INFORMATION ON THE PRIVACY AND PERSONAL DATA PROTECTION POLICY OF THE CIVIL NON-PROFIT ORGANISATION ‘InCommOn’
DISCLAIMER: This policy document in English has been translated from the original, written in Greek. Should there be any discrepancies between the documents, or queries about the content, individuals’ rights or the use of their data, the Greek language document will take precedence over the English one for all legal purposes.

Translation Note: Although the direct translation of ‘ΑΣΤΙΚΗ ΜΗ ΚΕΡΔΟΣΚΟΠΙΚΗ ΕΤΑΙΡΙΑ’ is ‘Civil Non-profit Company’, in order to avoid confusion in the English translation, this legal form of association (which ‘IncommOn’ is constituted as) is referred to as ‘The Organisation’ in English rather than ‘The Company’, when written as such in Greek. This is done to ensure the understanding that it is a non-profit entity. The entity of ‘InCommOn’, in Greek law, is a company that has the right to sell products or services and generate income, but not profit. It has no shareholders, no stakes, is not publicly traded and the entire income from any products / services are used for the organisation’s projects and operations.

The Civil Non-Profit Company (henceforth ‘The Organisation’) with the name ‘InCommOn’ based in Thessaloniki (105 Agia Sofia Street, 54633), is a legal entity which has the right to hold and process personal data, as set out in the framework of the General Data Protection Regulation (EU 2018/679), which entered into force on 25/05/2018 and is hereinafter referred to as the ‘GDPR’. InCommOn is additionally subject to, and upholds, the law 4624/2019 of the ‘Personal Data Protection Authority’ which comprises measures implementing Regulation EU 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data. This also allows for the transposition into national law of Directive EU 2016/680 of the European Parliament and of the Council of 27 April 2016 and other provisions. These acts and legislation provides the public with the following information about the gathering, storing, processing and use of your personal data and your rights as the subject of these processes.

The purpose of our Organisation is to carry out initiatives and projects in Greece and abroad, related to sustainable urban development, focussing equally on the human and the ecological factors of the urban environment. We seek to propose solutions to the problems facing Greek cities – such as environmental degradation, the effects of climate
change, the various crises that occur or affect urban areas, social inequalities in the urban context, etc. – giving equal emphasis to both the issues of the environment and society, while working to empower citizens to engage with these issues as self-organised groups. To this end, we develop environmental, educational, cultural and social projects with, by and for the community, in cooperation with the community itself and utilising tools such as participatory planning, participatory decision-making and the implementation of bottom-up approaches, as well as community building. We develop our actions and ideas in the ‘field’ – small-scale urban projects with simultaneous social, scientific and technical research, prioritising education and raising public awareness, both individually and as members of the community, in order to solve specific problems of urban reality.

The information presented here, is addressed to individuals, who either take an active part in the projects, actions and activities of the Organisation, are simply informed about our work through a newsletter, interaction with staff, or any other kind of communication with the Organisation. This information is intended to inform you about the personal data we collect and process in the context of the aforementioned described purposes and actions of the Organisation, as well as the manner and purposes of collection, storage, use and transmission of such information on a case- by-case basis. It also aims to inform you about your rights in accordance with EU legislation on privacy.

Legal Framework

According to Article 4 (1) of the GDPR, ‘personal data’ denotes any information relating to an identified or identifiable natural person (that is, a private citizen, rather than an organisation, persona or representative of a group) and is referred to, in this context, as a ‘data subject’. An identifiable natural person is one whose identity can be verified immediately or indirectly, in particular with reference to an identity element such as name, passport / ID number, location data, online identity or one or more factors specific to his or her physical, physiological, genetic, psychological, economic, cultural or social identity as an existing, singular person.

Furthermore, in accordance with Article 4 (2) of the GDPR, ‘processing’ refers to any operation or series of operations carried out, with or without the use of automated means, to the personal data or within personal data sets-such as collection, registration, recording, organisation, structuring, storage, adaptation or alteration, retrieval of information, use, transmission, dissemination and dispersal. In addition, ‘processing’ also includes, 2 association or combining the data with other data sets as well as the deletion or destruction of the data.

Finally, according to article 4 par. 7 of the GDPR, the ‘person / organisation responsible for the collection and processing of data’ is the natural or legal person, public authority, service or other body that, either on its own, or jointly with others, determines the purposes and manner of processing the data. The organisation responsible for this will undertake the data processing in full compliance with the purposes and manner of such processing, that have been determined by EU law or the law of the relevant Member State. The organisation responsible and the specific criteria for its designation as a legally responsible body, are identified as such (as legal entities with the right to do so) by EU law, or the law of the relevant Member State.

The non-profit organisation ‘InCommOn’

The non-profit Organisation ‘InCommOn’ is the organisation responsible for the collection and processing of the personal data- collected by the means and the ways described in detail in this Data Protection Policy, and are subject to processing within the framework of your interaction with the Organisation.

What personal data do we collect?

‘InCommOn’ collects only the personal data which you have disclosed to us, namely: Identification data: Name, Surname, Date of Birth, Occupation / Profession Contact Information: Home Address, Email Address, Phone Numbers

Individuals who simply wish to be informed of the Organisation’s goals and actions (rather than register for, and participate in, an activity) are asked to provide only their email address in order to receive the relevant newsletters, and are not asked to supply any of the other data outlined above. Individuals who wish to actively participate in our projects and actions are required to provide identification data, such as name, surname and date of birth, as well as contact details, such as home address, e-mail address, telephone numbers. In the latter instance, additional data is requested in order to ensure the smooth operation of projects and actions: for example- activities where there can only be a limited number of participants; activities that are only relevant/ appropriate for particular age groups; activities that address thematic topics (in which specific knowledge might be required); activities that address issues of a specific area / community – where the criterion for
participation is the home address.

Purpose of collection and processing of personal data

The Organisation is entitled by law, to collect and process the aforementioned personal data disclosed by you, for the fulfillment of its purposes only, as described in detail here.

Third party access to your personal data

The personal data collected by ‘InCommOn’ may be disclosed or transmitted to third parties, if this is required for the fulfillment of obligations by law or is necessary for the fulfillment of the purposes and functions of the Organisation’s operations and work, subject to relevant legislation. Some of the Organisation’s functions-in particular, technical and communications functions with regard to our website- are outsourced. We may therefore entrust natural or legal persons (external to ‘InCommOn’) with certain services and functions of our website and other essential technical processes. In these instances, the Organisation only shares the minimum personal data with external service providers, that is necessary for the task to be fulfilled (e.g. when utilising a mass-mailing service to send out an electronic newsletter, only the name and e-mail addresses of individuals will be shared with the third party / service provider). These external service providers are bound by, and committed to, the same legal requirements of privacy and data protection as InCommOn.

The Organisation may share your personal data with funding agencies related to our actions and projects (e.g. The Green Fund, European Union agencies, etc.). ‘InCommOn is allowed by law to share presentations, reports and material from our specific events with such bodies, as these events take place within the framework of specific projects that these institutions have funded or sponsored. These materials function as evidence for the donor, of the realisation of the events and are essential to the reporting systems of the Organisation. However, these institutions/funding bodies are also committed to the privacy of use of personal data and will always respect your choices about who can access your data and will provide adequate guarantees regarding the protection of personal data. Those of the above who have access to your data are obliged to maintain their confidentiality. In any case, should the Organisation wish to utilise a photograph, video, quote or any other type of participation of an individual in our events to share with a donor / any other body, we will always ask for the explicit consent of the data subjects.

Retention period of personal data

The data of the individuals who receive newsletters is held for one year after the
individual’s request to no longer receive the newsletter. The data of the participants in our actions are kept for five years, from their last participation, but the Organisation is entitled 4 to keep them for up to ten years for statistical reasons and in order to maintain an archive and long term record.

Rights of personal data subjects

In accordance with the GDPR, the rights enjoyed by every natural person in relation to the processing of their personal data by ‘InCommOn’ are the following:

  1. Right to Information / Transparency (Articles 12 and 13 of the GDPR): You have the right to know the details of the organisation responsible for collecting and processing your data, the categories of personal data they collect, the purposes of collecting and processing this data, the recipients of your data, the retention time of this data, all of the rights described in Articles 15 – 22 of the GDPR (and analysed below), as well as the right to lodge a complaint. You are informed of these rights as ‘data subjects’ by ‘InCommOn’ both through the relevant field of consent in the processing of personal data and through this text, which is posted on our website (www.incommon.gr).
  2. Right of Access (Article 15 GDPR): As a data subject you have the right to request free access to your personal data held by ‘InCommOn’.
  3. Right of Correction (Article 16 GCC): As a Data Subject you have the right to request the correction of your inaccurate personal data and the completion of incomplete information.
  4. Right of Deletion / Right of Oblivion (Article 17 GIP): You have the right to request the deletion of your personal data.
  5. Right to Restrict Processing (Article 18 GDPR): As data subjects you have the right to request a restriction on the processing of your personal data when: (a) the accuracy of the personal data is questioned, up until it is verified or corrected, (b) the processing is illegal and rather than requesting deletion from our records, you would prefer a restriction of the use of your personal data, (c) the personal data is not needed for the purposes of processing, but are necessary for the establishment, exercise, support of legal claims, and (d) you oppose the processing and there are legitimate reasons concerning ‘InCommOn’ ‘s use of your data.
  6. Right to data transferability (Article 20 GDPR): You have the right to receive your personal data free of charge in a form that allows you to access, use and process it, as well as request it from us, or, if it is technically possible, request that we transfer your data directly to another organisation. This right applies to the data you have provided us with, and its processing is based on your consent and is done by automated means.
  7. Right to withdraw consent (Article 7 (2) GDPR: You have the right to withdraw your consent for the Organisation to retain and process your data, at any time, by submitting a written statement to ‘InCommOn’.
  8. Right of complaint to the National Authority for the Protection of Personal Data (of the relevant Member State) – (article 77 GDPR): You have the right to submit a complaint to the Personal Data Protection Authority (www.dpa.gr): Address 1-3 Kifissias, Ampelokipoi, 11523 Athens, tel. 210 6475600, fax: 210 6475628 , E-mail: complaints@dpa.gr.

Security of personal data

InCommOn’ has implemented all appropriate technical and organisational measures, as well as all physical security measures to ensure the secure processing of personal data and the prevention of accidental loss or destruction and unauthorised and / or illegal access to it. In addition the Organisation ensures the legality of the collection, processing and secure storage of personal data, in accordance with the provisions of national, EU and international law concerning the protection of the individual in the processing of personal data, in particular taking into account the provisions of the General Regulation on Data Protection.

If you wish to contact us about any issue related to the collection, retention or processing of your personal data and your rights with regard to your data, you can contact us by phone at +30 2316009518, by mail at: 105 Agia Sofia Street, 54633, Thessaloniki, Greece, or by email at : office@incommon.gr.