College Year in Athens, Inc. (“CYA”) is a non-profit educational institution that has been acting as a cultural and educational bridge between the U.S. and Greece for over half a century with a passionate commitment to the furtherance of international and intercultural understanding. CYA places great emphasis in the protection of the privacy and confidential nature of personal information and endeavors to take all reasonable precautions to maintain this privacy. This privacy statement sets out how CYA uses and protects any information that you give when you use this CYA website at https://www.cyathens.org/ and any subdomains and any features and information available thereon, as well as the CYA blog located at https://cyablog.net/ (collectively, the “Site”) as well as other information you may provide to CYA when applying for a program and / or when expressing an interest in receiving more information about CYA’s programs and services.
CYA is committed to protecting the privacy of children. The Site is not designed for or directed to children under the age of 13. CYA does not collect personal data from any person it actually knows is under the age of 13.Media
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
CYA has put in place suitable physical, technical, and administrative procedures to safeguard and secure the collected information against accidental or unlawful destruction or accidental loss, damage, alteration, unauthorized disclosure or access.While CYA makes reasonable efforts to protect the information that is provided to it, CYA cannot provide an absolute guarantee as to the security of data transmitted over a network.
III. Links to Other Websites
This Site may include hyperlinks to other websites which are under the responsibility of third parties (natural or legal persons) and will be subject to the privacy statements of those websites. Therefore, CYA is not responsible for the privacy practices or the content of such websites and this privacy statement does not govern such sites. CYA encourages you to read the privacy policies or statements of each and every such website and service.
CYA may collect data identification for visitors / users of its Site by using relevant technologies such as cookies. Cookies are small text files that are stored on the web browser of each visitor / user and are used to facilitate visitor / user’s access to the use of specific services and / or preferences (such as specific pages, language settings) and in order to determine the areas that are useful or popular as well as to assess the effectiveness of the site and to improve the performance of the site. These data may also include the type of browser used by the visitor / user, the type of computer, its operating system, Internet service providers and other information of this kind.
By setting preferences in your browser, you can refuse to accept cookies, disable cookies and remove them from your hard drive. In addition, portions of the Site may use third-party service platforms (including to analyze how users use the Site). These third-party service platforms may place cookies on your computer or mobile device. If you would like to disable “third party” cookies, you may be able to turn them off by going to the third party’s website.
Here are links to the main third-party platforms we use:
V. European General Data Protection Regulation 2016/679 (GDPR)
CYA offers its programs through the Athens-based International Center for Hellenic and Mediterranean Studies (DIKEMES).
For the purposes of the General Data Protection Regulation 2016/679 (“GDPR”), CYA, a non-profit educational institution based in Cambridge, Massachusetts, USA, collects, maintains and processes, as data controller, the personal data of its students,applicants, employees and alumni graduates. For the avoidance of doubt, “personal data” as used in this privacy statement, including in accordance with GDPR, means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Personal Data that can be processed
In particular, CYA may process the following personal data:
Personal data that you provide to us, such as:
- biographical data (full name, date and place of birth, ID or passport, gender, nationality, family status),
- contact details (address, telephone number or mobile phone, email address),
- academic background, such as your prior and current schools, transcripts, school activities and disciplinary records,
- financial status data (copy of parents’/guardians’ last federal tax return, applicant’s last federal tax return) for supplemental scholarship aid applicants only,
- details for the application of your visa,
- in specific cases data related to your health and dietary information, such as medical conditions that may require additional accommodations or dietary preferences.
Personal data collected by CYA, such as:
- cookies and relevant technologies that enable access and use of specific pages or/and website pages for statistical purposes,
- academic data, transferred by other institutions relevant for your academic curriculum for the purpose of transferring your credits,
- data related to you which are publicly accessible either electronically or otherwise.
To the extent you provide or make available to us any special category of personal data, by agreeing to this privacy statement, you explicitly consent to the processing of any such data. “Special categories of personal data” consist of personal data as defined in the GDPR which is to be treated with particular sensitivity, and includes information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic or bio-metric data, data concerning health or data concerning a person’s sex life or sexual orientation.
Purposes of Processing:
CYA will only use your personal data to the extent that the law allows us to do so. Pursuant to the GDPR (to the extent applicable), legal bases for CYA’s processing your personal data information may include (without limitation):
- where you have given consent to the processing, which consent may be withdrawn at any time without affecting the lawfulness of processing based on consent prior to withdrawal;
- where it is necessary to perform a contract we have entered into or are about to enter into with you;
- where it is necessary for the purposes of CYA’s legitimate interests (or those of a third party) in providing its programs and your interests or fundamental rights and freedoms do not override those legitimate interests; and/or
- where it is necessary in order to protect your vital interests or the vital interest of another natural person.
It is noted that CYA processes each time only the personal data which are necessary for the purposes that it collects them and uses them exclusively for these purposes.
CYA may process the aforementioned personal data of yours, for the following purposes:
- for the completion of your application/ expression of interest in relation to CYA programs and/ or services;
- for providing educational courses and programs,
- for evaluating qualification for educational certificates or credit;
- for supporting the student learning experience and providing the appropriate care,
- for monitoring and reporting on student progress in order to provide scholarships and financial aid as well as to support students’ educational endeavors,
- for assessing the quality of its educational services,
- when it is necessary for the purposes of the legitimate interests pursued by CYA,
- in compliance with a legal and/ or contractual obligation to which CYA is subject to,
- in order to fulfill any other purpose for which you provide personal data.
Unless prohibited by applicable law, unless you “opt out”, CYA may use personal data collected so that CYA and third parties acting on CYA’s behalf can contact you about products and services that may be of interest to you.
Recipients of Personal Data:
CYA does not intend to sell, swap, share or otherwise disclose the information you provide, unless it is obliged or entitled to disclose, by law or regulation or court order or in the context of fulfilling the purpose for which you provide your personal data or as otherwise set forth in this privacy statement or as specifically authorized by you. In any case, CYA shall use reasonable efforts intended to ensure that only those who need to have access to your personal data are indeed granted access to such data and only in connection with and for the purposes relating to the performance of their obligations.
In particular, CYA might disclose your personal data to the following recipients:
- to other universities and/ or institutions with which CYA collaborates and where CYA’s students are enrolled for the provision of its programs and services, such as the Athens-based International Center for Hellenic and Mediterranean Studies (DIKEMES) and your home institution,
- to third party service providers, such as
- (i) travel agents regarding booking of tickets for your trips or educational excursions in which you participate,
- (ii) insurance companies regarding your health insurance plan,
- (iii) third party lessors regarding the accommodation that CYA provides you,
- (iv) transport company that CYA uses for the transport of their students,
- to the competent regulatory and supervisory authorities and/ or public entities. Without limitation of the foregoing, CYA may disclose your personal data if it believes in good faith that it is required to do so in order to comply with an applicable statute, regulation, rule or law, a subpoena, a search warrant, a court or regulatory order, lawful requests by public authorities, including to meet national security or law enforcement requirements, or other valid legal process. CYA may disclose personal data in special circumstances when CYA has reason to believe that disclosing this information is necessary to identify, contact or bring legal action against someone who may be violating a contract with CYA, to detect fraud, for assistance with a delinquent account, or to protect the safety and/or security of CYA’s students and Site users, CYA’s programs, or the general public.
- to third party commercial partners who may directly collect personal data about CYA’s Site users’ online activities over time and across different websites; these third parties providers of products or services (including vendors and website tracking services), merchants, affiliates and other actual or potential commercial partners, and other similar parties; please note in particular that a portion of the Site uses Google Analytics, including its data reporting features. Information collected by Google Analytics includes but is not limited to web metrics. For information on how Google Analytics collects and processes data, please see the site “How Google uses data when you use CYA’s partners’ sites or apps”, currently located at https://www.google.com/policies/privacy/partners/. For information on opting out of Google Analytics, CYA encourages you to visit Google’s website, including its list of currently available opt-out options presently located at https://tools.google.com/dlpage/gaoptout.
- to CYA’s Corporate Affiliates, if any. For purposes of this privacy statement: “Corporate Affiliate” means any person or entity which directly or indirectly controls, is controlled by or is under common control with CYA, whether by ownership or otherwise; and “control” means possessing, directly or indirectly, the power to direct or cause the direction of the management, policies or operations of an entity, whether through ownership of fifty percent (50%) or more of the voting securities, by contract or otherwise. Any information relating to you that CYA provides to its Corporate Affiliates will be treated by those Corporate Affiliates in accordance with the terms of this privacy statement.
It is hereby noted that when CYA entrusts the processing of personal data to third parties acting on behalf of CYA, they must comply fully with CYA’s instructions in accordance with the relevant contractual agreements.
CYA further reserves the right to transfer your personal data to a third party in connection with a sale, merger or other transfer of all or substantially all of the assets of CYA or any of its Corporate Affiliates, or that portion of CYA or any of its Corporate Affiliates to which CYA’s programs relate, or in the event that CYA discontinue its business or files a petition or has filed against it a petition in bankruptcy, reorganization or similar proceeding, provided that the third party agrees to adhere to the terms of this privacy statement.
Do Not Track:
The term “Do Not Track” refers to a HTTP header offered by certain web browsers to request that websites refrain from tracking the user. CYA takes no action in response to automated Do Not Track requests. However, if you wish to stop such tracking, please contact CYA with your request, using CYA’s contact details provided below.
Transfers to Third Countries Outside the EEA
When offering its programs, CYA may transfer/receive personal data to and/or from its collaborating universities and/ or institutions located throughout the world, as well as interconnect specific files if necessary, including transfers to and from countries that may not have laws of general applicability regulating the use and transfer of such personal data. The said transfer or interconnection is effected if either the data subject has explicitly consented to the transfer or if data protection is provided for by an adequate data transfer agreement or if such transfer is permitted by applicable law. CYA ensures, through appropriate procedures, that the required procedures are carried out in order to ensure the safe processing of personal data transmitted or interlinked.By using the Site and submitting personal data on it, you voluntarily consent to the trans-border transfer and hosting of such personal data. Without limitation of the foregoing, you hereby expressly grant consent to CYA to:
- process and disclose such personal data (including special categories of personal data) in accordance with this privacy statement;
- transfer such personal data (including special categories of personal data) throughout the world, including to the United States or other countries that do not ensure adequate protection for personal data (as determined by the European Commission); and
- disclose such personal data (including special categories of personal data) to comply with lawful requests by public authorities, including to meet national security or law enforcement requirements. If you are accessing the Site from a jurisdiction with laws or regulations governing personal data collection, use, and disclosure that differ from those of the United States, please be advised that all aspects of the Site are governed by the internal laws of the United States and the Commonwealth of Massachusetts, USA, regardless of your location.
CYA will retain your personal data only for so long as is necessary for the purpose for which it was collected. To determine the appropriate retention period for personal data, CYA considers the amount, nature, and sensitivity of that information, the potential risk of harm from unauthorized use or disclosure, the purposes for which it processes your personal data and whether it can achieve those purposes through other means, and the applicable legal requirements.
Data Subject Rights
Following the verification of your identity, you, as a data subject, may have the following rights under applicable law:
- Right to Information
You have the right to be informed about the collection and processing of your personal data.
- Right of Access
You have the right to obtain from CYA confirmation as to whether or not personal data of yours are being processed, and, if so, you have the right to access your personal data and to obtain a copy.
- Right to Rectification
You have the right to obtain without undue delay the rectification of inaccurate or incomplete personal data of yours and the right to have incomplete personal data completed.
- Right to Erasure
You have the right to obtain from CYA the erasure of your personal data, which can be met if certain conditions are met.
- Right to Restriction
You have the right to obtain from CYA restriction of processing under certain conditions.
- Right to Object
You have the right to object, at any time, to processing of personal data concerning you. CYA shall then no longer process your personal data unless it demonstrates compelling legitimate grounds for the processing, which override the interests, rights and freedoms of yours or for the establishment, exercise or defense of legal claims.
- Right to Obtain Human Intervention
You have the right to ask from CYA not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
- Right to Portability
You have the right to ask from CYA and receive your personal data that you have provided in a structured, commonly-used and machine-readable format or to ask CYA to transmit those data to another controller.
- Right to Information
In case that you consider that the protection of your data is in any way affected, you have the right to complain to a data protection supervisory authority in your EU country of residence.You should be aware that it may not be technologically possible to remove each and every record of the information you have provided to CYA from its system.
If you want to review, verify, correct or request erasure of your personal data, object to the processing of your personal data, or request that we transfer a copy of your personal data to another party, please contact CYA at the contact details below.
VI. Update – Amendment on the Privacy Statement
CYA reserves the right to update, supplement and / or amend this privacy statement in accordance with the applicable regulatory and legislative framework. In this case, the updated privacy statement will be posted on the CYA’s Site (https://www.cyathens.org/).
VII. Contact Us
For any clarification about this privacy statement or for the exercise of your aforementioned rights in relation to the protection of your personal data, please contact: [email protected]