Site Coordinator / Data Controller
What personal data we collect and how we collect them
Personal data means any information relating to you, which allows us to identify you, such as your name, contact details, and information about your access and use of our website. The information we collect about you and how we collect it can vary depending on the products and services that you use and subscribe to, how you have used the products and services, and how you have interacted with Royal House London even if you aren’t a customer, or what we have obtained from a third party with permission to share it with us.
You directly provide us with personal data when you use our website, Subscribe to newsletters, alerts or other services from us, buy our products or services, or interact with us, for example, by participating in a survey or competition or using our contact form to order sample copies or for support. We also collect information from certain organizations, where appropriate and to the extent we have legal grounds to do so. These include fraud-prevention agencies, business directories and connected network providers.
The types of information we may have are, where applicable:
Your name, address, phone and/or mobile number, title, billing address, delivery address, and email address.
Your contact with us, such as a note, comment or question you make to one of our contact forms, an email or letter sent, or other records of any contact with us.
Your account information, such as dates of payment owed or received, subscriptions you use, account numbers or other information related to your account.
Credential information – we’ll collect passwords, hints and similar security information used for authentication and access to accounts and services.
Your preferences for products and services when you tell us what they are, or we assume what they are, based on how you use the products and services.
Educational and professional status information, in order to entitle special offers, products and services
Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties, your communication preferences, as well as the communications you exchange with us or direct to us via letters, emails, calls, and social media.
The level of service that you receive – for example, network or service faults and other events that may affect our network services or other services.
Specifically, when you visit our website, user information and feedback can be collected, with your consent, through two different forms:
Contact Form: first name, last name, email, country and city of residence or domicile.
Sample Copies Order Form: first name, last name, email, position, school name, address, postcode, area and country of residence or domicile, phone number and fax number. In order to fulfil the dispatch of the requested samples, ΜΜ Publications may share the above information with its affiliated companies and selected service providers (e.g. samples supplier, logistics and transport companies) who perform operations on our behalf.
Disclaimer: Do not disclose special categories of personal data, such as personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation, and do not provide personal information of third parties, unless you have explicitly received their consent. If you choose to disclose such information, note that Royal House London is indemnified for any liabilities that may arise as a result.
Why we collect personal data
We will process your personal data following the requirements of applicable laws on an appropriate legal basis, including:
Processing your personal data to perform a contract or provide you with our services;
Processing your personal data as necessary to comply with and fulfil legal obligations, including for example accounting and tax requirements, which are subject to strict internal policies (such as retention periods), procedures, and your right to restrict usage of your data, which control the scope of legal assistance to be provided.
Processing based on the legitimate interests of Royal House London for example, fraud prevention, maintaining the security of our systems, products and services, direct marketing, and the improvement of our services. Whenever we rely on this lawful basis to process your data, we assess our business interests to make sure they do not override your rights. Additionally, in some cases you have the right to object to this processing. For more information, visit Sections "Data Subject Rights" and "How to Exercise Your Rights" of this policy.
Processing your personal data with your consent where Royal House London does not rely on another legal basis; When you give your consent, you have the right to withdraw your consent at any time. For more information, please visit Sections "Data Subject Rights" and "How to Exercise Your Rights" of this policy. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
How We Use Your Personal Data
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Therefore, unless required to do so, we shall not respond to any enquiry, unless we hold your written consent. If an enquiry is received without your written consent to reply, we shall write to you requesting such consent.
We may use your personal data for the following purposes:
- Creating an account.
- Fulfilling your service requests, including fulfilling orders; delivering, activating, or verifying the requested samples, products or services; fulfilling your requests for changes or providing you with the requested information (such as marketing materials for products and services, and white papers); and providing technical support.
- Contacting you with your consent; sending you information about products and services that may interest you; inviting you to participate in ΜΜ Publications activities (including promotional activities), market surveys, or satisfaction surveys; or sending you marketing information. If you do not want to receive these types of information, you can opt out at any time.
- Sending you important notices, such as installation of and updates to operating system or application.
- Providing you with customized user experience and content.
- Qualifying and managing suppliers and business partners and communicating or working with suppliers and business partners.
- Improving our products and services through internal audits, data analysis, and research.
- Analysing the efficiency of our business operations and evaluating market share.
- Troubleshooting when you send us error reports.
- Synchronizing, sharing, and storing the data you upload or download, and the data needed for the uploading and downloading.
- Ensuring the security of our products, services and customers or users, executing and improving our loss prevention and anti-fraud programs.
- Complying with and enforcing applicable legal requirements, industry standards and our policies.
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
How long will we use Your Personal Data
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances we may anonymize your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
How We Disclose Your Personal Data
Your personal data may also be shared with any company that is a member of MM Educational Group of companies where they provide products and services to us that help us to provide products and services to you as our customer
We may share your information with selected third parties, including:
- Business partners, suppliers and sub-contractors for the performance of any contract we enter into with them or you.
- Partners, suppliers and third parties we work with in order to deliver our services and products (including hosting or operating our website and databases), providers of technical assistance and support, courier services for delivering your orders, financial institutions that provide us the receipt of the payment of your orders;
- Third parties connected with the provision of our services and products, such as teachers, language schools and solely to the extent this is required for the successful provision of our services to you and the use of our products
- Analytics and search engine providers that assist us in the improvement and optimization of our Site.
We may disclose your personal information to third parties:
- In the event that we sell or buy any business or assets, in which case we may disclose your personal information to the prospective seller or buyer of such business or assets.
- Third-party links: Our Site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy notices and that we do not accept any responsibility or liability for these notices. Please check these notices before you submit any personal information to these websites.
International Transfers of Your Personal Data
The data that we collect from you may be transferred to, and stored at, a location outside the European Economic Area (EEA). It may also be processed by staff operating outside the EEA who work for us or one of our suppliers. Such staff may be engaged in, among other things, the fulfilment of your order, the processing of your payment details and the provision of support services. By submitting your personal information, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely properly protected with a proper legal agreement that covers the data transfer and in accordance with this privacy notice. All information you provide to us is stored on our secure servers or those of our service providers.
What are Cookies and how we use them
Cookies are general mechanisms (simply explained as small text files) which are stored on the browser or hard drive of your computer or mobile device when you visit a webpage or application. Cookies work to make your experience browsing our site as smooth as possible and they remember your preferences, so you don’t have to insert your details again and again.
There are different types of cookies. Some cookies come directly from our website (“first party”) and others come from third parties which place cookies on our site (“third party”).
Cookies can be stored for varying lengths of time on your browser or device. Session cookies are deleted from your computer or device when you close your web-browser. Persistent cookies will remain stored on your computer or device until deleted or until they reach their expiry date.
Our website uses only necessary cookies in order to function properly (such as navigation and access to various pages). Such cookies do not collect any personally identifying information.
You can refer to the relevant Section of our website, in order to be informed in detail regarding our Cookies Policy, by clicking here.
The safety of children is very important to us. We do not knowingly collect any information from anyone under 15 years of age. If you are under 15, do not use or provide any information on this website or through any of its features / register on the website or provide any information about yourself to us, including your name, address, telephone number or email address, unless consent is given or authorised by the holder of parental responsibility over the child.
If a child's personal data is collected with prior parental consent, we will only use or disclose the data as permitted by law, with the explicit consent of the child's parents or guardians, or when necessary for the protection of the child. We make reasonable efforts to verify in such cases that consent is given or authorized by the holder of parental responsibility over the child, taking into consideration available technology. So, if we accidentally collect a child's personal data without verified prior consent by the holder of parental responsibility over the child , we will attempt to delete the data as soon as possible.
If you believe we might have any information from or about a child under 15, please contact us.
We abide by the Applicable Legislation and our privacy policies and we apply reasonable and appropriate technical and organizational security measures to protect your personal data against accidental destruction, loss, unauthorized alteration, disclosure or access, misuse, and any other unlawful form of processing, covering any technology infrastructure point. We always secure that solely authorized users have access to your personal data, abiding by confidentiality clauses, on a need to know basis and to the extent necessary in order to fulfil the respective purposes.
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions, and they are subject to a duty of confidentiality.
For your safety, login to the client portal is encrypted through a secure channel. Login details may not be shared or used by more than one user. In any case, you are personally responsible for not making the login procedure available to unauthorized persons. Each user is responsible for confidentiality and the correctness of login details and other account information. You must inform Royal House London immediately in the event of unauthorized access to login details. You are also responsible for using appropriate technologies to prevent your device not being affected by viruses or similar malware.
Data Subject Rights
You are entitled to exercise the following rights, in accordance with the provisions of the Applicable Legislation:
The Right of Access
You have the right to know what kind of personal data we hold about you and how we process them and receive a copy of such information directly from us. Sections "What personal data we collect and how we collect them" and "Why we collect personal data" sets out the categories of personal data we collect and the reasons we collect it. Please keep in mind that we may not be able to provide you access to the data when it involves information relating to others who have not consented to the disclosure of their information.
The Right to Rectification and your Duty to keep us informed about changes
You have the right to request the rectification, correction and/or update of your inaccurate personal data. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement. It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us. Where any data, which has been rectified, was disclosed to recipients in its unrectified form, the Company will inform the recipients of the rectification, where possible. The Company will also inform you of the recipients to whom the data was disclosed.
The Right to Restriction the Processing of Data
You have the right to restrict the processing of your data in certain circumstances. Restricting the Company from processing your data means that the Company will continue to hold the data but will stop processing it.
The Company will be required to restrict the processing of your personal data in the following circumstances:
1. When you tell the Company that the data it holds on you is not accurate or not complete, in which case the Company will stop processing the data until it has taken steps to ensure that the data is accurate;
2. When the data is processed for the performance of a public interest task or because of the Company’s legitimate interests, and you have objected to the processing of data. Under such circumstances, the processing may be restricted whilst the Company considers whether its legitimate interests mean it is appropriate to continue processing,
3. When the data has been processed unlawfully;
4. When the Company no longer needs to process the data, but you need the data in relation to a legal claim.
Where data processing is restricted, the Company will continue to hold the data but will not process it unless:
- You consent to the processing, or
- Processing is required in relation to a legal claim
Where any data, which has been restricted, has been disclosed to recipients in its unrectified form, the Company will inform the recipients of the rectification, where possible. The Company will also inform you of the recipients to whom the data was disclosed.
Where the Company is to lift any restriction on processing, you will be informed in advance.
The Right to Object to Processing of Data
You have a right to object to the processing of your data in certain circumstances. This means that you have the right to require the Company to stop processing your data. In relation to your employment with the Company, you may object to processing where it is carried out:
- In relation to the Company’s legitimate interests,
- For the performance of a task in the public interest,
- In the exercise of official authority, or
- For profiling purposes.
Where you object to processing, the Company will stop the processing activity objected to unless:
- The Company can demonstrate compelling legitimate reasons for the processing, which are believed to be more important than your rights, or
- The processing is required in relation to legal claims made by, or against, the Company.
If the response to your request is that the Company will take no action, you will be informed of the reasons.
The Right to Data Portability
You have the right to obtain the data that the Company processes on you and use it for your own purposes. This means you have the right to receive the personal data that you have provided to the Company in a structured machine-readable format, and to transmit the data to a different data controller. This right applies in the following circumstances:
- Where you have provided the data to the Company,
- Where the processing is carried out because you have given the Company your consent to do so,
- Where the processing is carried out in order to perform the employment contract between you and the Company, or
- Where processing is carried out by automated means.
The Right to Erasure your personal data (right to be forgotten)
You have the right to have your data deleted and removed them from our systems, when we have no legal basis to continue to process them. In such cases we will make every effort to erase data where this right has been exercised by you and we no longer have a legal basis for processing same but some personal data sets are impossible (or infeasible) to edit or remove (e.g. server backup or microfiche).
Please note that we cannot fulfil your right if we have a legal obligation to maintain it or a legal dispute is pending.
Where any data, which has been erased, was disclosed to recipients, the Company will inform the recipients of the erasure, where possible. The Company will also inform you of the recipients to whom the data was disclosed.
The Right to Withdrawal your Consent
The Right to Complain to an Authority
You have the right to lodge a complaint, at any time, to your country’s supervisory authority for data protection issues.
How to Exercise Your Rights
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive considering the administrative costs of providing the information or communication or taking the action requested. Alternatively, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right on your personal data. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Where your request is received, the Company will respond without undue delay, and within one month at the latest. Where the request is complex or the Company receives several simultaneous requests, the Company may extend the timescale for response from one month to three months. If this is the case, the Company will write to you within one month of receipt of the request explaining the reason for the extension.
Data Breach Management
Upon being notified of a (suspected or confirmed) data breach, we will immediately activate our data breach & response plan:
1. Confirm the Breach
2. Contain the Breach
3. Assess Risks and Impact
4. Report the Incident to the Authorities
5. Evaluate the Response & Recovery to Prevent Future Breaches
We will accordingly request guidance and advice from the Hellenic Data Protection Authority on how to manage data breaches, as well as if it is important to Inform the affected individual.
Alterations to the Privacy Statement
We reserve the right to change this notice, and to apply any changes to information previously collected, as permitted by law. If there are material changes to this notice, or if our information practices change in the future, we will notify you by posting the changes on our website.