MM Publications has created this Privacy Policy, in order to demonstrate our firm’s commitment to Privacy under the EU General Regulation and Greek Law. This Privacy Policy informs you about how we look after your personal data as a customer or potential customer of MM Publications and as a visitor or user of our website, and it provides information about your privacy rights and how the legislation protects you. All personal data is collected and processed in accordance with Greek and EU data protection laws.
MM Publications (referred to as “We”, “MM Publications” or “the Company” or “the Company’s”) is the exclusive Site Coordinator and Controller of personal data collected on this website. If you have any question about this Privacy Policy or if you have any privacy complaints or issues, please contact us at:
MM Publications
4 Ipeirou St., 175 46 Alimos, Athens, Greece
Or email us at privacy@mmpublications.com
Personal data means any information relating to you, which allows us to identify you, such as your name, contact details, and information about your access and use of our website. The information we collect about you and how we collect it can vary depending on the products and services that you use and subscribe to, how you have used the products and services, and how you have interacted with MM Publications even if you aren’t a customer, or what we have obtained from a third party with permission to share it with us.
You directly provide us with personal data when you use our website, Subscribe to newsletters, alerts or other services from us, buy our products or services, or interact with us, for example, by participating in a survey or competition or using our contact form to order sample copies or for support. We also collect information from certain organizations, where appropriate and to the extent we have legal grounds to do so. These include fraud-prevention agencies, business directories and connected network providers.
The types of information we may have are, where applicable:
Specifically, when you visit our website, user information and feedback can be collected, with your consent, through two different forms:
Disclaimer: Do not disclose special categories of personal data, such as personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation, and do not provide personal information of third parties, unless you have explicitly received their consent. If you choose to disclose such information, note that MM Publications is indemnified for any liabilities that may arise as a result.
We will process your personal data following the requirements of applicable laws on an appropriate legal basis, including:
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Therefore, unless required to do so, we shall not respond to any enquiry, unless we hold your written consent. If an enquiry is received without your written consent to reply, we shall write to you requesting such consent.
We may use your personal data for the following purposes:
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances we may anonymize your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
Depending on the purposes for which we collect your Personal Data, we may disclose it to the following categories of recipients, which will then process your Personal Data only within the framework of the purpose described in this Privacy Policy. We will never sell or transfer without proper authorization your personal information to any third party.
Your personal data may also be shared with any company that is a member of MM Educational Group of companies where they provide products and services to us that help us to provide products and services to you as our customer
We may share your information with selected third parties, including:
We may disclose your personal information to third parties:
Third-party links: Our Site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy notices and that we do not accept any responsibility or liability for these notices. Please check these notices before you submit any personal information to these websites.
The data that we collect from you may be transferred to, and stored at, a location outside the European Economic Area (EEA). It may also be processed by staff operating outside the EEA who work for us or one of our suppliers. Such staff may be engaged in, among other things, the fulfilment of your order, the processing of your payment details and the provision of support services. By submitting your personal information, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely properly protected with a proper legal agreement that covers the data transfer and in accordance with this privacy notice. All information you provide to us is stored on our secure servers or those of our service providers.
Cookies are general mechanisms (simply explained as small text files) which are stored on the browser or hard drive of your computer or mobile device when you visit a webpage or application. Cookies work to make your experience browsing our site as smooth as possible and they remember your preferences, so you don’t have to insert your details again and again.
There are different types of cookies. Some cookies come directly from our website (“first party”) and others come from third parties which place cookies on our site (“third party”).
Cookies can be stored for varying lengths of time on your browser or device. Session cookies are deleted from your computer or device when you close your web-browser. Persistent cookies will remain stored on your computer or device until deleted or until they reach their expiry date.
Our website uses only necessary cookies in order to function properly (such as navigation and access to various pages). Such cookies do not collect any personally identifying information.
We will not use cookies for any purpose not stated in this Policy.
You can refer to the relevant Section of our website, in order to be informed in detail regarding our Cookies Policy, by clicking here.
The safety of children is very important to us. We do not knowingly collect any information from anyone under 15 years of age. If you are under 15, do not use or provide any information on this website or through any of its features / register on the website or provide any information about yourself to us, including your name, address, telephone number or email address, unless consent is given or authorised by the holder of parental responsibility over the child.
If a child's personal data is collected with prior parental consent, we will only use or disclose the data as permitted by law, with the explicit consent of the child's parents or guardians, or when necessary for the protection of the child. We make reasonable efforts to verify in such cases that consent is given or authorized by the holder of parental responsibility over the child, taking into consideration available technology. So, if we accidentally collect a child's personal data without verified prior consent by the holder of parental responsibility over the child , we will attempt to delete the data as soon as possible.
If you believe we might have any information from or about a child under 15, please contact us.
We abide by the Applicable Legislation and our privacy policies and we apply reasonable and appropriate technical and organizational security measures to protect your personal data against accidental destruction, loss, unauthorized alteration, disclosure or access, misuse, and any other unlawful form of processing, covering any technology infrastructure point. We always secure that solely authorized users have access to your personal data, abiding by confidentiality clauses, on a need to know basis and to the extent necessary in order to fulfil the respective purposes.
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions, and they are subject to a duty of confidentiality.
For your safety, login to the client portal is encrypted through a secure channel. Login details may not be shared or used by more than one user. In any case, you are personally responsible for not making the login procedure available to unauthorized persons. Each user is responsible for confidentiality and the correctness of login details and other account information. You must inform MM Publications immediately in the event of unauthorized access to login details. You are also responsible for using appropriate technologies to prevent your device not being affected by viruses or similar malware.
You are entitled to exercise the following rights, in accordance with the provisions of the Applicable Legislation:
You have the right to know what kind of personal data we hold about you and how we process them and receive a copy of such information directly from us. Sections "What personal data we collect and how we collect them" and "Why we collect personal data" sets out the categories of personal data we collect and the reasons we collect it. Please keep in mind that we may not be able to provide you access to the data when it involves information relating to others who have not consented to the disclosure of their information.
You have the right to request the rectification, correction and/or update of your inaccurate personal data. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement. It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us. Where any data, which has been rectified, was disclosed to recipients in its unrectified form, the Company will inform the recipients of the rectification, where possible. The Company will also inform you of the recipients to whom the data was disclosed.
You have the right to restrict the processing of your data in certain circumstances. Restricting the Company from processing your data means that the Company will continue to hold the data but will stop processing it.
The Company will be required to restrict the processing of your personal data in the following circumstances:
1. When you tell the Company that the data it holds on you is not accurate or not complete, in which case the Company will stop processing the data until it has taken steps to ensure that the data is accurate;
2. When the data is processed for the performance of a public interest task or because of the Company’s legitimate interests, and you have objected to the processing of data. Under such circumstances, the processing may be restricted whilst the Company considers whether its legitimate interests mean it is appropriate to continue processing,
3. When the data has been processed unlawfully;
4. When the Company no longer needs to process the data, but you need the data in relation to a legal claim.
Where data processing is restricted, the Company will continue to hold the data but will not process it unless:
- You consent to the processing, or
- Processing is required in relation to a legal claim
Where any data, which has been restricted, has been disclosed to recipients in its unrectified form, the Company will inform the recipients of the rectification, where possible. The Company will also inform you of the recipients to whom the data was disclosed.
Where the Company is to lift any restriction on processing, you will be informed in advance.
You have a right to object to the processing of your data in certain circumstances. This means that you have the right to require the Company to stop processing your data. In relation to your employment with the Company, you may object to processing where it is carried out:
- In relation to the Company’s legitimate interests,
- For the performance of a task in the public interest,
- In the exercise of official authority, or
- For profiling purposes.
Where you object to processing, the Company will stop the processing activity objected to unless:
- The Company can demonstrate compelling legitimate reasons for the processing, which are believed to be more important than your rights, or
- The processing is required in relation to legal claims made by, or against, the Company.
If the response to your request is that the Company will take no action, you will be informed of the reasons.
You have a right to object to the processing of your data for direct marketing purposes at any time either by following the instruction in each marketing email or by contact us directly using any of the contacting details in the Sections "Site Coordinator / Data Controller" and "How to Exercise Your Rights" of this Privacy Policy.
You have the right to obtain the data that the Company processes on you and use it for your own purposes. This means you have the right to receive the personal data that you have provided to the Company in a structured machine-readable format, and to transmit the data to a different data controller. This right applies in the following circumstances:
- Where you have provided the data to the Company,
- Where the processing is carried out because you have given the Company your consent to do so,
- Where the processing is carried out in order to perform the employment contract between you and the Company, or
- Where processing is carried out by automated means.
You have the right to have your data deleted and removed them from our systems, when we have no legal basis to continue to process them. In such cases we will make every effort to erase data where this right has been exercised by you and we no longer have a legal basis for processing same but some personal data sets are impossible (or infeasible) to edit or remove (e.g. server backup or microfiche).
Please note that we cannot fulfil your right if we have a legal obligation to maintain it or a legal dispute is pending.
Where any data, which has been erased, was disclosed to recipients, the Company will inform the recipients of the erasure, where possible. The Company will also inform you of the recipients to whom the data was disclosed.
You have the right to withdraw your consent to the processing of your personal data in all cases you provided us with your consent, by contact us directly using any of the contacting details in the Section "How to Exercise Your Rights" of this Privacy Policy.
You have the right to lodge a complaint, at any time, to your country’s supervisory authority for data protection issues. In Greece, this is the Hellenic Data Protection Authority, details of which can be found via the following link: www.dpa.gr. We would, however, appreciate the chance to deal with your concerns before you approach the data protection authority, so please contact us in the first instance using the contact details in Section "Site Coordinator / Data Controller" above.
You can exercise the above rights by submitting your request directly to us using the contact details or, for your convenience, by filling out the form that can be found here and sending it to us via e-mail to privacy@mmpublications.com or via registered letter to the postal address of our company, as provided in the afore-mentioned form. Exceptionally, if you wish to withdraw your consent to our newsletters, you can do so by selecting the link "To delete from the" newsletter mailing list "click here" at the bottom of each newsletter.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive considering the administrative costs of providing the information or communication or taking the action requested. Alternatively, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right on your personal data. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Where your request is received, the Company will respond without undue delay, and within one month at the latest. Where the request is complex or the Company receives several simultaneous requests, the Company may extend the timescale for response from one month to three months. If this is the case, the Company will write to you within one month of receipt of the request explaining the reason for the extension.
Upon being notified of a (suspected or confirmed) data breach, we will immediately activate our data breach & response plan:
1. Confirm the Breach
2. Contain the Breach
3. Assess Risks and Impact
4. Report the Incident to the Authorities
5. Evaluate the Response & Recovery to Prevent Future Breaches
We will accordingly request guidance and advice from the Hellenic Data Protection Authority on how to manage data breaches, as well as if it is important to Inform the affected individual.
We reserve the right to change this notice, and to apply any changes to information previously collected, as permitted by law. If there are material changes to this notice, or if our information practices change in the future, we will notify you by posting the changes on our website.