Personal Data Protection
EUROGNOSI Filothei – Nea Ionia · General Regulation 2016/679 (GDPR)
LEGAL POLICY · GDPR
DATA CONTROLLER
📍 Filothei | 210 27 24 183 | gdprfilothei@eurognosi.info
📍 Nea Ionia | 211 18 29 694 | gdprneaionia@eurognosi.info
CONTENTS
The EUROGNOSI Group, with the aim of ensuring the privacy of your personal data, has drawn up this Data Protection Policy. By reading it, you will receive all the necessary information about:
This policy also covers our digital infrastructure: PC booking system, remote access, online classroom, Daily.co platform and any future related digital services.
We are committed to complying with the General Data Protection Regulation 679/2016 (GDPR) and national legislation.
→ Who we are
→ The data we collect
→ How we process your data
→ The purpose of any processing
→ Data retention time
→ Data recipients
→ When do we ask for consent?
→ Your rights
WHO WE ARE
Eurognosi Group is active in the provision of foreign language and IT education services through a franchising system. The franchisor provides franchisees with know-how and support in information systems. With regard to the processing of personal data, the franchisor and franchisees act as joint Data Controllers.
This policy applies to the EUROGNOSI tutoring centers of Filothei & Nea Ionia. For contact information, visit: eurognosi-fni.com/contact
1️
What Personal Data Do We Collect?
We collect the following data by category:
-
Students: name, date of birth, address, telephone number, email, school class/profession, ID number for certification exams, any learning difficulties, cognitive level.
-
Parents (of minor students): name, address, telephone number, email, profession.
-
Employees: name, surname, middle name, ID, VAT number, tax ID, AMIKA, AMKA, address, telephone number, email, ethnic origin, account number, educational level, marital status.
-
Suppliers: name, VAT number, tax office, address, telephone number, email.
-
Digital services: PC booking details, confirmation email, technical device details (IP, browser) exclusively for system security, online class login details, temporary encrypted Daily.co tokens.
We do not collect or store:
-
Content of conversations or chat within the platform
-
Audio or video of the teaching
-
User screen content
-
Data beyond what is absolutely necessary for the operation of the service
2️
How We Process Your Data
Processing includes collection, recording, organization, storage, retrieval, use and deletion — as defined in GDPR 2016/679.
For digital services specifically, processing includes: organizing PC reservations by center/hour/day, creating temporary remote access credentials, creating encrypted Daily.co tokens, and maintaining technical logs for system security.
3️
Purposes of Processing
The lawful basis for processing is the legitimate interest of the tutoring schools and the performance of a contract for the provision of educational services. The purposes include:
Registration, monitoring and assessment of student progress
Management of attendance and financial cooperation
Participation in certification exams
Communication with parents and guardians
Management of reservations for physical or remote PC teachers
Providing secure access to online educational platforms
System security protection from unauthorized use
We also apply the principles of minimization (only the necessary data) and data accuracy (timely updating).
4️
Data Retention Time
5️
Κατηγορία Δεδομένων | Διάρκεια Διατήρησης |
|---|---|
Physical file of registration requests | It is destroyed at the end of the school year. |
Foreign language degrees | Up to 2 years after exams, then disaster |
Progress checks | Until the start of the new school year |
Learning disability documents | Immediately after examination (unless explicit consent) |
Student records | Until the end of next school year |
Computer Reservations (digital) | Up to 12 months, then deletion/anonymization |
Remote access details | They are deleted immediately after the session. |
Daily.co Tokens | Limited power, not stored |
Technical logs (IP, browser) | Up to 90 days (or longer in a security incident) |
Tax/insurance information | According to tax/insurance legislation |
Integrity & Confidentiality
We implement technical and organizational measures for data security, including:
Authorized access and access monitoring
Encryption in transit and storage
Use of firewalls and security services (Cloudflare)
Restrict access to authorized personnel only
Regular assessment of information systems security
Proper destruction of data after the retention period ends
6️
When We Ask for Your Consent
For purposes other than the performance of a contract or legal obligation, we request explicit consent for:
Sending informative emails/SMS about our services
Taking photos/videos at events and posting them on the website or social media
Posting a name on a list of successful candidates
Video recording during the training process
Creating an account on an online educational platform
Installation of a special application (WebView app) for online classrooms
Using remote access to teachers' computers from home
You can withdraw your consent at any time by contacting us. Revocation does not affect the lawfulness of previous processing.
7️
Recipients of Personal Data
Your data is registered in the information system of the licensor Eurognosis. It is also communicated to foreign language and IT certification bodies exclusively for the execution of a contract. For digital services, it may be transmitted to:
Daily.co — exclusively for creating and running online classrooms
Wix.com Ltd. — as a website and form hosting provider
Cloudflare, Inc. — for website security and CDN
All collaborating providers are contractually committed to data protection and GDPR compliance.
8️
Your Rights
To exercise your rights, please send an email to filothei@eurognosi.info & neaionia@eurognosi.info
We respond within 1 month, free of charge.
9️
ARTICLE 15
Access to your data to confirm categories, purpose, recipients and storage time.
Access Right
ARTICLE 16
Correct or update inaccurate personal data at any time.
Right to Rectification
ARTICLE 17
Deletion of data if it is no longer necessary and there is no other legal basis for processing.
Right to Deletion
ARTICLE 18
Restriction of processing — data will only be processed with your consent.
Feedback
ARTICLE 20
Transfer of data in a readable format to another Data Controller.
Right to Portability
ARTICLE 21
Objection to processing if it is based on legitimate or public interest.
Right to Object
RECALL
Withdrawal of consent at any time without retroactive effect.
Consent Withdrawal
SUPERVISION
Complaint to the Data Protection Authority (dpa.gr) if your request is not met.
Right to Complain
Automated Decision Making
Eurognosis tutoring centers do not adopt automated decision-making methods that produce legal results or significantly affect students (e.g. automated evaluation or profiling).
The automated procedures we implement are limited to technical security measures (access control, anti-abuse, rate limiting) that do not affect the educational process or your rights.
1️0️
Automated Decision Making
-
It operates in accordance with applicable legislation and the guidelines of the HACC.
-
No sound is recorded.
-
There are information signs before entering the surveillance areas.
-
Only authorized employees and the General Manager have access to the screens.
-
The material is kept for 15 days and then destroyed.
-
In the event of an incident, the material is transmitted to the competent authorities.
1️1️
Tutoring centers may have CCTV installed exclusively in common areas, storage areas, and perimeter areas — not in classrooms or staff work areas.
📹
General Commitments
All employees and external collaborators are bound by an obligation of confidentiality regarding the personal data they become aware of during the performance of their duties.
We reserve the right to update this policy in the event of a change in processing or any significant change. Any update will be posted on the website and communicated to you by any means possible.
1️2️
CONTACT US ABOUT PERSONAL DATA ISSUES
If we do not respond to your questions, you can contact the Independent Authority for the Protection of Personal Data : Kifisias 1–3, PC 11523 · 210 6475600 · dpa.gr