YWAM Thessaloniki Data Protection Policy
Gosh, sounds very formal doesn’t it, but in all honesty, with foundational values such as Be Relationship Oriented, Value the Individual and Communicate with Integrity, protecting any data that we collect is kinda essential! In order to keep to our values alongside existing data protection regulation, (while very wordy, so sorry about that,) below is what you can expect from us as YWAM Lesvos in regards to the data protection…
If data protection is supposed to protect me, what is actually considered “personal data”?
I’m glad you asked! Personal data is defined as your name, any location data that you send us, your email address if it contains a name, identification numbers (such as your IP address), your racial or ethnic origin, political opinions, religious beliefs, sexual preference, biometric information (biological data that is specific enough to identify you), or health information. Anything basically that can identify that the data came from… well, you!
Now as family at YWAM Thessaloniki, much of this is completely irrelevant to us (I do not need to know the length of your eyelashes!) and so, unless you tell us specifically or if you manage to make it into things like the (as of yet very empty) First Aid book (which has it’s own data protection regulations!), you can be sure that we won’t have a record of it!
Ok, so what data do you guys collect, and why?
Well, if you are a staff member, have come to do a DTS or to volunteer in the various ministries here, you’ll see we ask a good number of questions during our application process. We do this in order to prepare for you guys, pray for you, make sure we don’t feed you anything that would hurt you, as well as to be intentional with areas you want to grow in. We also keep data in order to process any complaints (not that we’ve had any,) and do so with integrity, openness and honesty.
Who gets to see the data?
Only relevant parties, say for instance you’re a DTS student, your staff will have access to relevant information. We do not distribute your information to any third parties outside of those mentioned below, and certainly not for marketing purposes… we enjoy spam email as much as you do.
What if I want to change the data I already sent, or maybe want to have it deleted?
Hey man, we love to keep up to date and stay in contact with the ones that we have the privilege of doing life with, but we force ourselves on no-one! So if you are updating your email address, or want to tell us you’ve been healed from something, sweet! Please do! If you don’t want us to keep your data, while it’s sad for us to say “see you later,” we will ensure we delete all your personal data that we have from our systems, unless there is a really, really good reason (i.e. legal reasons) that we have for keeping it.
Ok… But I want to see the data you have before I decide to do something.
Absolutely fine! Send us an email to firstname.lastname@example.org titled “Access to Information” letting us know what it is you would like, then, after an identity check, we will make sure you to inform you of what personal data we have.
Well what are you doing to protect my data?
If I was glad you asked the first question, now I’m ecstatic! In order to keep your data safe, all of our staff have had a data protection training and have chosen to agree to follow our YWAM Lesvos Code of Conduct - Data Protection Guidelines. This means that if there’s a device on which your data is stored, it has password security surrounding it and up to date firewalls and anti-malware protecting it.
What if I thought … “I think this is good, but you could do better”…
While also a good way of keeping our tech team humble and dependant, you have the right to object to the way that we protect and use your data, or how we have done so in the past. Should this be the case, we will stop processing your information in that way. If you’re not satisfied with that, again, we love people and we honor choice, so feel free to drop that email titled “Access to Information” to email@example.com asking us to delete your information.
So I heard there was a thing about automated processing?
That’s right! And we are way too behind the times technologically to achieve processing of information and profiling in an automated fashion! Our Tech team would love an AI to play with, but are far too relationally orientated to use one to process your data… we’d much rather try to beat it at good data protection policy creation!
Shew… That’s a lot of information!
That is the truth! But hey, we value the individual, are relationally oriented and fight to communicate with integrity. However if you disagree, if you have a complaint or are concerned at all, please contact firstname.lastname@example.org with your concern, complaint or disagreement. Honestly, we’d rather walk through it with you and have a bit of confrontation that comes to resolution than treat a person that we believe is made in the image of God poorly; we are however fallen humans. Should our attempt to reach a resolution not be satisfactory to you, you can contact the Hellenic Data Protection Authority:
Phone: +30-210 6475600
Or by post: Data Protection Authority Offices: Kifissias 1-3, 115 23 Athens, Greece
I’ve never had the pleasure of chatting with them, but I am confident that they will help as much as they can to achieve a resolution.
Wait, you mentioned earlier some third parties that personal information could be passed to…
Glad you brought that up, so we send out emails to people that what to stay in touch with what we’re doing here, and to do so if it’s a general newsletter from the base (our individual staff need to tell you who they use themselves), we use MailChimp. This is a 3rd party provider, which does gather statistics on how many people open the emails we send using industry standard technologies to help us monitor and improve our mailings. MailChimp is a US based company, but has certified its compliance with the EU-US shield Framework. If you want to know more, check out their privacy notice at: https://mailchimp.com/legal/privacy/
We also send information to the University of the Nations, which has its own data protection policies. We would send them your name if it is relevant for you getting a qualification, (i.e. graduating DTS) and your email so they can create a log in for you (specifically DTS and staff… it’s useful for staffing in the future or for secondary schools), nothing more! If there is anything else, we will ask you directly for your permission beforehand.
Last but not least, we may pass on your information in order to obtain travel arrangements for you… however if you are uncomfortable with this, please just say!
PayPal - We use this 3rd party to process some of our payments. Funnily enough, security and data protection is part of the backbone of their business which is registered in the EU. More information about their privacy policies can be found here: https://www.paypal.com/gr/webapps/mpp/ua/privacy-full.
Our Website! That’s right, we have our own website, powered by Wix. We use their analytics services to monitor site activity (i.e. how many pages are visited per day) to help us improve the site. For more information about how Wix processes personal data, click right here!. You should also bear in mind that there may be links to other websites on our site, and we have zero control over how they do their data protection.
So, almost done… You may or may not notice, all the questions you’ve been asking have been quite on point with recent updates to data protection regulation… Pretty nifty huh? If you want more information, please contact us at email@example.com, or check out the website here, which hosts a whole wealth of information about data protection in the EU… trust me it’s a treasure trove for this kind of thing.