Roots is a project that is hosted fiscally and legally by Greenpeace Greece. Greenpeace Greece ("we"/"us") are committed to protecting and respecting your privacy.

This privacy statement sets out the basis on which Greenpeace Greece will process any personal information that we may collect about you:

1. as a visitor to the Roots website (www.poweredbyroots.org), 

2. provided by you by making use of our website and the options on our website (e.g. in the event you would sign a petition, respond to any survey or make a donation), 

3. subscribing to the receipt of updates by email, 

4. contacting us for information or help, 

5. providing your name and email on a list of signatures, 

6. becoming a donor via other ways than the internet, 

7. participating in Roots campaigns or providing information through third party websites or apps.

We therefore ask you to read this privacy statement carefully.

The information that we collect about you

We may collect and process the following information about you:

• Information that you give us, which can include, for example, your name, address, email address, telephone number, birthdate, financial information such as bank details.

• Information that our website collects about you through third parties systems (eg. Plausible Analytics). This information may include data  such as your device type, browser and version used, and number of interactions you had with our website. This information can be used for statistical purposes and will help us improve our website.

• Information that third parties such as YouTube and Google collect about you on our website by performing actions, which may include the use of the social network sharing buttons and widgets available on our website.

• Information that other third parties collect about you on our website by browsing it: This is information about you recorded / tracked by third parties just by making use of the website itself, such as navigating from one page to another (this event will be tracked) or by viewing an embedded YouTube video.

• If you exchange emails, telephone conversations or other electronic communications (including comments on this website) with Roots employees and other staff members or, as the case may be, electronic communication means on third party websites or apps – such as chatbots linked to Roots – information technology systems may record details of those conversations, sometimes including their content.

The use of your information we collect

We may use your information for the following purposes:

• To make your actions known on our website and to third parties. For example, your name may appear together with your comments on our website; 

• To identify users returning to visit our website, across devices and across Greenpeace Greece owned domains; 

• To promote Roots campaigns and inspire others to take action. For example, we may show your name and a summary of what you have just done on our website, for instance, if you sign a petition or make a donation. If you petition someone using our website – for example a government official or company CEO – then we may send your name and email address with your message to them;

• To send you updates and alerts by email, mail, instant messaging, push notifications or telephone;

• To provide the service, products or information you have requested;

• To administer your donation;

• To analyze your giving history;

• To combine your personal data with publicly available information so that we can tailor communications to match your profile;

• To learn how we can improve our website, services, products or information;

We will only process your personal information in accordance with the purposes described above.

All our use of your personal data will be in accordance with the law. The law requires us to process data only if we have a valid legal basis for doing so.  While the GDPR provides six lawful bases for data processing, we rely solely on the following four lawful bases for our data processing activities :

1. Agreement: we collect, process and store your information to perform agreements, such as the provision of a requested service

2. Consent: when you have given consent to us for the collection, processing and storage of your personal information

3. Legitimate interest: when it is necessary for us and does not invade your privacy

4. Legal Obligation: when we need to comply with legal or regulatory obligations

Please note that although the GDPR recognizes “Vital Interest” and “Public task” as additional lawful bases for data processing, we do not invoke these grounds for our data processing activities. 

5. Vital interest: processing is necessary to protect someone’s life

6. Public Task: processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority

We will inform you, to the extent applicable, when we request information about yourself, whether providing the requested information is necessary to comply with a legal obligation, or, on the other hand, if it is purely voluntary and there will be no implications if you decline to provide the information. If you are uncertain as to Greenpeace Greece’s need for information that we request from you, please contact the Roots representative asking for the information, or contact us (see below), with your query.

Disclosure and international transfer of your information

We do not sell or share your information for third-party marketing purposes. We may securely disclose personal information about you where we have obtained your consent or where it is reasonably necessary for the various purposes set out above:

• to service providers who host our website or other information technology systems or otherwise hold or process your information on our behalf, under at least the same level of strict conditions of confidentiality and security;

• to judicial authorities or other public authorities, in case our legal or moral responsibility compels us to do so (e.g. if you express intent about performing a terrorist activity);

• in the context of litigation, in any country or territory, if we are legally required to do so, if we have no satisfactory basis or prospect to challenge disclosure, or if disclosure is significant to the legal case or our defense.

These disclosures may involve transferring your personal information overseas. If you are dealing with us within the European Economic Area, you should be aware that this may include transfers to countries outside the European Economic Area, which do not have similarly strict data privacy laws. In all cases, we do not give those organizations any right to use your personal data for anything other than the purposes outlined above.

Please contact us (see below) if you would like to know whether any such agreements are in place or, if so, to see a copy.

Retention and deletion of your information

Roots welcomes receiving updates from your personal information to make sure it is accurate and up-to-date. We will delete the information that we hold about you when we no longer need it.

We will retain your information for as long as it is necessary, within the legal time limits for the relevant activity, after which it will be deleted or anonymised, unless we have a legal obligation to retain it for a longer period. Contact us for more information.

Your rights

According to the General Data Protection Regulation (GDPR), you may have the following rights regarding the information we hold about you: 

• Right to access your information: You have the right to request details about the information we have collected about you from us.  

• Right to amend: If your personal data is incorrect or incomplete, you have the right to have your personal data amended or supplemented.

• Right to restriction of processing: You can have us restrict the processing of your personal data, for example, during the period we monitor your request to change your personal data.

• Right to erasure of personal information: You have the right to have your personal information deleted by us, unless we have permissible reasons under the GDPR to keep your personal information. In fact, we may not always be allowed to do so because the Tax Authorities require us to keep agreements for a certain period of time. 

• Right of Objection: You also have the right to object to the processing of your personal information by us. In doing so, we may ask you what specific situation the objection relates to.

• Right to resist: You also have the right to resist to our use of your personal information for direct marketing purposes at any time

• Right to withdraw consent: You can ask us to remove previously given consent

• Right to file a complaint: If you are left with unresolved questions, you have the right to file a complaint with the body regulating data protection in your country.

If you wish to exercise any of these rights, please contact us as set out below. We are obliged to request proof of identity before access to your personal information is given.

If you would like us to remove your information from our mailing list, you can click the “Unsubscribe” link at the bottom of any email we sent to you or contact us as set out below.

Security measures

We have implemented appropriate technical and organisational measures to secure the systems where personal data is stored against loss or against any form of unlawful processing. 

We employ industry-standard encryption protocols to ensure that Personally Identifiable Information (PII) are securely anonymized before storage or processing in our web analytics tools. This approach aligns with the GDPR’s principles of data minimization and privacy by design.

Our donation pages are secured using Secure Sockets Layer (SSL), a security protocol that provides communications privacy over the Internet in a way that is designed to prevent eavesdropping, tampering, or message forgery.

In this way, we ensure that your data are only accessible by persons who are authorized to do so by virtue of their position and that the data are only used for the purposes for which they were obtained and compatible purposes.

Of course, we hope that nothing will ever go wrong, but if it does, we have a procedure on how to deal with a (potential) data breach. Should it concern your personal data we will notify you immediately.

Contact us

We welcome questions, comments and requests regarding this privacy statement and our processing of personal information.

Please email us on: rootsgreenpeace@gmail.com

or contact us via: 

Greenpeace Greece

Kolonou 78, Athens 103 37, Greece

Changes to this policy

We may update this statement at any time to reflect any changes in data protection or other legislation. Any changes we make to this privacy statement in the future will be posted to our website and also available if you contact us as set out above.

Please check back frequently to see any changes.