GDPR Policy

GDPR Policy

Introduction
The purpose of this paper is to present the privacy policy of Critical Path MEPE, taking into account the requirements of the European law "General Data Protection Regulation", known as GDPR.

General Principles
The general principle of Critical Path is that it does not record or use any sensitive personal data such as e.g. political or religious beliefs. With regard to personal data such as email, telephone, financial and professional information, Critical Path records and processes only what is required by law (eg for the issuance of documents) and what is required for its efficient operation (e.g. data of those who participated in training seminars and certification exams).

Corporate Website
This GDPR policy is posted on the company's corporate site. Critical Path does not register the users of its corporate site (www.criticalpath.gr). Anyone who communicates with the company through the corporate website, does so of their own free will, either to register for a seminar or to request information. The communication is done with the corresponding form, on which there is a link in this policy. The personal information required for communication is:
• Name
• Email
• Telephone
The above information is requested to facilitate the communication and information of the interested parties. This information is not automatically used for inclusion in a newsletter unless expressly requested by the communicator. Critical Path uses the services of the online platform Google Analytics, which provide completely anonymous information to users of the corporate website. Data such as which are the most popular websites are recorded, how long users stay on the website, if access is from a computer or mobile, but no personal information is recorded such as name, email etc.

Educational Services
Critical Path records only those personal details that are necessary for the implementation of its services. This information is disclosed to each participant, as it is provided by the participant himself. These data concern:
• Name
• Email
• Telephone
• Financial data (Tax Identification Number, Tax Office, Address) The above information regarding the issuance of documents is kept (eg inside the document block) in accordance with the requirements of the law. The seminar participants sign in the seminar presentations, so that there is a record that they actually participated, and thus they can get the corresponding certificate of attendance or take certification exams.

Newsletters and Newsletters
From time to time, Critical Path may send newsletters and newsletters related exclusively to its business activities. These messages may be addressed to those who have subscribed to our newsletter on their own (eg through some form of communication or interest), but also to other professionals who can benefit from the company's services.
In any case:
• The recipient of any message or newsletter who knows the sender, can contact him for clarification or delete immediately from any further communication
• The contact information used is effectively stored by the company, is not communicated to any other place and is not used for purposes other than professional information about the company's activities.

Data Protection
Personal data that is in physical form (eg presentations, documents) is stored in a safe place inside the company. This space is separate, locked, and only anyone who needs it has access to this space. No entrant has access to the details of the other entrants. Electronic data (eg applications) is stored on a specific computer, which is accessible only to those who require it. Both this computer and each computer is protected by a strong password.

Third Parties
Critical Path uses an external accounting firm, which implements a privacy policy. Also, web hosting, including email hosting is done by an external company, which implements a privacy policy.

Responsible
Responsible for Critical Path's privacy policy is the owner of the company, Yiannis Vithynos.