Notification Regarding the Processing of Personal Data

Pursuant to the application of the General Data Protection Regulation (EU) 2016/679 (“GDPR”), the Hellenic American Union (22 Massalias Street, 10680 Athens) (the “HAU”) would like to inform you of the following:

1. What data is processed by the HAU belonging to which natural persons: The HAU, in its capacity as data controller, processes personal data of adult persons who attend or will attend its training programmes as students (“data subjects”). Data processed by the HAU, as appropriate, shall include, inter alia: (a) personal information, like the information collected from this Registration Card; (b) financial data relating to the payment of any amount due to the HAU, such as bank card information, bank account numbers, billing and payment data, etc.; (c) sound (voice) and image data of the data subject, if they participate in a “hybrid”/flex(ible) class, as per the relevant notification provided by the HAU; (d) special categories of data, i.e., where applicable, health-related data that may be disclosed by the data subject (e.g. dietary specificities/ allergies, special learning difficulties, other health issues, medicines to avoid); and (e) image, as recorded by the CCTV system operating in the HAU’s premises. The disclosure/ processing of the data specified in subparagraphs (a), (b) and (c) above is a legal or contractual obligation of the data subject or a requirement to conclude a contract. Where the data subject does not provide the above data or part thereof, he or she will not be able to participate in the HAU training programmes.

2. Data source: As the case may be, the source of the data will either be the students themselves disclosing their data, or the data subject’s employer (in case the employer pays the tuition fees). To the extent that such employer transmits third party personal data to the HAU, they shall be responsible for complying with the applicable provisions of the personal data legislation. In this context, they may need to obtain the data subjects’ consent before transmitting data to the HAU.

3. Purposes and legal basis of processing data: As the case may be, the purposes of processing personal data by the HAU are: (a) To register, provide services to and in general manage students and issue certificates of attendance. For such data processing, including the processing of sound and image data from a “hybrid”/flex(ible) class in which the data subject may participate, the legal basis for the processing shall be the performance of the relevant contract concluded with the HAU and compliance with a legal obligation of the HAU, while for special categories of data (as specified in clause 1 (d) above) that may have been disclosed to the HAU, the legal basis for processing shall be the data subject’s relevant consent given by the very disclosure of the relevant personal data to the HAU and the protection of the vital interests of the data subject or of another natural person where the data subject is incapable of giving consent. (b) To safeguard the interests of the HAU. For such data processing, the legal basis is that processing is necessary for the purposes of the legitimate interests pursued by the HAU which override the interest, fundamental rights and freedoms of the data subject which require the protection of personal data (e.g. for the establishment, exercise or support of legal claims, in which case the processing, if necessary, will also extend to specific categories of data). (c) To prevent, deter and suppress any illegal actions, through the CCTV system operating at the HAU's premises. For such processing of image, the legal basis for processing is that processing is necessary for the purposes of the legitimate interests pursued by the HAU, which override the interest, fundamental rights and freedoms of the data subject which require the protection of personal data. (d) To send marketing material via electronic mail. It must be clarified that the HAU is entitled to use the data subjects’ electronic mail contact details, lawfully obtained in the context of the provision of its services or any other transaction, for the direct promotion of similar services or for the furtherance of similar purposes, even where data subjects have not given their prior consent, provided that they are given, when contact details are collected, as well with every message, a clear and transparent option to object, easily and free of charge, to the collection and use of their electronic data. For such processing of data, the legal basis is that processing is necessary for the purposes of the legitimate interests pursued by the HAU (i.e. the legitimate interests relating to the promotion of its services), which override the interest, fundamental rights and freedoms of the data subject which require the protection of personal data. Finally, once the data subjects' consent has been obtained, the HAU will use their image and/or voice only, in the context of a relevant photography, video or sound recording session, to create marketing material that the HAU may use in its brochures, on its website, in its promotional videos or in any other way. For all the above purposes, the HAU does not proceed with automated decision-making, including profiling of data subjects.

4. Recipients of data: As the case may be and depending on the purpose of processing, personal data may be transmitted to the authorised employees in each department of the HAU, to the data subject's employer (in case the employer pays the tuition fees) and to companies associated with the HAU with which the HAU has a concluded a contract and which process the data on its behalf (e.g. IT companies, IT service providers, etc.), within their competencies and subject to the obligation of confidentiality, secrecy and compliance with the data protection legislation. In addition, the HAU may transmit personal data to third parties where so required by law, or for the purposes of, or in connection with legal proceedings in which it participates, or otherwise for the purposes of supporting, exercising or defending its rights, or to third parties that are law enforcement authorities and have submitted a lawful transmission request, or where it considers that transmission is necessary in connection with any investigation into the suspicion or existence of any illegal activity. Personal data shall not be transmitted outside the European Economic Area.

5. Data retention time: The above data will be retained for a period time as required or allowed by the legislation/regulatory framework in force each time, taking into account the applicable prescription period, which may extend to up to 20 years. Specifically: (a) where processing is carried out under a relevant contract, the personal data shall be stored for as long as necessary for the performance of the contract and for the establishment, exercise and/or support of any legal claims of the HAU arising from that contract; and (b) where the processing is imposed as an obligation by provisions stemming from the applicable legal framework, personal data shall be stored for as long as the relevant provisions so require.

6. Data subjects’ rights: The data subject shall have the following rights under the GDPR: (a) to receive a copy of the personal data held by the HAU, together with other information on how data is processed; (b) to request that personal data concerning him or her be rectified and, under conditions, to request the deletion or restriction of processing, or to object to the processing of personal data; (c) to receive a copy or to request the transmission of a copy of his or her personal data to a third party in a structured, commonly used and machine-readable format (right to data portability). Where the processing of data is based on his or her consent, the data subject shall have the right to withdraw that consent at any time without affecting the lawfulness of processing based on consent before its withdrawal. If the data subject wishes to receive further information about the processing of his or her personal data or to exercise any of his or her above rights, he or she must email the HAU Data Protection Officer exclusively at: privacy@hau.gr, or send a letter to the mailing address mentioned above. Finally, the data subject has the right to file a complaint with the competent supervisory authority about how the HAU handles his or her data (www.dpa.gr).

Learn more here  about how the Hellenic American Union processes personal data from the closed-circuit cameras operating at its premises. (in Greek)

Last Update At: 2020/09/25 - 12:38:19

Stay Connected

Hellenic American Union Twitter Hellenic American Union Facebook  linkedin logo

 YouTube logo  Instagram logo

Worth Visiting 

Hellenic American Union Thessaloniki

Hellenic American Union e-learning platform


Accreditation

Commission on English Language Program Accreditation

ISO-9001 Certified

ISO 9001


 

Where to find us

English Language Program
Μassalias 22
10680 Athens
Τel.: 00302103680900, 00302103680947, 00302103680031
Fax: 00302122222629
Email: english@hau.gr

 

Tools

Utilities:
Print this page
Send this page