Skip to main content

Notice on the Processing of Personal Data Collected in the Context of Grant Making Activities

This Notice intends to provide you with information on how personal data is being processed in the context of SNF grantmaking activities.

The Stavros S. Niarchos Foundation for Charity (also known as Stavros Niarchos Foundation or SNF) is incorporated in Bermuda to operate as nonprofit organization for charitable purposes and has offices in New York, Monaco and Athens. Data Controller is the Greek SNF office, located in Athens, at 86A Vasilissis Sofias Ave., PO Box 115 28, tel. +30 2108778300 (“Data Controller”).

We would like to assure you that the SNF is committed to protecting the security, integrity and confidentiality of your personal data and to inform you of the following.

  1. What categories of personal data do we collect on you and from whom do we collect it?

When you submit an online grant request, we collect from the organization’s representatives to which we make grants or whose grant requests we evaluate, certain personal data of a professional nature on the employees of, suppliers of and persons who provide services to these organizations. More specifically, the personal data we collect and process are the following:
(i) basic identification data (name and last name, Identity Card number and TIN),

(ii) contact information (including telephone number, email and work address),

(iii) financial data (receipts, invoices, salaries and wages), and

(iv) data concerning professional capacity (including CVs, academic background and qualifications)

  1. For what purposes do we collect your personal data and what is the legal basis for the processing of this data?

We collect, process and store your personal data for the purpose of ensuring correct management of SNF grants by grantee organizations. The legal basis justifying this processing is the prevailing legal interest of the SNF when evaluating a grant request as well as in ensuring that the grantee organizations use our grants for the purposes and under the terms we have agreed.

  1. With whom do we share your personal data?

In principle, the data you provide us with is not disclosed to third parties and is in no way made public or in any way exploited. In exceptional cases, your personal data may be transmitted to third-party service providers, who process your personal data solely for the fulfillment of their obligations. In this case, the third parties (such as third-party service providers, security services or consultants etc.) act as Data Processors on behalf of the Data Controller and are contractually bound to implement adequate technical and organizational measures in accordance with applicable legislation.

As a rule, we do not transfer your personal data outside the European Economic Area (EEA) and if we do, we ensure that the transfer is lawful and has the appropriate safeguards as set out in the General Data Protection Regulation 679/2016/ΕΕ (GDPR).

The Data Controller forwards your personal data, via a digital platform, to SNF New York and SNF Monaco offices for the purpose of integrated financial management of the grants we make globally.

Also, the Data Controller may disclose your personal information in the following cases: (a) When it has your explicit consent to publish your data in any way, (b) if such disclosure is required to exercise SNF’s rights, or (c) if it is required by law, a court order or any other government or regulatory authority.

  1. How do we process your personal data and how long do we retain it?

Our processing of your data is limited to the appropriate and relevant data necessary for the aforementioned purposes. As a rule, we retain your personal data for a maximum of twenty (20) years from the completion of the grant. If there is a relevant lawsuit pending before a Greek court, we will retain your data for six (6) years after the court proceedings.
When processing of your personal data is no longer necessary, your data are destroyed in a secure manner or rendered anonymous, unless the law specifies otherwise.

  1. What are your rights?
  • Right of access: This means that you have the right to be informed by us if we are processing your personal data. If we are processing your personal data, you can ask for information about the purpose of processing, the type of data we hold, with whom we share it, how long we store it, but also about your other rights, such as correction, deletion, and submitting a complaint to the HDPA.
  • Right to rectification of processing: If you find that there is an error in your personal data, you can request that we correct it (for example, a name correction or an update of an address change).
  • Right to erasure: You may ask us to delete your personal data if one of the reasons provided by the applicable legislation is in force.
  • Right to data portability: In the event the processing is based on your consent or is required in order to execute a contract with you or is done by automated means, you may ask us to receive, in a readable form, the data you have provided, or ask us to forward it to another controller/processor.
  • Right to restriction of processing: You may ask us to restrict the processing of your personal data, if a reason provided by the applicable legislation is in force.
  • Right to object: In certain cases, you may object to the processing of your personal data and we will stop processing your personal data, unless there are other compelling and legitimate reasons that prevail over your right. If you have consented to the collection, processing and use of your personal data, you may revoke your consent at any time with future effect.
  • Right to lodge a complaint with HDPA: If you believe that we are in breach of the applicable law for the protection of your personal data, you have the right to file a complaint with the HDPA, registered in 1-3 Kifissias Ave., 11523, Athens, Greece.
  1. Contact details

To access your personal data, to exercise the above rights as well as for any comments, questions or requests regarding the processing of your personal data, please contact the Data Controller in one of the following ways:

By letter to the address:
Attention: Ms. Lina Gioitaki

Stavros Niarchos Foundation
86A Vas. Sofias Ave., Athens 11528

By telephone at: 210-8778300

By email at: gdpr@snf.org