Privacy Policy — Politistiko Ergastiri
Effective date: 01/01/2026
1. Controller
Politistiko Ergastiri (website: politistiko-ergastiri.org) is the data controller responsible for personal data processed in connection with our learning programs, events, communications and website. Contact: info@politistiko-ergastiri.org (or use the contact form on the website).
2. Scope and purpose
This policy explains how and why we collect, use, store and share personal data of participants, learners, parents/guardians, supporters, volunteers, job applicants, newsletter subscribers and website visitors, in accordance with the EU General Data Protection Regulation (GDPR).
We process personal data to:
– administer enrolment, attendance and participation in courses, workshops and events;
– provide learning materials, certificates and assessment results;
– manage payments, invoicing and financial records;
– communicate about programmes, schedules, updates, marketing (where lawful) and support requests;
– recruit and manage staff, freelancers and volunteers;
– maintain website functionality, security and analytics;
– comply with legal, safeguarding and funding obligations.
3. Lawful bases for processing
We rely on one or more of the following lawful bases:
– Contract performance: to fulfil enrolment, course delivery, payment and related obligations.
– Legal obligation: to meet statutory, accounting or safeguarding duties.
– Legitimate interests: for internal administration, direct (non-invasive) communications, fraud prevention and security (balancing our interests against individuals’ rights).
– Consent: for optional communications (e.g., marketing, newsletters) and where special categories of data (see section 5) or certain processing require explicit consent.
– Vital interests: limitedly where needed to protect someone’s life.
4. Categories of personal data collected
Depending on the service and relationship, we may collect:
– Identity: name, date of birth, ID/passport number (where required).
– Contact: email, postal address, phone/mobile number, emergency contact.
– Transactional: bank details, payment card data (processed via third-party payment providers), billing address, invoices.
– Education and programme data: enrolment forms, attendance, progress, assessments, qualifications, special learning needs.
– Communications: correspondence, support requests, feedback.
– Recruitment: CVs, references, interview notes.
– Website and technical: IP address, device and browser data, cookies, usage logs.
– Images/audio: photographs, video or audio recordings from classes or events (used for administration, evaluation or publicity where permitted).
– Safeguarding/health: medical/allergy information, disability data and other special category data where necessary for care and safety (processed only where lawful).
5. Special category data
We only collect and process special categories of personal data (health, racial/ethnic origin, religious beliefs, criminal convictions where relevant) when strictly necessary for participant safety, safeguarding, legal obligations or with explicit consent. Such processing will be limited, documented and secured.
6. How we collect data
– Directly from individuals via application/enrolment forms, emails, phone, registration, events and job applications.
– From parents/guardians, referees, educational institutions, funders or employers where relevant.
– Automatically via cookies and analytics on our website.
– From publicly available sources or third-party service providers (e.g., payment processors, background check providers) when necessary.
7. Cookies and website analytics
We use cookies and similar tracking technologies to provide, secure and improve the website, and to analyze usage. You can manage cookie preferences through your browser or our cookie banner. We use third-party analytics (e.g., Google Analytics) — these providers may process data outside the EEA under their terms; see section 11.
8. Recipients and sharing
We may share personal data with:
– Service providers acting as processors (payment processors, email platforms, CRM systems, cloud hosting, IT support, professional advisers).
– Third parties for background checks or safeguarding checks where required by law or policy.
– Funders and partners for reporting or project administration (only necessary data).
– Legal, regulatory or law enforcement authorities if required by law or to protect rights, property or safety.
We require contractual safeguards for processors and will not sell personal data.
9. International transfers
Where data is transferred outside the European Economic Area (EEA), we will ensure appropriate safeguards (e.g., adequacy decisions, standard contractual clauses) are in place to protect your data in accordance with GDPR.
10. Data retention
We retain personal data only as long as necessary for the purpose collected, to meet contractual, legal, tax or safeguarding obligations, or to defend legal claims. Typical retention periods:
– Administrative and participant records: duration of relationship + up to 6 years for accounting and potential claims (longer where local law requires).
– Recruitment records: up to 12 months after the process unless retained for a future role with consent.
– Marketing data: until consent is withdrawn.
– Safeguarding records: retained in line with applicable safeguarding guidance and legal requirements.
Exact retention periods vary by category; contact us if you need specifics.
11. Security
We implement appropriate technical and organisational measures to protect personal data against unauthorized access, loss, alteration or disclosure (encryption where appropriate, access controls, staff training). However, no online transmission is 100% secure; report any suspected breach to info@politistiko-ergastiri.org immediately.
12. Your rights
Under the GDPR you have the right to:
– Access: request a copy of your personal data.
– Rectification: request correction of inaccurate or incomplete data.
– Erasure: request deletion in certain circumstances (right to be forgotten).
– Restriction: request restriction of processing in certain circumstances.
– Portability: receive your data in a structured, commonly used, machine-readable format where applicable.
– Object: object to processing based on legitimate interests or direct marketing.
– Withdraw consent: where processing is based on consent, withdraw it at any time without affecting processing before withdrawal.
To exercise rights, contact info@politistiko-ergastiri.org. We may request ID to verify requests and will respond within one month (may extend to two months for complex requests). If you remain dissatisfied you have the right to lodge a complaint with your national supervisory authority (in Greece: Hellenic Data Protection Authority — www.dpa.gr).
13. Children and parental responsibility
For minors we require parental/guardian consent where legally required. We handle children’s personal data with additional protections; where applicable we will seek consent from a parent/guardian and limit publicity uses of images or recordings unless explicit permission is given.
14. Marketing communications
We send newsletters and marketing only with consent or where we have a lawful basis. You can opt out or change preferences at any time via an unsubscribe link or by contacting info@politistiko-ergastiri.org.
15. Changes to this policy
We may update this policy periodically. Material changes will be posted on politistiko-ergastiri.org with an updated effective date.
16. Contact and complaints
For questions, data subject requests or to report concerns, contact:
Politistiko Ergastiri
Email: info@politistiko-ergastiri.org
Website contact form: politistiko-ergastiri.org/contact
17. Record of processing
We maintain records of processing activities as required by GDPR Article 30 and make them available to supervisory authorities on request