Privacy Policy

N.P. Goulandris Foundation - Museum of Cycladic Art (the “Museum”), is committed to respect and protect your personal data. We understand and take into serious consideration the fact that you are aware of and interested in your personal data and the respective processing carried out with respect to such data. 

This Privacy Policy applies to natural persons, such as the Museum’s clients, visitors, friends (supporters, young patrons, subscribers, donors, sponsors) and any other person who maintains any kind of relationship with the Museum, or who uses the Museum’s official website or other digital channels thereof (such as social media), or who visits the Museum’s premises and participates in the various activities and/or events it organizes. 

This Privacy Policy provides detailed information about the type of personal data we collect and explains how the Museum processes your personal data as well as how you can manage and control the use and processing of your personal data, in accordance with the provisions of Greek and European data protection law including the General Data Protection Regulation (2016/679/ΕU), widely known as “GDPR”, which came into force on 25 May 2018.

1. Who is the Controller of your Personal Data and how can you communicate with it?
Controller for the retention, collection, storage and further processing of your personal data is the:

“N.P. Goulandris Foundation - Museum of Cycladic Art”
Registered seat: 4 Neophytou Douka str., PC 106 74, Athens, Greece
Τ. +30 210 72 28 321-3 | Ε. museum@cycladic.gr

The purpose of this Privacy Policy is to provide you with information concerning the retention, storage, use and processing of your personal data and about exercising your respective data protection rights.

The Museum in compliance with the applicable legal framework, has taken all the steps required by implementing the appropriate technical and organizational measures for the lawful retention and further processing  and safe storage of your personal data, while it is committed to ensure and protect  by all means, the processing and safe storage of your personal data, in particular from the risk of accidental or unlawful loss, breach of security, alteration, unauthorized disclosure of or their otherwise unlawful processing. 

For more information, you may contact the Data Protection Officer of the Museum, either via email at: dpo@cycladic.gr or in writing, at the address: 4 Neophytou Douka str., PC 106 74, Athens, Greece.

2. What type of personal data we process and for which purposes. 
Personal Data is all information that identifies you, such as your name, address or email address or your telephone number. The Museum processes the following personal data and for the below purposes: 

>> Personal Data we collect and process on your behalf

When you enter the Museum
Your name and surname and email address, optionally, when subscribing to the Museum’s newsletter or when you become a Friend of the Museum (member up to 35, member, dual subscriber, supporter, young patron, donor, sponsor).

When you enter the Museum Shop
Your name and surname, email address, postal address, contact details (fixed-line or mobile phone number), invoicing details, preferences – background feedback, in case you make a transaction). 

When you become Friend of the Museum (all types of membership are included)
Your name and surname, position held (optional), email address, postal address, contact details (fixed-line phone or mobile phone). 

When you register in our website in order to create a personal account 
Your name and surname, email address, postal address, contact details (fixed-line or mobile phone number). 

For the purpose of sending our newsletter, when you subscribe to the relevant service
Your name and surname, email address. 

When you participate in the various events and programmes organized by the Museum
Your name and surname, email address, postal address, contact details (fixed-line or mobile phone number). 

When you participate in the various educational programmes of the Musem
a) For the e-learning for adults programme: Your name and surname, position, information about your studies, email address, where appropriate.
b) For the adult courses: Your name and surname, contact details (fixed-line or mobile phone number), email address.
c) For the school visits: Name and surname and contact details (fixed-line or mobile phone number) of the teacher responsible for organizing the educational visit. 
d) For the Museum Kit borrowing programme: Name and surname and contact details (fixed-line or mobile phone number, email address) of the teacher responsible for  borrowing of the Museum Kit as well as a copy of his/her identity card.

When you make an order through our e-shop
Your name and surname, email address, postal address, contact details (fixed-line or mobile phone number), invoicing details, payment details, shipping address, preferences – background information. 

When you subscribe and use the WiFi access service during your stay at the Museum’s premises
Throughout the Museum’s premises we operate a wifi system for your free access in the wifi network and your free web browsing.  To use the wifi you will be asked to enter one of the following, depending on how you sign in, at the wifi portal:

• Facebook account
• Gmail account (G+)
• Email

Depending on the connection method, our system may store the following data: device identification number (device mac address), social media and email address (facebook/google/email address) and the respective data related to the above. If you want to access the free wifi network of the Museum, you will be asked to agree to the wifi terms and conditions, which explain how your respective data will be used.

• During your stay at the Museum’s premises and your participation in the various events 
Image data or video recordings generated in relation to our premises and/or our events as well as CCTV recordings collected via the installation of the relevant equipment for security reasons.

>> Personal Data relating to children
The processing of personal data referring to children is being carried out subject to prior consent or authorization by the parents or the holder of parental responsibility over the child, unless otherwise specified by law. The processing of personal data referring to children takes place when the children participate in the various programmes and events organized for children by the Museum. For the purposes of the present, children are considered to be those who have not reached the age of 16 years.   

In particular, the Museum carries out the following educational programmes for children:

• Summer Camp: For the participation of your children in the meetings and relevant activities, the Museum collects and processes the name and surname as well as the age of the child and the name, surname and contact details (telephone number, postal address and email address) of the holder of parental responsibility.   
On the advice of the holder of parental responsibility, the Museum may collect health data of the child related to its dietary habits, disorders, allergies and injuries, which require special care and attention from the Museum’s personnel. 

• Exhibitions for children: For the participation of your children in the exhibitions and relevant activities, the Museum collects and processes the name and surname as well as the age of the child and the name, surname and contact details (telephone number, postal address and email address) of the holder of parental responsibility.
 
• Weekends at the Museum: For the participation of your children in the educational programmes and workshops organized during the weekends, the Museum collects the name and surname as well as the age of the child, and the name, surname and contact details (telephone number, postal address and email address) of the holder of parental responsibility. 

Please note that in the context of school visits, the Museum does not collect nor processes personal data relating to the students. As aforesaid, the Museum only collects and processes the personal data of the teacher accompanying the students or the personal data of the teacher responsible for the organization of the school visit.   

>> Purposes of processing
The Museum only collects, retains and processes those personal data which is limited to what is necessary in relation to the purposes for which the processing is undergone.

We use your personal data for the purposes referenced below:

• For administrative purposes, such as managing the memberships, subscriptions and orders you make in order to facilitate your choices and optimize our services.

• For the issue of tickets and/or membership cards.

• For the processing and completion of your orders, namely for the provision of our products and services to you, based on the conclusion and performance of contract or – at your express request – in order to take pre-contractual steps.

• For informative purposes in relation to our events, for direct marketing and/or promotional purposes, such as the participation in competitions or in order to send the email that we periodically send to those who have subscribed to our newsletter, as well as for profiling purposes in order to personalize the products and services provided to you and based on your consent.

Please note that when you subscribe to our newsletter, you declare that you agree to be included in the personalized list of recipients and receive our newsletter and all the information contained therein. For this purpose we will contact you only via email. In each newsletter, the recipient is given the option to declare that he or she does not want to receive further emails from us (unsubscribe).  To do this, click the “Unsubscribe” option included in each email sent to you.

• Where the processing of your personal data is necessary for the purposes of legitimate interests pursued by us or for compliance purposes with national and/or European legislation.

• Where the processing is necessary to protect your vital interests or those of another natural person, as well as where the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Museum as data controller, such as the management and storage of the various collections hosted at the Museum or with regard to the use of CCTV system for security purposes and for the protection of the visitors, personnel and property of the Museum.

>> Please note that where the processing of your personal data is based on your consent, you have the right to withdraw such consent at any time, without affecting the legitimacy of the processing based on said consent until the withdrawal thereof. The withdrawal of your consent can be made in writing or via email using the contact details referenced in section 1 above, or if such consent withdrawal relates to the newsletter subscription, via the above-described procedure. 

3. How we collect your personal data.
We collect your personal data, directly from you, when you express your interest in the services, events and products of the Museum, when you participate in our workshops, courses or other programmes, when you purchase our products through our e-shop or by the Museum Shop, when you register your data online in our website or when you subscribe in our newsletter, as well as when you decide to help us by contributing to our work. 

The Museum also processes your personal data that it receives or which is brought to its knowledge by third parties, either natural persons or legal entities, for the performance of corporate events in which you participate or for the organization of which you are responsible, as well as in cases where your data has been disclosed by a Museum’s Friend with whom you hold a joint subscription (Corporate Subscription, Dual Subscription, Gift Subscription).

4. To whom we disclose your personal data.
We do not transfer your personal data to third parties, except to those with whom we cooperate and as required to facilitate the provision of our services to you, always under conditions that ensure that your personal data is not subject to unlawful processing, meaning other than the purpose of the transmission thereof in accordance with the above. For instance, we may transfer your personal data to credit card providers for the processing of a payment made by you following your order through the e-shop or by the Museum Shop, to third parties – natural persons or legal entities- that may provide promotional and marketing services on our behalf, to companies responsible for the management and maintenance of our website and to other providers as well as to companies for the provision of legal and accounting/tax services. We inform you that the above categories of recipients of your personal data do not process your data beyond the above mentioned purposes. In any case, the Museum guarantees that it will not transfer, disclose, provide etc. your personal data to third parties, without your consent, for any purpose or use. However, we reserve the right to disclose information related to you, if we are obliged to do so by the applicable legislation or if such disclosure is required by the competent governmental authorities, administrative authorities or other law enforcement bodies.   

Please note that any unauthorized access to your personal data by any person, including our employees, is strictly forbidden. 

In case the transfer of your personal data to a third country outside the European Economic Area (EEA) is necessary, we will always ensure the provision of an adequate level of protection for the processing thereof, by contractually binding our counterparty or partner to whom we disclose your data in order to ensure the same level of protection as that provided in Greece.  

5. Storage period of your personal data.
We will retain/store the personal data provided by you, only for as long as required to fulfill the purpose pursuant to which you have communicated such information to us and in compliance with the applicable legal provisions.  

6. Information that is automatically stored on your computer when visiting our website/ Use of cookies
We use “cookies” to facilitate the use of our website. Cookies are small text files that are stored by your browser on your device and are necessary for the use of our website.  We use cookies to understand better how our website is used and to improve your website navigation. The cookies we use do not store personal data or personal information that may lead to identification of the person to whom they relate and which has been collected by other means. If you do not wish to collect information via cookies, please set up your internet browser to delete all existing cookies from your computer’s hard drive, block all cookies in the future and receive a warning before saving a cookie. More detailed information can be found in your browser's operating manual. 

7. What are your rights with respect to your personal data. 
You may exercise the rights referenced below, pursuant to the terms and specific provisions of GDPR:

• Right to access your personal data that we process, as well as other information in relation to the processing thereof.

• Right to rectification of your personal data, in case of inaccurate personal data concerning you or in case you want to update your information.

• Right to object to the processing of your personal data when there is a legitimate interest, including your right to object to the processing of your personal data for promotional purposes.

• Right to obtain restriction of processing of your personal data, which means you may request the restriction of the particular processing, provided that the accuracy of your personal data is contested by you or you have objections for the processing carried out or there is another reason provided for in the relevant Greek or European Legislation on the Protection of Personal Data.

• Right to data portability of your personal data, in order to receive your data and use it wherever you may wish, provided that the respective processing is based on your consent and is carried out by automated means and subject to the obligations and rights of the Museum to retain such data to fulfill its duty carried out in the public interest.

• Right to erasure of your personal data without undue delay and subject to your relevant request pursuant to the provisions of the applicable Greek and European Legislation on the Protection of Personal Data.

• Consent withdrawal. Where we process your personal data based on your consent, you also have the right to withdraw such consent at any time and without affecting the legitimacy of processing for the period before the withdrawal of your consent.

• Right to be informed in cases of security breach incidents, where applicable.

Please note that the exercise of these rights is not absolute and may be subject to limitations by law. In any case you have the right to lodge a complaint at the competent Greek independent authority, which is the Data Protection Authority (http://www.dpa.gr/), in case you have further queries on the processing of your personal data or in case of unlawful processing thereof.

For all the above cases, as well as for any further information you may send us an email with your relevant request, at:  dpo@cycladic.gr.

8. Security of personal data
We have implemented technical and organizational measures to ensure the lawful collection, processing and effective protection of your data from loss, alteration or unauthorized access thereto. We have, inter alias, implemented the following technical and organizational measures and procedures to protect your personal data:

• access to your personal data is restricted to the authorized persons

• IT systems used to process the data are only accessible by authorized persons

• access to above IT systems is monitored to detect and prevent any unauthorized access

• adoption of specific procedures for the retention of your personal data and the safe deletion/ destruction thereof

Our procedures and security measures we implement are being constantly improved to pace with technological developments. 

9. Updates and amendments to this Privacy Policy
The Museum reserves the right to modify/ update individual parts of this Privacy Policy without prior notice. Please always read the Privacy Policy before using our website as well as our services and products, to be informed about the current version of the Policy.

Last update of this Privacy Policy: 25.05.2018