PRIVACY POLICY
of HEBAA - HELLENIC BASKETBALL AGENTS ASSOCIATION

1. Who is the Data Controller

The Data Controller of the personal data collected through this website is:

HEBAA - HELLENIC BASKETBALL AGENTS ASSOCIATION

Registered office: Patision 14, Athens

Email:

Telephone: +306946686717

2. What Data We Collect

Depending on how you use our website, we may collect the following categories of personal data:

a. Through the contact form

  • full name,
  • email address,
  • telephone number (if requested),
  • subject and content of the message,
  • any information you choose to communicate to us.

b. Through the membership application form

  • identification and contact details,
  • information required for the assessment of the membership application,
  • information relating to professional status or membership capacity, where required,
  • attached supporting documents,
  • proof of payment file relating to the registration or other relevant financial obligation.

c. Technical data

When visiting the website, technical data necessary for its secure operation may also be collected, such as IP address, device/browser information, date and time of access, and event log files, to the extent necessary for the security and operation of the website.

3. Purposes of Processing

We process your personal data for the following purposes:

  • to respond to requests and messages sent through the contact form,
  • to manage and assess applications for membership in the Association,
  • to communicate with you regarding your application,
  • to verify the proof of payment you submit,
  • to maintain the necessary organizational, administrative, accounting, and legal records,
  • to ensure the secure operation of the website and our IT systems,
  • to establish, exercise, or defend legal claims, where necessary.

4. Legal Bases for Processing

The legal bases for processing are, as applicable:

a. Legitimate interest of the Association

For the management of and response to communication requests, for the protection of the website and our systems, for the prevention of misuse, and for the organization and security of the Association’s operations.

b. Taking steps at the request of the data subject prior to entering into a membership relationship / contractual relationship

For the receipt, processing, and assessment of your membership application and for any communication necessary until completion of the process.

c. Compliance with a legal obligation

Where the retention of certain information or supporting documents is required under applicable accounting, tax, or other legislation.

d. Consent, only where expressly requested

If, in a specific case, we ask for your consent, you will be specifically informed and may withdraw it at any time, without affecting the lawfulness of prior processing.

5. Is the Provision of Data Mandatory?

The completion of certain fields in the forms may be mandatory. If you do not provide the necessary data, we may not be able:

  • to respond to your request,
  • to assess or complete your membership application,
  • to confirm the payment related to your application.

6. Proof of Payment and Data Minimization

If you upload proof of payment, please submit only the strictly necessary file and, where possible, hide or redact information that is not required in order to identify the payment.

Please do not send through the form:

  • special categories of personal data (e.g. health data), unless this is strictly necessary and has been expressly requested,
  • payment card details,
  • unnecessary personal data relating to third parties.

7. Who We Share Your Data With

Your data may be accessed, as applicable, by:

  • authorized members of the administration, secretariat, or partners of the Association responsible for handling requests and applications,
  • website hosting, technical support, maintenance, or email service providers acting on our behalf as processors,
  • accountants, legal advisors, or other professional advisors, where necessary,
  • public authorities or bodies, where required by law.

The Association takes the necessary measures to ensure that partners/processors are contractually bound with regard to confidentiality and data protection.

8. Transfers Outside the EEA

As a rule, we seek to keep your data within the European Economic Area. If, by exception, a provider is used that involves a transfer outside the EEA, such transfer will take place only in accordance with applicable law and with appropriate safeguards.

9. How Long We Keep Your Data

We keep personal data only for as long as necessary for the purposes for which it was collected and for as long as required by law.

Indicatively:

  • contact form data: up to [12] months after the final handling of the request,
  • membership application data for applications not completed or rejected: up to [12] months after completion of the relevant procedure,
  • data of members whose application was accepted: for as long as the membership relationship lasts and for any further period required to comply with legal obligations or support legal claims,
  • accounting/tax records or related proof documents: for the period required under applicable law.

After the relevant retention period expires, the data is securely deleted or anonymized, unless further retention is required by law.

10. Data Security

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, loss, alteration, leakage, or destruction, taking into account the nature of the data and the risks involved in the processing.

11. Your Rights

Under applicable law and subject to its conditions, you have the following rights:

  • right to be informed,
  • right of access,
  • right to rectification,
  • right to erasure,
  • right to restriction of processing,
  • right to data portability, where applicable,
  • right to object, where applicable,
  • right to withdraw consent, where processing is based on consent.

You may exercise your rights by contacting us at [email for GDPR rights requests].

12. Lodging a Complaint

If you believe that the processing of your personal data violates applicable law, you have the right to lodge a complaint with the Hellenic Data Protection Authority (HDPA).

13. Automated Decision-Making

No decisions producing legal effects concerning you are made solely on the basis of automated processing, including profiling, unless this is expressly stated in a specific notice.

14. Amendments to this Policy

The Association may amend this Privacy Policy. Each new version will be posted on the website with an indication of the date of last update.