The non-profit non-profit association with the name “CHRISTIANIKI ADELPHOTIS YOUTH OF THESSALONICS – Y.M.C.A” pays special attention to security and respects the privacy and confidentiality of your personal data. For this reason, we invest time and resources to protect your privacy.

The association takes all appropriate organizational and technical measures designed to protect information from loss, misuse, unauthorized access, disclosure, distortion or destruction and ensures the fair and lawful collection and processing of personal data and its safe keeping.

In this effort, we are in a continuous process of information and training in order to comply fully with the applicable national, European and international legal framework and in particular with the General Data Protection Regulation 679/2016 of the European Union.

Purpose of this policy

We wish to inform you about the way your personal data is collected, stored, used and transmitted, the security measures we take to protect your personal data, the reasons and the period of time it is stored, and the type of personal data collected. It concerns any operation or set of operations performed, with or without the use of automated means, on personal data or on sets of personal data, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or any other form of making available, alignment or combination, restriction, erasure or destruction.

This Policy is updated from time to time and may be amended at any time as deemed necessary, without prior notice, always within the legal framework in force at the time and in accordance with any changes in the applicable data protection legislation. We therefore recommend that you check this Policy periodically in order to be informed of any changes that have taken place.

What is personal data?

Personal data is any information relating to a specific natural person or a person whose identity can be verified (e.g. name, ID number, address, etc.). Data relating to health (physical or mental condition, receipt of medical services, etc.) are included in the general term personal data but constitute a special category of data. The association will not process your personal data without your consent. However, the association reserves the right, in exceptional cases, to process your personal data to the extent permitted or required by law, and/or by court decisions or prosecution orders/dispositions.

How is your personal data collected?

Your personal data is collected in the following ways:

(a) You provide it to us when you apply for a job at the association or when your CV is sent to us. The provision of your personal data in the context of submitting a CV to find a job in the association takes place voluntarily as otherwise it would not be possible to assess your employment opportunity.  For more information please refer to our CV Processing Policy.

(b) you provide them to us when you apply for registration at the start of the academic year for participation in programmes. The submission of your information is at your option and processed with your consent for the sole purpose of the proper performance of the contract. For more information please refer to the Membership Data Use Policy.

(c) automatically through the “browser” or mobile device you use to access our Website www.ymca.gr.

(d) provided to us by you when you complete online forms or send an “e-mail” for the purpose of obtaining information or using the services available on the association’s website www.ymca.gr. The submission of your basic data is done at your choice and the processing is done with your consent for the sole purpose of informing you about the services and activities of our association.

In cases where your consent is required for the use of your personal data in promotional activities aimed at informing you about new services, it will be explicitly requested from you and you have the right to withdraw it at any time.

What kind of personal data is collected?

The personal data collected and further processed includes your name, address, CV details and general contact details (including email address, tax details and telephone number) and anything else detailed in the club’s posted policies.

In addition to the above data you provide us, technical information that constitutes personal data may be collected, such as the Internet Protocol address of your device, e.g. computer, laptop, tablet, smartphone. This technical information is used for the smooth operation and performance of the website and is not permanently stored in our infrastructure.

More details about the technologies used on our website are set out in the Cookies Policy.

What principles govern the processing of personal data by the Association?

The club processes your personal data in a fair and lawful manner for clearly defined purposes set out in this Policy. Your personal data processed by the association is limited to what is strictly necessary to achieve these purposes, is accurate and up-to-date, is kept for a period of time determined by the purposes of the processing, is protected by adequate security measures and is not transferred to countries that do not ensure a satisfactory level of protection.

Who collects the personal data and for what purpose? Are they passed on to third parties?

The receipt, processing and retention of data on CVs, knowledge, professional training and professional experience, is done to satisfy the exclusive purpose of evaluation by the union for the possibility of occupying a job, and are kept only for this purpose, and are processed only by the personnel department of the union.

The receipt, processing and retention of your data concerning identification, health and contact details is done to satisfy the exclusive purpose of fulfilling the contract & of informing you about the services of the association. All your data are kept only for these purposes and are processed only by the relevant departments of the association.

It is possible that personal data may be transferred to partners, or third parties, for further processing for the purpose of providing services, evaluating and improving the functionality of the website, marketing, data management and technical support purposes. These third parties have contractually committed to us that they will only use the personal data for the above purposes, and will not transfer the personal information to third parties, and will not disclose it to third parties unless required by law.

The club is committed that it will not market your personal data by making it available for sale/rent by giving it/transferring/publishing or disclosing it to third parties or use it in any other way and for other purposes that may compromise privacy.

For how long is my personal data kept?

For the fulfilment of the purpose of the processing, which is to investigate the occupation of a position in our association (CV form), we consider a reasonable and necessary period of retention of your relevant data to be twelve (12) months. After twelve (12) months from the time of receipt of your CV, the relevant file with all your data will be deleted.

In order to fulfil the purpose of the processing, which concerns the execution of the contract and to inform you about our services and actions, a reasonable period of retention of your data is deemed to be the time of the relevant operation of the association.

What are my rights in relation to the processing of my personal data?

You have the right to ask us at any time what personal data we process, for what purposes we do so, whether we provide it to third parties and to whom, and other relevant information. You also have the right to receive a copy of your personal data free of charge at your request. Other rights which you have under the relevant legislation include the right to request that your data be updated and/or rectified, that its processing be stopped and/or restricted and that it be deleted from the association’s systems, unless there is another legal obligation to retain it. You also retain the right to portability and/or to object to the processing of your personal data.

You can exercise all the above rights by submitting a written request to N. Germanou 1, 1, YMCA Square, 54621, Thessaloniki, Greece. For any issue you have regarding your personal data and/or for clarifications, you can contact the Personal Data Protection Officer of the association Mr. Alexandros Argyriou, either by telephone at 2316001000 or by e-mail at dpo@ymca.gr. Any request submitted should be accompanied by the appropriate proof of identification and the required information (e.g. the data that need to be corrected) should be provided, as described in the terms of use of the service in question.

The association will make every effort to ensure that your requests are answered without delay and in any case within one month of receipt. This deadline may be extended by two (2) more months, if necessary, taking into account the complexity of the request and the number of requests. You will be informed of this extension and the reasons for the delay within one month of the receipt of the request by the association. If you submit the request by electronic means, the response will be provided, if possible, by electronic means, unless you request otherwise (e.g. a written letter).

In case the association delays beyond a reasonable period in responding to your request and in any case where you consider that your rights are violated or the association is not consistent with its data protection obligations, you have the right to lodge a complaint with the supervisory authority. (Personal Data Authority, Athens Kifissias 1-3, P.C. 115 23, Athens, Greece, contact@dpa.gr, +30-210 6475600.