Ι. Scope of Application

This privacy policy explains how CollegeLink ΑΕ (hereinafter referred to as “linq”) collects, uses, processes, stores, manages, transfers, and protects personal data (hereinafter referred to as “Information”) to meet company data protection standards and comply with the law. The privacy policy concerning the website www.linq.co (hereinafter referred to as “Website”) has been drafted in compliance with GDPR 679/2018 (hereinafter referred to as “GDPR”), a directly binding legislative act. linq is committed to protecting the privacy of visitors and users/customers of www.linq.co. This privacy policy applies to all information accessible to any third party (hereinafter referred to as “User and/or Customer”) or managed by linq through the online platform www.linq.co.

The online platform www.linq.co is not intended for children. If you are not of legal age or unable to enter legally binding agreements in your country, you may not use this Website. If you believe we have collected data from a person protected by child protection laws without obtaining necessary parental consent, notify us immediately, and we will take reasonable steps to safely delete the data. This policy does not apply to information collected through any other website or the practices of companies we do not control. Please note that the Website may contain links to other websites. For instance, if you click on an ad on the Website and connect to another website, this privacy policy does not apply to any information collected on that website. We are not responsible for the privacy practices of other websites and recommend that you read the privacy policy of every website you visit.

This data protection policy ensures that linq:

• Complies with data protection laws as set by applicable Greek and European data protection legislation.
• Protects the rights of employees, customers/users, and partners.
• Ensures transparency in matters of data processing and storage.
• Is protected from the risks of data breaches.

ΙΙ. Legal Basis for Data Processing

CollegeLink AE (hereinafter linq) operates as a company connecting young candidates with the job market. The personal data you provide anywhere on the website is exclusively for purposes related to your transactions with us, as outlined in the General Terms of Use, specifically: (a) To maintain your personal account with linq, we retain the data you voluntarily provide. (b) For communication between potential employers and you to arrange meetings or interviews, within the scope of the Data Subject’s legitimate interest. (c) For linq to contact you to inform you about our services or matters you may have raised, subject to your explicit consent. (d) For communication between other registered linq members and you, subject to your consent. (e) For statistical purposes and service improvement, processing takes place within the scope of the Controller’s legitimate interest. (f) To improve the services provided and ensure the functionality of the relevant service for which you provide the data, and they will not be used by any third party (except where required by law and only to the competent authorities) without compliance with legislative provisions regarding the protection of personal data, as amended.

Linq operates in accordance with applicable Greek and EU legislation and securely retains your personal data for as long as you are registered with any service on www.linq.co, after which your data is deleted in the event of your deregistration by any means. In summary, we only request the information necessary to provide you with the maximum benefit from our services, such as updates on the job market, new job opportunities, educational seminars, employment-related services, labor and social security legislation, etc. In any case, the criterion used to determine the retention period is based on compliance with legal deadlines and the principles of data minimization, storage limitation, or efficient management of our records.

ΙΙΙ. Personal Data Security

linq implements appropriate technical, physical, and administrative security measures at all stages of the process to protect data from loss, misuse, damage, alteration, unauthorized access, and disclosure, as provided in Article 32 of GDPR 679/2016, to ensure an adequate level of security against risks. These measures include, but are not limited to:
a) encryption of personal data,
b) ensuring the confidentiality (Article 90 GDPR 679/2016), integrity, availability, and reliability of processing systems and services on a continuous basis,
c) ensuring the ability to restore availability and access to personal data in a timely manner in the event of a physical or technical incident,
d) regular testing, assessing, and evaluating the effectiveness of technical and organizational measures to ensure data processing security.

Additionally, linq takes measures to ensure that any individual acting under the authority of the controller or processor, who has access to personal data, processes it only under the controller’s instructions, and limits access to your personal information to authorized personnel only.

Other key features of our information security program include:

• linq maintains a dedicated information security team that designs, implements, and supervises the information security program.
• The company assesses the security and functionality of its products and services before launching them online, checking for potential vulnerabilities.
• Continuous infrastructure checks are conducted to detect weaknesses and possible intrusions or system vulnerabilities.
• The company uses the “https” protocol for secure and encrypted communication between the client and linq.
• High Availability Cluster Infrastructure is maintained to ensure continuous service.
• linq’s platform servers are hosted in Germany, specifically on servers managed by DigitalOcean LLC, with VAT ID: EU528002224.

ΙV. Data Categories Collected

During your visit to the Website, and in order to: a) Register as a member of www.linq.co and open an account to upload your resume for job searching, b) Subscribe to the Newsletter service of www.linq.co, c) Ensure communication with you to inform you about new job positions or services of www.linq.co, d) Exercise your rights according to the law and the General Terms of Use, you must first accept linq’s General Terms of Use and this Data Protection Policy. You may be asked to provide personal details (such as name, surname, email address, date of birth, gender, phone number, etc.).

Specifically, for browsing the Website, linq does not request any of your personal details. linq collects the following information, which you voluntarily provide for the purpose of registering as a member of linq and creating your personal profile (Student Profile): Name, surname, postal address, gender, date of birth, phone number, email address, photo, and password. For the creation of your personal profile in linq (Resume Builder), you may provide the following additional information: academic qualifications, grades, performance, professional experience and employer details (current and previous), skills, languages spoken, job preferences, seminar history, etc.

For employer users searching for candidates, you may provide the following information: company name, address, contact details, username, email, gender, date of birth, and billing information. Additionally, when subscribing to the Newsletter for updates about linq and its services, we ask for your email address.

V. Sources of Data Collection

1) General Commercial Registry (G.E.MI.), 2) Internet (corporate websites, LinkedIn, and other public sources), 3) Directly from Users/Customers, 4) Third-party applications (Github, Google Classroom, Facebook, Google Analytics & AdWords, Eventora, etc.).

Users/customers who use the Website and/or conduct transactions through it agree and accept the following:

• The information and materials contained on the Website are the property of linq. The information and materials may be used freely by visitors/customers, but copying, reproducing, or republishing them for any reason is not permitted without the written consent of the Company to which they pertain.
• linq, as the data controller, makes every effort to ensure the accuracy and completeness of the information on the Website but is not bound by the content unless expressly stated otherwise. The information and materials on the Website are subject to changes that will apply from the time they are posted on the Website. For this reason, customers/users will be informed upon entering the Website and asked to review and accept them before continuing to use the Website.
• linq is not responsible for any errors or inaccuracies in the transmission of information and/or instructions by the customer/user, interference, impersonation, incorrect data entry, or system malfunction due to force majeure or any other reason not attributable to gross negligence or intent by the Company and/or its employees.
• linq has taken all necessary measures to safeguard the security of its services and the confidentiality of the information related to visitors and customers/users of the Website. However, linq bears no responsibility if, despite exercising due care, the confidentiality of this information is breached.

VI. Information Regarding the Processing of Personal Data by linq (as Controller and Processor – in accordance with the EU General Data Protection Regulation 679/2016)

a. Why will you process my Personal Data?

linq provides products and services that contain resume data (“Information”) based on the intended purpose as described in section 2 of this policy. The content of the data varies depending on the type and purpose of the service provided by linq. Specifically, for candidates, the data collected includes the resume, availability, desired work sector, declared education, work experience, volunteer work, seminars attended, projects completed, certificates, foreign languages, and special skills. The necessary personal information collected includes name, surname, gender (not disclosed), date of birth (not disclosed), phone number, address (not disclosed), and photo. These details are essential for the job search process.

For clients, beyond the company details, personal information of the company representative is required, such as name, surname, gender (not disclosed), date of birth (not disclosed), phone number, and address (not disclosed), along with billing information (VAT number, tax office, bank account details, etc.). This information is necessary for effective communication with the client.

Automatically collected information during your visit and interaction with the Website: Your personal data and information collected while managing your account on www.linq.co are appropriate for the situation and necessary for processing your requests and using linq’s services. Specifically, when you visit and interact with the Website, certain information may be automatically collected, such as:

• Your computer’s Internet Protocol (IP) address,
• The type of browser and operating system,
• The websites visited immediately before and after your visit to the Website,
• Websites and ads viewed, and links clicked within the Website,
• Your connection speed and information about the software installed on your computer,
• Basic server connection information,
• Information collected through HTML cookies and similar technologies.

For more details, please refer to the Cookies & Other Technologies section.

Location data:
linq does not manage, collect, or process geolocation data, which is exclusively collected and processed by the companies that provide the operating system of the device you use (in the case of iOS, Apple Inc., and in the case of Android, Google Inc.). linq does not have access to the GPS update frequency.

Additionally, data is collected through the Google web analysis tool (Google Analytics), such as the URL visited by the user, the action performed, and the time spent on each page (retention). This is a web analysis tool by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”), used to track and analyze user activities on our website, including the number of visitors and the frequency with which content is viewed. The evaluation is anonymous. Google Analytics cookies, including the anonymous IP address and usage data, are generally transmitted to a Google server in the USA and stored there. For more information, please refer to Google’s support page.

Google Analytics also provides an option to opt out of data tracking, available at this link.
Google AdWords also collects cookies during your visit to the Website, which are stored in your browser. This tool helps track website visits for advertising purposes (Remarketing) on Google and the Display Network. Your browser stores cookies when you visit the site, allowing you to be recognized as a visitor when you visit websites that belong to Google’s advertising network. These sites may then display ads related to content you viewed on other websites that use Google’s Remarketing feature. You can opt out of Google AdWords data tracking at this link.

Data provided directly by the customer/user:
In cases where personal data is collected with the user’s/customer’s consent during their registration on the Website, the information requested and collected includes, for example, name, surname, postal address, gender, date of birth, phone number, email address, and resume (in the case of a student).

b. What type of data processing will be carried out?

• If the legal basis for processing is legitimate interest, linq will collect, manage, and provide your personal data as described in section 4 of this policy to third parties for job search and placement purposes.
• If personal data (Account Information) is voluntarily provided by the user/customer during registration on the Website, the processing of this data is carried out for the purpose of operating our website, providing our services, ensuring the security of the website and our services, maintaining backups of our databases, and communicating with you.
• If the legal basis for processing is contract performance (in the case of service use by an employer/company), the processing of personal data is carried out for the operation of our website, within the scope of fulfilling our contractual obligations and providing our services.
• linq will use the customer/user’s email address for the direct promotion of similar products or services or for similar purposes unless the customer informs linq at [email protected] or at the postal address CollegeLink AE, Spirou Patsi No. 62, 11745, Athens, Greece, that they do not wish their electronic information to be used for these purposes.
• Access to personal data is strictly limited to linq staff who implement the necessary technical and organizational measures to ensure an appropriate level of security and only for the achievement of the intended purpose.
• linq systematically and extensively evaluates personal aspects related to individuals based on automated processing, including profiling. The company has conducted a data protection impact assessment for such processing activities.

c. How long will you keep my account information on file?

• If the legal basis for processing is legitimate interest, personal data will be processed for as long as necessary to achieve linq’s intended purpose and for as long as required until any relevant claims are time-barred.
• If personal data (Account Information) is voluntarily provided by the user/customer during registration on the Website, we will retain the data for as long as the consent given by the data subject is valid and until it is withdrawn by the data subject. In the event consent is withdrawn, we will retain the data for as long as necessary until any relevant claims are time-barred.
• If the legal basis for processing is contract performance, we will retain your data for as long as you maintain a contractual relationship with us, both in paper and electronic form, or for as long as necessary until any relevant claims are time-barred.

d. What are my rights regarding the processing of my data?

• You can exercise, as applicable, your rights under the applicable Greek legislation and the EU General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679), which include the following: (a) The right to information (Article 13), (b) The right to access (Article 15), (c) The right to rectification (Article 16), (d) The right to erasure (“right to be forgotten”) (Article 17), (e) The right to restrict processing (Article 18), (f) The right to data portability (to receive your data in a structured, commonly used format – Article 20, where applicable), (g) The right to object (Article 21).
• These rights can be exercised free of charge by sending a letter to linq’s Data Protection Officer (DPO) at +30 2111820597 or by sending an email to [email protected]. However, if these requests are frequent and result in administrative costs for us, you may be charged the relevant fees.
• Upon exercising any of your rights, we will take all possible measures to satisfy your request within thirty (30) days of receiving it, and we will inform you either of its satisfaction or the reasons preventing us from fulfilling it.
• In addition, you can object to the processing of your personal data at any time by withdrawing your consent (Article 7, paragraph 3 of GDPR 679/2016).

VII. Data Transfers

• Your data will be transferred to the departments of linq that are responsible for the proper and uninterrupted operation of the Website’s services.
• Your data may also be transferred and made accessible to legal entities with whom we have contracts from time to time, for the proper use of the data under the terms of these contracts, within the scope of linq’s intended purpose. These may include companies involved in data storage/hosting/processing, acting as processors (such as Eventbrite, Google, Affinda, Digital Ocean, Mailchimp, ActiveCampaign, PipeDrive, HubSpot, Expandi, MixMax, phantombuster, Moosend, Convertflow, Airtable).
• In certain operations of the platform and Website, we share certain personal data of visitors/users (such as IP addresses and user interactions with the application) with legal entities like Google Inc. and Facebook, which may be collected through cookies.
• For the purpose of connecting students with employers, we share the following information with registered employers: the candidate’s resume, candidate tags, badges, assessment results, contact details, and platform usage data (such as logins).
• Data collected by the Google Analytics tool, such as the URL visited by the user, the action taken, and the time spent on each page (retention), is typically transferred to a Google server in the USA and stored there.
• In every transfer, we always take measures to ensure that personal data being transferred is minimized and that the necessary legal conditions for legitimate and lawful processing are always met.
• Your personal data may also be transferred to third parties outside of linq only upon the issuance of a specific relevant order from a competent public authority and/or state body, in which case linq will be obligated to comply.

VIII. Complaints

For any matter concerning the processing of your data, you can contact the Data Protection Officer (DPO) of linq at:
Phone: +30 211 1820597
Email: [email protected]

Additionally, you always have the right to contact the Hellenic Data Protection Authority, which can also accept complaints either in written form or electronically by following the instructions on the Authority’s website: http://www.dpa.gr/portal/page?_pageid=33,211532&_dad=portal&_schema=PORTAL, though it is recommended to first contact linq’s Data Protection Officer.

IX. Cookies & Other Technologies

What are cookies and why does linq use them:
Cookies are small pieces of information, typically consisting of letters and numbers, that are stored in the browser you use (e.g., Chrome, Mozilla Firefox) to help the Website function more effectively. Cookies do not harm users’ computers or the files stored on them. The information stored in cookies is used for recognition purposes, allowing us to operate the Website efficiently for the service we provide. The Website uses cookies to provide users/subscribers with information and to facilitate the services offered through the Website.

Under no circumstances do cookies contain personal information or information that would allow anyone to contact the Website visitor via phone, email, etc. Additionally, cookies do not grant access to your computer’s documents or files.

Moreover, cookies help us monitor the performance and traffic of our Website, improving its presentation and content according to visitors’ preferences.

What cookies do we use?
The cookies described below may be stored in your browser. You can view and manage cookies in your browser (although mobile browsers may not offer this visibility). Among the different types of cookies available, linq uses the following:

• Technically essential cookies: These are crucial for the proper functioning of the Website, allowing you to browse and use its features. These cookies do not recognize your individual identity. Without these cookies, we cannot provide the efficient functioning of our Website.

Once the visitor/user accepts the use of cookies, the following types of cookies may be used:

• Functionality cookies,
• Preference cookies,
• Advertising cookies,
• Analytics cookies,
• Google Analytics advertising features cookies.

Don’t want to use cookies?
You can enable, disable, or delete cookies entirely through the settings options in the browser you use. For example, in Chrome, you can click the Chrome menu, then select Settings > Privacy > Content Settings and modify the cookie settings according to your preferences. If you choose to disable cookies, certain parts of the Website or the application may not function properly.

The software of the Website is designed to ensure maximum security and confidentiality. All the information contained in requests submitted through the Website is equally secure and confidential. Only authorized employees who are appropriately trained in handling customer information and personal data will have access to this information, and only when necessary to satisfy your requests.

Note:
The website is primarily intended for use by adult users and users over the age of 15. Minors under the age of 15 may only access the website and submit their personal data with the consent of their parents or guardians. If personal data is submitted by minors under the age of 15, such data will be promptly deleted upon notification to linq.

X. Modifications