Valid from April 28, 2021
Thank you for visiting the website https://aegeancollege.gr/ (hereinafter the “website”) owned and run by the company “AEGEAN OMIROS POST-SECONDARY EDUCATION CENTER SOCIETE ANONYME EDUCATIONAL COMPANY”, VAT no 998106718.», with a registered address in Athens, Panepistimiou 17, 105 64 Athens, Attiki (hereinafter: “AEGEAN COLLEGE” or the Company”).
1. How we collect personal data
1.1. Directly from you: We collect personal data directly from you when you visit our website, when you request information, submit a request, or subscribe to our updates (Newsletter).
1.2. By automated means through the use of the website: When you visit the company’s website, we may collect data from you based on your browsing and using our services. This data may include search history, address IP, screen resolution, browser you used, operating system and settings, access times and URL reference as well as data collected through cookies (See Policy cookies).
1.3. From third parties: If you connect to https://aegeancollege.gr/ through a third-party service (e.g. Facebook), this third-party service may send us information, such as your registration information and profile from that service. This information varies and is controlled by or authorized by you through your privacy settings in the third-party service. Also, and to the extent permitted by applicable law, we may receive additional information about you, such as demographic data or fraud detection information, from third-party service providers and/or partners, and combine it with information we have about you.
2. WHAT PERSONAL DATA WE COLLECT
When you visit the website https://aegeancollege.gr/ we collect the following personal data, which (data) will vary depending on the use performed by each visitor (contact form, Newsletter and other):
3. Email address
4. Telephone (mobile, landline)
5. Any information you include in the text of the contact form
6. Browsing data such as address IP, screen resolution, browser used, operating system and settings, access times and URL and data collected through (cookies).
4. PROCESSING PURPOSE
The purpose of the data collection/processing is to provide information to all users, existing and prospective clients about the company and the services offered, to effectively communicate with the users and clients, to support, promote and perform the contractual relationship with our customers and to protect the security of transactions. Specifically, we use your data:
1. To enable you to access and use our website and the services we provide through our website
2. To respond to customer service requests.
3. To send you notices and commercial communications,
4. To perform marketing and promotional campaigns
5. To be able to detect and prevent cases of fraud, abuse, security incidents and other harmful activities and to perform security and risk assessments.
7. To ensure the company’s compliance with legal obligations
8. To improve our services and improve the user experience, for the purposes of controlling, troubleshooting and improving the functionality and quality of our online services and generally to optimize and tailor our web presence to your needs, making our website easier and more efficient to use.
5. LEGAL BASIS FOR PROCESSING
The legal basis for the processing of personal data collected in accordance with the above is:
i. processing of the personal data is necessary for the performance of the contract between you and AEGEAN COLLEGE, specifically to provide the services and/or information requested.
ii. processing is necessary for the purposes of the legitimate interests pursued by AEGEAN COLLEGE or by a third party. AEGEAN COLLEGE will always balance your rights and interests in the protection of your personal data against AEGEAN COLLEGE’ rights and interests or those of the third party.
iii. processing is necessary for compliance with a legal obligation to which AEGEAN COLLEGE is subject (such as tax law or lawful law enforcement requests).
iv. your consent, in order to process your personal data for direct marketing purposes, to provide personalized offers, or any other instance where consent is required under applicable law.
The company also reserves the right to regularly communicate with our clients by telephone, mail, email, SMS or any other means of communication, using the contact information which has been obtained lawfully, within the context of the company’s contractual relationship with the user (article 11§ 3 of N. 3471/2006) provided that the user has not opposed this communication. This communication may include an update on services provided, research to improve the services provided to the Customers and other promotional activities and to serve similar purposes.
6. SOCIAL MEDIA SHARE BUTTON
AEGEAN COLLEGE has official social media accounts, specifically on Facebook, YouTube, Instagram and Twitter. On its website, the company incorporates an additional social media share button for Facebook, YouTube, Instagram and Twitter, inviting website visitors and users to follow the company in the respective social media (follow/like) as well as upload posts and comments. During your use of the social media we may collect certain personal data (such as your profile data in the corresponding medium).
The purpose of the data processing is to make visible and promote the company’s image and services, to provide updates or to communicate with you, responding to the messages/comments you send us.
The legal basis for processing is your consent, which you provide when you, on your own initiative, actively click on the social media share button, the “like” or “follow” button on the Company’s social media. You can withdraw your consent at any time in the same manner in which you provided it, i.e. by clicking “unlike” or “unfollow”.
7. PERSONAL DATA RECIPIENTS
Personal data collected through our webpage may be accessed, to the extend this is necessary for the fulfilment of the each of the above processing purposes and within the scope of the responsibilities and duties of each recipient, by:
1. The employees of the company
2. Tax and other authorities or other public authorities in case of audits
3. External partners providing accounting services, audits, Internet services, technical support services or other services necessary for the operation of the website and the performance of the services by the company.
It should be noted that when storing, accessing and/or processing the user’s personal data, the employees and agents of the company fully comply with the relevant provisions of the European General Data Protection Regulation 2016/679 on the protection of Data as well as with current Greek legislation and jurisprudence on the protection of personal data. The company requires of its employees, its website hosting and service providers, as well as its third party partners to take all necessary technical and organisational measures (including appropriate policies and procedures) to prevent unauthorised disclosure of users’ personal data to which they gain access, and implement procedures for the management and processing of personal data in a manner that is lawful and protect such data according to GDPR imposed obligations.
8. RETENTION PERIOD
We retain your personal data for the duration of our contractual relationship. The personal data we process is not retained for a longer period than is necessary for the performance of the contract and any services directly related to it:
a. when we provide a service, your personal data is retained for as long as it is necessary to fulfill the service and for a period of 5 years from the completion of the specific service and at least for as long as it is defined by the legal (tax or other) obligation.
b. In case you contact us via email, your personal data is retained for as long as necessary to respond to your request and for a period of time 5 years after the completion of the request.
c. In case you subscribe to our newsletter, your personal data is retained for as long as you wish to receive the newsletter; you can inform us at any time that you no longer wish to receive the newsletter by sending a relevant e-mail to email@example.com and your data will be deleted.
We will also retain personal data:
1. To the extent required by law (for example, in order to comply with tax legislation)
2. In order to comply with court proceedings (any ongoing or future court proceedings)
3. To establish, exercise or defend our legal rights, personal security of the users and the public.
However, some necessary personal data regarding your contractual relationship with the company as well as information concerning your notification on the processing of your data and your consent, where applicable, may be retained so as to establish the lawfulness of processing of user data by the company and the legal claims of the parties.
9. TECHNICAL AND ORGANISATIONAL MEASURES
The company, its employees, processors, agents shall implement appropriate technical and organisational measures to ensure, as much as possible, the most appropriate protection of personal data against accidental or unlawful destruction, loss, alteration, unlawful disclosure or access to them and any unlawful processing, as well as to ensure the possibility of restoring availability and access to them.
These measures also serve so as to demonstrate that processing is performed in accordance with GDPR, obviously taking into account the nature, scope, context and purposes of processing as well as the risks of varying likelihood and severity for the rights and freedoms of natural persons, while applying appropriate procedures for the regular testing, evaluation and evaluation of the effectiveness of the techniques and organisational measures.
10. YOUR RIGHTS
Under the GDPR (articles 12-22) you have the following rights:
1. Request a copy of your personal data.
2. Withdraw your consent when this is the legal basis of the processing of your personal data.
3. Request that your personal data be corrected if it is inaccurate.
4. Request erasure of the personal data you have provided, under the conditions set out by law.
5. Request restriction of processing, under the conditions set out by law.
6. Request the portability of your personal data, if you have provided us with the data and the processing is based on consent or performance of a contract and processing is based on automated means.
7. Oppose some form of processing of your personal data by the company.
To exercise any of the above rights, you may contact us via e-mail: firstname.lastname@example.org or by mail or in person at the company’s premises at Athens: Panepistimiou 17 Str , Piraeus: Alkiviadou 122 Str , Larisa: Patroklou 14 . We will take all possible measures to satisfy your request within a reasonable period, no later than one (1) month after the submission of the request and proper proof of your identity. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests. Please note that the absolutely necessary user data may be retained, in order to safeguard the legal interests of the Company.
Please note that, depending upon the circumstances and the request, we may not be permitted to provide access to personal data or otherwise fully comply with your request; for example, where producing your information may reveal the identity of someone else. We reserve the right to charge an appropriate fee for complying with your request where allowed by applicable law, and/or to deny your requests where, in the Firm’s discretion, they may be unfounded, excessive, or otherwise unacceptable under applicable law.
Finally, each user has the right to submit a request to the company inquiring on how the company processes and protects your personal data, and if you consider that your rights are infringed, you have the right to file a complaint with the Data Protection Authority (http://www.dpa.gr/, Kifisias 1-3, P.C. 115 23, Athens, 210 6475600).
Please be aware that the content and services of this site are not intended for persons under 15 years of age. No personal data must be submitted to the company through the website by users under 15 years of age. If we become aware that a user under the age of 15 has registered and provided personal data without the explicit consent of the parent or legal guardian, we will immediately delete, after receiving such information or request, the relevant data in accordance with the applicable company policy.
The company may change this policy. Please check the effective date at the top of the policy to see when it was last revised. Every revision will be implemented as soon as we publish the revised policy.
If we make substantive changes to this policy that broaden our rights to use the personal data that we have already collected from you, we will inform you and provide you with a choice for the future use of these data.