Privacy Policy and GDPR

This Privacy Policy (hereinafter referred to as the "Policy") concerns the CREATE / Women co-create sustainable fashion garments  Consortium Partners and CREATE/ Project (hereinafter "CREATE") and its personal data for natural persons.

CREATE is committed to the protection of the confidentiality and privacy of Personal Data and complies with the relevant provisions of the "General Data Protection Regulation" hereinafter referred to as "GDPR". 

Definitions

  • Personal data: is any information that refers to and describes a person or their personal and business information, such as: identification information (name, age, residence, occupation, marital status, etc.), physical characteristics, education, business activities (ideas, concepts, MVP, designs), work (pre-service, work behaviour, etc.), financial situation (income, assets, economic behaviour), interests, activities, habits.

  • 'personal data breach' means a breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access to personal data transmitted, stored or otherwise processed.

  • Controller: the natural or legal person who determines the purposes and manner of the processing of personal data.

  • Processor: the natural or legal person, public authority, service or other body processing personal data on behalf of the controller.

  • Processing of personal data: any operation or series of transactions relating to personal data, such as collection, registration, organisation, structure, storage, adaptation or alteration, recovery, search for information, use, disclosure by transmission, dissemination or any other form of disposal, association or combination, restriction, deletion or destruction.

  • Third: any natural or legal person, with the exception of the data subject, the controller, the processor and persons who, under the direct supervision of the controller or processor, are authorised to process personal data.

Who is the Controller

CREATE is the controller of personal data, which it processes in the context of the provision of its services (includ. educational and advisory acceleration support services), maintains and processes your personal data with confidentiality and respect for your privacy, taking the necessary technical and organizational measures to further protect them.

Principles On Which We Rely

Article 5 GDPR:

  • Legality, objectivity and transparency

  • Limitation of purpose – Personal data are collected for specified, explicit and legitimate purposes and are not further processed in a manner incompatible with those purposes.

  • Data minimisation – Personal data are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.

  • Accuracy/data quality – Personal data should be accurate and, where appropriate, updated.

  • Preservation – Personal data must be kept no longer than necessary or required by law

  • Integrity and confidentiality – Security must be guaranteed, in particular protection against unauthorised or unlawful treatment and accidental destruction or damage, using appropriate technical or organisational measures.

  • Accountability Authority.

Collection of Personal Data

We collect Information about you, including in the following cases:

  • When you contact us directly, through our website, to request information about the services we offer.

  • If you register to one of our calls for registrations, application to the acceleration process, registration to become part of our network and any other call to action.

  • If your personal data is transmitted to us by Companies, partners or other third parties.

  • During the pre-selection stage in order to get in touch with you and recommend the best possible solution.

  • When you contact us directly, through our website or through ads we have posted on other websites or in the press, for a Call to Action registration process

We also collect data occasionally, from third parties, that may lawfully transmit to us information about our clients/participants or whose records we may legally access, such as our external partners, EU ERASMUS+ National agent, Credit And Fraud Information Providers, lawyers, public services (administrative, tax, judicial, regulatory, insurance funds) or other NDAPs or NPDs.

Personal data is processed for the purposes as detailed below.

Please help us keep your information up to date by informing us of any changes to your personal data.

What Kind of Personal Data We Collect About You

The following categories of data about you may be collected and further processed as described in this Policy:

  • Contact Information (e.g. Name, Address, No. Phone, email)

  • Occupational Status Information (e.g. Occupation, studies)

  • Identification data (e.g. IP  address)

  • Application/web/social media data (e.g. cookies)

  • Videos and digital material on your business activities

  • Information about your business concept, activities, partners, etc.

  • Data and other data necessary for the conduct of the Screening process of your application or registration to our calls to action.

Categories of Personal Data Subjects

Categories of subjects include:

  • Learners

  • Participants

  • SMEs

  • Startuppers

  • Organisations/Businesses/ Brands/Factories

  • Designers

  • Students

  • Academics/ Press/Journalists/Policy makers

  • Incubators/Industry Associations/ Fashion Weeks

  • Customers

  • Partners

  • Leads

  • NGOs

  • Suppliers

  • Natural persons in their capacity as employees, directors or partners in a legal person.

  • Third parties involved in events related to the provision of our services.

  • Our staff

What are the Purposes of Processing & the Legal Basis of Data Processing

The processing of personal data is based on one of the "legal bases" as referred to in Article 6 §1 of the GDPR. An explanation of the legal bases for processing is available in Annex 1 hereto. The legal basis on which the processing of each use of your data is based refers to each processing purpose.

Participation management – for the processing of the acceleration support, the configuration of the appropriate solution and the management of the Contract. (Article 6§1(a), 6§1(b) and 6§1(f) GDPR)

The provision of personal/business data in the context of the provision of services is a contractual obligation and their non-provision will affect the proper performance of the contract or make it impossible.

Support participants – to answer questions and support about our services.  (Article 6§1(a), 6§1(b) and 6§1(f) GDPR)

Promotion and Marketing Actions – to answer questions and to inform about our news and services (Article 6§1(a) and 6§1(f) GDPR)

The marketing consensus can be revoked at any time, with effect for the future.

Compliance with our Legal Interests – e.g. to improve our services, prevent and detect fraud against us [Article 6§1,(f) GDPR]

Compliance with our Legal Obligations – to comply with our legal obligations to police, regulatory, tax, accounting, auditors, judicial authorities and agencies [Article 6§1(c) GDPR]

The provision of personal data as above is a statutory obligation which depends on the specific request.

Processing of Specific Categories of Data: In accordance with Article 9 §1 and 2 of the GDPR, the processing of specific categories of data is permitted only in the specific cases specified by law, including the provision of consent under Article 9§2(a).

How We Ensure the Security of Personal Data

We ensure that personal data are processed, in compliance with policies and procedures in accordance with the purposes of processing. For example, the following security measures are used to protect personal data against misuse or any other form of unauthorized processing:

  • Access to personal data shall be limited to only a certain number of persons authorised for those purposes.

  • The staff of the competent departments responsible for the management of your acceleration grant agreement and registration, is bound by confidentiality clauses having classified and limited access, only to those necessary to complete the provision of the service.

  • Sensitive data is stored on a computer with authorized access. If there will be a need to store in paper form they are locked in lockers where only authorized persons have access.

  • We select trusted partners who are bound in writing in accordance with Article 28 §4 of the GDPR with the same privacy obligations. We reserve the right of control over them Article 28 §3(h).

  • Computer systems used to process data are technically isolated from other systems in order to prevent unauthorized access, for example through hacking.

  • In addition, access to these computer systems is monitored on a permanent basis in order to detect and prevent illegal use at an early stage.

For How Long We Store Data

We store personal data for as long as required by the respective processing purpose and any other permitted linked purpose. The data shall be retained for the duration of our grant agreement and, after its expiry, for as long as provided for by applicable law.

Information that is no longer necessary is safely destroyed or anonymised.

Especially for the data we process based on your consent (e.g. for marketing purposes), they are kept from the receipt of the relevant consent until it is revoked.

We restrict access to your data to the persons who need to use it for that purpose.

In particular, with regard to training programmes, the data used for the submission and/or management of the training programme, after the completion of the relationship between us, shall be kept for a minimum of 10 years. At the end of this period they are destroyed.

 Who Are the Recipients of Data

The personal data we collect may be transmitted to third parties, provided that the legality of the transfer is justified.

Furthermore, where the legality of the transfer is justified, personal data may be communicated to the following categories of recipients:

  • Participants in CREATE who are individuals or companies, for which we act as "Processors", who are "Processors".

  • Our members or partners who may process your personal data under our instructions for the purposes of the grant agreement and acceleration process and activities.

  • Cooperating companies within the framework of their responsibilities.

  • External partners, who are bound in writing in accordance with Article 28 §4 of the GDPR with the same obligations with regard to the protection of personal data.

  • Any supervisory authority, as required by the applicable supervisory framework.

  • Any public or judicial authority, if required by law or by a court order.

CREATE uses a number of services that cooperate in the provision of the services mentioned.

Although the transmission of data over the internet or a website cannot be guaranteed to protect against cyberattacks, both we and our partners are working to maintain physical, electronic and procedural security measures to protect your data.

Where the Processing Takes Place

Participants' personal data are processed within the European Economic Area (EEA).

If an investigation into the provision of services is required outside the EEA, then this is done with your express consent[Article 49, §4(a)].

Violation of Personal Data

In the event of a breach of the security and integrity of the data available to us concerning personal data, CREATE will take the following measures (in accordance with Articles 33 and 34 of the GDPR):

  • It will examine and evaluate the procedures required to limit the infringement of the data 

  • It will assess the risk and its impact on the rights and freedoms of data subjects.

  • It will try to reduce as much damage as possible that has been or can be caused.

  • It will notify within 72 hours of knowing of the breach, if required

  • It will assess the impact on privacy and take appropriate measures to prevent a recurrence of the breach.

Your Rights as a Data Subject and how you can exercise them

You have the right to request access to your personal data, correction/deletion of your personal data, restriction of processing, right to object to the processing and/or exercise your right to data portability.

If data processing is based on your consent, you may withdraw your consent at any time, with effect for the future.

In more detail, you have the right to:

a. Access: Right to be informed about the processing of data by us, and right of access to data.

b. Correction: Right to request correction or completion of your data, if these are inaccurate or incomplete.

c. Delete: Right to request the deletion of your data. This right can be met if:

  • Data are no longer necessary for the purposes for which they were collected.

  • If there is no other legal basis for processing beyond consent.

  • If you exercise your right to object (see below)

  • If the data have been processed contrary to the applicable legislative provisions

  • If the data must be deleted in order to comply with a legal obligation.

We reserve the right to refuse to satisfy the above right if the processing of the data is necessary for the fulfilment of our legal obligation, for reasons of public interest or the establishment, exercise or support of legal claims (Article 17 §3).

d. Restriction of processing: Right to mark the data, with the aim of limiting their processing. For example, when you have questioned the accuracy of your personal data, for the period required for verification.

e. Portability: Right to receive your data in a structured, commonly used and readable format by machines as well as to request that it be transmitted, both to you and to another person who will process it.

F. Objection: Right to object at any time to your data processing, including profiling, also when the processing reason relates to online marketing.

CREATE will review your request and reply to you within one month of receipt of the request either for its satisfaction or for the objective reasons preventing its satisfaction or, given the complexity of the request and the number of requests, within an additional two months.  (Article 12 §3)

The exercise of these rights takes place at no cost to you, by sending a request/letter/email to the Data Controller.

If you are not satisfied with our use of your data or our response to the exercise of your above rights, you are entitled to lodge a complaint with the Privacy Authority.

You may exercise the above rights in the contact details listed below.

Contact Details of the Controller

For any matter regarding the processing of your personal data and the exercise of your above rights, you can contact us by e-mail award@wearyourorigins.com and by post at: 26 Ivis street, Palaio Faliro 17562, Attica, Greece.

Contact Details of the Privacy Authority

Phone: +6941687080, e-mail: Dr Fiori A Zafeiropoulou f.zafeiropoulou@thenest.org.gr and postal address: 26 Ivis street, Palaio Faliro 17562, Attica, Greece

 

Cookies

Cookies are important for the effective operation of this website and to improve your online experience. Click "Accept cookies" to continue or select "More information" to see detailed descriptions of cookies and choose whether to accept certain cookies or not.

What are cookies?

Cookies are small text files that contain information stored in your computer's web browser when browsing this website. These       cookies can be removed at any time, as you can modify your browser settings to reject some or all cookies. 

We use cookies to continuously improve the functionality of our website, your effective browsing, and the connection and navigation of pages.

Information generated by the cookie file about your use of the website (including your IP address) will be transmitted and stored on Google on its servers.  

If you do not accept cookies, you may not be able to use some features of our Service and we recommend that you leave them enabled.

For more information about cookies, please find out here:  https://allaboutcookies.org/

Recording Data & Repetitive Marketing

We may collect information sent by your browser each time you visit our website. This log data may include information such as your computer's IP address, browser type, browser version, pages you visit, the time and date of your visit, the time spent on these pages, and other statistics.

In addition, we may use third-party services, such as Google Analytics, that collect, monitor and analyze this type of information in order to improve the functionality of our website and our services.

CREATE may use remarketing services to advertise on third-party websites after your visit to our website.

The Google AdWords remarketing service is provided by Google Inc..

Google also recommends that you install the Google Analytics Exception Navigation Add-in  – https://tools.google.com/dlpage/gaoptout – for your web  browser. The Google Analytics opt-out browser add-on enables visitors to prevent Google Analytics from collecting and using their data.

For more information about Google's privacy practices, visit Google's  website  at https://policies.google.com/privacy.

Commercial Contact - Newsletter

The visitor/user can visit this website maintained and managed by CREATE, without revealing its identity and without providing any personal information, subject to the acceptance of the relevant cookies  (see above).

In general, you are not required to submit personal data to CREATE online, but we may ask you to provide certain personal data in order to obtain additional information about our services and events.  The National Agency may also request your permission for certain uses of your personal data and you may either consent to or deny such uses.

However, in order for the visitor/user to become the recipient of electronic information material (e.g. Newsletters) sent by CREATE in order to be informed about issues of its services, educational programs, acceleration processes and events and in general current activities and to receive in the future privileges from the CREATE may give its express consent regarding its registration with the services of the Website and the granting to the CREATE of the information reflected in the relevant contact form. You will be able to unsubscribe from the relevant recipient list at any time by following the instructions contained in each communication.

Personal information collected is stored on password-controlled restricted servers and CREATE uses specific technologies and procedures to enhance the protection of such information against loss or misuse and to protect it from unauthorized access, notification, modification or destruction.

To this end, if any visitor/user is aware of any illegal, malicious, inappropriate or improper use of personal data, which is in any way related to the use of the Website, he undertakes to notify CREATE directly to the National Agency.

Update the Privacy Policy

This policy is reviewed when there is a significant change. This review will be available on this website.