Data Protection and Privacy Statement
Alkinoou 33, GR-49100, Corfu, Greece
What personal data do we collect?
The personal information we collect from you will vary depending on the context of your interactions with us and the product and/or service that we are providing to you. It may include, but is not limited to, the following information:
- identity data including your name, date of birth, gender and profession
- identity data for your children that are studying or studied in the past in our school, including names(s), date of birth, gender, contact details
- contact data including your home/work postal address, email address and phone number
- photos of you taken while colaborating with us
- upon application: medical condition(s) or special needs which may affect our services to you
- transaction data including your credit card number when you make a payment to us
- profile data including purchases made by you, preferences, feedback, survey responses and any usernames
- usage data including how you use our website, products and services
- marketing data including your preferences in receiving marketing from us
- technical data including internet protocol (IP) address, login data, browser type and technology used to access this website.
How do we collect your personal data?
We collect information about you when you:
- request marketing to be sent to you
- attend an event
- register on our website
- physical registration forms or electronic registration form(s) on our website(s)
- request products or services
- enter a competition, promotion or agree to participate in market research (such as surveys or questionnaires)
- provide us with your personal information from your usage of our website and any other information you post on our website, email or otherwise send to us
- otherwise provide us with information in the course of our interactions with you.
Personal information we collect about you from others
How do we use your personal data?
We will only use your personal information in the following ways:
- when it is necessary for our, or third parties, legitimate interests:
- to fulfil a contract, or take steps linked to a contract
- to provide general administrative and performance functions and activities.
- to enable us to supply you with the products and services and information that you have requested
- to help us in the development of, and to improve our products and services
- to train Andrioti School staff about how to best serve our clients
- to promote our services on notice boards, social media or other promotional material
- to provide you with information about products or services that may be of interest to you, using the email address which you have provided or via social media
- to invite you to participate in market research activities, such as responding to interview questions or completing online surveys and generally to manage our relationship with you
- to send you marketing communications, and show you marketing communications on other websites (including social media sites where you are a member)
- to ensure that content from our website is presented in the most effective manner for you and your computer
- to automatically collect data about visitors to our site (for example browsing patterns) by using cookies
- to maintain our website and ensure network and information security
- to prevent and detect fraud and other criminal offences
- to manage our legal and operational affairs
- when it is necessary for our, or third parties, legitimate interests:
as long as, in each case, these interests are in line with applicable law and your legal rights and freedoms; or
- where you have agreed to this for specified, explicit and legitimate purposes; or
- where this is necessary for legal obligations which apply to us.
We may contact you for marketing purposes relating to our products and services and our website, unless you let us know that you do not want to receive marketing communications. We will only contact you for these marketing purposes by electronic means (email or SMS) where you have agreed to this. Your agreement to the use of your personal information for these purposes is optional and if you decline to provide your agreement, your visit to and use of the website will not be affected.
When contacting you to invite you to participate in market research projects, such as questionnaires or interviews, we will only use your personal data for the purpose of the specific project to which you have consented. That personal data will, once the project has been completed, be removed from our systems (see retention below).
How do we share your personal data?
We may share personal data:
- with other people and/or businesses who provide services on our behalf or at our request
- our professional advisers/agencies
- with regulators and law enforcement agencies, where we are required to do so by law, where necessary for the purposes of preventing fraud and other criminal offences and to ensure network and information security
- with social media platforms, including but not limited to Facebook, Google, Google Analytics, LinkedIn, in pseudonymised or anonymised forms.
How do we store your personal information?
We store personal information on secure servers that are managed by us and our service providers, and occasionally hard copy files that are kept in a secure location. Personal information that we store is subject to security and access controls, including username and password authentication and data encryption where appropriate.
Transferring Personal Data
Greece and countries inside the European Economic Area have specific laws which protect the way personal data is used. We may transfer personal data to countries outside of the European Economic Area where personal data is not protected in the same way (usually to other businesses who provide services on our behalf). In such cases we will make sure that suitable safeguards are in place to protect the personal data. What that means is that whoever we transfer data to will have to agree to protect the personal data in an appropriate way.
Information about children
Our Sites are not suitable for children under the age of 13 years, so if you are under 13 we ask that you do not use our Sites or give us your personal information. If you are from 13 to 18 years, you can browse the Sites but will need the supervision of a parent or guardian. It is the responsibility of parents or guardians to monitor their children’s use of our Sites.
Information you make public or give to others
Subject to applicable law, you may have the right to: obtain confirmation that we hold personal data about you, request access to and receive information about the personal data we maintain about you, receive copies of the personal data we maintain about you, update and correct inaccuracies in your personal data, object to the processing of your personal data, and have your personal data blocked, anonymised or deleted, as appropriate. The right to access your personal data may be limited in some circumstances by local law requirements.
For the purposes of applicable EU data protection law (including the General Data Protection Regulation 2016/679 (the “GDPR”), we are a ‘data controller’ of your personal information.
Changes to this Policy
How can you contact us?
Please contact us via email (for this website): firstname.lastname@example.org
or by post to our physical address described in the beginning of this document.
Andrioti School PrivacyPolicy, effective date 25th May 2018