- Who we are:
The STARTAB Programme is delivered by Corallia with the support of Prince’s Trust International and it is offered free of charge to young people aged 18-35. Participants can develop a business idea through a specialized Workshop and then attend a 4-day interactive and free Entrepreneurship Course, where through workshops they explore the practical side of starting and running a business and decide if self-employment is right for them. After the 4-day Entrepreneurship Course, those participants who wish to proceed, receive mentoring guidance for up to 12 months to develop, design and test their business idea and then to mature their business plan. Those who are ready to start their own business can present their business plan to the Business Launch Group, a team of business consultants that assesses the viability of their business plan. Finally, participants who reach that stage and start the business, may receive business mentoring for another 12 months to grow their business. Those participants who do not continue with the development of a business idea, may attend workshops aimed at developing their professional career and their integration into the workplace. The STARTAB Programme is the very first Enterprise Programme of Prince’s Trust International to run outside of the UK.
We, at the STARTAB Programme, are committed to protecting the personal data that we collect. We aim to be clear and transparent and not do anything you would not expect. We do this by ensuring you are provided with an explanation about how we collect and process the information you provide us with, or that we collect about you, whether online, via phone, email, in letters, or in any other correspondence or from third parties.
We collect and use personal data to ensure that we can manage our relationships with our supporters, and to better understand how we can meet and exceed our supporters’ expectations. This allows us to fundraise more efficiently and effectively to help us reach our goal that every young person should have the chance to succeed.
The partners of the STARTAB Programme, listed below, process certain types of personal data for the purposes of the project. Each partner is responsible for the personal data they collect and process during their activities under the framework of the project:
- Corallia Unit of the Research Center Athena Research and Innovation Center in Information, Communication and Knowledge Technologies, More at https://www.corallia.org
- Prince’s Trust International, UK. More at https://princestrustinternational.org
- Bizrupt, Greece. More at https://bizrupt.gr
For further information, you can contact us at: email@example.com.
- Data Controller
Data controller of the Website (pursuant to art. 26 GDPR) is Corallia Unit of the Research Center Athena Research and Innovation Center in Information, Communication and Knowledge Technologies whose registered office is situated at Kifissias Ave. 44, Maroussi (Hereinafter referred to as “Data Controller”).
- How we collect your personal data
We collect personal data both directly and indirectly:
Directly: we obtain personal data directly from individuals in a variety of ways, including but not limited to the following cases: a) an individual registers via MS Forms to express interest about the Programme; b) an individual registers to attend in meetings (physical or online) and events we host and during attendance at such events; c) we establish cooperative relationships with an individual.
Indirectly: we obtain personal data indirectly about individuals from a variety of sources, including a) our networks and contacts; b) social and professional networking sites (e.g., Facebook, Instagram, LinkedIn, YouTube, TikTok).
- What types of data do we collect?
The personal data that the Data Controller collect, and process fall primarily within the following categories: some of these categories may not concern you to the extent that the type and number of the necessary collected personal data depend in any case on the capacity of the data subject, i.e., if the subject is a participant or simply a candidate participant.
We only collect the data that are necessary for the smooth implementation of our Programme. These data fall into the following categories:
- contact details (name/surname, e-mail address, street address, mobile phone number);
- personal information (e.g., educational level);
- eligibility criteria (unemployed or part-time, time of education, if the existing business, if they have a business idea);
- demographics (e.g., age, gender);
- statistics (e.g., where did you learn about the programme, if you are looking for loan);
- information about your business idea;
- videos and photos (from people that attend our courses).
Where appropriate we may also ask your interests and motivation for supporting the programme, we will never make this question mandatory, and only want to know the answer if you are comfortable providing us with that information.
In limited circumstances, the personal information that the Programme collects may include information that is considered “sensitive data”. This may include personal information regarding health and information concerning criminal offences. Where this information is collected, we will tell you, so you know why it is needed.
If you are under sixteen (16) you should ask permission of a parent or guardian before sending personal or sensitive information to anyone online.
- Bases of lawful processing
We process personal data on the following legal bases:
Legal obligations: for processing activities required for compliance both with applicable national and European legislation as well as with the specific legal and regulatory Safeguarding framework of Prince’s Trust International.
Consent: to manage, implement, finance, and evaluate the programme and our work in the best possible way. Also, to contact you for clarifications regarding your application, refer you to the Programme that is taking place in the area you submitted that you are living and during and after the completion of the programme, to ask you about your business, your employment, your education and your positive outcomes in your life in general.
Code of Conduct consent: this agreement determines what is expected of you, as a participant in the STARTAB Programme. The rules are designed to keep you and the other participants safe during online delivery.
- What we do with your personal data
We process your personal data with the purpose of:
- Conducting research (e.g., interviews, surveys);
- Disseminating our project’s results to several types of stakeholders;
- Sending invitations and providing access to guests attending our events and webinars;
- Administering, maintaining, and ensuring the security of our information systems, applications, and websites;
- Processing online requests/queries and responding to communications from individuals;
- Complying with contractual, legal, and regulatory obligations.
- How we secure your personal data when we process it
We continuously apply a personal data risk assessment process to identify, analyse, and evaluate the security risks that may threaten your personal data. Based on the results of this risk assessment, we define and apply a set of both technical and organizational measures to mitigate the above security risks, including but not limited to:
- Data Protection Policies to guide our personnel when processing your data;
- Written contracts with organizations that process personal data on our behalf;
- Non-Disclosure Agreements with our personnel;
- Back up process, antimalware protection, access control mechanisms, etc.
- Our partners have appointed a Data Protection Officer.
- Do we share personal data with third parties?
We may occasionally share personal data with trusted third parties to help us deliver efficient and quality services. When we do so, we ensure that recipients are contractually bound to safeguard the data we entrust to them before we share the data. We may engage with several or all the following categories of recipients:
- Parties that support us as we provide our services (e.g., cloud-based software services such as Dropbox, Microsoft SharePoint, Google Drive);
- Our professional advisers, including lawyers, auditors, and insurers;
- Dissemination services providers (e.g., Mailchimp);
- Law enforcement or other government and regulatory agencies or other third parties as required by, and in accordance with applicable law or regulation;
- The Prince’s Trust International according to our relevant contractual obligations.
- Non-Disclosure – Confidentiality
The relationship between the supporters (e.g., mentors, tutors, professional advisers, sponsors) and the Programme is based on trust, confidentiality, and transparency. The supporters refrain from publishing, discussing or otherwise disclosing information obtained through the interaction with the Programme. All information exchanged between individuals and the Programme shall be properly used or disclosed on a confidential basis to staff, agents, or professional advisers of the Programme.
No information shall be considered confidential if:
- it is known to the party before receiving it;
- it is or becomes publicly available other than by breach of participation;
- the party rightfully obtains it from a third party or;
- it is independently developed by party or others who have not been given this information.
- Do we transfer your personal data outside the European Economic Area?
We do not own file servers located outside the European Economic Area (EEA). However, some partners may use cloud and/or marketing services from reputable providers such as SharePoint, Dropbox, Mailchimp, Google, etc., situated both inside and outside the EEA. We always check that such providers comply with the relevant GDPR requirements before start using their services.
- cookies to improve site performance;
- cookies for anonymous traffic statistics;
- cookies for Google Advertising Features.
Then we provide detailed information on each of these types of cookies.
- How long do we retain personal data?
We retain personal data to provide our services, stay in contact with you, and comply with applicable laws, regulations, and contractual obligations to which we are subject. After the expiry of contractual obligations, and unless further legitimate grounds for retention arise, we will dispose of personal data in a secure manner.
- What are your rights regarding the protection of your personal data?
You have the following rights regarding our processing of your personal data:
- Right of information – You can request to be informed about the categories of your personal data that we store and process, where they come from, the purposes of their processing, the categories of their recipients, the period of their storage as well as about your relevant rights (right of access).
- Right to withdraw consent – You can withdraw consent that you have previously given to one or more specified purposes to process your personal data. This will not affect the lawfulness of any processing conducted before you withdraw your consent.
- Right of access – You can ask us to verify whether we are processing personal data about you and if so, to have access to a copy of such data.
- Right to rectification – You can ask us to correct our records if you believe they contain incorrect or incomplete information about you or ask us to erase your personal data after you withdraw your consent to processing by providing any necessary supplementary documentation that justifies the need for rectification or completion.
- Right to erasure – You can demand the erasure of your personal data from the Data Controller’ records under certain circumstances, such as in case these data are no longer necessary or you have withdrawn your consent, or in case the data have been unlawfully processed etc.
- Right to restriction of processing – You can ask us to temporarily restrict our processing of your personal data if you contest the accuracy of your personal data, prefer to restrict its use rather than having us erase it, or need us to preserve it for you to establish, exercise or defend a legal claim. A temporary restriction may apply while verifying whether we have overriding legitimate grounds to process it. You can ask us to inform you before we lift that temporary processing restriction.
- Right to data portability – In some circumstances, where you have provided personal data to us, you can ask us to transmit that personal data (in a structured, commonly used, and machine-readable format) directly to another entity.
- Right to object – You can object to our use of your personal data for direct marketing purposes, including profiling or where processing has taken the form of automated decision-making. However, we may need to keep some minimal information (e.g., e-mail address) to comply with your request to cease marketing to you.
- Right to Complaint – You have the right to lodge a complaint with the Hellenic Data Protection Authority (1-3 Kifissias Ave., 115 23 Athens, Tel: +30 2106475600) in case you consider that your rights are in any way violated. For the Authority’s competence as well as the way to lodge a complaint you can find detailed in-formation on its website (www.dpa.gr – Individuals – Complaint to the Hellenic DPA).
Please note the following as regards your rights:
- The Data Controller preserve in any case the right to deny your request for restriction of processing or erasure of your data, if their processing or storage is necessary for the establishment, exercise or defence of its legal rights or the fulfilment of its obligations.
- The right to data portability (point f above) does not include the erasure of your data from the Data Controller’ records. The erasure is regulated under point e above.
- The exercise of these rights is valid for the future and does not affect any previous data processing.
- How can you exercise your rights?
For the exercise of your rights, you may send an email to firstname.lastname@example.org. In this framework and to facilitate the Data Controller in examining your request, you are kindly asked to specify which of your right(s) you are exercising. The Data Controller shall use their best endeavors to address your request within thirty (30) days of its receipt. The abovementioned period may be prolonged for sixty (60) more days, if deemed necessary, according to the Data Controller’ judgment and considering the complexity of the issue and the number of the requests. The Data Controller shall inform you within thirty (30) days of the request’s receipt in any case of prolongation of the abovementioned period. The abovementioned service is provided by the Data Controller free of charge. However, in case the requests manifestly lack foundation and/or are repeated and excessive, the Data Controller may, after informing you, impose a reasonable fee or refuse to address your request(s).
- Data Protection Officer
You may contact Corallia’s Data Protection Officer for any matter regarding the processing of your personal data at the address 44 Kifissias Ave. Maroussi or by sending an email to email@example.com.
- Disclaimer of liability for third party websites
We may also provide social media features that allow you to share information on your social networks and interact with our project on various social media sites. The use of these social media features may result in the collection or sharing of information about you. We recommend that you check the privacy policies and regulations of the social networking sites you interact with, so that you can be sure that you understand what information may be collected, used, and disclosed by these sites.
We do not knowingly collect, use, or disclose information from children under the age of sixteen (16). If we learn that we have collected the personal information of a child under sixteen (16) we will take steps to delete the information as soon as possible. Please immediately contact us if you become aware that a child under sixteen (16) has provided us with personal information.
- Amendments of this Information
The present Information may be periodically amended so that it is always compliant with the legal requirements and the actual data processing taking place. In case there are significant important amendments, you will be notified accordingly by any appropriate means, indicatively by a relevant notification on the website www.startab.gr. It is recommended that you regularly check the website www.startab.gr where this notice is available to be informed on its most recent / updated version in case there are minor amendments.
This information was updated on 01.04.2022.