GET INVOLVED takes your privacy seriously and treats all the personal data with great care. We are committed to protecting your privacy and will only use the information that is collected about you lawfully. This policy is intended to give you an understanding of how and why we use the personal information you give us, or we receive from others according to the General Data Protection Regulation (EE 2016/679) ‘’GDPR’’.
Who is responsible for the processing of your personal data?
GET INVOLVED is the Data Controller and responsible for the processing of your data.
Address: Kykladon 4 Chalandri
For more information on this company please contact: email@example.com
Why we collect Personal Data
We collect personal data information to provide advice & services, to undertake research, as well as to send newsletters in order to inform our members about relative projects and other actions.
Personal Data we collect
We collect only the personal data needed for the purposes of the portal. These data may refer to personal information (including name, email, address, phone number), or information about our partners, owners, agents and other parties with an interest in our field including but not limited to supporters, applicants, volunteers.
Personal data protection principles
When we process personal data, we are guided by the following principles, which are set out in the GDPR. We are responsible for, and must be able to demonstrate compliance with, the data protection principles listed below:
Those principles require personal data to be:
- processed lawfully, fairly and in a transparent manner (Lawfulness, fairness and transparency).
- collected only for specified, explicit and legitimate purposes and not further processed in a manner incompatible with those purposes (Purpose limitation).
- adequate, relevant and limited to what is necessary in relation to the purposes for which it is Processed (Data minimization).
- accurate and where necessary kept up to date (Accuracy).
- not kept in a form which permits identification of data subjects for longer than is necessary for the purposes for which the personal data is processed (Storage limitation).
- processed in a manner that ensures its security, using appropriate technical and organizational measures to protect against unauthorized or unlawful processing and against accidental loss, destruction or damage (Security, integrity and confidentiality).
Data Subjects’ Rights
Data subjects have rights in relation to the way we handle their personal data. These include the following rights:
- where the legal basis of our processing is Consent, to withdraw that Consent at any time
- to ask for access to the personal data that we hold
- to prevent our use of the personal data for direct marketing purposes
- to object to our processing of personal data in limited circumstances
- to ask us to erase personal data without delay:
- if it is no longer necessary in relation to the purposes for which it was collected or otherwise processed
- if the only legal basis of processing is Consent and that Consent has been withdrawn and there is no other legal basis on which we can process that personal data
- if the data subject objects to our processing where the legal basis is the pursuit of a legitimate interest or the public interest and we can show no overriding legitimate grounds or interest
- if the data subject has objected to our processing for direct marketing purposes
- if the processing is
- to ask us to rectify inaccurate data or to complete incomplete data
- to restrict processing in specific circumstances e.g. where there is a complaint about accuracy
- to ask us for a copy of the safeguards under which personal data is transferred outside of the EU
- the right not to be subject to decisions based solely on automated processing, including profiling
- to prevent processing that is likely to cause damage or distress to the data subject or anyone else
- to be notified of a personal data breach which is likely to result in high risk to their rights and freedoms
- to make a complaint to the Privacy Authority and
- in limited circumstances, receive or ask for their personal data to be transferred to a third party (e.g. another portal) in a structured, commonly used and machine-readable format.
The portal must implement appropriate technical and organizational measures in an effective manner to ensure compliance with data protection principles. The portal is responsible for, and must be able to demonstrate compliance with, the data protection principles.
As the Data Controller, we are responsible for establishing policies and procedures in order to comply with data protection law.
Reporting a personal data breach
The GDPR requires that we report to the Privacy Authority any personal data breach where there is a risk to the rights and freedoms of the data subject. Where the Personal data breach results in a high risk to the data subject, he/she also has to be notified unless subsequent steps have been taken to ensure that the risk is unlikely to materialize, security measures were applied to render the personal data unintelligible (e.g. encryption) or it would amount to disproportionate effort to inform the data subject directly. In the latter circumstances, a public communication must be made or an equally effective alternative measure must be adopted to inform data subjects, so that they themselves can take any remedial action.
We have put in place procedures to deal with any suspected personal data breach and will notify data subjects or the Authority where we are legally required to do so.
If you know or suspect that a personal data breach has occurred, you should immediately contact us at firstname.lastname@example.org and follow the instructions in the personal data breach procedure. You must retain all evidence relating to personal data breaches in particular to enable the University to maintain a record of such breaches, as required by the GDPR