Skip to main content
Home

Notice on the Processing of Personal Data Collected in the Context of Grant Making Activities

This notice on the processing of personal data in the context of grant making activities (“Notice”) intends to provide you with information on how personal data is being processed in the context of SNF grantmaking activities. The Stavros S. Niarchos Foundation for Charity (also known as Stavros Niarchos Foundation or SNF) is incorporated in Bermuda to operate as nonprofit organization for charitable purposes and has offices in New York, Monaco and Athens (“SNF”). Data Controller is the Greek SNF office, located in Athens, at 86A Vasilissis Sofias Ave., PO Box 115 28, tel. +30 2108778300 (“Data Controller”).

We would like to assure you that the Data Controller is committed to protecting the security, integrity and confidentiality of your personal data and to inform you of the following.

  1. Which personal data does the Data Controller collect?

When you submit an online grant request, we collect from the organization’s representatives to which we make grants or whose grant requests we evaluate, certain personal data of a professional nature on the employees of, suppliers of and persons who provide services to these organizations. More specifically, the personal data we collect and process are the following:

(i) identification data (name and last name, Identity Card number and TIN),

(ii) contact information (including telephone number, email and work address),

(iii) financial data (receipts, invoices, salaries and wages), and

(iv) data concerning professional capacity (including CVs, academic background and qualifications).

  1. For what purposes does the Controller collect your personal data and what is the legal basis for the processing of this data?

The Data Controller collects and further processes your personal data for the purpose of ensuring correct management of SNF grants by grantee organizations. The legal basis justifying this processing is (i) the necessity in order to take steps at your request prior to entering into a contract (ii) the performance of the contract, (ii) the compliance with obligations imposed by applicable legislation, and iii) the legitimate interest of the Data Controller to establish, exercise or defense legal claims.

  1. With whom does the Data Controller share your personal data?

The Data Controller forwards your personal data, via a digital platform, to SNF New York and SNF Monaco offices for the purpose of integrated financial management of the grants we make globally. In this framework, the Data Controller has already signed data transfer agreements based on standard contractual clauses approved by the European Commission with offices of Stavros Niarchos Foundation in New York and Monaco. In order to obtain a copy of such standard contractual clauses, please contact the Data Controller at [email protected]

In addition, in the framework of cooperation with other recipients, any transfer of your personal data outside the EU/EEA for the purpose of achieving the above processing purposes, due to sharing of personal data with them, will be based on an adequacy decision issued by the European Commission or subject to suitable and appropriate safeguards and conditions to ensure an adequate level of data protection, e.g., data transfer agreements based on standard contractual clauses approved by the European Commission. For further information on how the Data Controller protects personal data when transferred outside the EU/EEA or in order to obtain a copy of the safeguards the Data Controller implements to protect personal data when transferred outside the EU/EEA, please contact the Data Controller at [email protected]

Also, the Data Controller may disclose your personal information in the following cases: (a) when it has your explicit consent to publish your data in any way or (b) if such disclosure is required to exercise SNF’s rights.

  1. How does the Data Controller keep your personal data?

The Data Controller ensures that the personal data it collects is processed for no longer than it is required for the fulfilment of the purpose of processing. The Data Controller retains your personal data for a maximum of twenty (20) years from the completion of the grant. If there is a relevant lawsuit pending before a Greek court, the Data Controller will retain your data for six (6) years after the court proceedings. When processing of your personal data is no longer necessary, your data are destroyed in a secure manner or rendered anonymous, unless the law specifies otherwise.

  1. What are your rights?
  • Right of access: This means that you have the right to be informed by the Data Controller if it is processing your personal data. If the Data Controller is processing your personal data, you can ask for information about the purpose of processing, the type of data the Data Controller holds, with whom the Data Controller shares it, how long the Data Controller stores it, but also about your other rights, such as rectification, erasure, and lodging a complaint to the HDPA.
  • Right to rectification: If your personal data is inaccurate or incomplete, you can request that the Data Controller rectifies them (for example, a name correction or an update of an address change).
  • Right to erasure: You may ask the Data Controller to erase your personal data if one of the reasons provided by the applicable legislation is in force (e.g., when the data are no longer necessary).
  • Right to data portability: Under certain circumstances, you may ask the Data Controller to receive, in a structured, commonly used and machine-readable format, the data concerning you, or ask the Data Controller to transmit it to another controller.
  • Right to restriction of processing: You may ask the Data Controller to restrict the processing of your personal data, if you believe that your personal data are inaccurate or that processing is unlawful or that the Data Controller no longer needs the personal data or you have objections to the automated processing (if applicable).
  • Right to lodge a complaint with HDPA:If you believe that the Data Controller infringes the applicable legislation for the protection of your personal data, you have the right to lodge a complaint with the HDPA, registered in 1-3 Kifissias Ave., 11523, Athens, Greece. More information on the competence of the HDPA and how to lodge a complaint, you can find at www.dpa.gr.
  1. Contact details

To access your personal data, to exercise the above rights as well as for any comments, questions or requests regarding the processing of your personal data, please contact the Data Controller’s Contact Person: Ms. Lina Giotaki, Phone number: +30 210-8778300, email: [email protected], address: 86Α Vasilissis Sofias Ave., 115 28 Athens, Greece.