Data Privacy Policy
1: Subject-matter and purpose of the privacy policy
The company SQLearn collects and processes personal data according to the Law 4624/2019, which has incorporated the provisions of the European Union Data Protection Regulation 2016/679 of the European Parliament and of the Council (henceforward GDPR) on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC. It also commits to applying national and European privacy law. This policy is provided by SQLearn, in order to be defined and announced the terms and conditions that this company holds for the protection of personal data processed by the latter. In particular, in the privacy policy the personal data subjects are clarified, as well as the categories of personal data collected, the purpose for which they are collected, the legal basis of the processing, the transfer of personal data to third countries, other recipients or processors, as well as the storage period/limitation of such data. The purpose of this policy is to inform data subjects about their rights regarding the processing of their personal data. The company takes all the necessary technical and organizational measures required for the security of the personal data collected.
SQLearn reserves the right to modify or update this policy without prior notice if required by applicable national or European law or is deemed necessary as a consequence of our ongoing efforts to improve the protection of personal data. For this reason, a regular review of this policy from stakeholders is needed.
2: Data Controller
The data controller is SQLearn, which is based in Piraeus, 6 Skouze Str. 185 36, tel: (+30) 210 7778877, fax: (+30) 210 7778877, email: info@sqlearn.gr. The company is the legal entity that collects and processes personal data and determines the manner and purpose for which it collects the personal data. The company acts as the data processor on behalf of its clients, when providing e-learning services. More specifically, the Company processes the personal data transmitted by its clients – data controllers, for providing asynchronous e-learning platform setup and customization, e-learning courses development, enriched with multimedia elements (sound, videos, animation, 3d animations, serious games), webinars development, synchronous learning platform (teleconference system), digital library of e-learning courses and assessment of training needs. Data controllers are responsible for meeting theirs GDPR obligations (asking for the consent of data subjects for the processing of personal data if is considered necessary, informing about data subject rights etc.). The Company processes the personal data on the basis of a contract with the data controller, for ensuring that each entity in the partnership is operating in compliance with the GDPR.
3: Information about the collection and processing of personal data
3.1: Personal data collected by the Company’s clients (invoices)
Our Company collects and processes identification data (name and surname, address), tax data (VAT, tax office), workplace data, contact information (phone number), transaction data (payment and shipping method, price category) and financial data by its clients.
3.1.1: Purpose of processing
The purpose of obtaining the above data is to meet the needs for the practice of commercial activities, Company’s transactions and establishing trade agreement. This also ensures that any financial transactions between the Company and the clients can be successfully carried out.
3.1.2: Legal basis for processing
The collection and processing of the clients’ personal data is necessary for the Company to comply with the law (ar.6 GDPR).
3.1.3: Transfer of data
Data are not transmitted to EU countries or third countries. However, data are processed by the external accountant, used by the controller as processor, for providing accounting services who carry out his duties compliant with the GDPR. Moreover, our Company may use the OneDrive as processor, that comply with the data protection rules under the GDPR.
3.1.4: Retention period
Our Company retains the above data for 15 years, which begin on the first day of the year following the year the service was provided or received, after which it deletes the data.
3.2: Personal data collected by the Company’s clients (order forms)
Our Company collects and processes order details (order date and description), identification data (name and surname of the responsible person for the order and the project, client’s legal representative) tax data (VAT, tax office), workplace data, contact information (phone number, fax, email) and transaction data (payment method, repayment date) by its clients.
3.2.1: Purpose of processing
The Company processes the above data in order to manage the clients’ order forms.
3.2.2: Legal basis for processing
The purpose of collecting the data is covered under the legal basis of executing a “Contract” between the Company and the client (ar.6 b GDPR).
3.2.3: Transfer of data
Data are not transmitted to EU countries or third countries. However, data are processed by the external accountant, used by the controller as processor for providing accounting services, who carry out his duties compliant with the GDPR. Moreover, our Company may use the OneDrive as processor, that comply with the data protection rules under the GDPR.
3.2.4: Retention period
Our Company retains the above data for 15 years, which begin on the first day of the year following the year the service was provided or received, after which it deletes the data.
3.3: Personal data collected by the Company’s suppliers (invoices)
Our Company collects and processes identification data (name and surname), tax data (VAT), workplace data, contact information (phone number, email) by its suppliers.
3.3.1: Purpose of processing
The purpose of obtaining the above data is to meet the needs for the practice of commercial activities, Company’s transactions and establishing trade agreement. This also ensures that any financial transactions between the Company and the suppliers can be successfully carried out.
3.3.2: Legal basis for processing
The collection and processing of the suppliers’ personal data is necessary for the Company to comply with the law (ar.6 GDPR).
3.3.3: Transfer of data
Data are not transmitted to EU countries or third countries. However, data are processed by the external accountant, used by the controller as processor, for providing accounting services who carry out his duties compliant with the GDPR. Moreover, our Company may use the OneDrive as processor, that comply with the data protection rules under the GDPR.
3.3.4: Retention period
Our Company retains the above data for 15 years, which begin on the first day of the year following the year the service was provided or received, after which it deletes the data.
3.4: Personal data collected by the prospective employees for their initial evaluation
The prospective employee’s identification data (name and surname, birthday/age, home address), workplace data and information about education, contact information (phone number, email) is obtained by our Company from the data subject or the HR company Randstad, the LinkedIn and the Indeed.
3.4.1: Purpose of processing
The purpose of collecting the data is to evaluate the candidate and proceed with the recruitment process.
3.4.2: Legal basis for processing
The collection and processing of the candidates’ personal data is legal as the data subject has given consent to the processing of his/her personal data (ar.6 par.1 sub. ed a GDPR).
3.4.3: Transfer of data
Data are not transmitted to EU countries or third countries. However, they are forwarded to the following service providers which are used by our Company as processors: HR Company Randstad, LinkedIn and Indeed (CVs’ collection). Please note that these service providers comply with the data protection rules under the GDPR. Moreover, our Company may use the OneDrive as processor, that comply with the data protection rules under the GDPR.
3.4.4: Retention period
Candidate information are deleted after a period of two years. In cases that the Company proceeds with the recruitment process, the processing is covered under the legal basis of executing a “Contract” between the Company and the employee and the personal data are retained for the time required for executing the contract and for the establishment, exercise or /and defense of legal claims.
3.5: Personal data collected by the prospective employees for arranging the interviews
The prospective employee’s identification data (name and surname) and contact information (cell phone number) is obtained by our Company.
3.5.1: Purpose of processing
The purpose of collecting the data is to interview the candidate.
3.5.2: Legal basis for processing
The collection and processing of the candidates’ personal data is legal as the data subject has given consent to the processing of his/her personal data (ar.6 par.1 sub. ed a GDPR).
3.5.3: Transfer of data
Data are not transmitted to EU countries or third countries. However, our Company may use the OneDrive as processor, that comply with the data protection rules under the GDPR.
3.5.4: Retention period
Candidate information are deleted after a period of two years.
3.6: Personal data collected by the journalists for press releases and other Company’s briefings
Our Company collects and processes identification data (name and surname) and contact information (phone number, email) by the journalists that communicates with. The personal data is obtained by our Company from the data subject or from any other publicly available source (e.g. Internet).
3.6.1: Purpose of processing
The purpose of collecting the data is to submit press releases and implement briefings.
3.6.2: Legal basis for processing
The collection and processing of the journalists’ personal data is legal as the data subject has given consent to the processing of his/her personal data (ar.6 par.1 sub. ed a GDPR). However, no prior consent required if the personal data is publicly available online and therefore accessible to the public (ar.6 par.1 sub. ed a GDPR).
3.6.3: Transfer of data
Data are not transmitted to EU countries or third countries. However, our Company may use the OneDrive as processor, that comply with the data protection rules under the GDPR.
3.6.4: Retention period
Personal data shall be retained in a form which permits the identification of data subjects only for the time required for the processing of personal data, which is until the end of the cooperation or the withdrawal of the consent.
3.7: Personal data collected by the Company’s website visitors and clients via the contact forms
Our Company collects and processes identification data (name and surname), contact information (phone number, email) and any other data is included in the submitted contact form by website visitors and clients.
3.7.1: Purpose of processing
The purpose of collecting the data is to facilitate communication between the Company and the interested parties throught the Company’s website.
3.7.2: Legal basis for processing
The collection and processing of the personal data is legal as the data subject has given consent to the processing of his/her personal data (ar.6 par.1 sub. ed a GDPR).
3.7.3: Transfer of data
Data are not transmitted to EU countries or third countries. However, our Company may use the OneDrive as processor, that comply with the data protection rules under the GDPR.
3.7.4: Retention period
Personal data shall be retained in a form which permits the identification of data subjects only for the time required for the processing of personal data, which is for 6 months.
3.8: Personal data collected by the participants in Company’s events
Our Company collects and processes the photographic images by the participants in Company’s events by taking photographs of them.
3.8.1: Purpose of processing
The purpose of collecting the data is to create and maintain the file with the photographs taken during the events organized by the Company.
3.8.2: Legal basis for processing
The collection and processing of the participants’ personal data is legal as the data subject has given consent to the processing of his/her personal data (ar.6 par.1 sub. ed a GDPR).
3.8.3: Transfer of data
Data are forwarded to the following service providers which are used by our company as processors: the OneDrive for data storage, the Facebook and the LinkedIn for posting the photos, that comply with the data protection rules under the GDPR.
3.8.4: Retention period
Personal data shall be retained in a form which permits the identification of data subjects only for the time required for the processing of personal data, which in the present case is for 40 years.
3.9: Personal data collected by anyone who came into contact with the Company (partners, clients, potential clients, employees, prospective employees, suppliers etc.) for communication purposes
Our Company collects and processes identification data (name and surname), workplace data and contact information (phone number, email) by anyone who came into contact. The personal data is obtained by our Company from the data subject or from any other publicly available source.
3.9.1: Purpose of processing
The Company processes the above data in order to achieve the communication with the data subjects which in their specific capacity (partners, clients, potential clients, employees, prospective employees, suppliers etc.) contacted the Company.
3.9.2: Legal basis for processing
The legal basis for the collection of the above information is the execution of a ‘Contract’ (ar. 6 par. 1 b GDPR).
3.9.3: Transfer of data
Data are not transmitted to EU countries or third countries. However, our Company may use the OneDrive as processor, that comply with the data protection rules under the GDPR.
3.9.4: Retention period
Personal data shall be retained in a form which permits the identification of data subjects only for the time required for the processing of personal data, which in the present case is for the time required for executing the contract and for the establishment, exercise or /and defense of legal claims.
3.10: Personal data collected by the participants in the Company’s project partnerships for submitting tenders
The cooperating companies’ employees’ identification data (name and surname), workplace data and information about education is obtained by our Company.
3.10.1: Purpose of processing
The purpose of collecting the data is to submit tenders for project partnerships.
3.10.2: Legal basis for processing
The legal basis for the collection of the above information is the execution of a ‘Contract’ (ar. 6 par. 1 GDPR).
3.10.3: Transfer of data
Data are forwarded to the following service providers which are used by our company as processors: the OneDrive for data storage and the Facebook for transferring data, that comply with the data protection rules under the GDPR.
3.10.4: Retention period
Personal data shall be retained in a form which permits the identification of data subjects only for the time required for the processing of personal data, which in the present case is till the end of the cooperation with the competent body. In case of non-acceptance, the Company retains the above data for 6 months after which it deletes the data.
3.11: Personal data collected by anyone who came into contact with the Company (partners, clients, potential clients, employees, prospective employees, suppliers etc.) for marketing purposes (sending newsletters)
Our Company collects and processes identification data (name and surname), workplace data and contact information (phone number, email) by anyone who came into contact. The personal data is obtained by our Company from the data subject or from any other publicly available source.
3.11.1: Purpose of processing
The above data is being collected and processed for marketing purposes (sending newsletters).
3.11.2: Legal basis for processing
The collection and processing of the personal data is legal as the data subject has given consent to the processing of his/her personal data (ar.6 par.1 sub. ed a GDPR). However, no prior consent required if the Company has obtained the contact details of the individual (clients and suppliers) in the course of a sale (or negotiations for a sale) of a product or service to that person (soft opt-in).
3.11.3: Transfer of data
Data are not transmitted to EU countries or third countries. However, data are forwarded to the following service providers which are used by our company as processors: the OneDrive for data storage and the MailChimp for sending newsletter, that comply with the data protection rules under the GDPR.
3.11.4: Retention period
Personal data shall be retained in a form which permits the identification of data subjects only for the time required for the processing of personal data, which in the present case is till the end of the cooperation or until the individual refuse or opt out of the marketing.
4: Rights of data subject
Any natural person whose data is processed by the company enjoys the following rights:
Right to be informed and access: The data subject has the right to be informed and access the data and receive additional information about the processing.
Right to rectification: The data subject has the right to request the correction of inaccurate data or the completion of incomplete data concerning him / her.
Right to erasure (“right to be forgotten”): The data subject has the right to request the deletion of his or her personal data and the controller is obliged to delete it if (a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
-
- b) the data subject withdraws consent on which the processing is based and there is no other legal ground for the processing;
- c) the data subject objects to the processing and there are no overriding legitimate grounds for the processing, d) the personal data have been unlawfully processed; e) the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
- f) the personal data have been collected in relation to the offer of information society services.
Right to restriction of processing: The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies:
-
- the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
- the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
- the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
- the data subject has objected to processing pursuant to Article 21(1) pending the verification whether the legitimate grounds of the controller override those of the data subject.
Right to data portability: The data subject has the right to transfer personal data to another controller without objection by the controller to whom the personal data were provided when: (a) the processing is based on consent or a contract; and (b) the processing is carried out by automated means.
Right to object: The data subject is entitled to oppose at any time the processing of personal data concerning him / her when necessary for the purposes of legitimate interests of our company and for the purposes of direct marketing and profiling.
Right to withdraw consent: The data subject has the right to withdraw consent to the extent that he was taken for the purpose of the processing at any time, without prejudice to the lawfulness of the processing based on consent prior to withdrawal.
Right to submit a complaint to the Hellenic DPA: The data subject has the right to submit a complaint to the Hellenic DPA in the following ways: by email to complaints@dpa.gr, by post to the Authority – Hellenic Data Protection Authority, Kifisias Avenue 1-3, 115 23 – Αthens, by submitting it in person at the Authority (1st floor) or by fax to +30 210 6475628.
5: Cookies Policy
Our website uses cookie technology to manage sessions, provide customized web pages, and customize content to reflect the specific needs and interests of users. Cookies can also be used to compile anonymous, cumulative statistics that allow the site to understand how the public uses the site and help improve its structure and content. The site can not verify the user’s personal identity from this information. The user can modify browser settings to reject some or all cookies. However, it is noted that some features are only available through the use of cookies and if the cookies are rejected, these features may not be available. The COOKIES used on this site can be categorized as follows:
Functional Cookies
These cookies are essential to the proper functioning of the site, allow the user to browse and use its features, such as access to secure sites. These cookies do not lead to identification of the user. Without these cookies, the site cannot function effectively. Functional Cookies allow you to analyze how the site is used to evaluate and improve its performance. They are also used to provide a top-of-the-line experience of using the site, such as memorizing login and communications, or maintaining user preferences.
Advertising Cookies
Advertising Cookies, are used to show ads that are more relevant to the user / visitor of the site. This information can be shared with advertisers or used to better understand the interests of visitors. For example, ad cookies can be used to share data with advertisers, so that ads that visitors see are more relevant to them, to share specific pages on social networks, or to post comments on the Company’s website. Our Company uses the cookies of users who have visited our site without collecting any personalized identifiable information. Our Company also uses google analytics to provide them as a service to visit our site without collecting data that identifies the visitor / user in any way. The content and type of items collected through cookies are defined by their editors. Our Company processes these data as processor without being identifiable by the visitor / user in any way. In addition, our Company does not maintain or store any cookie items. The Company in order to promote personalized advertising, providing functional social media and traffic analysis through cookies get explicit consent from users / visitors of the website. The users/visitors of the site have also the opportunity not to accept these cookies or withdraw their consent.