Who is ITHACA?
ITHACA LAUNDRY is a civic non-profit organization, founded in 2015.
The field of its action is the provision of hygiene services as well as the planning and implementation of social and work reintegration services . The beneficiaries are homeless and people from vulnerable social groups.
ITHACA is the Data Controller, in accordance with the provisions of the General Data Protection Regulation EU 2016/679, and national legislation, for the personal data that you provide or communicate to us, in order to provide you with our services.
Our address is 28 Karaiskaki st., contact phone: 210 0105087, email address firstname.lastname@example.org
1. What is Personal Data?
The term “Personal Data” refers to information concerning you, such as your name, surname, postal and electronic addresses, telephone number, gender, etc., which can be used to identify you, hereinafter “Personal Data or Data”.
Additionally, for all beneficiaries/ we collect, register and store identification details of ID card or Passport, date of birth, date of issue of identification document, contact details (telephone number, email) and other data related to the nature of each type of action, such as marital status, education level, nationality, health information/data, tax or legal status, etc. only if these are necessary for our services and the respective action.
2. Why does ITHACA collect data, what is the purpose of the processing?
For employees, partners, suppliers and beneficiaries, we collect and process personal data
(1) for the implementation of our actions.
(2) for statistical purposes, drawing conclusions and optimizing our services and to inform our sponsors and funders.
(3) to comply with the respective legislation (tax, labor, insurance, etc.) to which we are subject to.
For any future processing for purposes other than the above, we will only do so once we have received a new express consent from you.
Personal data collection is based either on your express consent or is done to serve our action and/or cooperation with you.
3. Principles of Personal Data Processing
ITHACA LAUNDRY, in compliance with the General Data Protection Regulation and the wider national and European legislative framework, ensures that the Personal Data it collects:
- Are lawfully and legitimately processed
- Are collected for specified, explicit and legitimate purposes and are not further processed in a manner incompatible with these purposes
- They are appropriate, relevant and limited to what is strictly necessary for the purposes for which they are processed
- They are accurate and, when necessary, updated.
- They are kept in a form that allows you to be identified only for the time required for the purposes of the processing, always applying the appropriate technical and organizational measures to ensure your rights and freedoms
- They are processed using appropriate technical or organizational measures, in a way that guarantees security, including their protection against unauthorized or illegal processing and accidental loss, destruction or deterioration
- We do not make decisions, nor carry out profiling, based on automated processing of your Data
4. How long we will keep and process your data for
We keep the data for the minimum necessary period and take care to delete it securely if the processing purpose has been carried out and completed. Sometimes, however, and for certain categories of data, legislation and our legal interest might require them to be maintained.
5. Who has access to my Personal Data?
Recipient of the Data is the strictly necessary staff of ITHACA, who is bound by confidentiality, the companies cooperating with us, which process your Data on our behalf and according to our orders. We use third parties – processors to implement our actions and provide the services related to the purpose of ITHACA, which provide sufficient assurances for the implementation of appropriate technical and organizational measures in such a way as to ensure the protection of the rights of the subjects of data,
Whoever processes data, as well as our employees promise and have agreed:
- to maintain confidentiality,
- to not share Personal Data to third parties without our permission or yours,
- to take all appropriate security measures,
- to comply with the legal framework for the protection of Personal Data and in particular the GDPR Regulation.
6. Personal Data Transfer
Your Personal Data is stored and processed only within the European Union.
In addition, we may share or disclose your Data when expressly requested by you or when required by law.
7. What are my rights in relation to my Personal Data?
In relation to your personal data, you have the following rights:
a. You have the right to access your personal data.
This means that you have the right to be informed by us if we process your Data, for the nature of the processing purpose, the type of your Data we hold, to whom we give it, how long we store it and whether automated decision-making takes place
b. You have the right to correct inaccurate Data.
If you find that there is an error in your Data, you can ask us to correct it.
c. You have a right to deletion/right to be forgotten.
You can ask us to delete your Data if it is no longer necessary for the purposes of processing or you wish to withdraw your consent, in the event that this is the only lawful basis.
d. You have a right to the portability of your Data.
You can ask us to receive the Data you have provided in readable form or ask us to pass it on to another controller.
e. You have the right to restrict processing.
You can ask us to restrict the processing of your Data pending the consideration of your objections to the processing.
f. You have the right to object to the processing of your Data.
8. Withdrawal of Consent
You can object to the processing of your Data or withdraw your consent and we will stop processing your Data, unless there are other compelling and legitimate reasons that override your right.
If you wish to exercise your rights you can send us a relevant Request at the email address email@example.com and we will examine it and answer you as soon as possible.
If you consider that the processing of your Personal Data violates the applicable national and European regulatory framework for the protection of Personal Data, then you have the right to file a complaint with the Personal Data Protection Authority.
We will update this Policy whenever necessary. If there are significant changes to the Policy or the way we use your Personal Data, we will notify you either by posting a notice in a prominent place before the changes take effect, or by any other convenient means. We encourage you to periodically read this Policy to be aware of how your Personal Data is protected.