GENERALLY
Welcome to GreenSchool . We want to provide you with our services with a commitment to protecting and respecting your privacy. For purposes of this update, we will be referred to here as the "Organization".
This Policy was approved by the Administrator of the Organization and entered into force on 10/24/2019.
With this policy we inform you of the way we collect and use information concerning you, as provided by the current legislation (General Data Protection Regulation 679/2016). At the same time, we describe your rights regarding the personal data we process and the measures to protect your privacy. Personal data is the information based on which a person can be identified. Indicatively, the information about your name, the information available to your insurance provider (public or private) to identify you, your e-mail account are mentioned.
The Personal Data Management Policy describes how personal data is collected, stored and processed, in order to harmonize with the internal operation of the company and the law. It also confirms that GreenSchool
- Harmonized with the General Data Protection Regulation 679/2016
- Protects the rights of staff, custodial parents, minor Children and its partners
- It is clear about how it maintains and processes personal data
- Protects against potential risks of data breach and unauthorized access.
WHAT THE LAW DEFINES
In order to proceed with the processing of the data concerning you and the Children, the existence of a specific legal basis is necessary.
The Organization keeps and processes personal data in the context of the execution of its contractual obligations, as provided by law (Article 6 GDPR par.1) but also to safeguard the vital interests of the subjects of the aforementioned personal data.
In order for the Organization to be in line with the law, while keeping and processing personal data (electronic or paper records) certain basic principles need to be followed, which are
- to do so with a lawful cause,
- for a certain purpose,
- accurately and by observing only the necessary data.
- In addition, personal data must be accurate and up-to-date,
- according to the rights of the subject,
PERSONAL DATA MANAGEMENT POLICY
- kept only for the time necessary and protected by appropriate technical and organizational means.
- In case they are transferred outside the European Union, this must be done legally.
THE TYPE OF PERSONAL DATA WE PROCESS
The Organization collects:
- Your first name, last name, contact details, sometimes your date and place of birth. Also, details related to serving both the business and educational purpose of the Organization as well as the contractual relations and communication practices of the Organization.
- In case of communication with you and vice versa, we will keep a file with details of this communication. Possibly also the content of your own reviews for third parties.
- Internet connection and communication data also related to the media and applications you use.
- If you are an employee of the Organization we may collect data about your gender, nationality and documents capable of identifying you. Also data for payroll purposes, numbers linked to tax and insurance data and everything considered necessary for the termination of a contractual relationship.
- In our facilities there is closed circuit monitoring (CCTV) to record possible malicious activity, as provided by law. In these frames image and movement are recorded and kept for a short time.
- The Organization reserves the right to control, monitor, record, use the content of the data kept in it and processed through the electronic systems it maintains. The same applies to data kept in paper files (folders).
- On our website www.greenschool.gr we use a traffic parameterization application for statistical reasons (cookies) and the transmission of data from the relevant contact form is subject to the security conditions of the respective applications, including their encryption methods.
REASON FOR HOLDING AND PROCESSING YOUR PERSONAL DATA
The Organization collects and processes personal data concerning you for the following reasons:
- For our harmonization with the applicable legislation (such as GDPR 679/2016)
- To carry out statistical surveys for the Organization's internal use
- To be able to fulfill our obligations arising from your position as a customer or as a partner and also from our position as an employer within the framework of the contract.
- For purposes related to the security of persons, facilities, assets and material related to the Organization
- To manage the Agency's communications
- For any obligations of the Organization related to obligations and rights defined by the Public Authorities.
- For any case, where an important justifying reason is considered to be your express consent to the keeping and processing of the above data.
WHERE THE POTENTIAL RISK TO PERSONAL DATA MAY COME FROM
This Policy helps the Organization to protect itself from risks which, among others, may include:
- Breach of Confidentiality . That is, information that can be given to someone without the necessary authorization and competence to process it.
- Lack of possibility for the subject to choose the ways of keeping and processing data concerning him
- Damage to the reputation of the Organization in case of illegal access to personal and sensitive personal data.
DO YOU HAVE AN OBLIGATION TO GIVE US YOUR PERSONAL DATA?
In order to enter into a contract with you and to meet the obligations arising from it as well as to exercise our rights, yes you are obliged to give us your personal data and data concerning persons of whom you exercise guardianship. If not, we may not be able to engage with you and provide you with our services (whether as an employer, service provider or supplier). Any information about minors is kept only with the consent of the person exercising parental care.
AUTOMATED DATA PROCESSING
For statistical research purposes and for your information, after your consent, the Organization may use automated profiling decision-making. We repeat that such a thing, when done, requires your consent.
RETENTION PERIOD OF YOUR PERSONAL DATA
The Organization may keep your data for some years after the end of the contractual relationship with you. In some cases, it may even be required by law. The financial information concerning you is kept in our file for a decade (10 years). We keep sensitive personal data only for as long as is necessary for the termination of our contractual relationship.
USE OF PERSONAL DATA
Personal data have no value for the Organization, except in the event that they are used. Therefore, the risk to personal data exists when it is processed and may include its loss, destruction or theft. Particularly,
- Employees concerned with personal data make sure their computer screens are always locked when not in use
- Personal data is not shared informally. In particular, they are not sent by non-secure e-mail.
- The personal data before their electronic transmission is encrypted (SSL).
- The staff of the Organization do not have copies of personal data on their personal computers.
- Personal data are only found at their necessary processing points and not scattered across a series of computers that is not deemed necessary.
TRANSFER OF DATA TO THIRD PARTIES
The Organization does not share files containing sensitive personal data with third parties. In the event that this happens, it will only be done with the express consent of the subject and for reasons that will be explicitly stated. For example , the diagnosis description which is transmitted to a medical care provider.
Also, personal data may be transmitted to an accounting or banking support company, which will be governed by this policy, always within the framework of a contractual relationship. Sometimes, within the framework of a contract, the Organization may act as a data processor on behalf of a counterparty. In this case, we may keep a joint file with our counterparty, which file is governed by this Personal Data Management Policy.
Furthermore, we disclose personal data to the Authorities, when we are subject to a relevant legal obligation and this becomes necessary in the context of compliance with the law and for public safety. Your data is not transferred outside the European Union.
DATA STORAGE
The rules below describe how and where the data (must) be kept. Related questions should be addressed to the Data Protection Officer. Thus, data stored in paper records (must) be stored in such a way that it cannot be viewed by unauthorized persons. The same applies to files that are kept electronically, but for some reason have been printed. Important points are the following:
- Folders and paper data are kept in a file cabinet, which is locked.
- Employees are sure that printouts are not left where unauthorized people could have access, such as in or near the printer.
- Printed data, which is not in use, is destroyed.
In the event that the data is stored electronically, it is protected from unauthorized access to it, from accidental destruction and interception attempts. Specifically:
- Data is protected by strong passwords, which are changed frequently and not disclosed to unauthorized employees.
- Where data is stored on removable media (such as CDs for example), it is stored securely when not in use
- Data is stored only on reliable servers and an approved cloud computing service.
- The servers that contain personal data are located in a secure location, at a distance from the central office space of the Organization.
- Copies of the data are kept by the Organization and checked periodically, in accordance with the procedures defined by the Organization.
- The data is not kept under any circumstances, directly on laptops and devices such as smartphones or tablets.
- All servers and computers containing data are protected by an approved computer program (software) and protection program (firewall).
THE CONCEPT OF RESPONSIBILITY WITHIN THE ORGANIZATION
Anyone working as an employee at GreenSchool has some degree of responsibility in ensuring that data is collected, stored and processed in a lawful manner. Every person who handles personal data has the duty to ensure that it is processed in accordance with this Policy and the principles of data protection, as already highlighted above.
However, the following have specific areas of responsibility:
- The Administrator of the Company, Mrs. Theodoridou Angeliki, is the highest body of responsibility, providing the assurance that GreenSchool complies with its legal obligations regarding the maintenance and processing of personal data.
- The Data Protection Officer Ms. Theodoridou Angeliki is responsible for:
- Informing the Management about the responsibilities of data protection and the risks that may be involved.
- The updating of all personal data protection procedures according to the organizational chart.
- The planning of the training and the consulting of those related to the specific Policy
- The management of persons' requests for data concerning them.
- The control and approval of contracts with third parties, who may handle sensitive personal data concerning the Organization
GENERAL GUIDELINES RELATING TO STAFF
- The only employees who have access to the data covered by this Policy are those who need to have such access to perform their job duties.
- Any data of the Organization is not intended to be shared without authorization.
- The Organization provides training to all employees to help them understand their responsibilities when handling personal data.
- Employees keep all data in a secure manner, taking appropriate measures following these guidelines.
- In particular, strong passwords are used and are not disclosed to third parties without authorization.
- Data is checked and updated. In the event that their observance is not deemed appropriate, they are deleted.
- Employees (must) seek the guidance of the Data Protection Officer, if they are unsure about an issue related to the protection of personal data.
YOUR RIGHTS
At GreenSchool we place great importance not only on knowing your rights in relation to your personal data but also on how you can exercise them. Therefore, you have:
- Right to know if we hold and/or process your personal data. This right of yours stems from Article 15 GDPR 679/2016. You can also request a copy of your data and how you can access it.
- Right to be able to request the correction of your personal data. As soon as you can prove that the data we hold concerning you needs correction, you can request it from the Organization.
- Right to be "forgotten", i.e. to delete your data . In any case, you have the right to request from the Organization either the restriction of the personal data concerning you and those for whom you exercise parental care, all the data we also keep and process, or their deletion. Your request may be accepted immediately, as long as it does not contravene the law or an obligation of the Organization arising from it.
- Right to object to the retention and processing of your data.
HOW YOU CAN EXERCISE YOUR RIGHTS
Please contact us in any case of interest in exercising the rights described above. This can be done either by phone or by sending an e- mail to [email protected] . In any case, you will be asked for identification information to process your request. You have every right to appeal to the Personal Data Protection Authority, as it is the competent national supervisory body, in case you find a problem with your data and the Organization does not respond.
HOW TO BE INFORMED OF MODIFICATION OF OUR POLICY
You can be informed about any change and modification of this policy from our website www.greenschool.gr
IMPORTANT NOTICE FOR STAKEHOLDERS INCLUDING THE ORGANIZATION'S PARTNERS
This GreenSchool Data Protection Policy was drawn up and approved by the Administration on 10/23/2019. It was implemented on 24/10/2019 and its next check is scheduled for 01/09/2020.