Privacy Policy

Privacy Policy for Matriarchal Arts Council

This Privacy Policy is effective as of April 19, 2025.

Matriarchal Arts Council (“we,” “us,” or “our”) operates the website matriarchalartscouncil.com (the “Website”). We are a non-profit organization based in Gavalochori, Chania, 730 08, Greece, dedicated to promoting arts and culture. This Privacy Policy outlines how we collect, use, store, share, and protect your personal data in compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.
We are committed to safeguarding your privacy and ensuring transparency in our data processing practices. If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at councilformatriarchalarts@gmail.com (mailto:councilformatriarchalarts@gmail.com).

1. Scope of This Privacy Policy
   This Privacy Policy applies to all personal data we collect through the Website, including when you:
   Visit our Website;

Make a donation;

Contact us via email or contact forms;

Subscribe to newsletters or updates (if applicable);

Engage with any other services or features provided on the Website.

This policy does not apply to third-party websites, services, or applications that may be linked from our Website. We are not responsible for the privacy practices of such third parties.

2. Data Controller
   For the purposes of GDPR, the data controller is:
   Matriarchal Arts Council
   Address: Gavalochori, Chania, 730 08, Greece
   Email: councilformatriarchalarts@gmail.com (mailto:councilformatriarchalarts@gmail.com)
   As the data controller, we are responsible for determining the purposes and means of processing your personal data.
3. Personal Data We Collect
   We collect only the personal data necessary to provide our services and fulfill our non-profit mission. The types of personal data we may collect include:
   3.1 Data You Provide Directly
   Contact Information: Name, email address, postal address, or phone number when you contact us, make a donation, or fill out forms on the Website.

Donation Information: Payment details (e.g., credit card or bank account information) provided through secure third-party payment processors when you make a donation.

Communication Data: Any information you provide when you email us or use contact forms, including the content of your messages.

Newsletter Subscriptions: Email address and preferences if you sign up for newsletters or updates.

3.2 Data Collected Automatically
Technical Data: IP address, browser type, operating system, device information, and other technical data collected through cookies or similar technologies (see Section 9 for details).

Usage Data: Information about how you interact with the Website, such as pages visited, time spent, and links clicked.

3.3 Data from Third Parties
Payment Processors: When you make a donation, our third-party payment processors (e.g., PayPal, Stripe) may provide us with limited data, such as your name, email, or transaction details, to confirm the donation.

Analytics Providers: We may use tools like Google Analytics to collect anonymized data about Website usage (see Section 9).

We do not collect special categories of personal data (e.g., data concerning health, religion, or political opinions) unless explicitly provided by you and necessary for a specific purpose, with your consent.

4. Legal Basis for Processing Personal Data
   Under GDPR, we process personal data only when we have a lawful basis to do so. The legal bases we rely on include:
   Consent (Article 6(1)(a) GDPR): When you provide explicit consent, such as signing up for newsletters or agreeing to cookies.

Contract (Article 6(1)(b) GDPR): To process donations or fulfill requests you make through the Website.

Legitimate Interests (Article 6(1)(f) GDPR): For activities such as improving the Website, analyzing usage, or ensuring security, provided your rights and freedoms do not override these interests.

Legal Obligation (Article 6(1)(c) GDPR): To comply with applicable laws, such as tax or financial reporting requirements related to donations.

We will always inform you of the legal basis for processing when collecting your data and ensure that processing is lawful, fair, and transparent.

5. How We Use Your Personal Data
   We use your personal data for the following purposes:
   To Process Donations: To facilitate and confirm donations, including communicating with you about your contribution.

To Communicate with You: To respond to inquiries, provide updates, or send newsletters (if you have subscribed).

To Improve Our Website: To analyze usage patterns and optimize the Website’s functionality and user experience.

To Ensure Security: To detect and prevent fraud, cyberattacks, or other unauthorized activities.

To Comply with Legal Obligations: To meet financial, tax, or regulatory requirements, such as maintaining donation records.

To Promote Our Mission: To share updates about our non-profit activities, events, or campaigns (with your consent, where required).

We do not use your personal data for automated decision-making or profiling that produces legal or similarly significant effects.

6. Data Sharing and Disclosure
   We do not sell, rent, or trade your personal data. We may share your data only in the following circumstances:
   Third-Party Service Providers: We work with trusted third parties, such as payment processors (e.g., PayPal, Stripe) or analytics providers (e.g., Google Analytics), to provide services on our behalf. These providers are contractually obligated to process your data securely and in compliance with GDPR.

Legal Requirements: We may disclose your data if required by law, such as to comply with a court order, tax authority, or other legal obligation.

Business Transfers: In the unlikely event of a merger, acquisition, or dissolution, your data may be transferred to a successor organization, with appropriate safeguards in place.

All third parties with whom we share data are required to adhere to GDPR and maintain appropriate security measures. We do not transfer your data outside the European Economic Area (EEA) unless adequate safeguards, such as Standard Contractual Clauses, are in place.

7. Data Storage and Retention
   7.1 Storage
   Your personal data is stored securely on servers located within the EEA. We use reputable hosting providers that comply with GDPR and maintain robust security standards.
   7.2 Retention
   We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected or to comply with legal obligations. Specific retention periods include:
   Donation Data: Retained for 7 years to comply with tax and financial regulations.

Contact Information: Retained until you request deletion or unsubscribe (for newsletters).

Technical/Usage Data: Retained for up to 12 months for analytics and security purposes, unless anonymized.

When data is no longer needed, it is securely deleted or anonymized so it cannot be linked to you.

8. Data Security
   We implement appropriate technical and organizational measures to protect your personal data from unauthorized access, loss, alteration, or disclosure. These measures include:
   Encryption: Secure Sockets Layer (SSL) encryption for data transmitted via the Website.

Access Controls: Limiting access to personal data to authorized personnel only.

Regular Audits: Monitoring and reviewing our security practices to address vulnerabilities.

Third-Party Compliance: Ensuring all service providers use secure systems and comply with GDPR.

Despite our efforts, no system is completely secure. If a data breach occurs, we will notify you and the relevant supervisory authority within 72 hours, as required by GDPR, and take steps to mitigate harm.

9. Cookies and Tracking Technologies
   We use cookies and similar technologies to enhance your experience, analyze usage, and ensure the Website functions properly. Cookies are small text files stored on your device.
   9.1 Types of Cookies
   Essential Cookies: Necessary for the Website to function (e.g., maintaining your session).

Analytics Cookies: Used to collect anonymized data about Website usage (e.g., Google Analytics).

Marketing Cookies: Used to deliver relevant content or ads (only with your consent, if applicable).

9.2 Managing Cookies
You can manage cookie preferences through our cookie consent banner when you visit the Website. You can also disable cookies in your browser settings, but this may affect the Website’s functionality.
For more details, please see our Cookie Policy (available on the Website, if applicable).

10. Your Rights Under GDPR
    As a data subject under GDPR, you have the following rights regarding your personal data:
    Right to Access (Article 15): Request a copy of the personal data we hold about you.

Right to Rectification (Article 16): Request correction of inaccurate or incomplete data.

Right to Erasure (“Right to be Forgotten,” Article 17): Request deletion of your data, subject to legal obligations.

Right to Restriction of Processing (Article 18): Request that we limit how we process your data.

Right to Data Portability (Article 20): Receive your data in a structured, machine-readable format or have it transferred to another controller.

Right to Object (Article 21): Object to processing based on legitimate interests, including direct marketing.

Right to Withdraw Consent (Article 7): Withdraw consent at any time, where processing is based on consent (e.g., newsletters).

Right to Lodge a Complaint (Article 77): File a complaint with a supervisory authority, such as the Hellenic Data Protection Authority in Greece (www.dpa.gr).

10.1 How to Exercise Your Rights
To exercise any of these rights, please contact us at:
Email: councilformatriarchalarts@gmail.com
Address: Matriarchal Arts Council, Gavalochori, Chania, 730 08, Greece
We will respond to your request within one month, as required by GDPR. In complex cases, we may extend this period by two additional months, and we will inform you accordingly. No fee is required to exercise your rights, but we may charge a reasonable fee for repetitive or unfounded requests.

11. Children’s Privacy
    Our Website is not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that a child has provided personal data without parental consent, we will delete it immediately. If you believe a child has provided us with personal data, please contact us at councilformatriarchalarts@gmail.com (mailto:councilformatriarchalarts@gmail.com).
12. International Data Transfers
    We primarily process and store data within the EEA. If we transfer your data to a country outside the EEA (e.g., through third-party service providers), we ensure that appropriate safeguards are in place, such as:
    Standard Contractual Clauses approved by the European Commission;

Binding Corporate Rules (if applicable);

An adequacy decision by the European Commission for the recipient country.

We will inform you of any such transfers and the safeguards in place.

13. Third-Party Links
    Our Website may contain links to third-party websites or services (e.g., payment processors, social media platforms). We are not responsible for the privacy practices or content of these third parties. We encourage you to review their privacy policies before providing personal data.
14. Changes to This Privacy Policy
    We may update this Privacy Policy to reflect changes in our practices, legal requirements, or Website functionality. We will notify you of significant changes by posting the updated policy on the Website and updating the “Last Updated” date. If required by GDPR, we will seek your consent for material changes.
    Please review this Privacy Policy periodically to stay informed about how we protect your personal data.
15. Contact Us
    If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:
    Matriarchal Arts Council
    Email: councilformatriarchalarts@gmail.com
    Address: Gavalochori, Chania, 730 08, Greece
    We are committed to addressing your inquiries promptly and transparently.
16. Supervisory Authority
    If you believe we have not handled your personal data appropriately, you have the right to lodge a complaint with a supervisory authority. In Greece, the relevant authority is:
    Hellenic Data Protection Authority
    Address: Kifissias 1-3, 115 23 Athens, Greece
    Phone: +30 210 647 5600
    Email: contact@dpa.gr
    Website: www.dpa.gr