Notification regarding the processing of personal information
of participants in language competence examinations
(BCCE, ABLE, ALCE, STYLE and ETECT)
Pursuant to the applicable data protection legislation/ regulations, Hellenic American University (436 Amherst Str., Nashua, NH 03063, USA) (the “Hellenic American University”) would like to inform you of the following:
1. What personal information is processed by Hellenic American University belonging to which natural persons: Hellenic American University processes personal information of the following persons (“you” and/ or “participants”): (a) adults who participate in language competence examinations organized by Hellenic American University; and (b) minors who participate in language competence examinations and who are being represented by their parents or guardians. Information processed by Hellenic American University may include: (a) personal information (e.g. full name, father’s name, gender, date of birth, examination center, type of the language competence examination in which you participate and the date in which the examinations are being conducted, information of the person examining the participant, examiner marks and comments relating to examiner marks, the Foreign Language Center at which the participant in the language competence examinations is studying, candidate number, native language and attendance records, assessment papers, candidate voice, and candidate answers); and (b) sensitive personal information, if applicable, such as health-related information that the candidate may disclose for special arrangements to be made so that he or she can take part in the language competence examinations (e.g. special learning difficulties or other health issues). The disclosure of the personal information specified in subparagraph (a) above is a legal or contractual obligation of the participant or a requirement to conclude a contract. If you do not provide this information or a part of it, you will not be able to register and therefore, participate in the above language competence examinations organized by Hellenic American University.
2. Source of personal information: The source of the information mentioned in section 1 above, as the case may be, is the participant himself/ herself disclosing his/ her personal information or his or her parents or guardian. To the extent that the persons mentioned above transmit third party personal information to Hellenic American University, they are responsible for complying with the applicable provisions of the data protection legislation/ regulations. In this context, they may need to obtain the participant’s consent before transmitting personal information to Hellenic American University. When you provide the third-party personal information, Hellenic American University considers this third-party consent (if required) as granted.
3. How Hellenic American University uses personal information: The situations in which Hellenic American University may process your personal information, as the case may be, are the following: (a) to develop and deliver language competence examinations, including the development of assessment materials, the collection and marking of exam papers and the issuance of certificates and the assurance that the appropriate examination facilities are available to those with specific requirements; (b) to handle complaints or to investigate allegations of misconduct in relation to the sitting of exams; and (c) to safeguard the interests of Hellenic American University, to carry out research in the field of education and qualification delivery, to set standards and other activities that are required to ensure that Hellenic American University’s services and programs are delivered to a high standard and that the participants in the language competence examinations are protected.
4. Recipients of personal information: As the case may be and depending on the purpose of processing, personal information may be transmitted: (a) to authorized employees of Hellenic American University; (b) to companies associated with Hellenic American University with which Hellenic American University has concluded a contract and which process the information on its behalf (e.g. IT companies, IT service providers, etc.), within their competencies and subject to the obligation of confidentiality, secrecy and compliance with the data protection legislation/ regulations; (c) to third parties where so required by law, or for the purposes of, or in connection with legal proceedings in which it is involved, or otherwise for the purposes of supporting, exercising or defending its rights; (d) to third parties that are law enforcement authorities and have submitted a lawful transmission request; or (e) where it considers that transmission is necessary in connection with any investigation into the suspicion or existence of any illegal activity; or (f) otherwise, if you consent to such disclosure.
5. Overseas transfers: Hellenic American University may transfer the personal information it collects about you to countries other than the country of its incorporation or the country in which the information originally was collected. Those countries may not have the same laws on personal information as the country in which you initially provided the information. When Hellenic American University transfers your personal information to other countries, it will protect that information as described in this Notification and in accordance with the applicable law. If necessary, Hellenic American University requires the recipients referred to in section 4 above to comply with appropriate safeguards designed to protect personal information.
7. Changes to this Notification: Hellenic American University may revise this Notification from time to time. The most current version of this Notification will govern the processing of your personal information by Hellenic American University and will be posted on its website.
8. EEA Addendum: If you are in the European Economic Area ("EEA") and insofar as the General Data Protection Regulation (EU) 2016/679 is applicable, the following additional EEA-specific provisions apply to the processing of your personal information.
A. Controller: Hellenic American University is the controller of your personal information.
B. Legal basis for using your personal information: Hellenic American University will use your personal information when the law allows it to. Most commonly and depending on the situation in which Hellenic American University will use your personal information, Hellenic American University will use your personal information in the following circumstances: (a) where you have given your consent; (b) where Hellenic American University needs to perform the relevant contract that it has concluded with you or where it needs to take steps at your request prior to entering into the relevant contract with you; (c) where it needs to comply with a legal obligation; (d) where the processing is necessary for the purposes of the legitimate interests pursued by Hellenic American University which override your interest, fundamental rights and freedoms which require the protection of personal information; (e) where necessary for the establishment, exercise or support of legal claims; and (f) in case Hellenic American University needs to protect your vital interests or those of a third party where you are incapable of giving your consent.
C. Transfers of personal information outside the EEA: With respect to personal information transfers outside the European Economic Area, Hellenic American University has taken the appropriate and suitable safeguards for the protection of the personal information. If you wish to receive a copy of these safeguards, you may contact Hellenic American University using the contact information mentioned in the section 8 (E) below.
D. Retention of personal information: Hellenic American University will retain the above personal information for as long as necessary to fulfill the purpose for which it was collected or to comply with legal, regulatory, accounting, reporting or internal policy requirements. To determine the appropriate retention period, Hellenic American University considers the applicable legal requirements, as well as the amount, nature, and sensitivity of the information, the potential risk of harm from unauthorized use or disclosure of the personal information, the purposes for which its processes the personal information and whether it can achieve those purposes through other means. Further information on the retention periods can be requested from Hellenic American University using the contact information mentioned in the section 8 (E) below.