy or the cookie banner.

In the event that any judicial actions or administrative audits of any kind arise, which require the retention of such data, Prometheus reserves the right to retain them until the end of the judicial or administrative procedures.

6. When we delete your data 

We generally delete the data after the purpose for which we collected it has been completed. Different rules apply depending on the purpose of the processing. When the storage period has elapsed, the data is deleted accordingly.

We delete your personal data at your request or in the following cases:
(a) In the event that you have subscribed to our website in order to receive notifications and newsletters by email, your personal data will be deleted in case you choose to unsubscribe from the newsletter via the "Unsubscribe" option. Once this happens, you will receive a separate notification from us at the email address you have provided in your account.
(b) in case you are a member of Prometheus and wish to be deleted, your personal data will be deleted as soon as ten (10) years have passed since your deletion.

In addition to the rules we have set, there are other periods for which we are obliged to keep a record. For example, tax information must be kept for a period of at least 5 years. These specific mandatory retention periods vary according to the applicable national legislation.
Despite your request to delete your data, we may retain some processed data, due to legal obligations. In this case, the data will not be used for any other purpose.

7. Underage Users

Prometheus restricts the use of this Website to adult users only. It is our intention not to collect personal data of minors who may have access to its website, in violation of the above provisions.

However, since this is not possible to be ensured/confirmed by Prometheus, any minor users of the website who transmit, through it, their personal data to Prometheus, are obliged and expected to have obtained the consent of their guardians or their guardians. It is recommended that adults exercise due supervision of minors under their responsibility when browsing the Internet and in particular on this Website.

8. Who we share personal data with 

In general, we do not use service providers to process your personal data. Any registration and processing of your personal data is strictly done on behalf of Prometheus and your data is not shared with third parties.

We will never transfer your data to unauthorized third parties. However, in order to provide you with our services, we may purchase services from certain third-party service providers, or even, in the context of the execution of donation contracts from foundations, institutions and organizations, cooperate with third parties, to whom we will give strict and limited access to certain data.

Specifically to ensure secure access to our website, we would like to inform you that access to certain of your information may be accessed, under strict conditions, such as encryption, contractual confidentiality clauses, etc., by contracted partners with us, e.g. logistics and software/cloud services companies.

Our partner service providers, who process your data as Processors on our behalf and in accordance with our instructions, have agreed and are contractually bound with Prometheus to maintain confidentiality, not to send data to third parties without our permission, to take appropriate security measures and to comply with the legal framework for the protection of personal data.

The transmission, processing and retention of such data by the above is carried out within the framework of a contract, under equally strict conditions and safeguards and on the basis of the applicable European and national legislation. In any case, before we transfer any data to an entity with which we cooperate, we check each of them so that all recipients of the data comply with the personal data protection obligations and prove the level of security they provide with sufficient data. In the event that our data sharing policy changes for any reason, we will update this privacy policy, which you can view at any time on our website.

With regard to the hyperlinks that may be included in our website, if they are provided by third parties, this privacy policy does not apply, but the respective privacy policy of each website applies instead.

Please note again that when you donate through our website, you are redirected to the PayPal website. The amount you donate will be charged to the card or account you submit with your donation. If you donate through PayPal, you consent to PayPal's use of your information as set out in PayPal's Data Protection Policy.

In accordance with the General Data Protection Regulation, we are obliged to disclose personal data to public or judicial Services or Independent Authorities, if such an obligation arises from a provision of law or a prosecutor's order or court decision/order, to the extent required by law or is strictly necessary for the prevention, detection or prosecution of criminal offences and fraud.

In principle, Prometheus does not transmit personal data to third countries (outside the EU or EEA) or international organizations, which do not ensure an adequate level of protection (based on an Adequacy Decision, etc.). Any transmission follows and complies with the relevant provisions of the current legislative framework, in particular art. 44 et seq. GDPR.

 

9. Purposes of Processing 

We use your personal data for the following purposes:

Fundraising: as a non-profit organization, we use your name and email address that you provided to us through your registration on our website in order to inform you about funding campaigns, donations, grants and other ways in which you can assist in our work.

Promotions of our activities: when you subscribe to our newsletter or otherwise give us your consent, we use your name and email address to inform you about promotional activities through newsletters, about new initiatives, programs and services that we think that may be of interest to you. You can in any case object to receiving such messages, either by selecting "unsubscribe" or by sending us a message to info@promitheasngo.com .

Other communication: there may be times when we will contact you by email, mail, phone or text message, depending on the contact information you have shared with us. This can be done for a variety of reasons, such as when we need to respond to and manage requests you have made.

Analytics, improvements, and research: we use personal data for research and analytics purposes. We may have a third party do this on our behalf. We may publish or disclose the results of the survey, including to third parties, in aggregated and anonymous form.

Security, fraud detection and prevention: we use the information, which may include personal data, to prevent fraud and other illegal activities. We also use this information to investigate and detect fraud. We may also use your personal data for risk assessment and security purposes, including user authentication. For these purposes, personal data may be shared with third parties, such as law enforcement authorities, as permitted by applicable law, and external consultants.

Legal processes and compliance: in some cases, we need to use the information provided, which may include personal data, to manage and resolve legal disputes or complaints, for regulatory reasons and compliance, for the implementation of the agreement(s) or for compliance with lawful requests from law enforcement authorities, to the extent required by law.

In particular, the following actions are related to our purposes and our presence on the internet:

  • To ensure that our websites work in the most efficient way on all your devices.
  • To send you news and information about our actions, so that you can evaluate our work and give you the opportunity to have an active participation in safeguarding rights in the field of health.
  • In order to comply with our obligations arising from a contract with you (most commonly donations) as well as to comply with the obligations imposed on us by law.
  • To invite you to participate in interactive actions through our website.
  • To invite you to participate in competitions that we organize and then to contact you if you register for the competition.
  • To ask you to participate in surveys we organize.
  • To store information about your preferences, which will be used to receive news and information based on those preferences.
  • To contact you in order to settle disputes that may have arisen between us.
  • To satisfy any legitimate interests of ours.
  • Exceptionally: (i) where we are required to do so by law, (ii) where it is necessary to establish, exercise or defend our rights and legitimate interests, and (iii) when it is necessary to safeguard your vital interests or the vital interests of any other natural person.

10. Legal basis

We collect personal data only when it is strictly necessary and the purpose is lawful and has been previously determined.

The legal basis for processing may vary from time to time, but it usually boils down to one of the following: (i) compliance with obligations under a contract between us, (ii) where there may be legitimate interests of ours, which do not conflict with your rights, (iii) where you have given us your free and explicit consent, and (iv) where we have a legal obligation to collect and process your personal data (e.g. an obligation under the GDPR etc.).

Analytically:

The automatic collection of the above personal data upon entering the website is based on the consent you give us by accepting this Policy, in accordance with Article 6 (1) (a) of the GDPR.

Your contact details and other personal data that you share with us are collected in order to be able to provide you with our services, as well as information about our services, in accordance with article 6 par. 1 (b) GDPR.

The information contained in the log files, such as IP address, geolocation data, day and time of visit to the website, etc. are also collected because we have a legitimate interest, in accordance with article 6 par. 1 (f) GDPR, to defend the security of networks, information and services from accidental events or illegal or malicious actions (e.g. online fraud) related to the availability, authenticity, integrity and confidentiality of data and at the same time an obligation to provide, in accordance with articles 5 par. 1 (f), 6 par. 1 (c) and 32 GDPR, a more secure environment for the processing of the user/beneficiary's personal data.

In case you allow us to use unnecessary cookies, we also collect certain data to analyze the usability, quality and marketing of our services in order to improve our services.

11. Security - Technical and Organizational Measures

Prometheus makes every effort and implements reasonable procedures to prevent access to and misuse of information, including personal data. We use appropriate operating systems, software and procedures to protect information that includes personal data and we take care of both the proper organization of the physical and electronic file and the safe destruction of files and storage media containing personal data. We also implement security procedures and technical and physical restrictions on access and use of the personal data present on our servers and we carry out internal audits and inspections to ascertain the security of the information and familiarize the staff with the relevant standards of proper personal data management. These measures are reviewed and amended, when necessary, with the aim of safeguarding your personal data.

Our staff has the necessary professional qualifications that provide sufficient guarantees in terms of technical knowledge and personal integrity to maintain confidentiality. At the same time, as part of introductory training, our staff is trained in the relevant procedures of Prometheus for the proper management of personal data.

Only authorized personnel can access personal data, exclusively in the context of their work.

12. Your rights

Your rights regarding the processing of personal data

  1. You have the right to obtain information about your personal data that we have stored at any time and to receive a copy of it, in accordance with applicable law and without any charge. We may ask for proof of your identity before providing you with this data. In some cases, we may not be able to allow access to certain personal data. For example, if your personal data relates to other people's personal data or if it is retained for legal reasons. In these cases, we will explain why you cannot obtain this data.
  2. You have the right to request the correction – updating of your data and Prometheus will proceed to their immediate correction.
  3. You have the right to request the deletion of your personal data and Prometheus will proceed to its deletion immediately. However, in some cases where applicable legal and tax obligations require mandatory data retention, the deletion of data may be prohibited. In these cases, we will explain why we cannot delete your personal data and for how long.
  4. You have the right to request that Prometheus cease processing your personal data and Prometheus will immediately cease processing it. If this is not possible, we will explain to you why we cannot stop processing your personal data.
  5. You have the right to request the restriction of the processing of your personal data by Prometheus and Prometheus will proceed to the immediate restriction of processing. If this is not possible, we will explain why we cannot restrict the processing of your personal data.
  6. You have the right to request the transfer of your personal data to another entity/organization and Prometheus will proceed to the immediate transmission of such data. However, in some cases, due to documented obligations of Prometheus, your request may not be accepted.
  7. You have the right to lodge a complaint with the competent supervisory authority (Personal Data Protection Authority).

Hellenic Data Protection Authority
Kifisias 1-3,
P.C. 115 23, Athens, Greece
Phone: 210 6475600
E-mail: contact@dpa.gr

To exercise your abovementioned rights, or if you have questions about this Privacy Policy, or if you need help exercising or understanding your privacy choices, please contact us at info@promitheasngo.com
You can also exercise your rights by post, at:
Prometheus
213 Alexandras Avenue B,
P.C. 11523
Athens, Greece

If your personal data has been transferred in accordance with this Policy to third parties, then the exercise of your rights will be based on the respective provisions of this Policy and Prometheus' contract with the specific third party.

In the event that we find a breach or leakage of your personal data, despite our compliance with all reasonable security measures, you will be immediately informed about it, and already within 72 hours from the moment it becomes noticed, we will have informed the Personal Data Protection Authority, as defined by the GDPR.

13. Management of Requests and Complaints 

For any issue concerning your personal data and the exercise of the above rights, you can contact Prometheus by submitting a request or a complaint to the following email address: info@promitheasngo.com. Your application or complaint will be received and reviewed by a suitably trained member of our staff and its content will not be disclosed to anyone else, staff member or third party, except to the extent necessary for Prometheus to respond to it.

Prometheus, with full respect for your rights, will make efforts to respond to your request or complaint within thirty (30) days of its submission. This period may be extended for an additional sixty (60) days, if this is deemed necessary taking into account the complexity of the request and the number of requests. Prometheus, in any case, will contact you regarding the extension of the response deadline within thirty (30) days. Exercising your rights does not require any costs. However, in the event that your requests are manifestly unfounded, excessive or repetitive, we have the right to either impose a reasonable fee on you or refuse to respond to your requests.

In any case, you reserve the right to contact the Hellenic Data Protection Authority.

14. Changes to the Policy

We reserve the right to amend this Privacy Policy to comply with legal or regulatory obligations from time to time. In addition, since Prometheus and our actions are constantly changing, this Privacy Policy may also change. If you would like to see changes made from time to time to this Privacy Policy regarding the use of Cookies, please visit from time to time this Privacy Policy to learn them. In the event that we make material changes or changes that affect you (e.g. if we start processing your personal data for purposes other than those set out above), we will contact you before we start processing.

15. Final provisions 

The protection of personal data is important to you. We will take the necessary technical and organisational measures to protect the data. Please do not forget that you are the owner of the data. The less information you provide, the more control you have. For example, if you want to browse anonymously and do not want your browsing behavior to be evaluated by independent third parties and partners from us, you must make the appropriate settings in the browser.

Your opinion matters to us!

If you would like to send us your feedback on this Data Protection and Privacy Policy, please contact us at our email!