Privacy Policy

Introduction

The American College of Greece (hereinafter referred to as “the College” or “ACG”) founded in 1875, is the oldest and largest US accredited college or university in Europe. ACG is an independent, not for profit, nonsectarian, co-educational academic institution.
In order to fulfill its mission to offer transformative education ACG processes personal data on various data subjects (students, alumni, parents and legal guardians, staff, as well as other people associated with ACG), in accordance with this Policy.


Data protection was and remains a subject that ACG handles with extreme sensitivity and precaution and this policy outlines the College’s commitment to data privacy and protection.

We review this policy regularly and reserve the right to make changes at any time to take into account any changes in our activities, legal requirements and how we process personal data.


PERSONAL DATA PROTECTION POLICY

 

SCOPE

This policy lays out the main framework of principles and rules regarding how we collect, process and store personal data about employees, professors, students and other individuals who interact with the College (“Data Subjects”), the rights of Data Subjects, as well as, data security issues, in accordance with  the Regulation (EU) 2016/679 of the European Parliament and of the Council (“General Data Protection Regulation” or “GDPR”) as well as the applicable Greek Legislation regarding the protection of personal data, as in effect from time to time (collectively referred herein as the “Data Protection Legislation”).

WHO MUST READ AND ADHERE TO THIS POLICY

This policy applies to individuals who are connected to the College or interact with the College in any manner or capacity, and whose personal data we may hold from time to time, including the administrative personnel of the College, persons engaged by it in any way or under any capacity; its faculty members; anyone who may work for it on a contractual or casual basis; pupils and students and their parents/legal guardians, alumni, etc. It is the responsibility of all Faculty, Staff and Students to adhere to this policy.

PERSONAL DATA & DATA CONTROLLER

Personal Data: By personal data we refer to any information that relates and can identify an individual. Personal Data includes the so-called “Special Categories of Personal Data”, namely data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation as well as data relating to criminal convictions and offences.

Data Controller: The American College of Greece, an educational institution which is established in Denver, Colorado, U.S.A., and operates in Greece at Aghia Paraskevi of Attica (6 Gravias Street), functions as the Data Controller of the personal data of students, parents/legal guardians, alumni, personnel and professors, maintaining records of such data both in an electronic and a hard copy format for various purposes.

HOW DOES THE COLLEGE PROCESS PERSONAL DATA

The collection, storage, and processing of personal data by the College takes place in accordance with the terms of this Policy as well as the provisions of the Data Protection Legislation.

TYPE OF PERSONAL DATA WE PROCESS PER CATEGORY OF DATA SUBJECTS

Concerning students, the College mostly processes personal data regarding their identity and their academic activities. More info can be found on ACG Student Privacy Policy (ACG Student Privacy Policy).

Concerning employees (including Faculty members), the College processes personal data regarding their professional specialization; data referring to their hiring, employment history, salaries and withholdings, and any other payments, allowances or benefits provided to them, as well as personal data relevant to their health insurance and social insurance. More info can be found on ACG Staff Privacy Policy (link to be inserted).

Concerning Alumni, the College processes personal data mainly regarding their identity, contact details etc. More info can be found on ACG Alumni Privacy Policy Concerning parents/ legal guardians, the College keeps processes personal data mainly regarding their identity, contact details etc.

DATA COLLECTION, ACCESS TO DATA & DISCLOSURE/TRANFER OF DATA

Personal data are legally collected by the College from the individuals to whom the data refer (“Data Subjects”), or by third parties, in accordance with the Data Protection Legislation.

Access to the personal data which are collected and processed by the College is restricted mainly to authorized ACG personnel, on a need-to-know basis, and within the framework of the College’s educational activities.

Furthermore, some of the personal data may be accessible and processed, within the framework of their responsibilities, by authorized external associates of ACG for the fulfillment of defined purposes and objectives. All external processors are selected based on whether they fulfill the same austere data protection measures as ACG. Any further transfer of personal data to any third person or to a country outside the European Union, will take place only in case it is so provided so by the Data Protection Legislation. 

PURPOSE, LEGAL BASIS & DURATION OF PROCESSING

The College processes personal data in order to serve the educational needs of the College and its students, employment procedures for purposes of compliance with its legal obligations (including towards public authorities) and the serving of its legitimate interests.

The College may process personal data based on a number of legal bases, which may include the Data Subject’s consent, complying with agreements entered into with Data Subject and/or its legal obligations, protecting the vital interests of Data Subject, fulfilling a legitimate interest, except where such interests are overridden by the interests or fundamental rights and freedoms of a Data Subject, or protecting the health or life of the Data Subjects.

ACG will keep and process the personal data for as long as it is required for the serving of the purposes of processing and in order to comply with its legal obligations and to defend itself against any legal claims. After the above time period, ACG will proceed to the definite deletion of the above personal data.

ADHERENCE TO THE PRINCIPLES RELATING TO THE PROCESSING OF PERSONAL DATA

Personal Data maintained by the College shall be processed in accordance with the principles set forth in the Data Protection Legislation, including, without limitation the principles of lawfulness, fairness and transparency, accuracy, data minimization, purpose and storage limitation, integrity and confidentiality.

In this context the College makes every effort through its personnel to keep the personal data stored by it in an updated form. Yet, Data Subjects must inform the College immediately of any change to their personal data, while the College also uses its reasonable endeavours to periodically update its records. Despite that, the College cannot guarantee the complete accuracy of any data stored by it.

RIGHTS OF DATA SUBJECTS

Subject to the exceptions, conditions and limitations provided by the Data Protection Legislation, the College secures the unhindered exercise by the data subjects of their rights under the Data Protection Legislation.  The data subjects have the following rights:

Right to information: This is the right of the data subject to be informed when data about him/her is being collected

Right to access: The data subjects have the right to obtain from the College confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the information provided by the Data Protection Legislation.

Right to rectification: Data subjects have the right to rectification of inaccurate personal data concerning them, including completion of incomplete personal data.

Right to restriction of processing: Where applicable, data subjects have the right to object to the processing of their data. They exercise this right by preparing a document that should be addressed to the Data Protection Officer, and should further include the request for a specific action (such as correction, temporary non-use, blocking of information, non-transfer or deletion, as the case may be).

Right to erasure: Under certain circumstances, data subjects might request the erasure of their personal data.

Right to objection: Under certain circumstances, data subjects have the right to object to the processing of their personal data.

Right to data portability: Where processing is based on a consent or a contract and the processing is carried out by automated means, data subjects have the right to receive the personal data concerning them in a structured, commonly used and machine-readable format. They also have the right to transmit this personal data to a third party without hindrance of the College, if technically possible.

The above rights are exercised exclusively by the data subjects, or by their legally authorized proxies. For the purposes hereof, the parents of College students who are adults are considered as third persons and, as such, are not entitled to exercise the rights of those students on their behalf, unless they have been specifically authorized by the students to do so.

In the case of minors, the personal data rights are exercised by the minors’ parents, or by the person or persons who have legal custody of those minors.

In case data subject exercises one of the aforementioned rights, ACG will take any possible measure for the prompt satisfaction of the data subject’s request, according to the specific provisions and conditions of the Data Protection Legislation, and shall inform the data subject in writing regarding the satisfaction of his /her request, or the reasons that prevent the exercise or satisfaction there according to the Data Protection Legislation.

In addition, data subject may at any time withdraw his/ her consent for the processing of his/her personal data, without although affecting the lawfulness of processing based on consent before its withdrawal or the processing which has been based on another legal basis. We inform data subjects that in case of withdrawal of their consent, we may not be able to use their personal data and they might not be able to use   College’s services (or some of them).

Furthermore, data subjects have the right to lodge a complaint with the Hellenic Data Protection Authority, in case they consider that the processing of their personal data is against the applicable Data Protection Legislation.

DATA SECURITY

To ensure data security ACG strives to take extra organizational and technical security measures, continuously updates its privacy policies, regularly trains its Faculty & Staff on data protection issues, supports the data subjects when they wish to exercise their rights in accordance with the Data Protection Legislation, takes all steps to ensure that its partners and vendors who process personal data are also Compliant with the Data Protection Legislation.

As far as the destruction of personal data is concerned the following procedures are followed:

The destruction of personal data kept by the College after the completion of the processing and/or the fulfillment of the purposes served in keeping it, is carried out in accordance with the Guidelines of the Hellenic Data Protection Authority (currently the Guideline number 1/2005 for the safe destruction of personal data following the period required for the fulfillment of the purpose for processing), and, where applicable, is carried out under the supervision of the designated person-representative of the data processor. Specifically, data maintained in hard-copy form and designated for destruction are selected, gathered and guarded in a specially allocated and safe place to which only authorized personnel has access. Such data are either shredded and pulped and recycled, or burnt. A record of destruction is made when the above action takes place. The record notes the date of destruction and describes the data destroyed, the method of destruction and the full name of the employee of the data processor appointed as the responsible for the destruction. The destruction of data stored in electronic form is carried out by overwriting it with the assistance of programs designed specifically for that purpose (file erasers, file shredders, etc.). Following that, the material in which the data is stored is also destroyed, as are all back-ups of the data. The same type of record of destruction is made in this case as in the case of destruction of hard-copy data.

The processing and storage of the personal data records by the College is a classified activity and, as such, is conducted by specifically authorized employees and executives of the College.

Data stored in hard-copy form are guarded in special places. The appropriate technical measures have been taken to ensure that non-authorized persons do not have access to those places. Only authorized personnel who have been charged with maintaining and processing personal data have access to those areas.

With regard to data maintained in electronic form, the appropriate security measures have also been taken. The data are stored in specific computers which block entry to anyone who does not have a password. Only authorized employees have the password, while back-up is guarded in special, restricted-access places.  College employees who are authorized to maintain and process personal data on behalf of the College are bound to absolute secrecy regarding personal data. These employees are fully cognizant of all the stipulations of the law and all the procedures, terms and conditions pertaining to compliance with the applicable law on personal data and the legal storage and processing thereof.

PERSONAL DATA BREACHES

By breach we mean every breach of security that leads to accidental or unlawful destruction, loss, alteration, unauthorized disclosure, unauthorized access to data processed, stored or transmitted.

If such a breach occurs at ACG, ACG shall take all steps required by the Data Protection Legislation, including, where applicable, reporting it to it, to the Hellenic Data Protection Authority and/or communication with the Data Subjects which may have been affected thereby.

If a member of the staff, faculty, student or a member associated with the ACG Community becomes aware of the breach they should contact immediately the Data Protection Officer.

DATA PROTECTION OFFICER

If you have any queries in relation to the protection of your personal data or you wish to exercise any of your legal rights, you can contact the Data Protection Officer of the American College of Greece by using the following contact details:

Address:              6 Gravias Street, Aghia Paraskevi, 15342

E-mail address:  [email protected]

Tel:                       (+30)2106009800


ACG STUDENT PRIVACY POLICY

SUMMARY

The American College of Greece (hereinafter referred to as “the College” or “ACG”) needs to collect and process personal data in order to provide educational services to students, manage its operations effectively (Ministry of Education, NEASC accreditation, Open University (OU) Validation, EPAS accreditation, AMBA accreditation), and meet its legal obligations and its legitimate interests. For the processing of personal data (including special categories of personal data), the College complies with the provisions of the General Data Protection Regulation (GDPR) and the applicable Greek Legislation, as in effect from time to time (herein referred to collectively as the “Data Protection Legislation”). This document sets out how we use students’ personal data.

NOTE

This document is required by the General Data Protection Regulation (GDPR) and contains information on how we process students’ personal data, the legal basis for processing, how long we keep personal data for, etc.  

We review this document regularly and reserve the right to make changes at any time to take into account any changes in our activities, legal requirements and how we process personal data.

This document constitutes an integral part of “the American College of Greece Personal Data Protection Policy”.

SCOPE

What this document covers

This document applies to students who have applied and registered to study with The American College of Greece, including both undergraduates and postgraduates.

POLICY

Who we are

The American College of Greece is the data controller in relation to the processing activities described below. This means that The American College of Greece decides why and how students’ personal data is processed.  

What information do we collect about students and how do we collect it

Information that students give us:

As soon as students contact us, we create a record in their name (both electronic and physical). To that record we add information that students give us when enrolling and throughout their studies until their graduation time.

Indicatively, we keep records of attendance in courses, grades in courses, disciplinary record and decisions coming from various committees and Offices (Committee on Academic Standards and Policies (CASP), Committee on Student Conduct (COSC), Committee on Disabilities and Learning Differences (CDLD), Academic Advising Office (AAO), etc.). All undergraduate students sign our honor pledge upon their admission to the College. We also keep Co-curricular transcripts (Academic enrichment, Scholarly engagement, Honors and awards, Community Service and Volunteerism, Scholarships) and record of contracts and correspondence with external employers for student internships. Moreover, we keep student’s photo for issuance of their ACG ID Cards. We also keep financial assistance records, scholarships granted and fellowships records.

We hold general biographic/demographic data about students, such as name, communication details, address, gender, age, nationality, place of birth, family status, copies of IDs and passports,  copies of VISA/residence permits, high school leaving diploma or relevant qualifications and grade lists, official transcript(s) and related documents from previous institutions attended, application form, reference letter(s), courses and qualifications studied, employment data, military information, parents/guardians and family member’s data details for reporting and statistical purposes, for meeting our legal obligations and for informing ACG affiliates on events, programs and matters concerning ACG in general.

For students participating in the Work-Study program we keep their work study application forms, CVs, ID Cards, Family Status, copy of bank account, Residence/Work Permit for foreign student employees, AFM/VAT, Social Insurance number as to serve the employment process.

We hold financial Data, for example Tax Identification Number, SSN, copies of checks, credit card receipts, and amounts owned and paid. Moreover, in case of refunds we keep Bank Account number, IBAN number, Account Beneficiary name, Account Beneficiary address. For Students that are US Citizens we collect W9 Forms in order to annually report the amount paid for “qualified tuition and fees” to both the student and the Internal Revenue Service (IRS). We also report data to Greek Tax Authorities.

 

Students may submit documents about “special categories” of data, including physical or mental health, disabilities and learning differences. This data might be enriched during the period of studies if a student participates in external activities and needs to submit extra medical information or nutrition preferences. Health data are also gathered for the use of Athletic Facilities (certificates from pathologist/cardiologist and or dermatologist). The Office of Athletics also keeps accident report forms. Furthermore, the College maintains copies of Health Insurance submitted directly by students going on an International Internship.

Other data we keep:

  • Data concerning Student’s Employment after graduation for reporting purposes
  • Log of Student Award recipients, Election results for academic societies, Results for governing Bodies
  • Photographs, Videos from Commencement or Various Ceremonies
  • Data on student award recipients (CV, personal statement)

Information that we automatically collect:  

We will automatically collect information about students’ participation in courses through our online Student Information System (called Jenzabar, myACG portal) and all forms of assessment grades through our online grading system.

Information we receive from third parties: 

  • We may receive some information about our candidates from third party sites or from Admissions partners/recruitment companies;
  • For students not currently studying with us (Alba Admissions purposes), we may enhance our records with data received from third parties, in order to ensure we have up to date student contact details, and in order to offer more relevant communications.
  • Data from companies that pay student’s tuition

How do we use students’ personal information?

  • We collect and process personal data about students in order to deliver our services and support to them, to manage our operation effectively (US NEASC accreditation, UK Open University (OU) Validation, Belgium EPAS accreditation, UK AMBA accreditation), and to meet our legal requirements (e.g. towards the Greek Ministry of Education) and serve our legitimate interests;
  • If students do not provide some of the information required at registration then we may not be able to effectively provide administration or support services to enable them to succeed in their academic pathway;
  • Information about any disabilities and special requirements students have will also be used to inform the provision of reasonable accommodations and other provisions for their study and as to protect the student’s vital interests and to provide preventive medicine and/ or first aid health services
  • Students may submit additional “special category” information to us, for example medical evidence, information about their religion relating to mitigating circumstances consideration through a CASP petition. We only use this information for the purpose for which it was provided and remains in the student’s file;
  • We are committed to the data protection principles and best practices for handling personal data. All personal data is held securely, is accessible and processed by authorized employees of ACG, who will process the personal data solely for the fulfillment of the aforementioned purposes, and by no means for their own benefit. Furthermore, some of the above personal data will be accessible and processed, within the framework of their responsibilities, by authorized external associates of ACG for the fulfillment of the aforementioned purposes.

Whom do we share information with?

We share data with external recipients/authorized external associates of the College for specific purposes, in accordance with the provisions of Data Protection Legislation. Please see a detailed list of the external recipients below:

  • The Open University in UK (OU): For all undergraduate degree-seeking students, The American College of Greece shall undertake (where necessary) to procure the student’s consent to send to the Open University:
    • After commencement of an academic year bi-annual lists of the names of newly enrolled students on each Validated Program for registration with the Open University;
    • Progression and award boards lists signed by the external examiners;
    • Graduation student information necessary for the issuing of the Open University validated awards;
    • Copies of student academic transcripts on a yearly basis;
    • Statistical aggregate data for the Higher Education Statistics Agency (HESA) on a yearly basis;
    • Upon demand any other information or documents required by the Open University.
  • New England Association of Schools and Colleges (NEASC) in US : We share the following kinds of information:
    • Statistical aggregate data for the Commission on Institutions for Higher Education (CIHE) Annual Report;
    • Statistical aggregate data for re-accreditation purposes;
    • Student original degree, official transcript and other personal information for Apostille stamp purposes.
  • AMBA (Association of MBAs, based in London): We share the following kinds of information:
    • Names, Surnames, Gender, Age, Nationalities, Highest Academic Qualification, language proficiency and No of years of work experience.
  • EPAS (EFMD Program Accreditation System, based in Brussels)
    • No request for specific student data. They may ask for some data upon arrival for their site visit.
  • S. Department of Veterans Affairs: We share the following kinds of information:
    • Student registration information for those students who receive veterans benefits only during every registration period.
  • Greek Ministry of Education:
    • Lists of students with degree and personal information for all undergraduate and graduate degree-seeking students during every registration period for army deferral reasons and because of legal obligation too;
    • Certificates of study for students seeking army deferral and visa permit.
  • Other External or Public Authorities:
    • External transfer of student data to various authorities or court order upon the student’s or his/her parent(s)’/guardian(s)’ request and consent;
    • Financial Aid data for reporting/auditing purposes, US and Greek Tax Authorities, and other external or public authorities;
    • Data of students who are employed at ACG under the Work Study program will be sent to the Ministry of Labor and the Greek Tax Authorities because of legal obligation.
  • Various Institutions (Partner Universities, Embassies, Foundations):
    • External transfer of student academic records (usually official transcripts) upon the student’s request and consent;
    • External transfer of student records to Foundations that provide scholarships for study abroad purposes.
    • External transfer of student data for Study Abroad purposes
  • Parents/Guardians
    • External release of student transcripts and academic progress to parents / guardians upon the student’s consent.
  • Printing Processor(s) and External Vendors
    • Lists of graduating students and degrees sent to the printing processor for the printing of diplomas and Commencement Ceremony program;
    • Lists of graduating students and seniors sent to the printing processor for the printing of awards and program for the Awards night;
    • External partners that provide admissions services;
    • External partners for employment purposes and internships;
    • Companies that provide IT solutions to the College’s various offices like the Financial Aid one and the Library;
    • Career portal for employment purposes; we automatically load active Student data into the College’s Career Portal (currently US Based) for targeted communication for jobs & internship opportunities. Students submit CVs by themselves.
    • Financial data for financial aid purposes;
    • Development sites for alumni;
    • Insurance Companies for covering students’ needs;
    • Travel Agencies for study abroad purposes;
    • Advertising companies for marketing purposes;

Other ways we may share student personal information:

  • We may transfer students’ personal information to a third party if The American College of Greece ceases to exist and another organization offers to continue our continuing students’ study. We may also transfer personal information if we are under a duty to disclose or share it in order to comply with any legal obligation, to detect or report a crime, to enforce or apply the terms of our contracts or to protect the rights, property or safety of our enquirers, visitors and students. However, we will always aim to secure that students’ privacy rights are safeguarded.

Do we transfer information outside the European Economic Area (EEA)?

  • Generally, information provided by students is stored on our secure servers located within the EEA;

However, there are times when we need to store information outside the EEA. For these purposes, we make sure that all our partners are GDPR compliant. Any transfer outside EU/EEA takes place according to the provisions of the Data Protection Legislation.

How long do we keep the students’ personal information for?

ACG will keep and process the above personal data for as long as it is required for the serving of the aforementioned purposes of processing and in order to comply with its legal obligations and to defend itself against any legal claims. After the above time period, ACG will proceed to the definite deletion of the above personal data.

Use of personal data by students

  • Students are not usually expected to collect or use personal data as part of their studies with The American College of Greece, but if they need to do so, they must get the written agreement of their tutor or supervisor that the processing is necessary. They must also immediately tell, in writing, our Data Protection Officer, using the contact details below.
  • If students need to process personal data, they then must refer to the Institutional Review Board (IRB) of the College. The American College of Greece conforms to national and international regulations for the Protection of Human Research Subjects, including the US Department of Health and Human Services (2009) Code of Federal Regulations. Title 4, Part 46:  Protection of Human Subjects, The Belmond Report, the European Commission Ethics Review and relevant Directives, as well as relevant Greek Laws and Ministerial Decisions. Through the establishment of the Institutional Review Board to monitor the conduct of research, the College has affirmed its commitment to these principles. Use of human research participants requires approval without exception. Students’ cooperation in supplying the requested information will facilitate approval of their project. Improperly or incompletely prepared documents will be returned without evaluation.   

STUDENTS’ RIGHTS

Students (and/ or their parents /legal guardians) have a number of rights in relation to their personal data, provided by the Data Protection Legislation.

Students have the right to:

  • Access the personal information that we hold about them;
  • Correct inaccuracies in the personal information that we hold about them;
  • Request that we stop sending them direct marketing communications.

In certain circumstances, students have the right to

  • Have students’ details removed from systems that we use to process students personal data;
  • Restrict the processing of the students’ personal data in certain ways;
  • Obtain a copy of the students’ personal data in a structured electronic data file;
  • Object to certain processing of students personal data by the College.

 

Subject to the exceptions, conditions and limitations provided by the Personal Data Legislation, students (and/or their parents/legal guardians can exercise the aforementioned rights (right of access, rectification, restriction of processing, objection, erasure of the above personal data, as well as the right to data portability). In case they exercise one of the aforementioned rights, ACG will take any possible measure for the prompt satisfaction of their request, according to the specific provisions and conditions of the Data Protection Legislation, and shall inform them in writing regarding the satisfaction of their request, or for the reasons that prevent the exercise or the satisfaction thereof according to the Data Protection Legislation.

In addition, they may at any time withdraw their consent for the processing of their personal data, without however affecting the lawfulness of processing based on consent before its withdrawal and the processing based on other legal basis. We inform all students that in case of withdrawal of their consent, ACG may not be able to use the above personal data and they might not be able to use College’s services (or some of them).

Furthermore, students have the right to lodge a complaint with the Hellenic Data Protection Authority, in case they consider that the processing of their personal data is against the applicable legislation.

If you have any queries in relation to the protection of your personal data or you wish to exercise your legal rights, you can contact the Data Protection Officer of the American College of Greece by using the following contact details:

 

Address:             6 Gravias Street, Aghia Paraskevi, 15342

E-mail address: [email protected]

Tel:                      (+30)2106009800


ACG ALUMNI PRIVACY POLICY 2018

Introduction - Scope

This policy lays out the main framework of principles and rules regarding how we collect, process and store alumni personal data, in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council (“General Data Protection Regulation” or “GDPR”) as well as the applicable Greek Legislation regarding the protection of personal data, as in effect from time to time (collectively referred herein as the “Data Protection Legislation”).

This policy applies to all Alumni of The American College of Greece called herein “Data Controller” or “ACG”. Alumni are considered all individuals who attended ACG, and have completed at least one year at Pierce or have completed at least three credits at Deree.

This policy constitutes an integral part of “the Personal Data Protection Policy of the American College of Greece”.

We review this policy regularly and reserve the right to amend it at any time to take into account any changes in our activities, legal requirements and how we process personal data.

What kind of personal data do we collect about Alumni and how do we collect it?

Information that Alumni give us:

The ACG collects, processes and stores, in electronic or paper form, Alumni personal data mainly including the following: graduate’s full name, contact details, address, date of birth, family status, parents’ and family members’ data, graduate certificate, employment data, donation data, where applicable, data in relation to the studies of the graduate, data in relation to the participation to ACG events, athletic and other activities where and if available, scholarships, involvement in the College Clubs and Societies, etc. The above data have been legally collected from the alumni to whom the data refer, with their consent, in accordance with the Data Protection Legislation. Data is collected either during the studies of the individual, or by the individual after the completion of his/her studies.

Other data we keep:

  • Data concerning alumni employment as well as further studies after graduation from ACG where provided
  • Log of Student Award recipients, endowed or expendable scholarship recipients
  • Event participation, photographs and videos from various events
  • Participation in College clubs and Societies

Information that we automatically collect: 

We will automatically collect information about Alumni as this information has been recorded in his/her record throughout the course of studies at ACG related to demographic and family data, contact details, academic data, through our online Student Information System (Jenzabar).

Information we receive from third parties: 

Alumni information is also being collected from third parties and publicly accessible sources such as online databases and systems

How do we use Alumni personal data?

The College processes Alumni personal data in order to comply with its legal obligations, for statistical reasons, as well as in order to notify alumni for a range of alumni engagement and development activities, including, but not limited to the communication of publications, the promotion of services and benefits available to alumni, and for notification about events, reunions, academic programs, and volunteering opportunities. Furthermore, alumni data may be used for occasional fundraising appeals.

The legal basis of the above processing is the written consent of data subjects, compliance of ACG with its legal obligations, and the serving of the legitimate interests of ACG.

Whom do we share information with?

We are committed to the data protection principles of best practices for handling information. All personal data is held securely in ACG servers and is accessible and processed only by authorized employees of ACG, who will process the personal data solely for the fulfillment of the aforementioned purposes, and by no means for their own benefit. Furthermore, some of the above personal data will be accessible and processed, within the framework of their responsibilities, by authorized external associates of ACG for the fulfillment of the aforementioned purposes. Any further transfer of personal data to any third person or to a country outside the European Union, will take place only in case that it is so provided by the Data Protection Legislation.

How long do we keep the Alumni personal information for?

ACG will keep and process the above personal data for as long as it is required for the serving of the aforementioned purposes of processing and in order to comply with its legal obligations and to defend itself against any legal claims. After the above time period, provided that there is no other legal basis for the processing, ACG will proceed to the definite deletion of the above personal data.

Alumni rights

Subject to the exceptions, conditions and limitations provided by the Personal Data Legislation, alumni can exercise the following rights provided by the General Data Protection Regulation (GDPR):

Right of access, rectification, restriction of processing, objection, erasure of the above personal data, as well as the right to data portability.

In case alumni exercise one of the aforementioned rights, ACG will take any possible measure for the prompt satisfaction of their request, according to the specific provisions and conditions of the Personal Data Legislation, and shall inform them in writing regarding the satisfaction of their request, or for the reasons that prevent the exercise or the satisfaction thereof according to the Data Protection Legislation.

In addition, alumni may at any time withdraw their consent, without however affecting the lawfulness of processing based on consent before its withdrawal or the processing which is based on another legal basis.

Furthermore, alumni have the right to lodge a complaint with the Hellenic Data Protection Authority, in case they consider that the processing of their personal data is against the applicable legislation.

If the alumni have any queries in relation to the protection of their personal data or they wish to exercise their legal rights, they can contact the Data Protection Officer of The American College of Greece by using the following contact details:

Address: 6 Gravias Street, 153 42 Aghia Paraskevi, Athens, Greece

E-mail address: [email protected]