The present Policy Privacy concerns the processing of personal data by the Panhellenic Cystic Fibrosis Association “Hellenic Society for Fibrotic Cystic Disease” (A.F.M. 099524287/ D.O.Y. A’ Athens), located at Karaiskaki Street, no. 28, Athens (6944255853, cysticfibrosis.gr@gmail.com) and is legally represented by its President Ms. Anna Spinou and is hereinafter referred to as
“Association”
The Panhellenic Cystic Fibrosis Association is a non-profit association of patients. It was founded in 1983 in Athens and represents patients with Cystic Fibrosis and their families nationwide. The Association is registered in the National Register of Private Sector Non-Profit Organizations providing social care services, as well as in the Special Register of Voluntary Non-Governmental Organizations.
In the context of activity of the Association processes personal data which it is committed to protecting in accordance with the General Data Protection Regulation – Regulation (EU) 2016/679 (“GDPR”), and Greek legislation, especially Law 4624/2019, as well as Law no. 3471/2006 on the protection of personal data and privacy in the electronic communications sector.
The collection and processing will be carried out in accordance with the Privacy Policy in force, which will be posted on this website.
With this Privacy Policy the Association as Personal Data Controller informs you about the manner and purpose of the collection and processing of personal data, the time of their retention, the conditions of their transfer to third legal recipients, and how to exercise your rights under the General Data Protection Regulation and the applicable Greek legislation.
PRINCIPLES OF LAWFUL PROCESSING
The Association subjects personal data to lawful and fair processing in a transparent manner, and for specific purposes, and collects the data that are appropriate, relevant and necessary for the purpose in question. The data are accurate, and are updated when required. The Association does not process personal data in a manner incompatible with the purpose of their collection. Take all appropriate measures for their accuracy, correction, deletion and protection against unauthorized or unlawful processing and accidental loss, destruction or damage.
By Him term Processing Signed any Act ή series Acts carried out at data personal character, such as or collection, registration, organization, storage, use, transmission, deletion or destruction.
PURPOSE OF DATA COLLECTION
The Association aims, among other things, to defend the rights of patients and their families, to strengthen and support them, to inform health professionals, to inform and raise public awareness, to promote research and to cooperate with institutional, public and private bodies.
Members of the Association are patients, parents, caregivers who are registered according to the procedures provided for in the statutes, after informing them of the Association’s objectives, completing an application form and paying the membership fee. The Association supported From Scientific Committee, η which consists of doctors and health scientists specialised in Cystic Fibrosis From all The hospitals of Greece where patients are monitored and treated. Honorary members of the association are exempt from the obligation to pay membership fees.
The data collected and processed by the Association are intended for:
- Its operation and the fulfilment of its statutory objectives
- the registration of new members
- communication with its members
- the free provision of medical equipment e.g. personal spirometer, portable oxygen, nebuliser on request of the patient or carer
- informing stakeholders and the media
- exchanging views and positions between members on issues that concern them in patient forums and closed groups on online social media
- participation in psychological support groups
- the processing of labour applications and the monitoring of employment contracts based on obligations arising from labour and insurance legislation
- Responding to requests and questions
- Information by mail, telephone, fax, e-mail, multimedia messages, online media and applications (Viber, WhatsApp, Skype, Facebook Messenger, Facetime, etc.)
- The notification of service interruption
- Compliance with obligations under the law
- To exercise and defend legal rights
MEANS OF COLLECTING PERSONAL DATA
The Association collects personal data:
- by filling in a paper or electronic form available on the website
- after contact by mail, telephone, email, social media, Information Society services (Viber, WhatsApp, Messenger, etc.).
- During events and actions
- From the browsing device you use to access our website and online social media pages
CATEGORIES OF NATURAL PERSONS & PERSONAL DATA
The Association, as the Data Controller, is obliged to carry out an identity check during the registration process of its new members, to verify the accuracy of their data and to update them at regular intervals.
OPERATION OF THE MEMBERS’ FORUM
Registered members of the Association have the right to participate in closed online social media groups (e.g. Facebook) and in groups with physical presence. Postings and discussions on the forum are confidential, reflect the views of the individuals and are not shared with third parties. The official positions of the Board of Directors are communicated by means of announcements.
ELECTRONIC COMMUNICATION
The registered members of the Association accept that they will receive news from the Board of Directors of the Association and are obliged to receive emails with content related to their subscription or automatic emails sent by the website for reasons of good use.
For any other category of recipients of electronic communication, the Association will seek and obtain the relevant consent.
TRANSMISSION OF DATA TO THIRD PARTIES
The Association may transfer personal data:
- where you have given your free and express consent, having been informed beforehand of the purposes of the transfer
- if required by the law (e.g. notification to public authorities, compliance with a judicial proceeding, court order or legal process) and if the notification is necessary to protect the rights of the Association.
- to third party service providers with whom it has a contractual relationship or subcontractors (processors and subcontractors) who
process personal data for account ‘s, e.g. accounting services, IT services, cloud services etc.
This transmission is subject to the provisions of Article 28 of the General Regulation Protection Personal Data, and the processors shall be bound by contractual clauses to provide adequate assurances regarding the implementation of appropriate technical and organisational measures, such that the processing complies with the requirements of this Regulation and the protection of the rights of the data subject is ensured. Where the processor or subcontractor processes Personal Data outside the EU/EOX, the transfer will be made by on Procedures and on conditions that provides the General Data Protection Regulation such as the EU Standard Contractual Clauses for transfer to third countries or other explicitly stated legal basis for the transfer of personal data to a third country.
USE OF COOKIES AND RELATED TECHNOLOGIES
The Website https://cystic fibrosis.gr/ uses cookies in order display The content and on basic functions of website, to protect its security, and to facilitate browsing it. You can read more about the Cookies Policy here.
PROCESSING SECURITY
The Association implements appropriate technical and organisational measures to ensure the necessary level of protection of personal data in relation to risks, improper use or unauthorised access to them. All information, which is related to the personal data of the persons are secured as confidential.
The Association has established organizational measures and procedures for data access by authorized Board members and individuals and for specific purposes processing, and uses secure passwords security, technology to detect network interference, encryption and verification technologies, procedures for secure connections, protection against malware.
RETENTION PERIOD FOR PERSONAL DATA
Personal data are collected and kept for as long as necessary for the purposes for which they were collected.
Membership data are kept at least for the period starting from the registration of a natural person as a member of the Association until the definitive loss of membership. Membership details may be retained in the Association’s records even after the loss of membership.
The period of data retention of both members and other categories of natural persons (employees, suppliers) is defined by the applicable legislation (tax, insurance, labour), by the need to respond to requests, the fulfillment of legal obligations of the Association, the repulsion of legal claims/complaints, as well as and for purpose
In case the retention period has expired and the Association may proceed to secure deletion/destruction of records, it will notify the individuals who are entitled to receive a copy of the records containing their personal data. The update may To done by email , announcement on the website of the Association, announcement in the press if the deletion/destruction concerns a large number of people.
RIGHTS TO PERSONAL DATA
Natural persons have:
- The right to be informed so that they know what personal data is processed by the Association and for what lawful, specific purpose
- The right to request access to their personal data by receiving a copy in a readable format (paper or electronic)
- The right to request the correction, completion and updating of their personal data
- The right to request restriction of further processing of data. In some cases the restriction of processing may result in the Association being unable to fulfil its statutory purpose or to monitor and perform a contract (with a supplier or employee).
- The right to request the deletion of their personal data if their retention is no longer necessary for the Association. This right is satisfied under conditions, as the Association may be required by law to retain them for longer periods of time. For members of the Association, the right of withdrawal is carried out in accordance with the procedures and timetables provided for in the statutes.
- The right to withdraw the consent they have given to the provision of their data.
- The right to receive their personal data in a structured, commonly used and machine-readable format, as well as the right to have the Association transmit such data to another controller without objection
- The right to object to processing if the processing is based on the legitimate interest of the Association as controller
- The right not to be subject to a decision taken exclusively
based on automated processing, including profiling
- The right to be informed in the event of a personal data breach and the breach is likely to cause a high risk to their rights and freedoms
EXERCISE OF RIGHTS
To exercise your rights regarding the processing of your personal data, please contact info@cysticfibrosis.gr
and at 6944255853.
The Association will reply within one month of receiving your request. Upon notification, the above deadline may be extended for two months, if necessary, if your request is complex and depending on the number of requests we receive.
Information shall be provided free of charge, unless the requests are manifestly unfounded or excessive, in particular because of their repetitive nature. In this case, once the Association has proved that the request is unfounded or excessive, it has the right to refuse to proceed with the request.
For further requests and actions regarding your personal data, you can also contact the Personal Data Protection Authority (Kifissia 1-3, Kifissia 1-3, P.O. Box 115 23, Athens, Greece, https://www.dpa.gr/, tel.: +30-210
6475600, e-mail: contact@dpa.gr
Last update May 2023