International Olympic Academy (“IOA”, “we” or “us”), is the organization at the heart of the open source IOA Learning Management System, empowering IOA participants and educators to engage with each other and promote the IOA mission to the world.
This Privacy Notice sets out how IOA collects and uses information about you when you use IOA services (“services”) and why we collect certain personal data. This Notice also explains the choices that you can make about the way that we use your information.
Your privacy protection is important to us. This is why we have adopted the following pivotal legislation: EU’s General Data Protection Regulation 2016/679 (“GDPR”). This Privacy Notice relates to all personal data we process and addresses the legislation mentioned.
‘Personal data’, in this Privacy Notice, means any information relating to an identified or identifiable natural person (‘data subject’). An identifiable natural person is someone who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Why we collect your personal data
So that we can help you, we need your data, and here we tie in our legal justifications for needing to collect your data.
In order for us to provide you with our services or for correspondence purposes, we need to collect your personal data. We ensure that the information we collect and use is confined to this purpose. We always process your personal data for specific purposes, with the nature of the data collected depending on your interaction with us. We are committed to transparency in this.
Our legal bases for controlling or processing personal data are:
- Article 6.1(a) GDPR (Consent): You provide informed consent to us or have a reasonable expectation that we will use your information in a certain way – for example, to engage in our community discussions, or to hear about new services or offers. You can withdraw your consent at any time either by selecting ‘delete mydata’ within the specific service or by request to privacy@ioa.org.gr
- Article 6.1(b) GDPR (Contract): Providing our services and fulfilling our obligations to you, usually relating to terms of service or agreement;
- Article 6.1(c) GDPR (Legal Obligation): The necessity to meet compliance with our legal obligations; and/or
Article 6.1(d) GDPR (Legitimate Interest): Where it is in our legitimate interests to do so. We only rely on ‘legitimate interests’ as the legal basis for processing by us, or third parties we use, for these purposes:
- Recruitment and induction of new employees, contractors and other people who work with us;
- Registering new participants to the IOA LMS;
- Emergency contacts for people who work with us, such as employees and contractors for health and safety purposes;
- Business development; or
- Providing login systems to users via their existing social media accounts.
Where we rely on a specific basis for processing your information and you wish to object to that processing, you must be aware that it might not be possible for you to continue using our services.
The special categories of personal data (Article 9 of GDPR) we process are:
- Biometric data in the form of facial images, where you have uploaded and we store your profile picture;
- Health data in respect of employees, contractors and other people who work with us; and/or any special categories of special personal data, which any user volunteers while using our services (for example in a forum or submission).
If we need to pass on special category personal data (see Article 9 GDPR) to a third party, we will only do that in accordance with the legal bases under Article 6 of GDPR as outlined above.
If you would like more details, please refer to our Register of GDPR Information.
How we collect personal data
Here we give you examples of ways that you interact with us and the resulting data we may collect!
IOA collects personal data from you when you interact with us. This can be through our website, LMS over thephone, in person, including, without limitation, when you:
- Create a user account;
- Request support;
- Register for or participate in an online class, certification, training, webcast or other IOA event, program and course;
- Request information or materials;
- Participate in surveys or evaluations;
- Submit questions or comments; or submit content or posts on our forums or other interactive webpages.
How we use personal data
Here we let you know what happens if we need to engage others to assist us to service your needs. If we do engage others we have set how we ensure your data is kept safe.
We may need to pass your personal data on to third-party service providers contracted to IOA in the course of dealing with you. We do this because there are services, such as our video conferencing facility, which will not work unless we are able to make these transfers. Any third parties we share your data with are obliged to keep your personal data secure and use it only for necessary service delivery. When your data is no longer required to fulfil the service, those third parties will be directed to dispose of your data in accordance with our standard procedures.
How we store personal data
Here we outline our processes for data storage, how we will protect your data and keep it only for as long as needed!
We will process (collect, store and use) the information you provide in a manner compatible with GDPR. We maintain physical, organizational and technical safeguards for all personal data we hold. We will endeavor to keep your information accurate and up to date, and not keep it for longer than is necessary. We are required to retain certain information in accordance with the law, such as information needed for tax and audit purposes. How long certain kinds of personal data should be kept are governed by specific business-sector requirements and agreed practices. Depending on individual business needs, personal data can be held in addition to these periods. We will process different forms of personal data for as long as it is necessary and proportionate for the purpose for which it has been supplied and we will store the personal data for the shortest amount of time possible, taking into account legal and service requirements.
Marketing
We love to share, but you can opt out and we will not share your information!
We have no interest in collecting any data beyond that needed to ensure our services work for you. If you are going to be contacted by us for marketing purposes, we will not rely solely on this privacy notice. We will endeavor to seek your consent appropriately. IOA does not sell data, and has no intentions in doing so in the future.
Data protection rights
You control the personal data you share with us! Here, we outline your rights under GDPR.
At any point while we are in possession of or we process your personal data, you have the following rights:
- (GDPR) right of access – you have the right to request a copy of the information that we hold about you;
- (GDPR) right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete;
- (GDPR) right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records;
- (GDPR) right to restriction of processing – where certain conditions apply to have a right to restrict the processing;
- (GDPR) right of portability – you have the right to have the data we hold about you transferred to another organization;
- (GDPR) right to object – you have the right to object to certain types of processing such as direct marketing;
- (GDPR) right to object to automated processing, including profiling;
- (GDPR) right to judicial review: in the event that we refuse your request under rights of access, we will provide you with a reason as to why.