Pursuant to the application of the General Data Protection Regulation (EU) 2016/679 (“GDPR”), the association under the name “Hellenic American Union” (22 Massalias Street, 10680, Athens) (the “HAU”) would like to inform you of the following:
1. What data is processed by the HAU: The HAU, in its capacity as data controller, processes personal data of adults who have become or wish to become a member of the association (“data subjects”), according to its articles of incorporation, as amended and in force. Data processed by the HAU may include: (a) personal information collected when data subject registers as a member of the HAU (including full name, nationality, home address, telephone number, occupation, VAT number, signature); (b) financial data relating to the payment of the data subject’s obligations due to the HAU, such as registration fees and annual or monthly membership dues or other kinds of financial assistance the data subject provides the HAU (indicatively through donations, inheritance, or legacies); (c) information relating to the data subject’s position or distinguished services that the data subject may have provided to the HAU (for the data subject’s distinction as an honorary member); (d) information on any disciplinary proceedings or sanctions that the data subject may be liable for and (e) information on the data subject’s participation in bodies of governance3 (Board of Directors, General Assembly) or consultative bodies or committees of the HAU, such as a vote (for decisions adopted in an open vote), signature, presence of the data subject at a meeting of a body or committee. The disclosure/ processing of the data specified above is a legal or contractual obligation of the data subject or a requirement for the registration or the termination of membership in the HAU. Where the data subject does not provide the above data or part thereof, he or she will not be able to register as a member or to preserve its status as a HAU member.
2. Data source: As the case may be, the source of the data may either be the data subject itself or/ the HAU through its bodies/committees, which confirm the data subjects’ compliance with the provisions in its articles of incorporation and the fulfilment of its purposes.
3. Purposes and legal basis of processing data: As the case may be, the purposes of processing personal data by the HAU are: (a) To register and identify the data subjects and to manage in general the data subjects as members of the HAU. For such data processing, legal basis for the processing shall be the performance of the relevant contract (registration act) concluded with the HAU and compliance with a legal obligation of the HAU. (b) To safeguard the interests of the HAU. For such data processing, the legal basis is that processing is necessary for the purposes of the prevailing legitimate interests pursued by the HAU (e.g. for the establishment, exercise or support of legal claims). (c) To prevent, deter and suppress actions infringing the HAU articles of incorporation and the purposes that the HAU serves. For such processing, the legal basis for processing is that processing is necessary for the purposes of the prevailing legitimate interests pursued by the HAU. (d) To notify its members about the HAU activities and to ensure the attendance of its members to the activities and events held by the HAU. For such processing of data, the legal basis is that processing is necessary for the purposes of the prevailing legitimate interests pursued by the HAU (i.e. the legitimate interests relating to the fulfilment of its purposes, as specified in its articles of incorporation). Where consent is provided by the data subjects, it shall be collected and used by the HAU according to its articles of incorporation (e.g. data subject’s registration as an honorary member). For all the above purposes, the HAU does not proceed with automated decision-making, including profiling of data subjects.
4. Recipients of data: As the case may be and depending on the purpose of processing, personal data may be transmitted to authorized employees i of the HAU and to companies associated with the HAU with which the HAU has executed a contract and which process the data on its behalf (e.g. IT companies, IT service providers, etc.), within their competencies and subject to the obligation of confidentiality, secrecy and compliance with data protection legislation. In addition, the HAU may transmit personal data to third parties where so required by law, or for the purposes of, or in connection with legal proceedings in which it participates, or otherwise for the purposes of supporting, exercising or defending its rights, or to third parties that are law enforcement authorities and have submitted a lawful transmission request, or where it considers that transmission is necessary in connection with an investigation into the suspicion or existence of illegal activity. Personal data will not be transmitted outside the European Economic Area.
5. Data retention time: The above data will be retained for the period of time required or allowed by the legislation/regulatory framework in force each time, taking into account the applicable prescription period, which may extend to up to 20 years. Specifically: (a) where processing is carried out under a relevant contract (registration act), the personal data will be stored for as long as necessary to fulfil the contract and to establish, exercise or support legal claims of the HAU arising from that contract; and (b) where the processing is imposed as an obligation by provisions under the applicable legal framework, personal data will be stored for as long as the relevant provisions so require.
6. Data subject’s rights: The data subject will have the following rights under the GDPR: (a) to receive a copy of the personal data held by the HAU, together with other information on how data is processed; (b) to request that personal data concerning him or her be rectified and, under conditions, to request the deletion or restriction of processing, or to object to the processing of personal data; (c) to receive a copy or to request the transmission of a copy of his or her personal data to a third party in a structured, commonly used and machine-readable format (right to data portability). Where the processing of data is based on his or her consent, the data subject shall have the right to withdraw that consent at any time without affecting the lawfulness of processing based on consent before its withdrawal. If the data subject wishes to receive further information about the processing of his or her personal data or to exercise any of his or her above rights, he or she must email the HAU Data Protection Officer exclusively at: email@example.com, or send a letter to the mailing address mentioned above. Finally, the data subject has the right to file a complaint with the competent supervisory authority about how the HAU handles his or her data (www.dpa.gr).Download the above legal statement in .pdf format