top of page
2Pb.png

Privacy Policy

1. Introduction – Information About the Data Controller

This policy concerns the collection of personal data through our website, the internet in general, and by telephone.

With this policy, we aim to explain to you as simply and clearly as possible:

  • What data we process about you

  • For what purposes and on what legal basis we process it

  • How long we retain it

  • Who the recipients of your data are, and

  • What your rights are concerning your data and how you can exercise them.

Through our website, phone communications, and social media, we collect certain information that can lead to your direct or indirect identification. Under European and national legislation, some of this information constitutes personal data (e.g. full name, postal address, phone number, email address, etc.) and can identify you (hereinafter “Personal Data” or “Data”).

As users of our services and visitors to our website, you are referred to as “data subjects,” while we are the “data controllers” of your personal data.

“Processing of Personal Data” means any operation or set of operations performed, with or without automated means, on personal data or sets of personal data such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or any other form of making available, alignment or combination, restriction, erasure, or destruction.

The Data Controller of your personal data is the Private Legal Entity “E.R.E.N.ZO.”, headquartered in Athens, 16 Thisseos Street, Postal Code 10562, telephone: +30 210 3008133, email: contact@grufon.org.

For any clarification or additional information regarding this privacy policy, as well as for exercising your rights under European and national law, you may contact the Data Protection Officer (DPO) of E.R.E.N.ZO. at contact@grufon.org or by post at 16 Thisseos St., Athens 105 62.

2. Basic Principles of Data Processing

We process your data lawfully and transparently, in accordance with European (GDPR 679/2016/EU) and national legislation. We collect and process only data necessary for specific, lawful, and clearly defined purposes.

We retain your data only as long as necessary according to law, contract, purpose, and E.R.E.N.ZO.’s internal policies, and we strive to keep it accurate.

We take all possible measures to ensure your data is safe and protected from unlawful processing, accidental or intentional loss or destruction, and unauthorized access. We apply an extensive information security program and controls based on data sensitivity and risk, following best practices and reasonable cost standards. Our internal security policies, procedures, and staff training ensure confidentiality and data protection. All staff and third-party partners are contractually bound by confidentiality agreements.

The website www.grufon.org uses the SSL (Secure Sockets Layer) protocol, which encrypts data exchanged between devices, ensuring secure connections and protecting your personal and sensitive data. You can confirm a secure connection by the “https://” prefix and the padlock icon in your browser.

3. Purpose and Legal Basis for Data Processing

E.R.E.N.ZO. primarily collects and processes your data only when you voluntarily provide it, such as via our website or phone (e.g. completing a registration form).

However, two exceptions apply:

  1. Data automatically collected when visiting our website.

  2. Data collected through cookies and similar technologies.

3.1. Automatic Data Collection

When visiting our website, our server collects “server log files,” specifically:

  • Date and time of visit

  • Amount of data transmitted (bytes)

  • Browser and operating system used

  • Your IP address at the time of access

Your IP address, along with the date and time of your visit, constitutes personal data. We process this data based on:

Our legitimate interest to ensure network and information security (Article 6(1)(f) GDPR), and our legal obligation to maintain a secure environment (Article 6(1)(c) GDPR).

Data is not shared or used otherwise, except for potential investigation of illegal activity.

Like most websites, we also use cookies and similar technologies for user convenience, social media functionality, analytics, and relevant advertising.

Cookies are small text files stored on your computer or device, unique to each browser, containing anonymous information about your browsing activity.


By continuing to use our website without changing your settings, you agree to our use of cookies.

3.2. Registration and Profile Forms

If you choose to register or contact us through the special form available on our website, we collect the personal data that you provide to us, e.g. by filling out the contact form. This data includes your full name, phone number, email address, and any other information you may provide during our communication, including images or videos. This data is stored and used exclusively for the purpose of responding to your request or for communication and technical administration by us.

The legal basis for processing this personal data is your consent, in accordance with Article 6(1)(a) of the GDPR. The data you provide will be deleted upon your request, provided that no legal grounds exist requiring its retention. Additionally, and only with your optional consent which serves as the legal basis for processing under Article 6(1)(a) of the GDPR we may process the email address you provide in order to send you informational and promotional material from E.R.E.N.ZO. You may withdraw your consent at any time, including in any subsequent communication.

3.3. Communication via Form, Email, or Telephone

In the context of our communication (e.g. via the contact form or email), we collect the personal data that you provide in the respective form, as well as any other information you may share with us during our correspondence, including images or videos. This data is stored and used exclusively for the purpose of responding to your request or for communication and technical administration by us.

The legal basis for processing this personal data is your consent, given so that we may respond to your request, in accordance with Article 6(1)(a) of the General Data Protection Regulation (GDPR). Your data will be deleted after the final processing of our communication. This will occur when it can be inferred from the circumstances that the matter has been fully resolved, provided that there are no legal grounds requiring the further storage of such data.

3.4. Application Submission

With your consent, we process the ordinary and any special categories of personal data that you provide when completing the Application Form, specifically your first and last name, contact details, preferences, and other personal information. We process this data in order to manage your application, and the legal basis for this processing is your consent (Article 6(1)(a) of the GDPR).

Finally, and only with your optional consent which constitutes the legal basis for processing according to Article 6(1)(a) of the GDPR we may process your personal data (name, contact details) for future communication with you.

Your data may, in any case, be processed even without your consent, for reasons of compliance with applicable laws, regulations, or EU law (Article 6(1)(c) of the GDPR).

The data is stored for as long as necessary to achieve the purposes for which it was collected. In any case, the criterion used to determine this period is based on compliance with the time limits set by law and contract, as well as on the principles of data minimization, storage limitation, and rational file management.

3.5. Data Access and Transfers

Your Data is accessible to the authorized personnel of E.R.E.N.ZO. who are responsible for responding to your requests, as well as to staff involved in administrative, accounting, IT, and internal audit matters, and to any other authorized person who must process your data in the course of their professional duties.

Additionally, for the operation of our website, the management of our Pages, and the processing of your requests, we cooperate with third-party service providers legal or natural persons, professionals, or independent consultants who provide us with commercial, professional, or technical services for the purposes mentioned above, and to support E.R.E.N.ZO., in whole or in part, in providing the services you request. Depending on the case, these natural or legal persons may act as Joint Data Controllers, Data Processors, or persons authorized to process personal data, for the same purposes mentioned above, under the same safeguards and in accordance with applicable law.

Before any third party receives Personal Data, we:
(1) conduct a legal and privacy review to assess the privacy practices and risks associated with these third parties.
(2) obtain contractual guarantees from them ensuring that they will process Personal Data in accordance with E.R.E.N.ZO.’s instructions, this Policy, and applicable legislation that they will promptly inform E.R.E.N.ZO. of any Privacy Incident including any inability to comply with the standards set forth in this Policy and the applicable law or any Security Incident that they will cooperate to promptly remedy any documented Incident that they will assist us in responding to the individual rights of data subjects as described below and that they will allow E.R.E.N.ZO. to audit and supervise their practices during processing to ensure compliance with these requirements.

In some cases, data may be transmitted for purposes permitted by law and/or legitimate interest (such as administrative and accounting needs, legal claims, or business development). Finally, data may be further transmitted to institutional bodies, authorities, and public entities for lawful purposes.

Except as stated above, the Data will not be disclosed or made available to any third parties, natural or legal persons, nor will it be disseminated.

E.R.E.N.ZO. does not transfer Personal Data outside the European Union however, should this be required (e.g. for the use of cloud services), such transfer will take place under the conditions and safeguards provided by Articles 44 et seq. of the GDPR, for example, by obtaining your consent, applying standard contractual clauses approved by the European Commission, or transferring data to countries deemed adequate by the European Commission.

3.5.1 Data of Minors

When it is necessary to process minors’ data, such processing is carried out only with the written and explicitly expressed consent of the persons exercising parental responsibility over the minor. In any case, we make reasonable efforts to verify that the consent is given or authorized by the person who actually holds parental responsibility for the child, through identity verification and any other available means.

3.6. Your Rights

You may contact the Data Protection Officer (DPO) of E.R.E.N.ZO. at the email address, postal address, and telephone numbers indicated in paragraph (1) of this document at any time in order to exercise your rights under Articles 15–22 of the GDPR namely, the rights of access, rectification, erasure (where permitted), restriction of processing, notification, data portability, as well as the right to withdraw consent pursuant to Article 7(3) and to lodge a complaint with a supervisory authority pursuant to Article 77 of the GDPR.

For example, you may request an up-to-date list of the individuals who have access to your data, obtain confirmation as to whether or not personal data concerning you exist, verify their content, origin, accuracy, retention period, and location (including in relation to any third country), request a copy, request their rectification, and, in cases provided for by law, request the restriction of their processing or their deletion. You may also object to direct communication activities (such as the sending of newsletters) by E.R.E.N.ZO. Likewise, you may always submit comments regarding specific uses of your data that you consider incorrect or unjustified, or file a complaint with the Hellenic Data Protection Authority (HDPA), 1–3 Kifisias Avenue, P.C. 115 23, Athens, Telephone Centre: +30-210 6475600, or via the website http://www.dpa.gr/.

You may withdraw your consent at any time, without affecting the lawfulness of processing carried out prior to its withdrawal. However, we reserve the right to continue processing if we can demonstrate compelling legitimate grounds for such processing that override your interests, fundamental rights, and freedoms, or if the processing is necessary for the establishment, exercise, or defence of legal claims.

3.7. Changes to This Policy

This Privacy Policy may be amended at any time deemed necessary by E.R.E.N.ZO. Any forthcoming significant changes to our policy will be posted on our website www.grufon.org prior to their implementation. Finally, you may request a copy of this Policy to be sent to you by post or by telephone.

Cookie Policy

What Are Cookies?

To ensure that our website functions properly, we may occasionally place a small piece of data known as a “cookie” on your computer or mobile device. A cookie is a text file that is stored by a web server on a computer or mobile device. The contents of a cookie can only be retrieved or read by the server that created it. The text in a cookie often consists of identifiers, site names, and certain numbers and characters. Cookies are unique to the browser or mobile application you use and allow websites to store information such as your preferences.

What categories of cookies are used on www.grufon.org?

Our website uses the following categories of cookies to ensure its smooth and secure operation, as well as to improve your browsing experience:

1. Strictly Necessary Cookies

These cookies are essential for the proper functioning of the website and cannot be disabled in our systems. They are usually set in response to actions you take, such as filling in forms, setting your privacy preferences, or logging in. You can set your browser to block or alert you about these cookies, but some parts of the site may not work properly as a result.

2. Performance and Analytics Cookies

These cookies allow us to collect information about how visitors use our website for example, which pages are visited most often, or whether users encounter errors. The information collected is aggregated and anonymous. These cookies help us understand how our website is used and improve its performance and content.

3. Functionality Cookies

These cookies enable the website to remember your preferences (such as language settings or region) and provide enhanced, more personalized features. The information collected by these cookies may be anonymized and does not track your browsing activity on other websites.

4. Third-Party Cookies

In some cases, we may use cookies from trusted third parties, such as analytics or social media service providers, to better understand the effectiveness of our content and communication. These third parties may collect and process data in accordance with their own privacy policies, over which we have no control.

Enabling cookies is not strictly necessary for the operation of this website however, it will enhance your browsing experience. You may delete or block access to these cookies, but if you do so, certain features of the website may not function properly.

The Data Controller responsible for the processing of cookies is E.R.E.N.ZO.

The information related to cookies is not used to personally identify you, and we maintain full control over the data. Cookies are not used for any purposes other than those described in this document.

You can manage and/or delete cookies as you wish. You can delete all cookies that are already stored on your computer, and you can also set most browsers to prevent cookies from being installed. However, if you do so, you may have to manually adjust certain preferences each time you visit the site.

bottom of page