Welcome to Mama’s Roots (mamasroots.gr), a culinary platform dedicated to providing a Motherlike Cooking Experience in Athens, Greece. This privacy policy outlines how we collect, use, disclose, and safeguard your information when you visit our website and use our services, including online booking and payments for cooking classes. We respect your privacy and are committed to protecting it through our compliance with this policy.

Data Collection Methods

Mama’s Roots collects personal data both directly and indirectly. Direct collection involves collecting data directly from individuals, such as when they subscribe to a newsletter, register for an event, or participate in a study. Indirect collection involves collecting data from third-party sources, such as research partners, networks, public records, news articles, and social media profiles.

When collecting personal data directly, Mama’s Roots typically provides individuals with clear and concise information about how their data will be used. For example, when an individual subscribes to a newsletter, they may be asked to provide their email address and name. Mama’s Roots will then use this information to send the individual newsletters but will not share it with any third parties.

Mama’s Roots takes steps to protect the privacy of the individuals whose data they collect. They have implemented security measures to protect the data from unauthorized access, use, disclosure, alteration, or destruction. They also have policies in place to limit the collection of personal data to only what is necessary for the purposes of the project.

Types of Data Collected

The data collected include contact details, professional information, demographics, opinions, and media from events.

Lawful Basis for Processing

We process data based on legal obligations, consent, and contractual requirements under the Horizon Europe Programme.

  • Legal obligations: Mama’s Roots processes personal data when it is necessary to comply with applicable laws and regulations. This includes both national and European legislation, as well as the specific legal and regulatory framework of the Horizon Europe Framework Programme for Research and Innovation of the European Union.
  • Consent: Mama’s Roots processes personal data when it has obtained the consent of the individual concerned. This is typically the case when Mama’s Roots is collecting information for purposes such as organizing surveys and interviews, completing questionnaires, or disseminating project results.
  • Contractual obligations: Mama’s Roots processes personal data when it is necessary to fulfill a contract with the individual concerned. This is typically the case when Mama’s Roots is reporting to the European Commission or complying with project publicity obligations.

Use of Personal Data

Mama’s Roots processes your personal data for research, dissemination, event management, system administration, communication, and compliance purposes. It takes steps to ensure that its processing of personal data is lawful, proportionate, and protects individuals’ privacy.

Data Security Measures

We implement robust security measures, including data protection policies, contracts with data processors, and technical safeguards, to protect your data.

Mama’s Roots takes the security of your personal data very seriously. We use a variety of security measures to protect your data from unauthorized access, use, disclosure, alteration, or destruction. These measures include:

  • Physical security: We store our servers in a secure physical environment with limited access.
  • Access controls: We use access controls to limit who can access your personal data. Only authorized personnel have access to your data, and they are required to follow strict security procedures.
  • Encryption: We encrypt your personal data when it is transmitted over the internet. This helps to protect your data from being intercepted by unauthorized third parties.
  • Security awareness training: We provide security awareness training to our employees to help them understand the importance of protecting personal data and to help them identify and avoid security risks.

Web Server Security

We utilize a range of web server security tools and configurations to protect our servers from common web-based attacks. These measures include:

  • Strong password policies: Enforce strong password policies for all web server accounts and user logins, requiring complex and unique passwords to deter brute-force attacks.
  • Firewalls: Deploy firewalls to filter incoming and outgoing traffic, blocking malicious requests and preventing unauthorized access to our servers.
  • Website hardening: Implement website hardening techniques to minimize potential attack vectors and vulnerabilities, such as disabling unnecessary features, removing unused plugins, and patching known security flaws.

WordPress Security

As a WordPress-based website, Mama’s Roots employs additional security measures specifically tailored to this platform. These measures include:

  • WordPress updates: Promptly install WordPress and plugin updates to address security vulnerabilities and ensure that our website remains protected against the latest threats.
  • Security plugins: Utilize reputable security plugins, such as Wordfence or Sucuri, to provide additional layers of protection against common WordPress attacks.
  • Regular backups: Regularly backup our WordPress site to a secure location, allowing for quick restoration in the event of a data breach or security incident.

Datacenter

Mama’s Roots uses the Hetzner data center in Germany to store and process personal data. Hetzner is a leading provider of cloud hosting and data center services, and their data center is located in a secure facility with extensive physical security measures. Hetzner is also certified to ISO 27001, which is an international standard for information security management systems.

The Hetzner data center provides a number of security benefits for personal data. These benefits include:

  • A high-security perimeter with video surveillance surrounds the entire data center park.
  • Entry is restricted to authorized personnel with electronic access control systems.
  • Ultramodern surveillance cameras provide 24/7 monitoring of all access routes.
  • Colocation rack clients have their own keys and access codes for their server racks.
  • The administration interface Robot allows for advance setup of entry authorization and appointments for on-site visits.
  • A generated password is used to authenticate and issue transponder keys for rack access.
  • All visits are logged and recorded footage is archived for monitoring purposes.
  • All Hetzner Online employees sign confidentiality agreements and receive annual data protection training.
  • Personal data is only shared with third parties when absolutely necessary, such as for order processing or payment processing.
  • Hetzner Online complies with the EU’s General Data Protection Regulation (GDPR) and only transfers the minimum amount of data necessary.

We are committed to protecting your personal data. We will continue to review and update our security measures to ensure that your data is always safe.

Sharing of Personal Data

Data may be shared with trusted third parties under contractual obligations to provide quality services while ensuring data protection. The project takes the privacy of your personal data very seriously and ensures that it is only shared with third parties who are bound by strict confidentiality and data protection obligations. The project shares personal data with third parties only when it is necessary to achieve the project’s objectives or to comply with legal obligations.

The following are the categories of third parties with whom Mama’s Roots may share personal data:

Service providers: These are companies that provide services to Mama’s Roots, such as cloud-based software providers, professional advisors, and dissemination services providers.

Law enforcement and regulatory agencies: These are organizations that are authorized to investigate or prosecute crimes or to enforce laws and regulations.

The European Commission: The European Commission is the executive arm of the European Union and is responsible for implementing EU legislation.

We only share personal data with third parties when it is necessary to achieve the project’s objectives or to comply with legal obligations.

International Data Transfers

We ensure that any data transferred outside the EEA comply with GDPR standards, particularly when using cloud or marketing services.

When personal data is transferred outside of the EEA, we make sure that it is transferred in compliance with applicable data protection laws, such as the General Data Protection Regulation (GDPR).

This means that we will only transfer personal data to third parties that have signed data processing agreements that comply with the GDPR. These agreements require third parties to:

  • Process personal data only in accordance with Mama’s Roots’s instructions.
  • Protect personal data with appropriate security measures.
  • Not transfer personal data to third parties without Mama’s Roots’s consent.
  • Delete personal data when the project no longer needs it.

We also take steps to ensure that third parties that are located outside of the EEA provide an adequate level of protection for personal data. This can include assessing the third party’s data protection practices, ensuring that the third party is certified to a relevant data protection standard, or using binding corporate rules.

Use of Cookies

Our website uses necessary, functional, and optional analytics cookies. Users are informed about the use of cookies and can manage their preferences.

For more information on how to manage cookies, please visit: http://www.aboutcookies.org/

The following cookies are functional and are always enabled:

Cookie Designation: _koko_analytics_pages_viewed
Domain of Application: mamasroots.gr
Validity Period: 6 Hours

The Mama’s Roots website employs a singular cookie, originating from the Koko Analytics plugin. This cookie is utilized for the purpose of gathering statistical data, specifically in regards to the number of visitors, the frequency of page views, and the sources of referrals. It is pertinent to note that this process does not involve the tracking of events, nor does it entail the collection of any personal or device-related information.

Your Rights

Mama’s Roots respects the rights of individuals regarding their personal data and is committed to ensuring that these rights are protected. The project has established a clear and transparent privacy policy that outlines how it collects, uses, and shares personal data. The policy also explains the rights that individuals have regarding their personal data and how they can exercise those rights.

Mama’s Roots is committed to providing individuals with easy access to their personal data and to responding to their requests promptly and effectively. The project also takes steps to ensure that its systems and processes are secure and that personal data is protected from unauthorized access, use, or disclosure.

You have various rights regarding your personal data, including access, rectification, erasure, restriction, portability, and objection. Contact us at hey@mamasroots.gr for requests.

Data Retention

We retain personal data for as long as is necessary for the purposes for which it was collected and processed. This includes the following purposes:

  • To provide you with the services you request: We retain personal data related to your interactions with us, such as your contact information and newsletter subscriptions, for as long as you have an active account with us.
  • To improve our website and services: We retain anonymized data about your use of our website and services for statistical purposes. This data is not used to identify you personally.
  • To communicate with you: We retain personal data related to your communications with us, such as your email addresses and contact information, for as long as necessary to respond to your requests or inquiries.
  • To comply with laws and regulations: We retain personal data as required by applicable laws and regulations, such as the General Data Protection Regulation (GDPR) and other European Union data protection laws.

In general, we retain personal data for a maximum of five years after the end of the project. However, we may retain personal data for longer periods if necessary to comply with our legal obligations or if we believe that the data may be relevant to an ongoing legal proceeding.

If you would like to request that we delete your personal data, please contact us at hey@mamasroots.gr 

We will promptly examine your request and respond to you within 30 days. We may ask you to provide us with some form of identification (e.g., a copy of your identity card or passport) to help us verify your identity. Please note that we may need to retain some minimal information (e.g., email address) to comply with our legal obligations.

Third-Party Websites Disclaimer

Our website may contain links to third-party sites, including the sites of our consortium partners. These links are provided for your convenience and information only. We are not responsible for the privacy practices or content of these third-party sites and expressly disclaim any liability for any loss or damage that may be caused by the use of these links.

We do not monitor the privacy practices or the content of these third-party sites. If you have any questions about the privacy practices of another site, you should contact the site’s responsible personnel.

We may also provide social media features that allow you to share information on your social networks and interact with our project on various social media sites. The use of these social media features may result in the collection or sharing of information about you. We recommend that you check the privacy policies and regulations of the social networking sites you interact with, so that you can be sure that you understand what information may be collected, used and disclosed by these sites.

Please read our Privacy Policy carefully to understand how we collect, use, and disclose your personal data. By using our website or interacting with us in any way, you consent to the collection, use, and disclosure of your personal data in accordance with this Privacy Policy.

Children’s Privacy

We do not knowingly collect, use, or disclose personal data from children under the age of 16. We will take steps to delete any personal information of a child under 16 that we may have inadvertently collected.

If you are a parent or legal guardian and you believe that your child under the age of 16 has provided us with personal information, please contact us immediately at hey@mamasroots.gr . We will take appropriate steps to delete the child’s personal information and to prevent further collection of such data.

We encourage parents and guardians to talk to their children about the importance of online safety and privacy.

Policy Revisions

Mama’s Roots reserves the right to revise this Privacy Policy at any time. The current version of the Privacy Policy will always be available on our website, with an indication of the latest effective date, so that you are aware of the most recent revisions.

If there are any significant changes to this Privacy Policy or our personal data practices in the future, we will notify you by posting a notice on our website. This notice will provide you with information about the changes and will also explain how you can contact us if you have any questions or concerns.

Please review our Privacy Policy regularly to stay informed about how we are protecting your personal data.