PRIVACY POLICY

1. Introduction – Data Controller

Welcome to the Metropolitan College’s data protection policy.

The website at the address https://www.mitropolitiko.edu.gr/ (hereinafter the “Website”) belongs to and operates under the ownership of “METROPOLITAN COLLEGE SA – EDUCATIONAL COMPANY” (ΜΗΤΡΟΠΟΛΙΤΙΚΟ ΚΟΛΛΕΓΙΟ ΑΕ ΕΚΠΑΙΔΕΥΤΙΚΗ ΕΤΑΙΡΕΙΑ), with headquarters at no 74 Sorou St., Postal Code 15125, Marousi, Attica, Greece, Contact Tel. no (+30) 2106199891, hereinafter referred to as “the Company” or “us”.

The purpose of this policy is to explain to you in the simplest, most comprehensible and concise manner possible:

– Which data we collect and process;

– What are the reasons for which we process them and what is the legal basis for our processing;

– Who are the recipients of your data;

– How long we retain your data for; and

– What are your relevant rights and how you can exercise them.

Through the Website, telephone communications as well as printed and electronic promotional activities we collect certain information about visitors, users, students and prospective students which can lead to the direct or indirect identification of these individuals.

Under the legal framework currently in force, some of this information is considered personal data (e.g. name and surname, postal address, contact telephone number, e-mail address, and they can be used to identify you (hereinafter referred to as “Personal Data” or “Data”).

As visitors, users, students or prospective students, you are called “data subjects”, while we, who process your personal data, are the “data controllers”.

“Personal Data Processing” is defined as any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, search for information, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

The Metropolitan College respects the privacy of your personal data and in the framework of ensuring said privacy we have appointed a Data Protection Officer (“Data Protection Officer” or “DPO”) in order to contribute to our Company’s more effective compliance with the requirements of the European Regulation on Data Protection (EU) 679/2016 and Directive (EU) 680/2016, as incorporated into Greek legislation by Law 4624/2019 (hereinafter the “Regulation” or “GDPR”).

For any clarification regarding this data protection policy as well as for any request related to exercising your rights regarding your personal data processed by us, you can contact the Data Protection Officer:

E-mail address: [dataprotection@mitropolitiko.edu.gr]

Telephone no: (+30) 2106199891

Postal Address: 74 Sorou St., Postal Code 15125 Marousi, Attica, Greece.

2. Our main principles for processing your data

We are committed to processing your data in a fair and transparent manner, always in accordance with the applicable legal framework, and in particular the General Data Protection Regulation.

What does this mean in practice?

– We collect and process your data only for specified, expressly stated and lawful purposes.

– We only collect and process data that are necessary for the objectives we set.

– We make every effort possible to ensure that your data are accurate, by providing you the ability to correct and/or erase them, as applicable.

– We keep your data for a limited period of time deemed necessary either by law or by corporate policy for the fulfilment of the processing objectives we set as a Company.

– We make every effort possible to protect the security of your data from unauthorised or illegal processing and accidental loss, destruction or damage.

In the context of protection of the personal data processed, the Company applies a series of appropriate technical and organisational measures, it adopts internal security policies, it provides the relevant training to its personnel, which is committed to maintaining confidentiality, while it also utilises a number of technologies that ensure the security of your data (e.g. SSL certificate, encryption, certified data centres). As the principles of information security and data protection dictate, the technical and organisational security measures are monitored regularly, and, if necessary, they are updated and adapted to new best market practices and aligned with commonly accepted international standards.

3. What data do we process, for which purpose and on what legal basis?

As a rule, the Company collects and processes your data only when you directly and voluntarily provide them yourselves. If you choose to contact us (either by filling out the contact form through our website or by phone), you provide your explicit consent for us to collect and process your personal data for the purposes mentioned below. You have the right to revoke your consent at any time without providing a reason for doing so by submitting a relevant statement to our Company. In this case, the legality of the processing that has taken place until the moment of revocation is not affected. Any revocation of your consent will result in our Company not being able to contact you and serve you further.

However, it is not possible for this rule to apply entirely in two cases in the context of operation of the Website: i) for data collected with the help of cookies (see here in detail) and ii) for certain data collected automatically when you visit our website.

A. Information collected automatically

Due to the nature of the internet and the manner in which it works, as soon as you visit our website, the server records your IP address, which is part of your personal data, even if we cannot identify you based on this information through our website, along with the date and time of your visit.

The reason (legal basis and purpose) for which we collect your IP address and we keep it in log files is on the one hand that it is in our legal interest to process these data in order to ensure the security of networks, information and services from accidental events or illegal or malicious actions that jeopardise the availability, authenticity, integrity and confidentiality of data stored or transmitted (e.g. inspection for denial-of-service attacks), and on the other hand we have the legal obligation to provide the most secure environment possible for processing your personal data.

This processing is permitted as it does not pose a serious risk to your rights and freedoms, while according to the Regulation it is explicitly permitted based on our legal interest.

More information can be found in our Cookies Policy available in the relevant section of our website, which you can read here.

B. Information that you provide to us

Apart from the above, we also collect and process personal data in the following cases:

Communication via the Website (contact form, expression of interest form)

Data we process
Name and surname
E-mail address
Telephone no
City of residence
Capacity (pupil, student, employee, parent, guardian)
Important note: Your Website message should only contain the necessary information for the issue you are interested in and you should avoid referring to your or third parties’ data of a personal nature.

Purpose
We process these data: i) within the framework of the service we offer you, in order to be able to contact you, to answer your message and respond to your request for the provision of more information regarding our services, and ii) if you have given us explicit consent to do so, for reasons of future commercial promotion of our services.

Legal Basis
We process the data you provide us with based on your consent, which you have the right to revoke at any time and request the erasure of your data.

Contact by telephone

Data we process
Name and surname
Date of birth
Capacity (pupil, student, employee, parent, guardian)
E-mail address
Telephone no
Address
Important note: Your Website message should only contain the necessary information for the issue you are interested in and you should avoid referring to your or third parties’ data of a personal nature.

Purpose
We process these data: i) within the framework of the service we offer you, in order to be able to contact you, to answer your message and respond to your request for the provision of more information regarding our services, and ii) if you have given us explicit consent to do so, for reasons of future commercial promotion of our services.

Legal Basis
We process the data you provide us with based on your consent, which you have the right to revoke at any time and request the erasure of your data.

Printed Promotional-Informational Actions

Data we process
Name and surname
E-mail address
Landline no
Mobile no
Area of residence
Date of birth
Level of studies
Facebook account
Important note: Your Website message should only contain the necessary information for the issue you are interested in and you should avoid referring to your or third parties’ data of a personal nature.

Purpose
We process these data for reasons of future commercial promotion of our services as well as to inform you about our current educational programmes.

Legal Basis
We process the data you provide us with based on your consent, which you have the right to revoke at any time and request the erasure of your data.

The accuracy and authenticity of the information submitted is the responsibility of those submitting them in all cases. Learn about the ability to correct your information in the policy section referring to your rights.

Newsletter emails

Data we process
Name and surname
E-mail address

Purpose
We use your name and surname as well as your e-mail address to send you updates with news, offers and other issues that we think may be of interest to you in relation with the Institution.

Legal Basis
We process the data you provide us with based on your consent, which you have the right to revoke at any time and request the erasure of your data.

4. Who has access to your data?

The Metropolitan College will not sell or distribute your personal data to third parties, except of the provisions of this Policy.

Your information will be processed by the specifically authorised personnel of the Metropolitan College and that of AKMI Group’s affiliated companies, as applicable. Your data will also be forwarded to third party service providers acting on behalf of the Metropolitan College, as Data Processors, in the framework of a written contractual relationship established precisely for this purpose in order to provide further processing, in accordance with the purpose(s) for which they were initially collected or for the fulfilment of a legal obligation. The above third parties have agreed with us and are contractually committed to process your personal data for the purpose agreed, and any further processing or disclosure of your personal information to third parties is prohibited, unless this is required by law or it is permitted by us or it is stated in this Policy.

In addition, in the event that your personal data are transferred to third parties outside Greece and/or the European Union, the Metropolitan College is committed to ensuring an equivalent level of data protection to that provided within the European Union, either by selecting companies which are certified according to certain criteria (e.g. companies based in the USA under the Privacy Shield Agreement or by entering into standard contractual clauses with the recipients in third countries which have been approved by the European Union and apply to third-country Data Controllers and Processors, as applicable).

Recipients of your data may also be the competent Supervisory and Administrative Authorities, within the framework of their responsibilities, following a submission of a relevant request to our Company. In this case, we will notify you accordingly in advance, unless such notification is prohibited by law.

In the event that you wish to be informed of the detailed information of the recipients of your data, you can submit a relevant request via email to: [dataprotection@mitropolitiko.edu.gr].

5. Where and for how long do we retain your personal data?

Severs located within the European Economic Area (EEA) are used for storing and further processing your data. In order to ensure the security of our information systems we use third-party applications (e.g. firewall) from specific service providers who are contractually bound to ensure the protection of your personal data which they process on our behalf.

We retain your data solely for the time-period necessary to fulfil the purposes for which we collected them, including the fulfilment of any legal obligation of ours and in accordance with our Company’s internal policy and relevant procedures.

After expiration of the retention time-periods set, the respective data are permanently erased without the possibility of retrieval.

In order to determine the appropriate data retention time-period, their nature is taken into account as well as the risks that may arise from unauthorised use or disclosure of your data and the purposes for which we process them.

In the event that you wish to find out more about the time-periods of retention of different data categories, you can submit a relevant request via email to:  [dataprotection@mitropolitiko.edu.gr].

6. What are your rights regarding your data and how can you exercise them?

According to the GDPR, you have a number of rights in relation to the processing of your personal data.

More specifically, you can:

  1. Submit a request to our Company to find out if we process data and, if so, what data we process, by receiving a copy if you wish (right of access);
  2. To request their correction if your data are inaccurate, incomplete, misleading, non-relevant or outdated (right to rectification);
  3. To request their deletion, under certain conditions (right to erasure);
  4. To request to restrict their processing, under certain conditions (right to restrict processing);
  5. To object to your data being processed by us, under certain conditions (right to object);

6 To request to obtain the data you have provided us in a structured, commonly-used and machine-readable format (if technically feasible), so that you can transfer them to another controller (right to data portability).

In the event of a data breach which may severely endanger your rights and freedoms and provided that it does not fall under any of the exceptions provided in the GDPR, the Company undertakes the responsibility to inform you of the breach without any unjustified delay.

Compliance with the legal framework for data processing and, in this context, your ability to exercise your rights, is a priority for the Company. For this reason, we reserve the right to request additional information which is necessary to confirm your identity, prior to your rights being exercised by you.

In principle, the Company is obliged to respond to your request immediately and at the latest within one month. If necessary, taking into account the complexity of the request and the number of requests, this deadline may be extended by a further two months. In any case, the Company will inform you as soon as possible, and always within one from the submission of your request, about its progress and the reason of any delay in its fulfilment.

If your requests are manifestly unfounded or excessive, in particular due to their recurring nature, the Company may impose a reasonable fee, taking into account the administrative costs of providing information or communicating or performing the requested action, or may refuse to further process your request.

In the event that you do not receive a (timely) answer to your request or you are not satisfied by the Company’s answer, you have the right to make a relevant complaint to the competent supervisory authority (Hellenic Data Protection Authority – 1-3 Kifisias Av., Postal Code 115 23, Athens, Greece – tel. no. (+30) 210 6475600, email: contact@dpa.gr).

For any question or issue you may face regarding the protection of your data by our Company, you can contact us by e-mail at [dataprotection@mitropolitiko.edu.gr] or by post at the address 74 Sorou St., Postal Code 151 25, Marousi, Greece – tel. no +30 210 6199891.

7. Hyperlinks to third party websites

With the help of appropriate hyperlinks within our Website it is possible to access third party websites. The placement of these links has taken place with the sole purpose being facilitating visitors during their internet browsing. It is in no way an indication of acceptance or approval of the content of the websites listed via a link by our Company.

Access to the relevant website through the use of the links provided takes place exclusively at your responsibility and we encourage you to carefully read the data protection policy of all websites you visit.

8. Cookies

As most websites, we also use cookies and similar technologies when you access and browse our Website.

We make use of these technologies so that your browsing can be effortless and effective, and so that a range of functions can be available to you, such as sharing our webpages on social media, and so that we can obtain certain information regarding your browsing.

Cookies are small text files stored on the hard drive of the computer or other electronic devices through which the user accesses the Website. Cookies are unique for each web browser (e.g. Google Chrome, Mozilla Firefox, Internet Explorer, Opera, etc.) and contain anonymous information about the websites you visit and the devices you use.

By continuing to use the Website without changing the settings, you agree to the use of “cookies”.

For more information see our policy on cookies here.

9. Data of minors

Our services are aimed exclusively at individuals over 15 years of age and we do not knowingly collect any information about individuals under 15 years of age. If you are under 15 years of age, you are not permitted to submit information to us in any way.

As it is not technically feasible to effectively check your age in all cases, in the event that the submission of personal data related to minors is reported and verified, we undertake to immediately erase all relevant information. This erasure applies without prejudice to the need to retain the data in the event of establishment, exercise or support of our legal entitlements, or following the provision of consent by a guardian.

10. Facebook page

The Company has an official page on the “Facebook” social networking platform entitled Metropolitan College (www.facebook.com/MitropolitikoKollegio).

You can contact us through our Facebook page in order to obtain more information about our services in the following ways:

1. via the “send message” option
2. via the “call now” option

In order to answer your relevant questions, our Company collects and processes your Facebook username as well as other information that is publicly available through your profile (e.g. telephone number, e-mail, etc.) Sending a message to contact us implies your consent to the above data processing. Access to our website and its use is subject to our Company’s Privacy Policy, as published and applicable. In the event of a call, the provisions of the paragraph “Information you provide to us – contact by telephone” of this policy apply.

In the event that you choose to click “LIKE” on the Company’s page, this implies that you provide your consent to see our Company’s news and promotions (via newsfeed) through its Facebook page. If you do not wish to receive such update, you can click “UNLIKE” at any time.

The Company takes all necessary security measures (technical and organisational) for the security of data processing via Facebook, such as the restriction of people who have access to management of its Facebook account.

Finally, we inform you that the Company is only responsible for the method and means by which your data is processed for the above purposes (contact, provision of information and promotional activities). The Company is not responsible for the method or means by which your data is processed by the Facebook social networking platform. You can learn about the processing of your data by the Facebook social networking platform via the following links:

https://el-gr.facebook.com/policy.php?CAT_VISITOR_SESSION=c7b73ebc78d1681ade25473632eae199

https://el-gr.facebook.com/business/GDPR

11. Changes to the data protection policy and remaining informed

This Data Protection Policy may be amended at any time deemed necessary by the Company. Guided by the principle of transparency, we are committed to informing you of any significant impending change to our policy, by posting it on our Website prior to the implementation of these changes. In any case, however, we would like to highlight that it is your responsibility to check our website regularly for any changes to this Policy, as use of our services implies acceptance of this Policy and any changes to it.

12. Further Information

If you have any questions about this Policy or any doubts regarding this Policy or any issue related to data protection in general, please email us at [dataprotection@mitropolitiko.edu.gr].

You can also contact us at the following address: 74 Sorou St., Postal Code 15125, Marousi, Attica, Greece – Contact Tel. no (+30) 2106199891

 

For any request for modification or erasure of personal data, please click here.