Privacy Policy

Website Privacy Policy

The Civil Non-Profit Organization under the name MAKE-A-WISH GREECE, located at 47 Ethnikis Antistaseos Street, Dafni, Postal Code 17237 (hereinafter the “Organization”), acting as Data Controller, informs users of the website www.makeawish.gr (hereinafter the “Website”) that the processing of their personal data is governed by applicable national and European legislation (hereinafter the “Applicable Law”), including Regulation (EU) 2016/679 (“GDPR”) and Law 4624/2019, as well as by the decisions and guidelines of the Hellenic Data Protection Authority.

  1. Visitor’ s Personal Data

The Organization ensures the lawful and fair collection of personal data by implementing appropriate technical and organizational security measures and by regularly reviewing its procedures, thereby ensuring a high level of data protection.

Personal data includes any information that directly or indirectly identifies a user, such as full name, email address, postal address, etc.

Users guarantee that the data they provide is accurate and undertake to inform the Organization of any changes. Any damage caused to the Organization or to third parties due to inaccurate or incomplete information shall be borne exclusively by the user.

  1. Use of the Website by Minors

Users under fifteen (15) years of age are not permitted to provide personal data through the Website without the consent of their parents or legal guardians.

  1. Purpose of Data Processing

The Organization collects and processes personal data for the following purposes:

a) Handling Requests

Through the contact form, only the necessary details (such as name and email address) are collected in order to respond to the user’s request.

b) Wish Application

The processing of personal data for a Wish Application is carried out in accordance with the relevant Wish Application Privacy Policy and based on the explicit consent of the user and/or legal guardian.

c) Sending Receipts and Thank-You Messages

Through the donation form, data such as full name, email address, and phone number are collected for the purpose of issuing receipts and sending thank-you messages for donations, in compliance with a legal obligation (Article 6(1)(c) GDPR). Further information is available in the Privacy Policy for Donors, Supporters, and Volunteers.

d) Newsletter / Informational Bulletins

Through the newsletter subscription form, the user’s email address is collected for the purpose of sending newsletters and informational bulletins. Processing is based on the user’s consent (Article 6(1)(a) GDPR). Users may unsubscribe at any time via the unsubscribe link included in each communication.

e) Expression of Interest in Volunteering

Through the volunteer interest form, data such as full name, email address, phone number, place of residence, age, and field of studies are collected. Processing is based on the user’s consent (Article 6(1)(a) GDPR), which may be withdrawn at any time. Further details are provided in the Privacy Policy for Donors, Supporters, and Volunteers.

f) Expression of Interest in Donating or Other Support

Through the relevant interest form, data such as full name, email address, and phone number are collected. Processing is based on the user’s consent (Article 6(1)(a) GDPR), which may be withdrawn at any time. Further information is available in the Privacy Policy for Donors, Supporters, and Volunteers.

g) Statistical Monitoring

The Website uses anonymous tracking tools (e.g., Google Analytics) to analyze traffic, user preferences, and usage patterns in order to improve services.

h) Other Technical System Data

Information such as browser type, operating system, and IP address may be collected for technical support purposes and to enhance user experience.

  1. Data Retention Period

Personal data is retained only for the period necessary to fulfill the purposes for which it was collected and is securely deleted thereafter, unless a longer retention period is required by law.

  1. Data Security

The Organization implements appropriate organizational and technical measures to protect personal data against loss, destruction, alteration, unauthorized access, or unlawful processing.

  1. Data Breaches

In the event of a personal data breach, the Organization is committed to notifying the Hellenic Data Protection Authority within seventy-two (72) hours and, where required, informing affected individuals in accordance with the Applicable Law.

  1. Data Recipients

Recipients of personal data include the Organization and its authorized partners. Personal data is not disclosed to third parties without the user’s consent, unless required by law, court decision, or prosecutorial order.

  1. Data Processors

The Organization may engage external service providers (such as web hosting providers or payment platforms), who process personal data on its behalf under contractual obligations to comply with data protection requirements.

  1. Cookies

The Website uses cookies to improve user experience, store user preferences, personalize content, and analyze website traffic. Further information is available in the Cookies Policy.

  1. Links to Third-Party Websites

The Website may contain links to third-party websites. The Organization bears no responsibility for the data protection practices or content of such websites, and users are encouraged to review the respective privacy policies.

  1. User Rights

Users have the right to access, rectify, and delete their personal data, as well as to exercise any other rights provided under the Applicable Law. These rights may be exercised by contacting the Organization at [email protected]

  1. Contacting the Authority

Users have the right to lodge a complaint with the Hellenic Data Protection Authority:

Hellenic Data Protection Authority
1–3 Kifisias Avenue, PC 115 23, Athens
Tel.: +30 210 6475628
E-mail: [email protected]

Last Revision: 28/01/2026