Privacy policy

Overview

Www.taxiway.gr website and booking engine is under the ownership and operation of Synetarismos taxi Thessalonikis ‘Taxiway’ Syn.P.E based in Sykies Omieou Street 12 Thessaloniki vat 999 545 079 Tax number E and nymber GEMI 124 097 704 000/ 07.10.2013 , company owner and manager of  www.taxiway.gr.

“Taxiway” is committed to protecting your privacy.

The General Data Protection Regulation (GDPR) is a new EU legal framework for data protection. The GDPR will apply to all member states from the 25th May 2018. The GDPR introduces some new obligations for organisations that collect, use, share and store personal data.

This Policy explains when and why we collect personal information, how we use it, the conditions under which we may disclose it to others, and how we keep it secure.

We may change this Policy from time-to-time so please check this page occasionally to ensure that you are happy with any changes. By using our website, you are agreeing to be bound by this Policy.

Any questions regarding this Policy and our privacy practices should be sent by email to: [email protected] or by writing to: Synetarismos taxi Thessalonikis ‘Taxiway’ Syn.P.E based in Sykies Omieou Street 12 Thessaloniki

Lawful Basis for Processing

Under EU data protection law, there must be a lawful basis for all processing of personal data (unless an exemption or derogation applies):

Legitimate interests

Consent

Legal

Contractual necessity

Compliance with legal obligations

What Personal Data Do We Collect?

We collect information about you when you register with us for services. We also collect information when you voluntarily complete customer surveys, provide feedback and participate in competitions. Website usage information is collected using cookies.

We may collect information from you, such as:

Name

Address

Telephone number

Email address

Nationality

Work experience

Professional registration number (if relevant)

Feedback and testimonials of our courses

Photographs at events

IP address

Ethnicity (if relevant)

Special needs (if relevant)

How Will We Use the Information?

We collect information about you to provide our services and, if you agree, to email you about other services we think may be of interest to you.

We use your information collected from the website to personalise your repeat visits to our website. “Taxiway” will not share your information for marketing purposes with other companies.

We may process your information as follows:

Send you details about our services

Send you information about the course or service you have signed up for

Seek views or comments about the services we provide

Send communications you have requested and that may be of interest

Process a grant or job application

Use your feedback and photos taken at events for marketing purposes

Who will the information be shared with?

In order to provide certain services, we will be obliged to share your information with third parties in the following circumstances:

With third-party, distribution and accounting services

In each of these circumstances we have contacted the organisations and obtained a copy of their GDPR compliant policies.

For more detailed information please contact us.

Marketing

We would like to send you information about our services and other companies in our group, which may be of interest to you. If you have consented to receive marketing, you may opt out at a later date.

We also may ask to share your information with relevant third-party organisations such as sponsors of a learning event. We will always ask your permission before doing this and give you the option to opt out at a later time.

You have a right at any time to stop us from contacting you for marketing purposes.

If you no longer wish to be contacted for marketing purposes, please let us know by emailing us here: [email protected] or by writing to: Synetarismos taxi Thessalonikis ‘Taxiway’ Syn.P.E based in Sykies Omieou Street 12 Thessaloniki or follow the link bellow “Unsubscribe”

Access to Your Information and Correction

You have the right to request a copy of the information that we hold about you. If you would like a copy of some or all of your personal information, please let us know by emailing us here: [email protected] or by writing to: Synetarismos taxi Thessalonikis ‘Taxiway’ Syn.P.E based in Sykies Omieou Street 12 Thessaloniki

We want to make sure that your personal information is accurate and up to date. You may ask us to correct or remove information that you think is inaccurate.

Cookies

Cookies are text files placed on your computer to collect standard internet log information and visitor behaviour information. This information is used to track visitor use of the website and to compile statistical reports on website activity.

For further information visit: www.aboutcookies.org or www.allaboutcookies.org

You can set your browser not to accept cookies and the above websites tell you how to remove cookies from your browser. However, in a few cases, some of our website features may not function as a result.

“Taxiway” Data Protection Policy
May 2018
Overview

This Policy explains when and why we collect personal information, how we use it, the conditions under which we may disclose it to others and how we keep it secure.

“Taxiway” needs to collect and maintain certain information about its employees, students and other users of its services to allow it to monitor, for example, performance, achievements, and Health and Safety.

It is also necessary to process information so that employees and students can be recruited; employees paid, courses organised, external funding secured and legal obligations to funding bodies and government complied with.

Accordingly, data may be collected, not only from and about actual employees, students and service users, but also from and about a wide range of individuals having or contemplating dealings with “Taxiway”; including employees and students, individuals involved in fund-raising and other individual stakeholders.

In order to ensure that information is collected and used fairly, stored safely and not disclosed to any other person unlawfully and that employees or others who process or use any personal information ensure that they follow the Data Protection Principles set out below; “Taxiway” has adopted this Information and Data Protection Policy.

We may change this Policy from time to time so please check this page occasionally to ensure that you are happy with any changes. By using our website, you are agreeing to be bound by this Policy.

Any questions regarding this Policy and our privacy practices should be sent by email to: [email protected] or by writing to: Synetarismos taxi Thessalonikis ‘Taxiway’ Syn.P.E based in Sykies Omieou Street 12 Thessaloniki

“Taxiway” has appointed the CEO as the Data Protection Controller (DPC) who will endeavour to ensure that all personal data is processed in compliance with this Policy.

Policy Statement

“Taxiway” will ensure that information is collected and used fairly, stored safely and not disclosed to any other person unlawfully. Whenever collecting information about people “Taxiway” will therefore comply with the Data Protection Principles, which are set out in the General Data Protection Regulation (GDPR) and require that personal data shall be:

a) processed lawfully, fairly and in a transparent manner in relation to individuals;

b) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;

c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;

d) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;

e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals; and

f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.

Lawful Basis

In ensuring that personal data are processed lawfully, “Taxiway” will only process data under one of the six lawful basis for processing set out in Schedule 6 of the GDPR:

Consent: the individual has given clear consent for you to process their personal data for a specific purpose.

Contract: the processing is necessary for a contract you have with the individual, or because they have asked you to take specific steps before entering into a contract.

Legal obligation: the processing is necessary for you to comply with the law (not including contractual obligations).

Vital interests: the processing is necessary to protect someone’s life.

Public task: the processing is necessary for you to perform a task in the public interest or for your official functions, and the task or function has a clear basis in law.

Legitimate interests: the processing is necessary for your legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests.

Individual’s Rights

“Taxiway” recognises that individuals have the following rights:

a) the right to be informed of the information “Taxiway” holds on them in a concise, transparent, intelligible and easily accessible way. “Taxiway” will typically make this information available through a Privacy Notice;

b) the right of access to their personal data and supplementary information, and to be aware of and verify the lawfulness of the processing;

c) the right to rectification of their personal data if it is inaccurate or incomplete;

d) the right to request the deletion or removal of personal data where there is no compelling reason for its continued processing;

e) the right to ‘block’ or suppress processing of personal data;

f) the right to data portability: to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without hindrance to usability;

g) the right to object to: processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling); direct marketing (including profiling); and processing for purposes of scientific/historical research and statistics; and

h) the right not to be subject to a decision when it is based solely on automated processing and produces a legal effect or a similarly significant effect on the individual.

In interpreting the Data Protection Principles and in making judgments on specific matters, “Taxiway” will take account of the most recent guidance issued by the Information Commissioner’s Office (ICO).

Policy Objectives

To ensure that “Taxiway” adopts best practice and compliance with legal requirements in its collection, processing and storage of personal data.

Scope of Policy

The policy applies to all employees, students and other users of “Taxiway” services. This policy does not form part of the formal contract of employment, but it is a condition of employment that employees will abide by the rules and policies made by “Taxiway” from time to time. Any breach of the General Data Protection Regulation or this policy will be considered to be an offence and in that event, “Taxiway” disciplinary procedures will apply.

As a matter of good practice, other agencies and individuals working with “Taxiway” and who have access to personal information will be expected to have read and to comply with this policy.

Employees who deal with external agencies will take responsibility for ensuring that such agencies sign a declaration agreeing to abide by this policy and detailing for how long it has been agreed that any data should be retained. Details of the declaration must be entered on a register to be held by “Taxiway” Data Protection Controller.

Any employee or student (or former employee or student) or other individual who considers that the policy has not been followed in respect of the personal data held about them, should initially raise the matter with the Data Protection Controller. If the matter is not resolved it should be raised as a formal grievance or complaint.

Practical Implementation

All Employees Are Responsible For:

a) checking that any information that they provide to “Taxiway” in connection with their office or employment is accurate and up to date;

b) informing “Taxiway” of any changes to the information which they have provided e.g. changes of address, next of kin, bank details etc.;

c) checking the information that “Taxiway” will send out from time to time, giving details of information kept and processed about them;

d) informing “Taxiway” of any errors or changes; and

e) ensuring that they abide by “Taxiway” Information Systems Acceptable Use Policy.

“Taxiway” cannot be held responsible for any errors unless the individual has informed “Taxiway” of them.

If and when, as part of their responsibilities, employees collect information about other people they must comply with the guidelines for employees. In particular they are responsible for ensuring that:

any personal data that they hold are kept securely;

when personal data need to be transmitted, internally or externally, they are transmitted securely; and

personal information is not disclosed either orally or in writing or accidentally or otherwise to any unauthorised third party. Employees should note that unauthorised disclosure will usually be a disciplinary matter, and may be considered gross misconduct in some cases.

Personal Information Must:

be kept in a locked filing cabinet; or

be kept in a locked drawer; or

if it is computerised, be password protected; or

be kept only on electronic media which are themselves kept securely.

Managers Must Ensure That:

all personal data processed within or by members of their curriculum or professional service team are processed according to the Data Protection Principles outlined above;

privacy notices have been adequately communicated to those whose data are collected, stored or processed;

consent has been duly obtained where it forms the lawful basis for processing the data;

individuals have been made aware of their rights under the GDPR;

any third parties who are commissioned to process personal data on “Taxiway” behalf are engaged under a written contract which includes those terms required under the GDPR as set out in guidance issued by the Information Commissioner’s Office;

privacy and data protection is a key consideration in the early stages of any project, and then throughout its lifecycle. In planning projects, managers must ensure the principles of “privacy by design” are observed and where required a Data Protection Impact Assessment is undertaken in conjunction with the Data Protection Controller; and

that any breaches of personal data are immediately notified to the Data Protection Officer who will investigate accordingly and where necessary notify the Information Commissioner’s Office.

Disclosure

“Taxiway” will ensure that personal data are not disclosed to unauthorised third parties (including family members, friends, government bodies or the Police) except in the circumstances set out in Part 4 of, and Schedule 7 to, the Data Protection Act 1998 and listed below in which personal data may legitimately be disclosed. Personal data may be legitimately disclosed where one of the following conditions applies:

a)the individual has given their consent (e.g. a student/employee has consented to “Taxiway” corresponding with a named third party);

b)the disclosure is in the legitimate interests of “Taxiway” (e.g. personal information can be disclosed to other “Taxiway” employees if it is clear that those employees require the information to enable them to perform their jobs);

c)”Taxiway” is legally obliged to disclose the data; or

d)disclosure of data is required for the performance of a contract (e.g. informing a student’s employer or sponsor of course changes/withdrawal etc). The Act permits certain disclosures without consent so long as the information is requested for one or more of the following purposes

to safeguard national security:

prevention or detection of crime including the apprehension or prosecution of offenders;

assessment or collection of tax duty;

discharge of regulatory functions (includes health, safety and welfare of persons at work);

to prevent serious harm to a third party;

to protect the vital interests of the individual (this refers to life and death situations).

Sensitive Information

Sometimes it is necessary to process information about a person’s health, criminal convictions, race, gender or family details. This may be to ensure that “Taxiway” is a safe place for everyone, or to operate other “Taxiway” policies, such as the Sick Pay Policy or Equality and Diversity Policy.

“Taxiway” may also ask for information about particular health needs, such as allergies to particular forms of medication, or any conditions such as asthma or diabetes. “Taxiway” will only use such information in the protection of the health and safety of the individual. Because this information is considered sensitive, and it is recognised that the processing of it may cause particular concern or distress to individuals, employees and students will be asked to give express consent for “Taxiway” to do this. All prospective employees and students will therefore be asked to provide consent for “Taxiway” to process data, regarding particular types of information when an offer of office or employment or a course place is made. A refusal to sign such a form will result in the offer being withdrawn.

Examination/Assessment Marks

Students who have no outstanding payment of course or assessment fees will be entitled to information about their marks or grades for both coursework and examinations. This may take longer than other information to provide, but will normally be available within 28 days, dependent on when the relevant awarding organisation furnishes “Taxiway” with the information. Where students have outstanding course or assessment fee payments due, “Taxiway” may withhold certificates, accreditation or references until the full course fees have been paid, or all books and equipment returned to “Taxiway”.

Retention and Disposal of Data

“Taxiway” will normally keep personal information only for as long as it is required to retain it for legal or other statutory reasons or as required by the funding or examination body or to meet its responsibilities as an employer (e.g. information regarding pensions, taxation, potential or current disputes or litigation regarding the employment) or education provider. A schedule of retention for different categories of personal information will be maintained by the Data Protection Controller.

Personal data will be disposed of in a way that protects the rights and privacy of data subjects (e.g. shredding, disposal as confidential waste, secure electronic deletion).

Data Security

In order to ensure the protection of personal data held electronically, staff and students are required to adhere to “Taxiway” IT Systems Acceptable Use Policy. Breaches of this policy where they concern misuse of personal data will be treated as disciplinary matter.

“Taxiway” Management Team are responsible for ensuring that there are appropriate and adequate security measures in place including, as part of “Taxiway” Business Continuity arrangements, an IT Recovery Plan.

Should there be a breach of security “Taxiway” will notify any individuals whose personal data may have been disclosed to a third party as a result of the breach and will consider whether the breach warrants reporting to the Information Commissioner’s Office under the ICO’s Guidance on Notification of Data Security Breaches.

Communication and Training

The policy will be communicated to staff and students through “Taxiway” website and internal communication services.

Review and Monitoring of Policy

The Information and Data Protection Policy will be reviewed biennially. The Senior Management Team is responsible for monitoring the implementation of the Policy via reports from the Data Protection Controller and relevant members of the Management Team.

Employee Guidelines for Data Protection

Many employees will process data about students on a regular basis, when marking registers or “Taxiway” work, writing reports or references, or as part of a pastoral or academic supervisory role. Other employees may need to process data about fellow members of staff or other individuals. “Taxiway” will ensure, through registration and recruitment procedures that all students give their consent to such processing, and are notified of the categories of processing, as required by the 1998 Act. The information that employees deal with on a day-to-day basis will be ‘standard’ and will cover categories such as:

general personal details such as name and address;

details about attendance, or about course work marks, grades and associated comments or performance at work; and

notes of personal supervision, including matters about behaviour and discipline.

Information about an individual’s physical or mental health; sexual orientation; political or religious views; trade union membership or ethnicity or race is sensitive and can only be collected and processed with the student’s consent. If employees need to record this information where agreed “Taxiway” policies and practices require or encourage the sharing of this information, they should use “Taxiway” standard forms and templates.

All employees have a duty to make sure that they comply with the Data Protection Principles, which are set out in the “Taxiway” Information and Data Protection Policy. In particular, employees must ensure that records are: (a) accurate; (b) up-to-date; (c) fair; and (d) kept and disposed of safely, and in accordance with “Taxiway” policy.

Employees must not disclose personal data relating to any individual to any student, unless for normal academic or pastoral purposes, without authorisation or agreement from the Data Protection Controller, or in line with “Taxiway” policy.

Employees must not disclose personal data relating to any individual to any other employee except with the authorisation or agreement of the Data Protection Controller, or in line with “Taxiway” policy.

Before processing any personal data, all employees should consider the following checklist:

Do you really need to record the information?

Is the information ‘standard’ or is it ‘sensitive’?

If it is sensitive, do you have the data subject’s express consent?

Has the data subject been told that this type of data will be processed?

Are you authorised to collect/store/process the data?

If yes, have you checked with the data subject that the data are accurate?

Are you sure that the data are secure?