This notice (hereinafter “the Notice”) is provided in accordance with Articles 13 and 14 of the General Data Protection Regulation ((EU) 2016/679, “GDPR”) and it concerns the way in which personal data are processed in the context of the “BUILD – CERV” programme (hereinafter “the Program”):

  1. The data controllers, i.e. the persons/entities that determine the purposes and means of the processing of personal data.
  2. The purpose and legal basis of the processing of personal data.
  3. The categories of personal data processed and the persons to whom they relate (“Data Subjects”).
  4. The sources of the personal data.
  5. The time for which the personal data are kept.
  6. The categories of persons/entities to whom the personal data are made accessible (“Data Recipients”).
  7. The countries in which the personal data are processed/transferred.
  8. Your rights.
  9. The contact details of the persons to whom Data Subjects can address any issue relating to the processing of their personal data and to exercise their rights.
1. Data Controller

Data Controllers are:

a. The Public Benefit Foundation under the name “BODOSAKI FOUNDATION”, located in Athens, 14 Mourouzi Street (Tax ID 090061942 – D’ Athens Tax Office), e-mail address: [email protected]

b. The association with the name “CENTRE FOR SUPPORT OF NON-GOVERNMENTAL ORGANISATIONS”, located in Nicosia, 27 Ezecia Papaioannou Street, 1075, Nicosia (Registration Number 2129), e-mail address: [email protected].

The BODOSAKI FOUNDATION and the CENTRE FOR SUPPORT OF NON-GOVERNMENTAL ORGANIZATIONS jointly determine the purposes and means of the processing of personal data under the Programme and, therefore, act as “joint controllers” in accordance with Article 26 of the GDPR.

2. Purpose and Legal Basis of Processing

In the context of the Program personal data are processed for the following purposes:

  1. Selection of beneficiary CSOs.
  2. Conclusion of contracts with the beneficiary CSOs.
  3. Monitoring of the implementation of the grant contracts, accountability and promotion of the projects implemented.
  4. Providing capacity building services to the grantee CSOs: learning, professional support, and networking.
  5. Preparation of reports in relation to the progress of the implementation of the Program.
  6. Evaluation of the implementation and results of the Program.

The legal basis of the processing operations carried out for the above purposes under 1, 3, 5 and 6 is the fulfilment of the legitimate interests of the (joint) Data Controllers [Article 6(1)(f) GDPR], which consist in the correct and effective implementation of the Program and its objectives.

The processing of personal data for the fulfilment of the purposes set out in points 2 and 4 above is carried out for the performance of a contract to which the Data Subject is a party [Article 6(1)(b)(b) of the GDPR].

In cases of data processing for the purpose of monitoring and promotion of the projects being implemented (above under 3), the legal basis is, where applicable, also the consent of the Data Subjects [Article 6(1)(a) GDPR], which is collected after provision of specific information to the Data Subjects regarding their rights etc.

3. Personal Data Processed and Data Subjects

The following Categories of Personal Data per category of Data Subjects are processed under the Programme:

a. Selection of Beneficiary CSOs

Categories of Data Subjects Categories of Personal Data
A) Persons submitting the application on behalf of the CSO, representatives of the CSO, members of the CSO. Partners of the CSO.

B) Persons associated with the CSO who are to be employed on the project.

 As regards category A:

(a) first name, (b) surname, (c) username (to create an account on the application platform), (d) e-mail address, (e) telephone number, (f) the person’s relationship with the CSO applying for funding.

As regards category B:

(a) first name, (b) surname, (c) patronymic, (d) civil status, (e) professional status, (f) position and duties in the project, (g) relationship with the CSO applying for funding; form of employment, (h) home address, (i) passport – identity card details, (j) any data included by the subjects themselves in their CV.

In addition, personal data of board members and other statutory bodies may be collected by the G.E.M.I. and processed.

 

b. Conclusion of contracts with CSOs

Categories of Data Subjects Categories of Personal Data
A) Contact persons (if the legal representatives of the beneficiary CSO are not themselves the contact persons)

B) Legal representatives of the beneficiary CSOs

 As regards category A:

(a) contact details.

For category B:

(a) first name, (b) surname, (c) patronymic, (d) ID number/passport number, (e) contact details, (f) any other data included in the certificate of representation submitted by the beneficiary CSO.

 

c. Monitoring and project Promotion

Categories of Data Subjects Categories of Personal Data
A) Members of the project teams

B) Legal representatives of the beneficiary CSOs and their partners (if any)

C) Beneficiaries of the projects’ actions

 As regards category A: a) name, b) surname, c) maiden name, d) civil status, e) professional status, f) position and duties in the project, g) form of employment – relationship with the beneficiary CSO, h) other data that may be included in the detailed periodic declaration submitted by the beneficiary CSO, i) other data that may be included in submitted tax documents, h) other data resulting from any form of excuses (e.g. (h) any other data resulting from any kind of travel tickets, tax documents relating to accommodation, catering services, etc.); j) in general, any personal data included in the material collected and submitted as evidence of the actions implemented under the project (image data – photographs, audio-visual material).

As regards category B: (a) name, (b) surname, (c) maiden name, (d) contact telephone number, (e) e-mail address, (f) (e) e-mail address, e-mail address, VAT number, (g) any other data included in the attestation of representation submitted by the beneficiary CSO.

As regards category C: any personal data included in the material collected and submitted as evidence of the actions implemented under the project (image data – photographs, audio data – audiovisual material).

 

d. Capacity Building Services

Categories of Data Subjects Categories of Personal Data
Category A: Trainees – members/staff of the beneficiary CSO

Category B: Instructos

 For category A: a) full name, b) contact telephone number, c) status/position in the sponsored COS, d) video and audio data (if the training/support is provided online via a video conferencing platform), e) any data disclosed during the training/support (if the training/support is provided online via a video conferencing platform).

As regards category B: (a) full name, (b) data resulting from the short CV, (c) image and audio data (if the training/support is provided online via a videoconferencing platform)

In order to compile the required reports (described in Section 2 under 5 purpose of processing) and to complete the project evaluation (described in Section 2 under 6 purpose of processing), all the data under a, b and c above are processed. It should be noted, however, that the reports and evaluation results only include statistical and numerical data.

4. Sources of Personal Data

The data processed come from:

a. from the Data Subjects themselves,
b. from the contact persons designated by the applicant/grantee organisations and/or their legal representatives.
c. the G.E.M.I.

5.  Retention Period of Personal Data

Personal data are kept for a minimum of five (5) years from the approval of the completion of the Program by the EUROPEAN ORGANIZATION FOR EDUCATION AND CULTURE and/or other EU agencies. For the privacy policies of EU agencies see the following link: https://ec.europa.eu/info/funding-tenders/opportunities/portal/screen/support/legalnotice

6. Disclosure and Transfer of Personal Data

The data processed within the framework of the Program are not, in principle, disclosed to third parties, other than the Company “Nima Works”, which provides and supports the platform for the submission of online applications.

Exceptionally, the data collected for the purpose of promotion of the projects implemented are posted on the websites and social media accounts of the (joint) Data Controllers with the consent of the Data Subjects (if required).

Furthermore, the data will be transmitted to the European Education and Culture Executive Agency, Auditors – Audit Firms, audit bodies of the European Union, as part of the due accountability of the Joint Controllers for the Program.

Finally, the data processed in the context of the capacity building services are also made accessible to the company “Tools Ltd”, which provides and supports the Social Dynamo website and, consequently, the training platform hosted on it.

The above-mentioned platform providers perform the role of Processors and are (contractually) committed to the protection of personal data.

7. Transfer of Personal Data within the EEA

The data is processed within the EEA. The data is transferred to the EUROPEAN EXECUTIVE ORGANISATION FOR EDUCATION AND CULTURE and/or other EU agencies.

8.Your Rights

You can exercise the following rights by sending a request to the email address below (under 9):

a. The right of access: you may request information on the processing of data, as well as copies of the data we hold.

b. The right to rectification.

c. The right to erasure: You may, under certain conditions provided for in the data protection legislation, request that your data be erased.

d. The right to restrict processing: You may request that we restrict the processing of personal data in case of doubt about their accuracy, as well as in case the data is no longer necessary for the original purpose, but for legal reasons cannot yet be deleted.

The right to object to processing. If, however, there are compelling legitimate grounds for the processing which override the rights and interests that you will invoke, we may refuse your objection, stating our reasons.

If you are not satisfied with the response to your request or if you consider that the processing of your personal data violates the applicable regulatory framework, you have the right to lodge a complaint with the Personal Data Protection Authority (postal address: Avenue. Kifissia Street 1-3, P.C. 115 23, Athens, tel. 210 6475600, e-mail address: [email protected]) or to the Office of the Personal Data Protection Commissioner (Office address: Iasonos 1, 1082 Nicosia Postal address P.O.Box 23378, 1682 Nicosia Phone: +357 22818456 Fax: +357 22304565 Email: [email protected]) by submitting a form which can be found here.

9. Contact Details

In order to exercise the rights provided for by the legislation (immediately above under 8), to raise questions or for any other reason regarding the processing of personal data described in the Notice, you may contact the staff of the Bodossaki Foundation, which, as the Programme Coordinator, has been designated as the point of contact with the Data Subjects, via the following e-mail address: [email protected].

In any case, you may – in accordance with Article 26 of the GDPR – exercise your rights by addressing any of the (joint) Data Controllers.

Last update: 28/07/2023