Skip to main content
Ελ

Personal Data Protection Policy

Curated & Moderated by:
Anna Kynthia Bousdoukou

This Personal Data Protection Policy (hereinafter the “Policy”) intends to provide you with information on how your personal data is being processed through the website https://www.snfdialogues.org. Data Controller is the Greek SNF office, located in Athens, at 86A Vasilissis Sofias Ave., PO Box 115 28, tel. +30 210 8778300 (“Data Controller”).

References in this Policy to “you” or “your” are references to individuals whose personal data the Data Controller processes, i.e. individuals browsing the website, completing their personal data in order to receive newsletters, etc. (collectively the “users”).

The processing of personal data of the users of this website is governed by this Policy and the Cookie Policy, the relevant provisions of the applicable legislation on personal data, including the General Data Protection Regulation EU 2016/679 (the “GDPR”), Law 4624/2019, Law 3471/2006, and by the relevant decisions and guidelines of the Hellenic Data Protection Authority (hereinafter the “HDPA”).

1. Which personal data does the Data Controller collect and for which purpose?

The Data Controller collects only the personal data that is necessary, relevant and proportionate to the purposes for which it is processed, and it is not subject to any further processing in any way incompatible with the purposes originally collected. The types of personal data that the Data Controller collects and further processes about you, are collected either directly from you or through third parties and depend on the context of your interaction with the Data Controller and the website. This may include data necessary for event participation, newsletter subscriptions, or access to on-demand content such as videos, podcasts and opinion articles available on the website. In particular, by browsing the website, the Data Controller will collect and further process certain personal data, to be able to offer access to the website and its functionalities, such as information collected by the use of trackers (for further details please see our Cookies Policy). Also, the Data Controller will collect and further process the following personal data categories:

Events registration: When you register to participate in SNF Dialogues events, the Data Controller processes personal identification data, including your name, surname, email address, and professional status, in order to confirm your participation and plan the events accordingly. Photos and videos will be taken throughout SNF Dialogues events. These materials, as such or embedded into other audiovisual content, may be posted on the official websites and social media accounts of SNF and SNF Dialogues for promotional purposes related to the events. Furthermore, the events may be broadcast live on SNF’s website and/or its official social media accounts. By submitting your registration and entering the event premises (during live events), you consent to the collection, use and publication of your image and likeness for these purposes.

Newsletter subscription: When you subscribe to newsletters, the Data Controller collects and further processes personal data, including your name, surname and email address, in order to send marketing material and promote new SNF grants, initiative and events. By subscribing to the newsletter and providing your consent for the processing of your personal data, you acknowledge that you will receive newsletters and other additional informational material regarding SNF’s activities. You can withdraw your consent at any time by clicking the “unsubscribe” link, included in each communication. 

SNF Dialogues App usage: When using the SNF Dialogues App on your mobile or tablet to access event participation or participate in live chats, the Data Controller may process relevant data. 

Legal claims: The Data Controller may process your personal data (name, surname, interactions with the Data Controller) when necessary to establish, exercise or defense legal claims.

Compliance with legal obligations: The Data Controller may process your personal data (name, surname, interactions with the Data Controller) when necessary to comply with tax legislation and/or requests from administrative/judicial authorities.

Aggregated data: The Data Controller may also process aggregated data, such as statistical or demographic data, for any purpose. While aggregated data may be derived from your personal data, these are not considered personal data, as they do not directly or indirectly reveal your identity (e.g., the Data Controller may aggregate your usage data to calculate the percentage of users accessing a specific website feature); however, if the Data Controller combines aggregated data with your personal data so that it can directly or indirectly identify you, the Data Controller shall treat the combined data as personal data, which will be used in accordance with this Policy.

2. What is the legal basis for processing your personal data?

• The execution of a contract to which you are a party or in order to take steps at your request prior to entering into such contract (i.e., enabling access to the website or facilitating your participation in an event) (Contract),

• Your consent, where appropriate, for one or more purposes (i.e., subscribing to the Data Controller’s newsletter, agreeing to the use of cookies and tracking technologies) (Consent). You may withdraw your consent at any time without affecting the lawfulness of processing based on consent prior to its withdrawal.

• Compliance with the obligations imposed by the applicable legislation (i.e., when the Data Controller is requested to provide information to tax authorities) (Obligation by the law), and

• The overriding legitimate interest of the Data Controller (i.e., monitoring website usage to ensure efficient and secure operation, detecting and preventing fraud or misuse, and for establishing, exercising or defending legal claims) (Legitimate interest).

Where the Data Controller has a statutory duty to collect your personal data (for instance, for purposes of compliance with applicable legislation) or when such data is required under the terms of a contract between you and the Data Controller, failure to provide the personal data when requested, may result in the inability of the Data Controller to fulfill its contractual obligations or grant access to certain website features or functionalities.

3. How long does the Data Controller keep your personal data?

The Data Controller ensures that the personal data it collects is processed for no longer than it is required for the fulfilment of the purpose of processing e.g., for as long as needed to provide you with website functionalities, always in conjunction with the applicable legislation. Once the data processing purpose is completed, the Data Controller will either delete or anonymize your personal data, unless statutory retention requirements apply (e.g., to comply with regulatory and accounting requirements, or for the establishment or defense of legal claims). Where the legal basis for processing your personal data is your consent, upon withdrawal of your consent, your personal data will be deleted or anonymized, unless statutory retention requirements apply (e.g., to comply with regulatory and accounting requirements, or for the establishment or defense of legal claims). With regard to the retention of information collected via cookies and other trackers, please read our Cookie.

4. With whom does the Data Controller share your personal data?

The Data Controller may share users’ personal data with the civil non-profit organization "Incubator for Media Education and Development – Civil Non-Profit Organization" (iMEdD), ensuring absolute confidentiality. Additionally, user’s personal data may be shared with third-party organizations or collaborators involved in the organization or support of SNF Dialogues events. Such data sharing is conducted solely for the purpose of facilitating the events and ensuring their successful execution. All data recipients are required to comply with confidentiality and data protection obligations, as and when applicable.

Your personal data may be transmitted to third-party service providers of the Data Controller, who process your personal data solely for the fulfillment of their obligations towards the Data Controller. In this case, the third parties (such as security services consultants, IT support services providers, marketing communication services providers, etc.) act as Data Processors on behalf of the Data Controller and are contractually bound to implement adequate technical and organizational security measures in accordance with applicable legislation.

To the extent required, the Data Controller may share personal data with law enforcement authorities, government authorities, competent independent regulatory/supervising authorities, competent courts and other judicial authorities, our professional external advisers, counsels or consultants, including lawyers, auditors, accountants and insurers providing relevant services to the Data Controller.

Also, the Data Controller may share your personal data with offices of Stavros Niarchos Foundation in third countries. In this framework the Data Controller has already signed data transfer agreements based on standard contractual clauses approved by the European Commission with offices of Stavros Niarchos Foundation in New York and Monaco. In order to obtain a copy of such standard contractual clauses, please contact the Data Controller at [email protected].

In addition, in the framework of cooperation with other recipients, any transfer of your personal data outside the EU/EEA for the purpose outlined above will be based on an adequacy decision issued by the European Commission or subject to suitable and appropriate safeguards and conditions to ensure an adequate level of data protection, e.g., data transfer agreements based on standard contractual clauses approved by the European Commission. For further information on how the Data Controller protects personal data during transfers outside the EU/EEA or to request a copy of the safeguards implemented, please contact the Data Controller at [email protected].

Also, the Data Controller may disclose your personal information in the following cases: (a) When it has your explicit consent to publish your data in any way or (b) if such disclosure is required to exercise SNF’s rights.

5. What are your rights?

• Right of access: This means that you have the right to be informed by the Data Controller if it is processing your personal data. If the Data Controller is processing your personal data, you can ask for information about the purpose of processing, the type of data the Data Controller holds, with whom the Data Controller shares it, how long the Data Controller stores it, but also about your other rights, such as rectification, erasure, and lodging a complaint to the HDPA.

• Right to rectification: If your personal data is inaccurate or incomplete, you can request that the Data Controller rectifies them (for example, a name correction or an update of an address change). • Right to erasure: You may ask the Data Controller to erase your personal data if one of the reasons provided by the applicable legislation is in force (e.g., when the data is no longer necessary or if you have withdrawn your consent). 

• Right to data portability: Under certain circumstances, you may ask the Data Controller to receive, in a structured, commonly used and machine-readable format, the data concerning you, or ask the Data Controller to transmit it to another controller.

• Right to restriction of processing: You may ask the Data Controller to restrict the processing of your personal data, if you believe that your personal data are inaccurate or that processing is unlawful or that the Data Controller no longer needs the personal data or you have objections to the automated processing (if applicable).

• Right to object: In certain cases, you may object to the processing of your personal data and the Data Controller will stop processing your personal data, unless, inter alia, there are compelling legitimate grounds for the processing which override your interests, rights and freedoms. You also have the right to object when a decision concerning you is based solely on automated processing, including profiling, and this decision produces legal effects concerning you or significantly affects you (exceptions provided by law).

• Right to withdraw your consent: You may withdraw your consent at any time, without your withdrawal affecting the lawfulness of the processing based on your consent before its withdrawal. 

• Right to lodge a complaint with HDPA: If you believe that the Data Controller infringes the applicable legislation for the protection of your personal data, you have the right to lodge a complaint with the HDPA, registered in 1-3 Kifissias Ave., 11523, Athens, Greece. More information on the competence of the HDPA and how to lodge a complaint, you can find at www.dpa.gr.

6. Contact

To access your personal data, to exercise these rights, as well as for any comments, questions or requests regarding the processing of your personal data or the present Personal Data Protection Policy, please contact the Data Controller’s Contact Person: Ms. Lina Giotaki, Phone number: +30 210-8778300, email: [email protected], address: 86Α Vasilissis Sofias Ave., 115 28 Athens, Greece.

7. Modification of this Policy

The Data Controller monitors the policies and procedures for the collection and processing of your personal data that it implements and may at any time make any modifications in order to ensure that most effective protection of your personal data and the adoption of new practices. For this reason, please visit this page regularly for any changes.

The Personal Data Protection Policy was last updated in April 2025.