Personal Data Management Policy
- 1. Preamble
ICERT S.A., in full compliance with the legal framework for the protection of personal data, has adopted this Personal Data Management Policy in order to ensure optimal protection of personal data and to provide practical and substantial information to all those involved in the certification process – such as applicants or certification candidates – regarding both the collection and processing of their data by us, as well as their rights and how these can be exercised.
This document aims to provide clear, transparent, and immediate information concerning the processing of your Personal Data, which we collect and process in the context of fulfilling our obligations towards you. The Company is committed, under applicable legislation, to safeguarding your rights against the unlawful processing of Personal Data and your right to privacy, and to protecting the Personal Data that it maintains and which concern you.
Your personal information helps the Company to better understand your needs and to offer you comprehensive and personalized service. However, we understand that maintaining the security and confidentiality of your Personal Data is a significant responsibility, which we take very seriously. For this reason, among other measures, we have developed this Policy, which aims to inform you about what data we collect, why we collect it, and how we use it.
- Scope of Application
This Policy applies to natural persons who are current or potential clients, authorized representatives, third parties, suppliers, and partners of the Company. By providing your personal information or that of another person, or of a claimant for whom you have provided consent or obtained authorization for the processing of their Data, you agree to our use of it as detailed in this Policy. You should refer the person whose personal data you provide to this Policy.
Additional Processing Notices may be provided at a later stage, emphasizing specific uses of your personal information.
Revisions to this Policy may occur from time to time to align with legislative, operational, or technological developments. You should periodically check the Company’s website for the most recent version of the Policy.
This Policy applies only to data collected and processed by ICERT. The Company is not responsible for data collected by companies or websites that are outside its control or with which it does not cooperate. Furthermore, hyperlinks on our website that lead to other sites fall outside the control of the Company, and we cannot guarantee the protection of your data on those sites, nor are we responsible for any non-compliance on their part.
- Data Controller and Data Protection Officer Details
The Data Controller is the company ICERT S.A., headquartered in Athens, Veranzerou 1, Kanigos Square, Tel: +30 210 3808566.
If you need more information about how we process your Personal Data, you can contact our Data Protection Officer in writing at the same address, or via email at info@icert.gr, indicating in the subject line: “To the attention of the DPO.”
- Collection of Data a. Personal Data
a. Personal Data
In this Policy, your Personal Data is sometimes referred to as “Personal Data,” “Personal Information,” or simply “Data.” For the purposes of this Policy, Personal Data means any information relating to an identified or identifiable natural person, particularly by reference to an identifier such as a name, ID number, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that person.
The term Personal Data includes, among others, certain sensitive data (or special categories of data) such as data concerning a person’s health, or data revealing information about their health status, or their racial or ethnic origin.
Your data is collected either directly from you or through our authorized partners when you fill in the relevant forms. Data is collected either electronically or in person, or through national or European training-certification and other funded programs, via their respective contractors, where you have consented to the transfer of your data to and from the Certification Body. The data collected is limited to what is necessary for the execution of the agreed processing and is not transferred, sold, leased, or otherwise disclosed to unauthorized third parties without your knowledge and consent. Indicatively, we collect personal data such as full name, contact details, occupation, as well as the necessary details for the issuance of a legal payment receipt such as VAT and Tax Office.
b. Processing and Purposes
When we say that your Personal Data is subject to “processing,” this includes any operation performed on the data, such as collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure, dissemination, availability, alignment, restriction, erasure, or destruction.
When collecting Personal Data, we are bound by Regulation (EU) 2016/679 (GDPR), Law 4624/2019, and other relevant legal provisions. We process the data in accordance with the following principles:
- Lawful, fair, and transparent processing.
- Collected for specified, explicit, and legitimate purposes and not further processed in a manner incompatible with those purposes.
- Data collected is adequate, relevant, and limited to what is necessary.
- Data is accurate and updated as necessary.
- Retained only for as long as necessary for the purposes for which it was collected.
- Processed in a manner ensuring appropriate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage using suitable technical and organizational measures.
c. Types of Data Collected
Depending on the service provided, the Company collects and processes Personal Data as follows:
- Contact details (e.g., name, residential address, email, phone number, profession, etc.).
- Third-party contact details named in any contract.
- Personal identification data (e.g., birth date, nationality, ID or passport number).
- Bank information (e.g., IBAN).
- Data relating to your health status.
- Information about your profession.
- Information about the subject of the service provided.
- Information from recorded telephone conversations.
- Image and audio data in the case of recorded examinations (e.g., using BigBlueButton platform, where camera and microphone are recorded for the duration of the exam for transparency and fairness).
- Information collected via cookies on our website. (For details, refer to our Cookies Policy).
d. Use of Personal Data
The Company collects only the information necessary for the participation of candidates in certification exams, for external partners for the processing of their information, and for issuing the legal payment receipt. If you wish and have provided us with your contact details, we will contact you regarding information about the certification scheme you are interested in. If we receive your written consent, the Company may use your contact information to inform you about relevant programs.
You may withdraw your consent at any time by emailing info@icert.gr .
In particular, regarding email messages used for the direct promotion of products and services similar to those already provided by us, our Company’s policy complies with Law 3471/2006, which prevails over the EU General Data Protection Regulation 679/2016 as a more specific regulation. According to Article 11, paragraph 3, it is stipulated that: “Contact details for electronic mail, which have been lawfully obtained in the context of the sale of products or services or another transaction, may be used for the direct promotion of similar products or services by the provider or for serving similar purposes, even if the recipient of the message has not previously given their consent, provided that they are clearly and distinctly given the option to object, in an easy and free manner, to the collection and use of their electronic data, both at the time of data collection and in every message.” Based on this provision, the Company will use your email address or may contact you to promote similar events and programs to the one you participated in, unless you explicitly object, which you may do at any time.
For improving the quality of products and services.
For conducting research and data analysis, including analysis of the Company’s customer base, market research (including customer satisfaction surveys), and assessment of the risks faced by the Company, always in accordance with applicable legislation and the General Data Protection Regulation (including obtaining consent where required).
To personalize your experience and analyze and record your needs regarding the products and digital services you have received from our Company, by presenting information, advertisements, and other promotions tailored to your needs.
To ensure the Company’s compliance with applicable laws and regulatory obligations, European directives and guidelines, court decisions, and other legal processes, and to respond to requests from public and governmental authorities in accordance with the Law and the General Data Protection Regulation.
To enforce and defend the Company’s legal rights, protect its business activities and business partners, and safeguard the rights, privacy, security, or property of the Company, its partners, yourself or other individuals or third parties, to enforce terms and conditions, and to pursue available remedies and damage mitigation measures.
d. Retention Period
The Company retains your Personal Data in its records only for the period required to complete the contract between us, unless legal or regulatory obligations require otherwise. This also applies in cases where our agreement is terminated for any reason.
In compliance with Data Protection Legislation, the Company has established retention periods for your personal data depending on the type of processing involved. The factors considered when determining the retention periods include optimal service provision, our operational needs, legal obligations, and the safeguarding of our legitimate interests.
The Company undertakes not to retain your personal data for longer than is appropriate for the purpose for which it was collected.
For precise information about data retention periods, you may contact the Company’s Data Protection Officer (DPO) in writing at our offices at 1 Veranzerou St., Kanigos Square, Athens, or by telephone at +30 210 3808566, or via email at info@icert.gr, indicating in the subject line: “Attention: DPO”. .
- Data Subject Rights and How to Exercise Them
According to applicable legislation, you may submit a request via email to info@icert.gr to exercise the following rights:
- Right of Access: You have the right to access the data the Company holds about you and to receive a copy of it, provided it is stored in electronic format.
- Right to Rectification: You have the right to access and correct your personal data. At any time during our relationship, you may review and update your Personal Data by submitting the necessary supporting documents, requesting the correction or completion of inaccurate information.
- Right to Erasure (Right to be Forgotten): You have the right to request the deletion of some or all of your personal data. However, please note that the Company is only required to delete data that it is not legally or otherwise obligated to retain.
- Right to Restrict Processing: You have the right to request restriction of processing of your Personal Data, even when the accuracy of the data is contested or when the data is no longer needed but you request its preservation for legal claims.
- Right to Object: You may object at any time to the processing of your Personal Data. Upon exercising this right, processing stops immediately, unless the Company demonstrates a legitimate interest or the data is needed to support legal proceedings.
- Right to Data Portability: You have the right to request the transfer of your personal data to another organization in a structured, commonly used and machine-readable format. Such data will be deleted in accordance with the Company’s procedures.
- Right to Withdraw Consent: You may withdraw your consent to the processing of your personal data at any time without affecting the lawfulness of processing based on consent before its withdrawal. Please note that withdrawal may result in the termination of related services.
- Right to Lodge a Complaint: You have the right to file a complaint regarding the processing of your data with the Hellenic Data Protection Authority (HDPA) or pursue other legal remedies. For more information, visit the official website: http://www.dpa.gr
For exercising any of the above rights or if you require more information, you may contact our DPO in writing at 1 Veranzerou St., Kanigos Square, Athens, or via email at info@icert.gr, stating “Attention: DPO” in the subject line.
- Confidentiality
The Company is committed to maintaining the confidentiality of your data. Only ICERT personnel, the Hellenic Accreditation System (ESYD), which supervises us, and other authorized entities have access to the data.
Staff are bound by confidentiality clauses, and the Company undertakes not to sell, transfer, or otherwise unlawfully disclose your data to unauthorized third parties. We also commit to protecting your data as effectively as possible from physical destruction or digital breaches.
- Transfers
The Company does not transfer data outside the EU. Under certain conditions, and only at your request or in compliance with legal obligations, your data may be transferred to competent authorities or authorized examination centers. In all other cases, data transfers will not occur without your prior notice and consent.
- Security
ICERT takes all necessary technical and organizational measures to ensure the integrity, availability, and confidentiality of your data and to ensure that all processing is conducted according to applicable law and with respect for your rights. In the event of a data breach that may pose a risk to your rights and freedoms, we commit to informing you without undue delay.
- Changes to the Company Policy
Changes in legislation or technological developments may require adjustments on our part. Please ensure that you regularly consult the Company Policy, which may be revised and updated at any time.
The revised Policy will be published on the Company website at https://icert.gr.
You may also request a copy of the latest version of the Policy by contacting the Data Protection Officer in writing at 1 Veranzerou St., Kanigos Square, Athens, or via email at info@icert.gr.
——————————————————–
Cookies
The website https://icert.gr (hereinafter “Website”) uses cookies to collect information that helps improve the user’s online experience.
Here, we refer to these technologies — including cookies, pixels, and gifs — collectively as “cookies.”
This policy applies to all websites operated by iCERT and its group companies. It explains the different types of cookies used and how you can control them. We reserve the right to modify this cookie policy at any time. Therefore, it is advisable to check it regularly for the latest version. Any changes take effect once the updated policy is published on our website.
By consenting to the use of cookies, users can enjoy an enhanced browsing experience on our site.
We hope this policy helps you understand our use of cookies and makes you feel more secure, knowing that we respect your privacy. For any questions, you can contact us at our offices at 1 Veranzerou St., Kanigos Square, Athens, by phone at +30 210 3808566, or by email at info@icert.gr , indicating in the subject line: “Attention: DPO”.
What Are Cookies
When providing services, we aim to make them easy, useful, and reliable. Online services sometimes require access to limited information on your device (e.g., computer or mobile phone). These include small files known as cookies.
Cookies are small text files installed on your computer, tablet, phone, or other device used to browse the internet and our website. They are widely used to make websites function more efficiently. They do this by allowing websites to read and write these files, enabling them to recognize devices and remember important information that improves your web experience, such as: icert
Enabling a service to recognize your device so you don’t have to re-enter information repeatedly.
Remembering login credentials.
Saving search routes and preferences to assist navigation.
Tracking the number of visitors and users (mostly anonymously) to help improve performance and responsiveness.
Analyzing different data (mainly anonymously) to better understand user interests and enhance our services.
Types of Cookies We Use
Below is a list of the types of cookies that may be used on the website:
Essential Cookies: These are critical for navigating the website. Without them, certain services or functionalities cannot be provided, and the site would not function properly.
- Necessary Cookies: Required for the optimal operation of the website.
- Statistical Cookies: Collect anonymous information to improve browsing, and analyze the site’s performance and functionality.
- Additional Cookies: Help improve browsing, performance analysis, and overall website functionality
Controlling Cookies
You have the option to refuse or disable cookies at any time by adjusting the settings in your browser. For more information on how to control cookie installation, please consult your browser provider (e.g., Google Chrome, Apple Safari, Microsoft Edge, Mozilla Firefox, Internet Explorer, Opera, etc.).
We do not process personal data collected via cookies based on implied consent. We only use “implied consent” for non-personally identifiable data, when permitted by law, always respecting your rights.
The website content and the information it provides may be revised and updated depending on changes in legislation, so regular review is recommended.