Privacy Notice
Global Sustain S.A. (“Global Sustain”) is committed to the protection of your personal data. Therefore, it takes the necessary and proportionate measures to protect, secure and maintain the integrity and availability of your data processed via its Website that it operates sustainabilityforum.gr (“Website”).
Users are encouraged to read the Website Privacy Notice carefully. By using sustainabilityforum.gr, you accept the terms of this Privacy Notice. If you do not agree to the terms of this Privacy Notice, you should not use the Website. Using the Website after modifications to this Privacy Notice constitutes your acceptance of those changes.
The Privacy Notice is directly linked to and accompanies the Terms of Use of the Website. Please refer to them for more information.
Data Controller
The company under the name ” Global Sustain S.A.”, with corporate seat at 36, Agias Triadas str., Palaio Faliro, Greece, is the owner and administrator of the website sustainabilityforum.gr and data controller for the personal data processed via the website and for the services it offers.
You may can contact Global Sustain for any request regarding your data by sending an email to info@globalsustain.org.
Data we collect from you
The Website has an informative character regarding the Sustainability Forum and the purposes of its organisation.
You may contact the Website operator by sending an email, while also you may register and purchase your ticket for attending the event.
In such cases Users may accordingly be requested to provide – check the following link: https://prnt.sc/LqNoUs2NcwKu
Data we collect by automated means
When you use our Website, your device automatically provides us with data so that we can serve and tailor our response to you. The type of information we collect through automated means generally includes technical information about your device, such as the IP address or other device ID, the type of device you are using, and the version of the operating system.
The data we collect may also include usage information and statistics about your interaction with the website.
We encourage you to read our Cookies Policy carefully to learn more about Cookies, how to use them and how you can control their use.
Purpose & Lawful Basis for personal data processing
The processing of personal data of users is subject to the terms hereof, the relevant provisions of the General Data Protection Regulation (EU / 2016/679), and of the Greek law 4624/2019.
We use data we collect through our website for the following purposes and based on the following lawful bases:
Purpose: To process your ticket order
Lawful basis: Necessary processing to enter into a contract at the request of the data subject
Purpose: Communication with users upon request
Lawful basis: Legitimate interest of the company to answer to your message
We may also process and forward user personal data to comply with our legal obligations or orders from the relevant police, public and judicial authorities.
Data Retention
The data of users’ account are kept for 1 year after a user has contacted Global Sustain.
Billing information and transaction details are retained for 15 years after the purchase has been concluded to comply with our legal/tax obligations and/or to protect Global Sustain’s legitimate interests.
For the duration of the retention of the information collected through cookies, please read our Cookies Policy.
Recipients of data
Your data may need to become available to Global Sustain personnel, and website maintenance technicians, who are external partners. All parties are bound by the obligation of confidentiality and due process.
To process your payment, we use Stripe as data processor, which performs the transactions conducted through the Website. Stripe is bound by a Data Processing Agreement.
We do not transfer your data to any other third parties, except for the company-provider of maintenance, email and hosting services of the website (https://www.generation-y.gr/). All parties operate as data processors and are bound by the obligation of compliance with the rules of confidentiality and lawful processing.
Please note that your personal data may be disclosed, in any case where we are required to do so under applicable law or when necessary for the purposes of our legal interests protection or in the context of processing by our partners or third parties (such as cloud services), always ensuring that the guarantees for its safety and protection is met.
Contact the website
The communication with our website is available via email.
Only our authorized personnel, who is bound by confidentiality clauses or by a regulatory obligation of confidentiality, have access to the messages we receive.
We do not forward messages to third parties which we receive on our platform without the explicit consent of the sender.
Exceptions to the above, are cases in which forwarding to third parties or not deleting the emails we receive, is necessary to comply with our obligations arising from the law or to establish, exercise or support legal claims.
Technical Measures of the Website
We work with the website’s hosting service provider, to ensure that your personal data is protected, maintaining the data of our website within the European Economic Area. Data is protected by European legislation.
Our website uses an encryption system to ensure greater security during your navigation.
We might use third party vendors and hosting partners to provide the necessary hardware, software, storage and related technology required for the operation of the website. We may store encrypted backups of our database to a third-party storage provider to ensure its security in the event of an emergency or disaster.
Social Media
Global Sustain uses social media to promote its services. This notice does not apply when you use social media to get in touch with our website. Instead, the processing of your personal data is subject to the privacy policy of such social media. We advise you to read the social media privacy policy carefully before using them.
Your Rights
Please check the following link: https://prnt.sc/5vibUNI3msfJ
If you have any questions about this privacy notice or would like to ask for clarification or if you wish to exercise any of your rights or withdraw your consent to any communication, please contact info@globalsustain.org.
We will respond to your request within thirty (30) days of receipt. In the event that an extension of the above deadline is required for the investigation and / or processing of your request, we will inform you, explaining the reasons why the extension of the deadline is necessary.
In any case, if you feel that the protection of your personal data has been violated in any way, you have the right to file a complaint to the Hellenic Personal Data Protection Authority (www.dpa.gr). For the Authority’s jurisdiction and the way of submitting a complaint, you can visit its website where there is detailed information.
Modification of this Privacy Notice
We may make changes to this Notice from time to time. We may make these modifications for a variety of reasons, for example to reflect changes or requirements arising from the law, new features or changes in corporate practices. The latest version will be published in the relevant place on the website. You should check often to find the latest version. The latest version is the applicable one. If the changes involve significant ones that affect your rights or obligations, we will notify you in advance via reasonable means, which may include notice through the Website or by email. If you continue to use the Services after the changes take effect, you agree to the revised notice.
Last Modified: 03/10/2022
PERSONAL DATA PROTECTION POLICY
1. INTRODUCTION – SCOPE
The purpose of this Personal Data Policy is to provide information on the collection, registration, storage, use, modification, processing and (hereinafter referred to as “use”) of personal data of individuals of the Global Sustain Group. This privacy policy applies only to the websites and databases owned and operated by Global Sustain and does not apply to information collected through any other website or to practices of other companies that Global Sustain does not control. Websites may include links to other sites that are not controlled by Global Sustain but by third parties (individuals or legal entities). Under no circumstances Global Sustain is responsible for the terms and conditions regarding the protection of visitors’/users’ personal data adopted and applied by these operators.
2. EUROPEAN GENERAL DATA PROTECTION REGULATION (GDPR) (EU) 2016/679
The General Data Protection Regulation (CIS – (EU) 2016/679) includes a single, streamlined and more stringent compliance framework for the protection of personal data in the European Union, based mainly on the principle of accountability, but also on individual authorities. The purpose of the European Regulation is to lay down the conditions for the processing of personal data to protect the rights and freedoms of individuals, in particular the right to the protection of personal data.
3. GLOBAL SUSTAIN ACTIVITY
The Global Sustain Group of companies was established in 2006, with legal entities today in the United Kingdom (Global Sustain Ltd), Germany (Global Sustain GmbH) and Greece (Global Sustain SA). It also maintains affiliates in Brussels, Zurich, Nicosia and New York. The company offers innovative services on issues related to sustainability, corporate responsibility, green economy, responsible investment, business ethics, excellence, transparency, human rights and accountability. Its members include corporations, non-governmental and non-profit organizations, municipalities and local authorities, academic institutions, media, trade unions and other public and private entities.
4. TERMS AND CONDITIONS OF GLOBAL SUSTAIN WEBSITE USE
The terms and conditions of use of the Global Sustain websites are posted on the website at the address http://www.globalsustain.org/en/terms.
5. CLAUSES IN GLOBAL SUSTAIN CONTRACTS AND AGREEMENTS WITH CLIENTS, SUPPLIERS AND OTHER PARTNERS
Regarding the fulfillment of the obligations arising from the Global Sustain contracts with its customers, Global Sustain may receive information related to certain employees who work or cooperate with the Companies (including but not limited to information of staff of the Company, customers and associates) who may be linked to personal data. On these personal data, the following apply: a) each Company -client of Global Sustain is the controller and Global Sustain is the processor, b) Global Sustain, as the processor, will comply with the obligations under the relevant legislation concerning the protection of personal data and commits not to take any action that will constitute breach of privacy legislation from each company’s part and c) Global Sustain guarantees that the Contractors, its employees and / or agents that have access to personal data for fulfilling contractual obligations will receive the Personal Data and treat them according to the law on personal data protection. If Global Sustain provides the respective Company with personal data, it warrants that it has the right to provide them regarding the provision of services and that the personal data are processed in accordance with the applicable law. The Company may process personal data in accordance with the applicable laws of the various jurisdictions in which the Company operates.
6. INTERNAL CODE OF CONDUCT FOR PERSONNEL
All staff (employees) of the Global Sustain Group have signed and are bound by principles and provisions of the internal Code of Conduct, which includes, among other things, provisions on the use of personal data. An abstract from the Code is given below in relation to these terms. «…When handling financial and personal information about customers or others with whom Global Sustain has dealings, observe the following principles:i. Collect, use, and retain only the personal information necessary for Global Sustain business. Whenever possible, obtain any relevant information directly from the person concerned. Use only reputable and reliable sources to supplement this information. ii. Retain information only for as long as necessary or as required by law. Protect the physical security of this information. iii. Limit internal access to personal information to those who are seeking that information for a legitimate business reason. Use personal information only for the purposes for which it was originally obtained. Obtain the consent of the person concerned before externally disclosing any personal information, unless legal process or contractual obligation provides otherwise. iv. Comply with relevant confidentiality and / or non-disclosure agreements…»
7. BRIEFING AND STAFF TRAINING ON PERSONAL DATA
Employees of the Global Sustain Group are briefed and trained, when required, for GDPR provision and for the collection and use of personal data, through seminars, webinars as well as workshops. The Company itself organizes and supports, through its specialized partners,informative events for the GDPR and for personal data and maintains a file for its employees’ education and update.
8. INTERNAL AND EXTERNAL ELECTRONIC COMMUNICATION / MAIL POLICY
All staff (employees) of the Global Sustain Group are bound by principles and provisions of Internal and External Electronic Communication / Mail Policy with customers and stakeholders, where part of this communication may contain personal data. The following is a section of this Policy regarding these terms. «…All emails sent from or received at globalsustain.org server email accounts are considered Global Sustain property and asset and contain valuable information that maybe confidential and subject to disclosure under law. Therefore, it is expected that all employees and associates treat, store, and keep records of their globalsustain.org server email accounts according to corporate policy. Whenever requested, all globalsustain.org server email account users must be able to retrieve emails and relevant information (i.e. attachments) within reasonable course and time (no later than 24 hours) and provide them to persons or entities that have a right to know (i.e. Global Sustain management, clients, partners, legal representatives, etc.). Global Sustain shall provide sufficient means and infrastructure of keeping record and back up of emails for this purpose (i.e. personal computers, filling systems and storage, cloud-based applications, etc.) …»
9. DEFINITION OF PERSONAL DATA BASED ON ACTIVITY – COLLECTION TYPES – TYPES OF PERSONAL DATA (FROM CLIENTS, PARTNERS, PERSONNEL AND OTHER PARTNERS)
The Company has developed the website www.globalsustain.org to provide communication, networking and marketing services to individuals, companies, organizations or agencies. For this purpose, the Company has developed three (3) online directories: Sustainability, Non-Governmental Organizations (NGOs) and Social Organizations, available on the Company’s Web site (www.globalsustain.org). The Client assigns to the Company and the latter accepts a) the provision of services for the communications of the Client’s activity on the website maintained by the Company on the Internet; and b) the recording of the Customer’s data and activities in the electronic directories developed by the Company, information to be provided by the Customer. Global Sustain collects, stores and processes personal data of customers, employees, suppliers, other partners required to fulfill contractual agreements. Global Sustain, as part of its customer service promotion services on its website and based on its contractual obligations, uses name, position, professional contact information, education (when available).
Also, photos of individuals are used in: Websites (globalsustain.org, sustainabilityforum.gr sustainabilityforum.de, globalsustainyearbook.org), special editions of the Company, (e.g. Yearbook) under relevant contracts, Social Media, Forms (Global Sustain Annual Group Report and Promotional Material) presentations and annual customer reviews. The Customer grants the Company all the material that wishes to display in textual form (articles, press releases, corporate announcements, presentations, annual reports, executives’ interviews and speeches, etc.) or static/dynamic images (logo, photographic material) and / or multimedia files (video, recordings) able to renew this during the contract.
Global Sustain may require the Customer to send this material as an electronic file, setting limits on its size. Under a contractual obligation, Global Sustain proceeds to registration and communicates the Customer activities through the creation and management of a Customer’s microsite on the website www.globalsustain.org containing the following: Corporate Logo, Name, Address (Display and Google Map), Phone, Fax, Email / URL, Address / Department Manager, Corporate Profile, Social Profile, Other Desired Profile, Picture Archive and Video. The Company also maintains the following data which may contain personal data:
(a) the Global Sustain Human Resources Department, a detailed file for each employee in the framework of labor law provisions and an annual employee performance assessment. (b) Database with e-mail addresses for the newsletter sent by the Company to any interested party. It is noted that all recipients have provided a written consent for receiving the newsletter maintained in a separate file / database. The personal data collected include: email address, name, surname, organization, job title, country.
10. REGISTRATION / STORAGE OF PERSONAL DATA – MEANS OF REGISTRATION – DATA CLEARANCE – PREVENTIVE MEASURES FOR DATA BREACH
Global Sustain ensures that any personal data is collected for a specific and legitimate purpose, as well as to serve the company’s business purposes based on contractual obligations. Only necessary and accurate information is collected and updated if possible. The information is maintained for as long as it is required and processed in such a way as to ensure its safety. Any individual or legal entity has the option to opt in / opt out and revoke its consent at any time. Regarding the personal data transmitted, when a job seekers’ CV is concerned, the minimum necessary processing of personal data takes place as long as it is necessary for the assessment of the CV and only if it corresponds to the specific job opening.
Once the position is filled, the CV data will be stored by Global Sustain for future use / evaluation purposes in case of future jobs in Global Sustain. Unless consent has been received, CV data, after a relevant job opening is filled, is deleted unless Global Sustain is legally entitled or required to maintain it. Global Sustain has adopted and maintains measures to avoid and prevent personal data breach. All personal data is kept in a database maintained by the Company in cloud-based services that ensure the highest level of security at a global level. Global Sustain may retain personal data necessary for its activity and the achievement of its purposes and for historical records in electronic media. From time to time, Global Sustain may delete these data, and any individual may request the deletion of these data for a specific reason at any given time.
11. PROCESSING/MODIFICATION OF PERSONAL DATA NOTIFICATION / TRANSMISSION TO THIRD PARTIES
As part of the clients/members’ networking, Global Sustain usually sends the participants’ lists of events (such as the Brunch, Sustainability Forum, Stakeholder Panels) that it organizes with its customer network. These lists include the name, job title, the company that the participant is employed, email and business phone number. Again, there is consensus on the processing and dissemination of this data, as this is covered by relevant Global Sustain contractual obligations to its customers. The Company never transfers (commercial or not) personal data without consent.
12. RIGHTS OF ACCESS AND OBJECTION
All those who have a legitimate interest in the activities of Global Sustain have the right to: (a) know whether personal data concerning them are or have been processed by Global Sustain and (b) at any time raise objections to the processing of the data concerning them, expressly including the possibility of requesting the deletion of personal data. For any rights of access and objection to the processing of personal data, anyone may contact info@globalsustain.org, or write to Global Sustain at:
United Kingdom Address: 10 John Street, London WC1N 2EB, Germany Address: FriedrichStr. 191, 10117 Berlin, Greece Addrees: 35 Antiopis, 17343 Agios Dimitrios, Athens, Attica.
13. DATA PROTECTION OFFICER
A key provision in the European Regulation is the definition of a Data Protection Officer (DPO), if and when required. This obligation applies to organisations whose main activity is the systematic monitoring of individuals on a large scale, or the processing of specific categories of personal data (which the former regime referred to as sensitive personal data) on a large scale. The role of the Data Protection Officer is primarily advisory and supportive. Taking into account the risk associated with the processing operations, the nature, scope, context and purposes of the processing, the protection officer must inform and advise the controller or the data processor and the employees for the undertaking on the new data protection legislation, as well as monitor compliance with the Regulation in order to minimize the risk of breach, resulting in high fines. The appointment of a DPO is a tool for Global Sustain since, having the role of mediator in addition, it can also assist in the accountability and communication with the Supervisory Competent Authority and consult with it when required. Global Sustain has entrusted the compliance and supervision of data protection policy, along with DPO duties to its Financial Department.
Global Sustain means Global Sustain Ltd. (registered in England and Wales with registered address at 10 John Street, London WC1N 2EB), Global Sustain GmbH (registered in Germany with registered address at FriedrichStr. 191, 10117 Berlin) and Global Sustain SA (registered in Greece with registered address at 35, Antiopis Street, 17343, Ag. Dimitrios, Athens).
Global Sustain is a registered trademark TM.
All Rights Reserved, 2020.