Privacy Policy

Last Updated: 05 February 2026

Version: 1.0

GDPR: This Policy complies with the GDPR (EU 2016/679), Greek Law 4624/2019, and the relevant ePrivacy rules on cookies/trackers.

Critical Path Consulting & Training (“Critical Path”, “we”) operates the website criticalpath.gr (“Website”), through which we provide information about training/seminars and receive expressions of interest and/or registration requests.

The Website does not require an account and does not perform internal visitor logging (e.g., custom visitor logs/profiles). However, third-party services (e.g., Google Analytics / Google Ads) may be used according to the consent choices you provide via the cookie banner.

Table of Contents

1. Data Controller
2. Data We Collect
3. Legal Basis for Processing
4. How We Use Your Data
5. Sharing / Processors
6. Data Retention
7. Your GDPR Rights
8. Cookies & Settings
9. International Transfers
10. Children’s Privacy
11. Policy Changes
12. Supervisory Authority & Contact

1. Data Controller

Critical Path Consulting & Training

VAT: EL998957931 · Tax Office: KEFODE Attikis
Address: 108 Kifisias Ave., 115 26 Athens, Greece
Phone: +30 210 654 1727
Email (Privacy/GDPR): privacy@criticalpath.gr
Email (General): info@criticalpath.gr

2. Data We Collect

2.1 Contact & Request Data

Full name (optional, where requested)
Email
Phone (optional)
Message / information request
Interest in a specific seminar, dates, delivery method (e.g., in-person/online)

2.2 Seminar Registration Data

When you request registration or a seat reservation, we may collect additional information necessary for organizing the training and (if applicable) invoicing, such as company/invoicing details, position/role, and participant details.

2.3 Cookies & Tracking Technologies

We use a cookie consent system that allows you to accept/reject cookie categories.
Google Analytics and Google Ads services are enabled according to the consent you provide.

Analytics/advertising providers may process technical data such as IP addresses or device identifiers, in accordance with the consent you provide and their own policies.

3. Legal Basis for Processing (Article 6 GDPR)

Legal Basis	Purpose
Consent (6(1)(a))	Non-essential cookies, analytics/ads, promotional communications where explicit opt-in is requested.
Performance of a contract (6(1)(b))	Managing seminar registration/participation and communication required for the provision of the training service.
Legitimate interests (6(1)(f))	Website security, basic operational handling of requests, prevention of abuse/fraud.
Legal obligation (6(1)(c))	Tax/accounting obligations where a transaction occurs.

4. How We Use Your Data

Responding to requests: communication about information, availability, pricing, schedule.
Managing participation: seat reservation, instructions, updates, program changes.
Website improvement: statistical analysis of usage (only according to cookie consent).
Marketing/Advertising: displaying/measuring Google Ads campaigns (only with consent).
Security: protection against malicious use, spam, and technical diagnostics.

We do not carry out automated decision-making or profiling that produces legal or similarly significant effects concerning you.

5. Sharing & Processors

We do not sell your personal data.

We may share data only with:

Hosting provider for operating the Website.
Google (Analytics/Ads) according to your consent for cookies/trackers.
Email provider for sending replies/operational communications.
Authorities/legal requirements when required by law.

6. Data Retention

Contact requests: retained for a reasonable period to complete communication and any follow-up.
Seminar registrations: retained to manage participation and (if there is a transaction) for tax purposes.
Tax/accounting records: retained as required by applicable obligations.
Cookies: according to the settings and duration described in the consent system and/or providers.

7. Your Rights under the GDPR

You have the right to access, rectify, erase, restrict, data portability, object, and withdraw consent.

How to exercise: email privacy@criticalpath.gr with the subject “GDPR Request”.

Response time: within 30 days (or within the deadlines provided by the GDPR).

8. Cookies & Settings

The Website uses a cookie consent system that allows you to manage categories (e.g., necessary, analytics, marketing).

Necessary: required for basic functionality (always active).
Analytics: Google Analytics (only with consent).
Marketing: Google Ads / measurement (only with consent).

You can change your choices at any time via the “Cookie settings” link in the footer.

9. International Transfers

Some providers (e.g., Google) may process data outside the EU/EEA. Where required, appropriate safeguards are used (e.g., Standard Contractual Clauses).

10. Children’s Privacy

The Website and our services are primarily intended for adults/professionals. We do not knowingly seek to collect personal data from individuals under 16. If you believe this has occurred, contact privacy@criticalpath.gr.

11. Policy Changes

We may update this Policy to reflect changes in services, technologies, or legal requirements. We will update the “Last Updated” date and, where required, provide additional notice.

12. Supervisory Authority & Contact

Hellenic Data Protection Authority (HDPA)

1-3 Kifisias Ave., 115 23 Athens, Greece

Email: contact@dpa.gr

Before contacting the HDPA, we would appreciate the opportunity to help: privacy@criticalpath.gr.

Last Updated: 05 February 2026 | Version: 1.0