Privacy Policy


The public benefit institution with the name "MATILDA Foundation" and the distinctive title "MATILDA Foundation", is a legal entity under private law established under Greek law (articles 108-126 of the Civil Code) and is governed by the provisions of the Management Organization and Of its Management as well as Law 4182/2013 (Code of Public Benefits), as in force today. The office location of the Foundation is the Municipality of Kifissia, Attica.

The Matilda Foundation sets as high priority the protection of privacy and is committed to provide sufficient guarantees, securing the protection of the collected personal data. This Data Protection Policy provides information about the nature of personal data collected through the Foundation’s official website,, (hereinafter referred to as "Website”) or through the Foundation’s contact e-mails, the data processing purposes, the way of managing data as well as the rights of data owners according to the General Data Protection Regulation (GDPR) EU 2016/679, the Law 4624/2019 and the Regulatory Acts of the Hellenic Data Protection Authority. 

Who is the Data Controller?

The Data Controller is the public benefit foundation under the name “Matilda Foundation”, which is  located in Kifissia Attica, 59 Diligianni St., post code 14562.

In which cases and what personal data do we collect;

The Foundation collects personal data in the following cases:

i. When you contact the Foundation through the Website’s online Contact Form, or when you contact the following email addresses: [email protected] and voluntarily entering data such as name, email and / or postal address, phone number.

ii. When you visit the Website we use Cookies and Google Analytics to collect data in order to improve user’s experience and monitor the Website’s traffic and the pages you visit. For more information about Cookies used by the Website, read the Terms of Use.

ιιι. When you visit the Website, the server logs your IP address into a log file, which is deemed personal data, even if we are unable to identify the data subject. Log files help us record information about the type of browser you are using and other information, such as the date and time of your visit on Website. The above data is stored for seven (7) days in order to ensure the network security and safety of data from accidental events and illegal or malicious conduct which may risk the availability, authenticity, integrity and confidentiality of the stored data and the operation of the Website. During the seven (7) days, only the authorized server administrator has access to the files. At the expiration of the retention time, the data are automatically deleted.

For what purposes do we collect your personal data?

The Foundation collects personal data only to the extent that is necessary in relation to the processing purposes and these data are not subject to further processing in any incompatible way with the purpose originally collected. The Foundation does not transmit or disclose in any way subject’s personal data to third parties except for specific cases and always in relation to the purpose for which were initially collected. These specific cases are mentioned in the following section.

We process your personal data for the following purposes:

ι. In order to contact you upon your request or question or in case of comments through the Website. 

ii. In order to send you updates about grants, new programs, events and the charitable activities of the Matilda  Foundation upon your voluntary registration.

iii. For the processing of applications for participation in public benefit actions and programs of the MATILDA Foundation that we receive through the Website and for their planning.

iv. In order to carry out annual reports.

v. In order to retain historical archive and conduct statistical analyses.

vi. In order to protect the legitimate interests of the Foundation, as well as to fulfill contractual or statutory obligations.

Who are the recipients of your personal data?

The recipients of your personal data are the authorized employees and/or authorized external partners of the Foundation and/or independent consultants/experts of recognized standing, who are involved in a specific program or action of the Foundation, acting in the name and on behalf of the Foundation, while all the aforementioned natural persons or legal entities are bound by confidentiality and personal data protection statements for the data they may receive and/or process in any way, always in accordance with the purpose for which the data were collected. As a rule, collected data are not disclosed to third parties under no circumstances, not made public and not be exploited in any way, except for specific third parties who are strictly mentioned in this Policy.

By way of exception, the Foundation may transmit collected personal data, being processed according to the purposes of this Policy, to third parties in the following cases:

i. When it has obtained explicit consent by the data subjects to disclose their personal data in any way.

ii When transmitted to third parties, who process your personal data solely for the fulfillment of their obligations arising from their contractual relationship with the Foundation, and from their capacity as Processors, provide guarantees regarding their compliance with the appropriate security measures enforced by the current legislation. Third-party providers may be natural persons or legal entities, that provide consulting or applications development and maintenance services and are used by the Foundation.

iii. When it complies with current legislation or orders of a Public or an Independent Administrative Authority.

iv. When it defends legitimate interests and the rights of the Foundation.

Where and for how long do we keep your data?

Your data is stored in the Foundation’s electronic system, hosted on a server within a specially configured and predefined computing center (hereinafter referred to as «Data Center»), which is located in the Koropi region of Attica, Greece. Server management is carried out by a service provider company bounded to apply all the appropriate methods and international best practices, ensuring that only its authorized personnel has access to the data collected by undertaking an explicit obligation of confidentiality and protection of personal data.

As a general principle, the Foundation holds the subject's personal data in an identifiable form only for the absolute necessary period required, which is defined by the purposes of the processing for which they are collected, as well as the fulfillment of tax and other legal or contractual obligations. Each category of personal data has a different retention period. For instance, data processed under a contractual relationship are retained for a longer period, even after the fulfillment of the contract, in order to protect the Foundation’s legitimate interests. In other cases, the Foundation may retain non-identifiable personal data for statistical and research purposes.

Retention periods are in compliance with the current legislation about Personal Data Protection, international best practices and the Foundation’s Retention Policy in order to minimize and erase the personal data collected.

What guarantees do we take to protect your data?

The Foundation is implementing the necessary technical and organizational security measures providing technical protection mechanisms of content in order to ensure as much as possible a safe environment for your data, according to the relevant legislative provisions. In this scope, the Foundation regularly monitors security systems and restricts access to the subject's personal data only to the authorized personnel, who need to be aware of those data and are committed with confidentiality and personal data protection statements.

What are your rights regarding the protection of your personal data and how can you exercise them?

In accordance with the General Data Protection Regulation (GDPR) EE 2016/679 (hereinafter “the Regulation”) and the Greek Law 4624/2019, you have the following rights regarding the personal data collected and processed by the Foundation:

a) Right to Access: you are entitled to ask the Foundation if your data is being processed, and if so, request access to your data being processed, the recipients of your data, the purpose of processing etc.

b) Right to Erasure (“the right to be forgotten”): you have the right to ask for rectification of inaccurate data or erasure of your data, under certain conditions according to the Regulation.

c) Right to Restriction of Processing: you have the right to ask for restriction of processing of your personal data in particular cases explicitly mentioned in the Regulation.

d) Right to Data Portability: you have the right to obtain the personal data you provided to the Foundation, in a structured commonly used and machine-readable format, according to the Hellenic Data Protection Security Guidelines.

e) Right to Object: you are entitled to object to the processing of your data any time.

f) Right to Lodge a Complaint: you have the right to lodge a complaint with the supervisory authority in case of unlawful processing of your data.

The Foundation has designated a DPO who is responsible for the implementation of the present Privacy Policy, the sub-policies and procedures applied by the Foundation and the compliance with the current European and national legislation.

For any matter relating to the management of your personal data or in case you wish to exercise any of your rights above you can contact our DPO by sending an email to [email protected] or at the address of the Foundation, 4 Xenias St. 14562 Kifisia, Greece or by phone at +30-210-628-2256.  

Data Protection Supervisory Authority

The Greek supervisory authority monitoring the application of the Regulation is the Hellenic Data Protection Authority. You can contact the above authority directly for personal data management issues through the following contact details:

by post: 1-3 Kifisias Av.,11523, Athens

by phone: +30-210-647-5600

by e-mail: [email protected]


Amendments to Data Protection Policy 

This policy, posted on the website, has as its ultimate goal the most effective protection of privacy. Guided by the absolute respect and full protection of personal data we receive, we monitor and systematically develop our policies and procedures and seek on the one hand the continuous improvement of our practices and on the other hand the adoption of new best, internationally recognized, practices. This Policy may be modified at any time without prior notice of data subjects.

This Privacy Policy is effective from 1 June 2021.