This notice (hereinafter “the Notice”) is provided in accordance with Articles 13 and 14 of the General Data Protection Regulation ((EU) 2016/679, “GDPR”) and it concerns the way in which personal data are processed in the context of the “BUILD – CERV” programme (hereinafter “the Programme”):

    1. The data controllers, i.e. the persons/entities that determine the purposes and means of the processing of personal data.
    2. The purpose and legal basis of the processing of personal data.
    3. The categories of personal data processed and the persons to whom they relate (“Data Subjects”).
    4. The sources of the personal data.
    5. The time for which the personal data are kept.
    6. The categories of persons/entities to whom the personal data are made accessible (“Data Recipients”).
    7. The countries in which the personal data are processed/transferred.
    8. Your rights.
    9. The contact details of the persons to whom Data Subjects can address any issue relating to the processing of their personal data and to exercise their rights.
1. Data Controller

Data Controllers are:

a) The Public Benefit Foundation under the name “BODOSAKI FOUNDATION”, located in Athens, 14 Mourouzi Street (Tax ID 090061942 – D’ Athens Tax Office), e-mail address: legal@bodossaki.gr

b) The association with the name “CENTRE FOR SUPPORT OF NON-GOVERNMENTAL ORGANISATIONS”, located in Nicosia, 12 Spartis Street, 1036, Nicosia (Registration Number 2129), e-mail address: info@ngo-sc.org.

The BODOSAKI FOUNDATION and the CENTRE FOR SUPPORT OF NON-GOVERNMENTAL ORGANIZATIONS jointly determine the purposes and means of the processing of personal data under the Programme and, therefore, act as “joint controllers” in accordance with Article 26 of the GDPR.

2. Purpose and Legal Basis of Processing

In the context of the Programme personal data are processed for the following purposes:

  1. Selection of beneficiary Civil Society Organisations (CSOs): collection and evaluation of grant applications, communication of results.
  2. Conclusion of contracts with the beneficiary CSOs.
  3. Monitoring and communication of the implemented projects, accountability and management of complaints.
  4. Providing capacity building services to the grantee CSOs: learning, professional support, and networking.
  5. Preparation of reports in relation to the progress of the implementation of the Programme.
  6. Evaluation of the implementation and results of the Programme.

The legal basis of the processing operations carried out for the above purposes under 1, 3, 5 and 6 is the fulfilment of the legitimate interests of the (joint) Data Controllers [Article 6(1)(f) GDPR], which consist in the correct and effective implementation of the Programme and its objectives.

The processing of personal data for the fulfilment of the purposes set out in points 2 and 4 above is carried out for the performance of a contract to which the Data Subject is a party [Article 6(1)(b)(b) of the GDPR].

In cases of data processing for the purpose of monitoring and promotion of the projects being implemented (above under 3), the legal basis is, where applicable, also the consent of the Data Subjects [Article 6(1)(a) GDPR], which is collected after provision of specific information to the Data Subjects regarding their rights etc.

3. Personal Data Processed and Data Subjects

The following Categories of Personal Data per category of Data Subjects are processed under the Programme:

a.Selection of Beneficiary CSOs (Collection and Evaluation of Grant Applications)

Categories of Data Subjects Categories of Personal Data
  1. A) Persons submitting the application on behalf of the CSO, representatives of the CSO, members of the CSO. Partners of the CSO.

B) Persons associated with the CSO who are to be employed on the project.

As regards category A:

(a) first name, (b) surname, (c) username (to create an account on the application platform), (d) e-mail address, (e) telephone number, (f) the person’s relationship with the CSO applying for funding.

As regards category B:

(a) first name, (b) surname, (c) patronymic, (d) civil status, (e) professional status, (f) position and duties in the project, (g) relationship with the CSO applying for funding; form of employment, (h) home address, (i) passport – identity card details, (j) any data included by the subjects themselves in their CV.

In addition, personal data of board members and other statutory bodies may be collected by the G.E.M.I. and processed.

 

b. Conclusion of contracts (and modifications thereto) with CSOs

Categories of Data Subjects Categories of Personal Data
  1. A) Contact persons (if the legal representatives of the beneficiary CSO are not themselves the contact persons)

B) Legal representatives of the beneficiary CSOs

As regards category A:

(a) contact details.

For category B:

(a) first name, (b) surname, (c) patronymic, (d) ID number/passport number, (e) contact details, (f) any other data included in the certificate of representation submitted by the beneficiary CSO.

 

c. Monitoring and communication of the implemented projects, accountability and management of complaints

Categories of Data Subjects Categories of Personal Data
A) Members of the project teams

B) Legal representatives of the beneficiary CSOs and their partners (if any)

C) Beneficiaries of the projects’ actions

D) Complainants and recipients of complaints

As regards category A: a) name, b) surname, c) maiden name, d) civil status, e) professional status, f) position and duties in the project, g) form of employment – relationship with the beneficiary CSO, h) other data that may be included in the detailed periodic declaration submitted by the beneficiary CSO, i) other data that may be included in submitted tax documents, h) other data resulting from any form of excuses (e.g. (h) any other data resulting from any kind of travel tickets, tax documents relating to accommodation, catering services, etc.); j) in general, any personal data included in the material collected

and submitted as evidence of the actions implemented under the project (image data – photographs, audio-visual material).

As regards category B: (a) name, (b) surname, (c) maiden name, (d) contact telephone number, (e) e-mail address, (f) (e) e-mail address, e-mail address, VAT number, (g) any other data included in the attestation of representation submitted by the beneficiary CSO.

As regards category C: any personal data included in the material collected and submitted as evidence of the actions implemented under the project (image data – photographs, audio data – audiovisual material).

As regards category D: any personal data of the complainant and the recipient of the complaint, which is included in the complaint submitted by e-mail

 

d. Capacity Building Services

Categories of Data Subjects Categories of Personal Data
Category A: Trainees – members/staff of the beneficiary CSO

Category B: Instructors

As regards category A: a) full name, b) contact telephone number, c) status/position in the sponsored COS, d) video and audio data (if the training/support is provided online via a video conferencing platform), e) any data disclosed during the training/support (if the training/support is provided online via a video conferencing platform).

As regards category B: (a) full name, (b) data resulting from the short CV, (c) image and audio data (if the training/support is provided online via a videoconferencing platform)

In order to compile the required reports (described in Section 2 under 5 purpose of processing) and to complete the project evaluation (described in Section 2 under 6 purpose of processing), all the data under a, b and c above are processed. It should be noted, however, that the reports and evaluation results only include statistical and numerical data.

4. Sources of Personal Data

The data processed come from:

  1. from the Data Subjects themselves,
  2. from the contact persons designated by the applicant/grantee organisations and/or their legal representatives.
  3. the G.E.M.I. (General Commercial Register)
5.  Retention Period of Personal Data

Personal data are kept for a minimum of five (5) years from the approval of the completion of the Programme by the European Education and Culture Executive Agency (EACEA) and/or other EU agencies. For the privacy policies of EU agencies see the following link: https://ec.europa.eu/info/funding-tenders/opportunities/portal/screen/support/legalnotice

6. Disclosure and Transfer of Personal Data

The data shall be transmitted to the following recipients:

1) The European Education and Culture Executive Agency (EACEA) and/or other relevant EU institutions, bodies and agencies responsible for the Build – CERV Programme. For the data protection policies of EU agencies see the following link: https://ec.europa.eu/info/funding-tenders/opportunities/portal/screen/support/legalnotice

2) To certified / public auditors, in the context of a planned or extraordinary financial audit of the Foundation.

3) To the provider of the information system – platform for the submission of applications and management of the foundation’s projects.

4) To the Digital Signature Service Provider (DocuSign) for the purpose of contracting with the final grantee organizations.

* Data collected for the purpose of communication/demonstration of the implemented projects are posted on the websites and social media accounts of the (joint) Data Controllers with the consent of the Subjects (if required).

7. Relations with third parties – Data Processors

Where the processing of personal data is outsourced to third parties in the capacity of Data Processors on behalf of any of the Data Controllers, the third parties are contractually bound to protect the personal data they process.

8.Your Rights

You can exercise the following rights by sending a request to the email address below (under 9):

a) The right of access: you may request information on the processing of data, as well as copies of the data we hold.

b) The right to rectification.

c) The right to erasure: You may, under certain conditions provided for in the data protection legislation, request that your data be erased.

d) The right to restrict processing: You may request that we restrict the processing of personal data in case of doubt about their accuracy, as well as in case the data is no longer necessary for the original purpose, but for legal reasons cannot yet be deleted.

e) The right to object to processing. If, however, there are compelling legitimate grounds for the processing which override the rights and interests that you will invoke, we may refuse your objection, stating our reasons.

If you are not satisfied with the response to your request or if you consider that the processing of your personal data violates the applicable regulatory framework, you have the right to lodge a complaint with the Personal Data Protection Authority (postal address: Avenue. Kifissia Street 1-3, P.C. 115 23, Athens, tel. 210 6475600, e-mail address: contact@dpa.gr) or to the Office of the Personal Data Protection Commissioner (Office address: Iasonos 1, 1082 Nicosia Postal address P.O.Box 23378, 1682 Nicosia Phone: +357 22818456 Fax: +357 22304565 Email: commissioner@dataprotection.gov.cy) by submitting a form which can be found here.

9. Contact Details

In order to exercise the rights provided for by the legislation (immediately above under 8), to raise questions or for any other reason regarding the processing of personal data described in the Notice, you may contact the staff of the Bodossaki Foundation, which, as the Programme Coordinator, has been designated as the point of contact with the Data Subjects, via the following e-mail address: dpo@bodossaki.gr

In any case, you may – in accordance with Article 26 of the GDPR – exercise your rights by addressing any of the (joint) Data Controllers.

*The hereby notice may be amended/updated from time to time.

Last update: May 2024