Effective Date: 13.04.2021
Thanks for using “The Greek Online School” services or visiting our website. When we talk about “Greek Online School “, “Greek LOL” ,”we,” “our,” or “us” in this policy, we are referring to “Greek Online School “, the company which provides the Services. When we talk about the “Services” in this policy, we are referring to our platform.
At “Greek Online School” we pay special attention to security and respect the privacy and confidentiality of the users’ personal data.
That is why we have invested time and resources to fully comply with the applicable “The Data Protection Act 2018” (DPA 2018) and the European Union’s General Data Protection Regulation 679/2016 (GDPR).
Due to the Brexit, the Brexit transition period ended on 31 December 2020. As part of the new trade deal, the EU has agreed to delay transfer restrictions for at least four months, which can be extended to six months (known as the bridge). On 19 February 2021 the European Commission published its draft decisions on the UK’s adequacy under the EU’s General Data Protection Regulation (EU GDPR) and Law Enforcement Directive(LED). In both cases, the European Commission has found the UK to be adequate. As part of the new trade deal, the EU agreed to delay transfer restrictions until 30 June 2021 (known as the bridge). This enables personal data to flow freely from the European Economic Area (EEA) to the UK until either adequacy decisions are adopted, or the bridge ends. The Data Protection Act 2018 (DPA 2018) continues to apply. The provisions of the EU GDPR were incorporated directly into UK law at the end of the transition period.
The European Commission’ s decision on the adequacy of the protection provided by Privacy Shield will continue to apply to transfers of personal data from the UK to Privacy Shield participants. In addition, the United States will consider a Privacy Shield participant’s commitments to comply with the Framework to include personal data received from the UK in reliance on Privacy Shield with no additional action on the part of a participant required.
The European Commission decides, for the purposes of data protection legislation, whether or not states outside the European Economic Area have “adequate” safeguards for personal data. We can lawfully make necessary transfers of your personal data to overseas locations in some circumstances, for example if we have your explicit consent. Where we transfer your personal data outside of the European Economic Area without first obtaining your consent it will ensure that it has adequate safeguards.
By using our website or providing any personal information to us, where applicable law permits, you acknowledge and accept the transfer, processing, and storage of such information outside of your country of residence. We safeguard and enable the global transfer of personal information in a number of ways in accordance with laws.
Protection of Privacy
We recognize the privacy interests of children and encourage parents and guardians to take an active role in their children’s online activities and interests. Individuals younger than 18 years of age, but of the required age for consent to use online services where they live (for example, 13 in the US or 16 in Ireland), may not set up an account, but may have a parent or guardian open an account and help them access appropriate content. Individuals younger than the required age for consent to use online services may not use the Services. If we learn that we have collected personal data from a child under those ages, we will take reasonable steps to delete it.
Parents who believe that we may have collected personal data from a child under those ages can submit a request that it be removed to email@example.com .
The Personal Data Controller is the Private Limited Company under the name “The Greek Online School”, based in London, Office 212b, Building 3 North London Business, Oakleigh Road South, N11 1GN, Company Number: 09198170, email: firstname.lastname@example.org , and is a Greek online language school.
The term “personal data” means any information related to an identified or identifiable natural person. The identifiable natural person is a person whose identity can be identified directly or indirectly, in particular by reference to an identifier such as name, address, location data, or an online identity identifier such as an Internet Protocol (IP) address.
Personal information does not include any information that, by itself, cannot recognize you as a particular person or entity (e.g., anonymized information) or data collected for statistical purposes.
The personal data you may enter anywhere on our platform are subject to processing and are stored in a file under the responsibility of the controller mentioned above, only for reasons relating to:
a. the development, execution, implementation and dissemination of the “Greek LOL” platform,
b. your account management and processing of your requests, or the fulfillment of obligations arising out of any agreements entered into between you and us,
c. the provision, with your consent, of information regarding the “Greek LOL” platform. Such a provision of information includes email messages, and
d. in general, the improvement of the services we provide. Your personal data are not allowed to be used by any third party, except as provided by the law and this Policy.
e. the protection of our legitimate interests
f. the compliance with applicable law (e.g. tax law).
We collect and process information that is considered purely personal data, as well as other information that is not considered as such. Information that cannot identify you as a specific person can be used without restrictions.
Our platform does not collect or process sensitive personal data, namely, data related to a user’s health, sex life, sexual orientation, genetic or biometric data, or data revealing one’s racial or ethnic origin, political opinions, religious or philosophical beliefs or membership in a trade union.
When book a free trial lesson, we collect the information you provide us, including your first name, your last name, a valid email address (username), age, type of lesson, course you need and your level. After completing our form, you will receive an invitation email describing our services and how to access on our services and our virtual classroom.
If you choose to sign up our services, we will you send you an email with all important information, instructions and means of payment.
When you send us emails or other communications, we maintain those communications and their contents so that we can resolve your inquiries or otherwise assist you.
If you wish so, we may use the personal data you provide when signing up and using our platform to inform you by email about services that may be of interest, promotional communications, newsletters and other announcements.
If not required by law, we will not obtain your consent before collecting your personal data from third parties. Instead, it will be deemed that you have previously given such consent to any third party from whom our platform receives such information.
When you use our Services, we process, store and transmit your User Content and information related to your User Content. We process and store such files and information in order to provide our Services, as described in our Terms of Service.
Your devices (depending on your settings) may transmit location information to our third-party service providers. We only process and store information related to your country.
Third Party Account Information
If you use Third Party Services, such as social media or photo-sharing services, you may provide us with your Third Party Services account information, such as your username (note that we don’t store any passwords you use to access Third Party Services). We transmit, and may store, such account information, only as needed to provide our Services, and only in accordance with the terms and policies of the Third Party Services.
Administrative access to The Greek Online website
Please be aware that The Greek Online School team members are also authorized in specific situations to access the administrative section of you’re the Greek Online School website when fulfilling customer service requests and tracking errors. This necessarily grants them the possibility to view all parts of your The Greek Online School website, including all password-protected areas. All members of our team are regularly trained in privacy and data protection sensibility and confidentiality.
We take appropriate security measures to prevent unauthorized access, disclosure, modification, or unauthorized destruction of the Data. The Data processing is carried out using computers and/or IT enabled tools, following organizational procedures and modes strictly related to the purposes indicated. In some cases, the Data may be accessible to certain types of persons in charge, involved with the operation of this Application (administration, sales, marketing, legal, system administration) or external parties (such as third-party technical service providers, mail carriers, hosting providers, IT companies, communications agencies, accountants) appointed, if necessary, as Data Processors by us. The updated list of these parties may be requested from us at any time.
We may provide personal data to other persons in cases where:
a. you have provided your explicit consent by clicking on the checkbox “I accept” or by filling a specific consent form,
b. this is required by law, court order or at the request of any other competent governmental, judicial, police, administrative or regulatory authority, upon legal request and in accordance with the relevant laws,
c. this is necessary to protect our rights,
d. the platform is used in a manner that violates the Terms of Service or for purposes other than those for which it was intended specifically or
Third party services
Our lessons are hosted via online video platforms such as Cisco Webex or Zoom or Skype. When accessing these platforms, students and/or parents will need to share some basic personal information in order to use the platform (i.e. name and agreed email address). It is very important that your personal information is kept safe and there are measures in place to ensure this happens.
You can find details on the information required by individual video platforms and their security measures by viewing their privacy notices. Examples of the video platforms used are as below:
Cisco Webex: https://www.cisco.com/c/en/us/about/legal/privacy-full.html
If you/ your child chooses to take part in online lessons, aspects of your/your child’s personal data (i.e. name and email address) will be shared with third parties such as the above video platforms, which is required in order for these systems to be accessed. These systems relate to our public task to provide pupils with an education. However, if you would prefer for your child not to access these systems, please let the teacher know and an alternative will be arranged.
Third Parties You Authorize: You can give third parties access to your and your End Users’ information on the Services. The third party’s use of this information will be governed by the terms and privacy policies of the third party.
The personal information we process will be only used for the defined, explicit, and legitimate purposes explained to you and will not be further processed in a manner incompatible with those purposes. Moreover, we limit the collection to only those information that is appropriate, relevant and necessary for the purposes explained to you.
Period of maintenance
We keep personal data and other information until the termination of the user’s account or as long as it is necessary to answer any questions and solve problems arising from your relation therewith, with the exception of payment data. Due to tax regulations we are obliged to save billing information for a period of ten (10) years.
When we no longer require your personal information, we will destroy, delete or anonymize the information without prior notice to you.
We can delete information and content of your account without sending notice to you. The same holds true, when your account is terminated.
End User Information
End user payment information. Your end users’ payment information may be processed via third party e-commerce payment processors which you integrate into your account, in accordance with such e-commerce payment processors’ terms and policies. We transmit your end users’ complete payment information when they initially provide, only so that we can pass it along to the e-commerce payment processors you agree to use. We don’t collect or store your end users’ payment information.
We will acquire the following personally identifiable information from you: credit card number, credit card expiration date, cardholder name and security code (CVV/CVV2/CVC2) or your PayPal. This information is used to verify credit card authenticity, and process payments as per your applicable service agreement. If we are unable to process your subscription for a given month, this information, along with your account information, may be used to contact you.
Our platform addresses the issue of protecting your anonymity and personal information very seriously. We protect your personal data and, in general, the information we receive about you, and we guarantee their confidentiality, integrity and availability using appropriate security measures, according to the most up-to-date and advanced technological methods. These measures include technical and procedural steps to protect your data from misuse, unauthorized access or disclosure, loss, alteration or destruction.
To prevent unauthorized access and transmissions, promote data security, and encourage appropriate use of information, we and our service providers use a variety of tools (encryption technologies, passwords, physical and electronic security, procedural safeguards) to assist in the protection of your information. However, “perfect security” does not exist on the internet or through data transmissions, so we make no guarantees. Third parties may unlawfully intercept or access transmissions or private communications and you should not expect that your personal information will remain private.
For the HTTPS encryption of our website and your website we use the service (ESET). Via the integration of encryption certificates we can provide a so-called transport encryption that protects the communication to our site from unwarranted access of unauthorized third parties.
Our platform supports security protocols (SSLs) and encryption mechanisms (HTTPS protocol) that allow secure data transmission to the network. It also uses mechanisms for access control, SQL injection, Cross-site scripting (XSS) vulnerabilities, and session hijacking security mechanisms to effectively protect data and minimize risks. We employ security measures such as using firewalls to protect against intruders, building redundancies throughout our network (so that if one server goes down, another can cover for it) and testing for and protecting against network vulnerabilities.
Subscribers can unsubscribe from the newsletter at any time, following the unsubscribe link that appears at the bottom of each newsletter. Subscribers can also send an email to email@example.com requesting they be deleted from the newsletter subscription list.
We can receive personal information about you from various sources or by different methods. The way of consent may vary depending on each source or method.
You can revoke your consent at any time by sending an email to firstname.lastname@example.org , without prejudice to the legitimacy of the consent-based processing prior to its revocation. Your data is then deleted, or provided that it is necessary for billing and accounting purposes, blocked accordingly.
Access to Personal Data
To modify the personal information you have provided to us, simply log into the Services and update your profile. We may retain certain information as required by law or for necessary business purposes.
You are entitled to receive from us a confirmation of whether or not your personal data is being processed and, if so, you have the right to access your personal data, as well as
a. the purposes of the processing;
b. the relevant categories of personal data, recipients or any types of recipients to whom personal data have been or will be disclosed;
c. where possible, the period during which personal data will be stored;
d. the existence of a right to request us to correct or delete personal data or to restrict the processing of personal data or the right to object to such processing;
e. the right to submit complaint to a supervisory authority;
f. when personal data are not collected by you, any available information about their origin;
g. the existence of automated decision-making, including profile making and important information about the philosophy followed, as well as the importance and predicted consequences of such processing for you.
You can ask us to provide to you with a copy of your processed personal data. For additional copies that may be required, a fee of £1000 is required.
Any request for access to information should be addressed to the person in charge of processing your personal data at email@example.com .
We will respond within one (1) month.
We are committed to ensure that your personal data is kept confidential and to ensure that you exercise your rights of access, correction, deletion, restriction, portability and objection by sending an email to firstname.lastname@example.org . If necessary, we will ask you to provide us with a photocopy of your identity card, passport or other valid documentary evidence.
The right of access: you have the right to access the data and information we hold about you.
The right of correction
The user is entitled to require us without undue delay to correct inaccurate personal data. Having regard to the purposes of the processing, the user is entitled to require the completion of incomplete personal data, including among others through a supplementary statement.
The right of deletion
The user is entitled to ask us to delete personal data if:
a. the personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed,
b. the user has revoked the consent on which the processing is based and there is no other legal basis for the processing,
c. the user objects to the processing and there are no compelling legitimate grounds for the processing,
d. the personal data have been processed illegally,
e. data must be deleted so that the controller’s legal obligation is respected; and
f. personal data has been collected in connection with the provision of services in the information society. Requests for deletion of personal data are processed within one (1) month. In the event that personal data is disclosed, we, taking into account the available technology and implementation costs, shall take reasonable steps, including technical measures, to inform third parties processing such data that the platform’s user has requested the deletion of any links to such data or copies or replications of personal data. Please note that there may be latency in deleting your personal information from our servers and backup storage, and we may retain your personal information in order to comply with the law, protect our rights, resolve disputes or enforce our agreements.
The right to restriction of processing
The user is entitled to obtain from us restriction of processing where one of the following applies: (a) the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data; (b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead; (c) the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defense of legal claims; (d) the data subject has objected to processing pursuant to Article 21(1) GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject. Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with the data subject’s consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. A data subject who has obtained restriction of processing shall be informed by the controller before the restriction of processing is lifted.
The right to data portability
The user is entitled to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and has the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where: (a) the processing is based on consent pursuant to point (a) of Article 6(1) GDPR or point (a) of Article 9(2) GDPR or on a contract pursuant to point (b) of Article 6(1) GDPR; and (b) the processing is carried out by automated means.
The right to object
The user is entitled to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims.
You have the right to lodge a complaint with a supervisory authority, in particular in the member state of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the General Data Protection Regulation (EU) 2016/679 (GDPR).
Disclaimer on Third-Party Websites
Links to third-party websites
When you visit our site, you may be forwarded to third-party internet pages which are not under our control. These links are set up to make it easier for you to use the internet. Please be aware that we are not responsible for the privacy practices or content of such other sites and expressly disclaim any liability for any loss or damage that may be caused by the use of such links. We encourage you to be aware when you leave our site and to read the privacy statements of each and every website that collects personally identifiable information.
Social media platforms and widgets
We also maintain presences on social media platforms including Facebook, Twitter, Pinterest, and Instagram. Any information, communications, or materials you submit to us via a social media platform is done at your own risk without any expectation of privacy. We cannot control the actions of other users of these platforms or the actions of the platforms themselves. Your interactions with those features and platforms are governed by the privacy policies of the companies that provide them.
We encourage you to be aware when you leave our site and to read the privacy statements of each and every website that collects personal data.
The user of our platform guarantees that the provided information is correct and accurate and is committed to disclose any changes or modifications thereof. The user is the sole responsible for any loss or damage caused to our platform or to any third-party responsible for the platform as a result of incorrect, inaccurate or incomplete information in the login fields.
We may periodically email you to inform you about changes in our Services, our Services offerings (discounts), and important service-related announcements such as security and fraud notices. We’ll also send you emails related to your transactions. These communications are considered part of the Services and you may not opt-out of them.
We may also send you at regular intervals marketing or promotional communications. Such messages are sent only if you subscribe to them and for as long as you wish. You can opt out of receiving subsequent marketing or promotional communications by clicking the link marked unsubscribe (or a similar phrasing) that’s included in those communications.
We will notify you of such changes by posting the revised policies on its homepage and
We respect and esteem the users of our platform and their privacy. Therefore, we want to hear from you, if you have any questions, comments or complaints about our privacy practices, or if you want to update, delete, or change any personal information we hold. You can email us at email@example.com . For further information regarding data protection visit the ICO