PRIVACY POLICY

Greek Online Academy

Last Updated: May 2026

1. Who We Are

Greek Online Academy (owned and operated by SI Greek School) is the data controller and responsible for your personal data (referred to as "we", "us" or "our" in this policy). For any inquiries, please email us at info@greekonlineacademy.com.

We are regulated under the General Data Protection Regulation (Regulation (EU) 2016/679 – GDPR) as implemented in Cyprus under the Law 125(I)/2018 on the Protection of Natural Persons with regard to the Processing of Personal Data and on the Free Movement of such Data (the "Cyprus GDPR Law"). For UK-based users, the UK GDPR and the Data Protection Act 2018 also apply.

Our lead supervisory authority in the EU is the Commissioner for Personal Data Protection in Cyprus. UK-based individuals may also lodge complaints with the Information Commissioner's Office (ICO).

2. Data We Collect

We may collect the following categories of data:

  • Identity and Contact Data – name, email, phone, home/business address.
  • Financial Data – payment details (processed by third-party providers; we do not store full card details).
  • Technical Data – IP address, device/browser type, time zone, geolocation, login data, interaction history, analytics data.
  • Usage Data – navigation history, course progress, quiz/test results, preferences.
  • Communications Data – messages, inquiries, marketing preferences.

We also collect information when you:

  • Register for newsletters or free resources.
  • Purchase a course or service.
  • Complete forms, needs analysis, or assessments.
  • Leave comments on our blog.
  • Participate in online lessons and learning platforms.

3. Children's Data

We recognise the importance of protecting children's personal data. If you are under 16 (or the minimum age required by your country under applicable law), we require the consent of a parent or guardian before collecting or processing your personal data.

4. How We Collect Your Data

  • Directly – through forms, phone, email, in person, or via social media.
  • Automatically – via cookies, analytics, and tracking technologies.
  • From Third Parties – e.g., payment processors (Stripe, PayPal), analytics providers (Google), and email platforms (Mailchimp).

5. Legal Basis for Processing (Article 6 GDPR)

We process your data on the following legal bases:

  • Consent – e.g., newsletters, marketing, non-essential cookies.
  • Contractual Necessity – e.g., delivering courses, processing payments.
  • Legal Obligation – e.g., tax and accounting requirements under Cyprus law.
  • Legitimate Interests – e.g., service improvements, fraud prevention, security.

6. How We Use Your Data

We use your personal data to:

  • Deliver and manage online courses and services.
  • Communicate with you about bookings, inquiries, and updates.
  • Process payments securely through third-party providers.
  • Track course progress and provide personalised feedback.
  • Send newsletters, promotions, and educational content (with your consent).
  • Ensure website functionality, security, and analytics improvements.

7. Profiling & Automated Decisions

We do not engage in automated decision-making that produces legal or similarly significant effects (Article 22 GDPR). Where limited profiling is used (e.g., tailoring course recommendations), you have the right to object.

8. Data Sharing

We do not sell or rent your data. We share data only where necessary:

  • Service Providers – e.g., Stripe, PayPal, Mailchimp, hosting and IT support.
  • Teachers and Staff – for educational delivery.
  • Regulatory Authorities – where legally required under Cyprus GDPR Law or other applicable legislation.

All third parties are contractually bound to protect confidentiality and process data lawfully.

9. International Data Transfers

Where data is transferred outside the EEA/UK (e.g., to Mailchimp, Google, Meta), we ensure safeguards under Standard Contractual Clauses (SCCs) or equivalent. If no safeguards are available, we will seek your explicit consent.

10. Marketing & Cookies

Marketing communications are sent based on consent or legitimate interests. You may withdraw consent at any time without affecting the lawfulness of prior processing.

Our website uses cookies and similar tracking technologies. Non-essential cookies (analytics, advertising) will only be placed with your prior consent via our cookie banner. For details, see our Cookie Policy.

11. Data Security

We implement appropriate technical and organisational measures (Article 32 GDPR and Cyprus GDPR Law), including:

  • SSL/TLS encryption
  • Role-based staff access
  • Password protection and authentication controls
  • Firewalls and malware protection
  • Regular security audits

12. Data Retention

We retain data only as long as necessary:

  • Customer data: up to 7 years (tax/accounting laws under Cyprus law).
  • Inquiries: up to 12 months.
  • Newsletter data: until you unsubscribe.
  • Learning records: for the duration of your enrollment plus a limited period thereafter.

13. Your Rights (Articles 12–22 GDPR and Cyprus GDPR Law)

You have the right to:

  • Access, rectify, or erase your data.
  • Restrict or object to processing.
  • Data portability.
  • Withdraw consent at any time.
  • Lodge complaints with the Commissioner for Personal Data Protection in Cyprus or, if based in the UK, the ICO.

Requests should be sent to info@greekonlineacademy.com. We aim to respond within one month.

14. Changes to This Policy

We review this policy regularly to ensure compliance. If substantial changes are made, we will seek your renewed consent where required.

15. Contact & Complaints

For privacy-related inquiries, please contact us:

Greek Online Academy
Email: info@greekonlineacademy.com

If you are dissatisfied with our processing of your data, you may lodge a complaint with: