List of active policies

Full policy

1. Identity and contact details of the controller.

The personal data of the users (teachers, students) of the e-learning platform are processed by the University of Western Macedonia, based in the ZEP of the Municipality of Kozani, and contact details 2461056200 and info@uowm.gr.

 

2. Purposes of processing.

User's personal data are intended to provide users with access to teaching material and services of synchronous (simultaneous) or asynchronous (hetero-synchronous) distance education through an appropriate e-learning platform, as well as for the management of the educational activity provided in general, both in undergraduate and postgraduate studies.

 

3. Legal basis of personal data processing.

The processing of users' personal data, of simple and special categories, is carried out in the public interest and the exercise of public authority entrusted to the University to provide university teaching by Article 6 § 1 indent. (e), Article 6 § 3 indent. (b) and Article 9 § 2 indent. g) Regulation (EU) 2016/679 (from now on: GDPR), as well as by Article 5 and Article 22 § 2 indent. a) Law 4624/2019.

 

4. Categories of data.

The personal data processed are the following:

 

Personal Data	Purpose	Category of Natural Person
Name, registration number or other freely selectable identifier	To authenticate (login) users	All users
IP addresses, field names of computers and terminal devices used by the user, URI/URL (Uniform Resource Identifier/Locator) indications of the requested sources, time of the request, method used to submit the request to the server, size of the received file, numerical indication of the progress of the request from the server (completed, error, etc.), other parameters related to the user's operating system and devices,  as well as other data on a case-by-case basis (e.g. data entered into chat rooms)	Information systems and platform software processes collect in the course of their normal operation certain personal data, the transfer of which is an inherent feature of Internet communication protocols.   Some of these data, necessary for access to Internet services, are processed anonymously and for statistical purposes regarding the use of e-learning services (more frequently accessible training material, number of visitors per hour/day, geographical area of user, etc.), as well as for checking the proper functioning of the services offered	All users
E-mail   Telephone   Property   Registration number	To identify users	All users
Member from   Statistics   Number of Screenings and duration   Duration of participation per course   Course preference	To identify users	All users
My notes   Title   Content   Diary   Entries   Export ical   Messages	For the planning of courses and their attendance	All users
Messages	For the communication of e-learning class users	All users
User points	For student evaluation	Students
User tasks	For the purpose of the course	Students
Image and/or sound data collection due to the use of relevant peripheral devices (camera, microphone)	Synchronous distance learning	All users

The provision of personal data, characterized as "mandatory," is necessary for the user's access to the platform and the provision of the relevant services, while in case of refusal to provide them, the user's participation in e-learning is not allowed. On a case-by-case basis, we may collect personal information voluntarily submitted by users (e.g., messages, personal event notes, etc.).

 

5. Data protection by design and by default.

The university utilizes the most valuable modern education technologies to implement online courses (Zoom software), thanks to which the lectures are broadcast live, with students in direct communication with the lecturers. The overall management of the courses, as well as the posting of the teaching material, is done through the website of each course on the asynchronous e-learning platform. 

 

In particular, the selected training platforms allow distance teaching in "virtual classrooms", the posting of teaching material, the transmission and realization of online courses through audio-visual reception-transmission, the repetition of online courses through video lectures, the assignment of assignments, the evaluation of student performance and the discussion – the dialogue between teachers and students. In addition to the suitability of the selected technologies to the cognitive abilities of students, the technologies used incorporate the necessary safeguards in the processing in such a way as to meet the requirements of the GDPR (Articles 5 et seq.) and to protect the personal data of their subjects (students and faculty).

 

For this reason, only services that are necessary for training are activated by default so as to minimize the processing of personal data, both at the time of activation of the services and during their provision (avoiding, for example, the processing of geolocation data or the use of the platform with extensive social networking features or audiovisual recording without a lawful basis,  especially of students, cases which, by acting thirdly, bring increased risk and responsibility).

 

By default, communication with the asynchronous e-learning system is encrypted using the HTTP protocol with an RSA encryption algorithm and 2048-bit length.

 

By default, communication with the synchronous e-learning system, ZOOM, encrypts content at the application layer, using TLS 1.2 protocol with Advanced Standard Encryption Standard (AES) encryption algorithm and 256-bit length. The chat-chat is end-to-end encrypted between ZOOM users. All chat messages are encrypted using the TLS 1.2 protocol with an Advanced Standard Encryption Standard (AES) encryption algorithm and a length of 256-bit.

 

Specific issues on how the ZOOM synchronous e-learning system processes your data are developed in https://zoom.us/privacy link.

 

6. Cookies and other tracking systems.

Using the asynchronous e-learning system, no cookies are used for behavior analysis or user profiling. Cookies are used each time the user logs in to the platform (temporarily) in a limited way to what is strictly necessary for the safe and effective operation of the platform. The storage of these cookies in the terminals or the user's browser is subject to his own control, while on the servers, after the expiration of access to the platform, information about cookies is kept recorded in the log files of the services, for a period of less than seven days in each case (as long as all browsing information is retained).

 

During the use of the synchronous e-learning system, the ZOOM platform offers an interface for selecting three categories of cookies:

 

1. Required cookies: These cookies are necessary to enable the website's basic functionality and cannot be disabled.

    

2. Functional cookies: These cookies allow the analysis of website usage to measure and improve performance.

    

3. Advertising cookies: These cookies are used by advertising companies to serve ads relevant to your interests.

    

We encourage you to choose the function of only the required cookies, which ensure a secure connection and protect you from processing your data for advertising purposes.

 

7. Online e-learning platform suppliers and others.

The processing by the online e-learning platform services suppliers, executing the processing on behalf of the University, is governed by a contract (Article 28 GDPR). The University ensures, also through a written agreement, that data are processed on its behalf only for the purpose of distance teaching and addresses written orders to suppliers, among other things, regarding the retention of data the deletion (after the end of the provision of processing services) of those data that are no longer necessary about the purposes for which they were collected or otherwise processed,  as well as the process of managing any personal data breaches. The same applies to any other processors on behalf of the University who carry out the same type of processing (e.g. cloud service providers).

 

Zoom Video Communications, Inc. probably carries out other processing operations by collecting your other data (ip, visit history, etc.), the scope and extent of which we do not control and cannot influence. Please consult its Terms of Use and Privacy Policy on https://zoom.us/privacy website.

 

8. Administrative staff.

The data collected are also accessible by the competent and specially trained administrative staff of the University, acting under its supervision and processing such data exclusively based on specific instructions regarding the management of e-learning services committed to maintaining data confidentiality.

 

9. Limitation of the purpose of processing.

About the collection and processing of students' personal data by the e-learning platforms of the suppliers - processors on behalf of the University, these are limited to what is necessary for the requested provision of services for online education purposes, without further processing for the suppliers' own purposes. The additional processing of users' data by the respective platform operator as controller activates, among other things, the obligations to inform the subject and transparency of processing under Article 13 of the GDPR. Furthermore, consent to a platform operator is not considered a legitimate fundamental ground for processing when it is requested as a prerequisite for concluding a contract with a student for the provision of further online services to him or her, not necessary for the educational process when it does not in itself require the processing of data that is attempted to be legitimised by consent (Article 7 § 4 in conjunction with recital 43 GDPR).

 

10. Lawfulness, accuracy, and transparency of processing.

The University, to ensure the transparency of processing, provides the interested parties (teachers – and students) with any information on the essential characteristics of the processing, which it limits to the implementation of e-learning, using clear and simple wording (Article 13 GDPR).

 

When processing personal data of teachers, which are functionally necessary for the implementation of e-learning, the University complies with the applicable legal conditions for the lawful use of technologies in the context of employment relations (Articles 5 and 88 § 2 GDPR and Article 27 of Law 4624/2019) and is limited to the use of what is absolutely necessary, without interference in private life or free teaching.

 

11. Storage limitation.

The data provided by the user are retained throughout the provision of e-learning services, following the annual curriculum, and then deleted by appropriate and secure means.

 

12. Transfers

We would like to inform you that in modern e-learning, personal data is transferred to the USA through the Privacy Shield framework. Zoom Video Communications, Inc. is a certified company under the Data Privacy Framework by the U.S. Department of Commerce regarding collecting and processing personal data received from 18/11/2016 until 01/07/2025 (https://www.dataprivacyframework.gov/list). The transfer is lawful as the Data Privacy Framework is considered an "adequacy decision". For more information, please consult the https://zoom.us/privacy Privacy Policy of the above company.

 

13. Respect for the rights of the subjects – Data Protection Officer.

Users have the right to access their personal data and information about their processing, the right to correct inaccurate or complete incomplete data under certain conditions, the right to delete their data and the right to restrict their processing, the right to object to processing at any time and for reasons related to their particular situation. Please note that in the context of a video lecture, image and/or sound data may be voluntarily provided, and if you wish to delete them, please let us know so that we can proceed with it as soon as possible.

 

Users may exercise their rights by sending a relevant request to the Data Protection Officer of the University at dpo@uowm.gr email address.

 

If you consider that the issue concerning you has not been resolved, you reserve the right to lodge a complaint with the Personal Data Protection Authority (www.dpa.gr).