The general principle of Critical Path is that it does not record or use any sensitive personal data such as political or religious beliefs. In terms of personal data such as email, telephone, financial and professional data, Critical Path records and processes only what is legally required (eg to issue documents) and what is required for its effective operation (e.g. data of those who participated in training seminars and certification exams).
This GDPR policy is posted on the company's corporate website. Critical Path does not record users of its corporate site (www.criticalpath.gr). Anyone who communicates with the company through the corporate website, does so on his own, whether to enroll in a seminar or to request information. The communication is made with the corresponding form on which there is a link to this policy. The personal information required for communication is:
The above information is required to facilitate communication and information for stakeholders. These items are not automatically used to enter a newsletter unless they explicitly request communications. Critical Path uses the services of the online Google Analytics platform, which provide fully anonymous information for users of the corporate website. Data such as what are the most popular websites, how long users stay on the site, whether accessed by computer or mobile, but no personal data such as, for example, name, email, etc.
Critical Path records only those personal data that are necessary for the implementation of its services. These data are communicated to each participant, provided they are provided by the participant itself. These elements concern:
The above data concerning the issue of financial documents are kept (eg in the block of invoices) according to the requirements of the law. Participants in the seminars sign in the seminar attendance logs so that they have a record that they actually participated, so they can get the corresponding tracking certificate or pass certification exams.
Personal data in physical form (eg, presentations, documents) are kept in a safe place within the company. This space is separate, locked, and only accessible to anyone. No participant has access to the information of other participants. Electronic data (e.g., participation requests) are stored on a specific computer, only accessible to those required. Both this computer and every computer is protected by a strong password.