Personal Data Protection Policy

1. Introduction

The Branch – University Legal Entity named “UNIC University Legal Entity Education” (hereinafter “UNIC ATHENS”) understands the importance of privacy and confidentiality protection and is committed to the protection of the personal data of its students, staff, and partners.

This Personal Data Protection Policy describes the manner in which your personal data are collected, used, stored and protected, in accordance with the General Data Protection Regulation (GDPR) and applicable legislation.

2. Data Controller

The controller of your personal data is the branch of the University Legal Entity named “UNIC University Legal Entity Education”, with the following contact details:

UNIC ATHENS University Legal Entity

29th Street, no. 17, P.C. 16777, Elliniko, Greece

Tel.: +30 210 6748293

3. Data Protection Officer

The data protection officer is the law firm named “Avrantinis & Associates Law Firm” with the following contact details:

Avrantinis & Associates Law Firm

Makedonon 8, P.C. 11521, Athens, Greece

Contact person: Sotirios Vazimas, Attorney at Law, Certified DPO

Tel.: +30 2120003102

Email: [email protected]

4. Types of personal data collected

The personal data collected and processed by UNIC ATHENS is only that which is necessary for each specific and clearly defined purpose and the specific legal basis.

In this context, the processing that takes place concerns the personal data you provide to UNIC ATHENS when you receive our services, when you visit our website and when you interact with us (for example, when submitting an application or during your registration).

UNIC ATHENS collects the following personal data:

  • Identification and communication data (full name, family details, address, telephone, email, photograph, identity card or passport number)
  • Academic data (grades, degrees, certificates, CVs, letters of recommendation)
  • Financial data (absolutely necessary information for the payment of tuition fees and the granting of scholarships, bank account and bank card details)
  • Health data (absolutely necessary information for the student’s safety during their studies)

In cases where processing is based on obtaining consent, UNIC ATHENS follows the procedures provided by legislation for obtaining such consent.

5. Methods of collecting personal data

UNIC ATHENS collects personal data:

  • when informing you (in person or via the internet) about the registration requirements and the study programs offered
  • during the registration process for new students
  • during the provision of educational services
  • when you visit our website, through which we collect, with your express consent, through cookies, information from your terminal device (IP, operating system, browser type)
  • when you voluntarily register in printed or electronic catalogues (newsletter) to receive informational and/or promotional material

We do not process any personal data that have not been provided with your consent.

6. Processing purposes

UNIC ATHENS processes your personal data for the following purposes:

  • for the fulfilment of contractual obligations in the context of providing high-level higher education services, in accordance with the provisions of Law 5094/2024 of Greece
  • for compliance with national and European legislation, and the fulfilment of obligations to Judicial and Supervisory Authorities
  • for informational, research or advertising purposes, only if relevant consent has been granted
  • for the development and improvement of the services provided, complaint management, risk management, protection and security of information systems (safeguarding legitimate interests)

We retain your data for as long as required to fulfil the above purposes and, in any case, until you withdraw your consent or object to the processing.

7. Legal bases for processing

The processing of personal data is always based on at least one of the following legal bases:

  • Consent
  • Performance of a contract
  • Compliance with a legal obligation
  • Protection of legitimate interest
  • Protection of vital interest
  • Performance of a task in the public interest

8. Data recipients

UNIC ATHENS staff has access to your personal data in the context of performing the duties assigned to them by UNIC ATHENS as data controller.

UNIC ATHENS is obliged or entitled to disclose your personal data to third-party recipients, such as Public Bodies or Independent Authorities, under the condition of maintaining confidentiality and the duty of secrecy.

Given that UNIC ATHENS is a branch of the University of Nicosia, in accordance with the provisions of Law 5094/2024, the parent institution (University of Nicosia) is obliged to maintain full control over the branch (UNIC ATHENS). In the context of exercising this control, personal data processed by UNIC ATHENS are transmitted to the parent institution (University of Nicosia), under the condition of maintaining confidentiality and the duty of secrecy.

9. Retention Period

UNIC ATHENS retains your personal data for a period determined by the applicable legal and regulatory framework in each case.

10. Data recording when visiting our website

I. Server log files

The provider of the UNIC ATHENS website and its pages automatically collects and stores information in so-called server log files. The information includes:

  • The type and version of the browser used
  • The operating system used
  • The referrer URL
  • The hostname of the accessing computer
  • The time of the server request
  • The IP address.

These data are recorded pursuant to Article 6 (1) of the GDPR. The website administrator has a legitimate interest in the error-free technical representation and optimization of the website. To achieve this, server log files must be recorded.

II. Cookies

The UNIC ATHENS website uses cookies. Cookies are small data files that are created and stored by the internet browser on your computer’s hard drive. Accessing a website may result in a cookie being stored on your operating system. This cookie contains a specific character string that allows the browser to be clearly identified each time the website is accessed.

We use cookies to make our website more user-friendly. The processing of personal data based on the use of cookies is lawful in accordance with Article 6 (1) of the GDPR. The purpose of these technical cookies is to simplify the use of the website.

Cookies are stored on the user’s computer and transferred to us. This is why you, as a user, have full control over the application of cookies. You can disable or restrict cookies by changing your browser settings. Cookies already stored on your hard drive can be deleted at any time. This can also be done automatically. However, disabling cookies for our website may result in certain functions not displaying correctly.

For more information, see the Cookie Policy (https://www.unic.ac.cy/el/cookie-policy/)

III. Registration

Users can register on the UNIC ATHENS website by providing personal data. All information requested in the electronic data entry form will be transmitted as part of the registration process.

You will be asked to give your consent for the processing of these data as part of the registration process. These data are processed after the user’s consent in accordance with Article 6 (1) of the GDPR.

User registration is necessary for the provision of specific content and services of our website, including the creation and management of user accounts, participation in surveys, management of admission applications and placement tests, organization of examinations, course registration, events, examinations, and the administrative tasks related to them.

These data will be deleted when it is no longer needed for the purpose for which it was collected.

IV. Contact form and contact via email

There are contact forms on the UNIC ATHENS website that can be used for electronic communication. When you register, the data you enter in the online data entry form will be transmitted. Your consent is required for the processing of these data and you will be referred to our Privacy Policy and asked to give your consent when you submit the form.

Alternatively, contact can be initiated using an email address provided by you. In this case, the personal data provided in the email will be stored. This information will not be transmitted to third parties.

These data are processed after the user’s consent in accordance with Article 6 (1) of the GDPR. The processing of information received from sending an email is lawful in accordance with Article 6 (1) of the GDPR.

These data are stored only for the purposes of processing the specific communication. The data will be deleted when it is no longer necessary for the purpose for which it was collected.

11. Data subject rights

The data subject has the following rights:

  • Right of access: You can be informed by us at any time about your personal data that we hold, and have access to it.
  • Right to rectification of data: You have the ability to contact us to correct data that is inaccurate or incomplete.
  • Right to erasure: Unless we are obliged by some legislative framework to retain the data we hold that relates to you, you can ask us to delete it.
  • Right to data portability: You can ask us to transmit your data to another entity.
  • Right to object and restriction of processing: In case you disagree with the way we process your personal data, you can request the cessation or restriction of processing.
  • Right to withdraw consent: You have the right to withdraw your consent to the processing of your data at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. UNIC ATHENS will make every effort to respond to the request you submit without delay and in any case within one month of receiving it. This deadline is extended for two more months, if necessary, taking into account the complexity of the request and the number of requests. UNIC ATHENS will inform you of this extension within one month of receiving the request, as well as the reasons for the delay. If you have submitted the request by electronic means, the information is provided, if possible, by electronic means, unless you request otherwise. If UNIC ATHENS satisfies your request a) for restriction of processing of your data or b) for refusal to process your data or c) for deletion of your data from UNIC ATHENS files and if these are necessary for the conclusion or continuation and execution of a contract, then this automatically entails either the termination by you of the respective contract or the impossibility of processing your relevant request. UNIC ATHENS has in any case the right to refuse to satisfy your request for restriction of processing or deletion of your personal data, if this processing is necessary for the establishment, exercise or support of its legitimate rights or the fulfillment of its obligations. The above services are provided free of charge. However, in case your requests are manifestly unfounded, excessive or repetitive, UNIC ATHENS may either impose a reasonable fee, informing you accordingly, or refuse to respond to them.
  • Right to lodge a complaint: You have the right to lodge a complaint with the Hellenic Data Protection Authority (dpa.gr), which is the competent supervisory authority for the protection of the fundamental rights and freedoms of natural persons against the processing of their personal data, if you consider that your rights are violated in any way.

To exercise your rights, you can contact the Data Protection Officer at the email address [email protected].

12. Security measures

UNIC ATHENS implements appropriate technical and organizational measures to protect your personal data from accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access.

All members of UNIC ATHENS staff are committed to ensuring the confidentiality of your personal data.

Your data are not disclosed or transmitted to third parties, except in the context of contractual relationships with partners and for the fulfilment of specific purposes. In any case, all partners comply with the relevant data protection legislation and take, in turn, all necessary guarantees for the confidentiality, integrity and availability of your data.

Exceptionally, your data may be transmitted to Judicial or Supervisory Authorities, only when required by law.

13. Contact

For any questions regarding this Personal Data Protection Policy or to exercise your rights, you can contact the Data Protection Officer (DPO) at email: [email protected].

14. Amendments to the Personal Data Policy

This Personal Data Protection Policy may be amended. Amendments will be posted on the UNIC ATHENS website and, where required, you will be personally notified.