top of page

Privacy Policy (GDPR)

The protection of human rights and the support of displaced women who have sought safety in Greece requires cooperation, communication and generosity.

When you browse the website of SAO Association Hellas (SAO), contact us, or collaborate with us in any way, you share information with us. Whenever necessary, we collect, store and process this information to ensure the proper and lawful operation of SAO.

We prioritise the security and protection of the information we collect, i.e. your personal data, as well as the transparency in how we use it. This policy explains how we do that and applies to all personal data we collect.

Please read this policy carefully to understand how and why we collect, store and process your personal data.

 

What is personal data

Personal data refers to information that, either on its own or in combination with other data, could lead to your identification. This information is protected by the General Data Protection Regulation of the European Union 2016/679 (GDPR), Greek Law 4624/2019 as currently in force, and the recommendations, guidelines and decisions of the Hellenic Data Protection Authority.

Data Controller

SAO Association Hellas (SAO) is the Data Controller of the personal data. It is a Non-profit Civil Company, registered under the General Commercial Registry number: 146976201000, with the primary purpose to support refugee and asylum-seeking women and their families affected by the humanitarian crisis resulting from displacement to Greece in search of safety. We operate Day Centres to provide this support.

Our contact telephone number is: (+30) 693 619 8844, and our email address is: info@sao-hellas.gr.

Visiting the SAO website, cookies & related technologies

To ensure the proper functioning of our website (www.sao-hellas.gr), we use cookies and related technologies, which are small files temporarily stored in your browser’s memory while browsing our website on the computer, mobile phone, or tablet. They are divided into two main categories: essential cookies, without which our website cannot function, and non-essential cookies. You may reject the collection and storage of non-essential cookies at any time.

In order to browse our site, you must at least agree to the use of the essential cookies. If you do not agree, you should not navigate it. You can remove any cookies or related technologies stored on your device at any time.

Essential Cookies

Processing Company: Usercentrics GmbH

  • uc_settings and/or ucString |Purpose: This holds the ControllerID and SettingsID, the language, settings version and services with their consent history. |Duration: The consent data (given consent and revocation of consent) are stored for one year. The data will then be deleted immediately.

  • uc_user_interaction |Purpose: This is used to signal whether a user has already given consent. |Duration: The consent data (given consent and revocation of consent) are stored for one year. The data will then be deleted immediately.

  • ucData (optional) |Purpose: This holds information about the Google Consent Mode. |Duration: The consent data (given consent and revocation of consent) are stored for one year. The data will then be deleted immediately.

  • uc_ui_version |Purpose: This key states the UI version used by the clients |Duration: The consent data (given consent and revocation of consent) are stored for one year. The data will then be deleted immediately.

  • uc_user_country |Purpose: This is used to recognize the location of the user and show the correct version of the CMP. |Duration: The consent data (given consent and revocation of consent) are stored for one year. The data will then be deleted immediately.

 

Processing Company: Wix.com Ltd

  • NXSRF-TOKEN | |Purpose: Cookie for fraud detection of calls |Duration: Session

  • hs |Purpose: Security Cookie for Hive (legacy) |Duration: Session

  • svSession |Purpose: Session cookie for identification |Duration: Session

  • SSR-caching |Purpose: Performance cookie for rendering |Duration: Session

  • TS* |Purpose: Cookies for attack detection |Duration: Session

  • bSession |Purpose: Used for system effectiveness measurement |Duration: Session

  • fedops.logger.sessionId |Purpose: Tracking session errors and issues (resilience) | Duration: Session

  • server-session-bind |Purpose: Cookie for API protection |Duration: Session

  • client-session-bind |Purpose: Cookie for API protection |Duration: Session

 

Non-essential cookies

We don’t use non-essential cookies on SAO’s website.

​​​​​​​​​​

What types of personal data we collect and why

When you provide your data to us by email or verbally for the purposes outlined below, we consider that you have given your consent for us to collect it. We collect and process personal data only when it is strictly necessary for the fulfilment of our purposes. Depending on the circumstances, we store and process your personal data for the following purposes.

Website Users

Purpose: Proper functioning of the website and improvement of the user experience

Data collected:

  • the IP address you used to connect to our website,

  • information about the browser you used,

  • the website from which you accessed ours,

  • date and time of your visit,

  • usage data which include: how long you visited our website, which choices you made for example about cookies, which language you chose, which webpages you visited, how long you stayed, which buttons you clicked

  • when and for how long,

  • information about the operating system you used,

  • the device’s screen resolution,

  • timestamp,

  • the amount of data transferred,

  • the internet service provider,

  • the geographic location from which you connected,

  • device identifiers of the equipment you used.

 

Storage duration: See above. You can delete cookies at any time.

 

You can find more information about the cookies used and the information that is collected in the pop-up window that asks you to decide which type of cookies you allow to be used.

We also process the information that you give us, when you send an email to SAO.

 

Job Applicants

Purpose: Potential job offer.

 

Personal data collected:

  • full name,

  • gender,

  • phone number,

  • email address,

  • CV and cover letter,

  • reference letters.

 

Storage duration: 1 year

 

Volunteers
Purpose: Assignment of a volunteer position, compliance with legal obligations.

 

Personal data collected:

  • full name,

  • gender,

  • date of birth,

  • nationality,

  • phone number,

  • email address,

  • place of residence,

  • CV information (education, occupation, experience, knowledge).

Additionally, with the volunteer's explicit consent, we collect photographs during his/her volunteer work for publication on our website, social media, newsletters, and donor reports.

 

Storage duration: 20 years if you volunteer for us, and 5 years if your initial application is rejected. 

 

Donors

Purpose: Processing financial or in-kind donations to SAO Association Hellas AMKE, compliance with tax legislation.

 

Personal data that could be collected, depending on the case:

  • full name,

  • phone number,

  • email address,

  • Tax Identification Number,

  • donation amount.

 

Storage duration: 10 years for tax purposes

We are committed to never selling your personal data and to taking appropriate measures to ensure that the collection, processing and storage of personal data are carried out lawfully, both by us and by any partners who process data on our behalf.

We also collect personal data of our clients, our staff, and our collaborators. We follow a separate, strict policy for the protection of this data, in accordance with the law.

Who has access to your data

Access to your personal data is granted only to:

  • Authorised personnel who have the relevant responsibility in each case.

  • Organisations or partners to whom we assign a specific task. For example, necessary information is transferred to an accounting office to issue donation receipts, and Wix.com and its partners which provide the platform where our website is stored.

  • Lawyers, law firms, bailiffs, when required to pursue any lawful claims of SAO.

  • Public, judicial, and other authorities within their competencies, when required, so that SAO complies with any legal obligations.

 

Data transfer is conducted with appropriate security measures, and processing is done in compliance with the GDPR and applicable legislation.

 

How long we store personal data

We collect, process and store personal data for the period of time necessary by law or to pursue a legitimate interest or to support our legal claim. When these data are no longer necessary, they are destroyed or deleted.

Data security

We implement technical and administrative security measures to protect personal data from accidental or intentional destruction, loss, leakage, or unauthorized access. We monitor technological developments in data security and apply necessary updates. We do not disclose, grant, exchange, or otherwise share your personal data with third parties without your consent, except in the cases outlined in this policy. We do not make decisions related to the processing of your personal data through automated means.

Your rights regarding your personal data

According to the GDPR, you have the following rights:

  • Right to information about your personal data: You have the right to know who processes your data, what data is processed, and for what purpose. This information must be clear and provided in simple language.

  • Right to access your personal data: You have the right to request free access to your data.

  • Right to rectification of your personal data: You have the right to request corrections to your data and to complete any missing information.

  • Right to erasure (“right to be forgotten”): You have the right to request the deletion of your personal data under certain conditions, such as when SAO no longer needs it, when the data was processed unlawfully, when you no longer consent to its processing and there is no legal obligation to keep it, etc.

  • Right to restriction of processing: You have the right to request that the processing of your personal data be limited under specific conditions.

  • Right to data portability: You have the right to request the transfer of your data to another organisation, person, or company that processes data.

  • Right to object: You have the right to object to the processing of your personal data and to stop it, unless public interest prevails.

  • Right not to be subject to automated profiling and individual decision-making: You have the right to object to a decision based solely on automated processing of your personal data if that decision significantly affects you.

 

You also have the right to submit a complaint to the Hellenic Data Protection Authority at www.dpa.gr.

Contact Us

If you wish to exercise your rights related to the protection of your personal data, you can send an email to: tereza@sao-hellas.gr. We will respond in writing within one month, either fulfilling your request or explaining the reason for its refusal.

 

Additionally, for any concerns you may have regarding your personal data, you can contact the Data Protection Officer of SAO at: dpo@sao-hellas.gr.

 

Last updated: November 2025

bottom of page