Odyssea Logo
Join our Courses!
Odyssea Logo
Join our courses!

Privacy Policy

Privacy & Data Protection Policy

Introduction

At Odyssea (“Odyssea”, “our Company”, “we”, “us”, “our”), we respect the privacy of all individuals and are committed to the security and protection of the personal information of everyone who interacts with our websites and Platform. This includes visitors to our websites, as well as registered Platform users across all roles: Job Seekers, Companies, NGOs and Recruiters, and Endorsers (collectively the “Users”).

This Privacy and Data Protection Policy (“Policy”) applies to and concerns any personal data collected and processed by Odyssea in connection with both of our digital properties: the main website at odyssea.com and the Talent Platform at talent.odyssea.com. It has been prepared in accordance with:

  • Regulation (EU) 2016/679 (the “General Data Protection Regulation” – GDPR), specifically Articles 13 and 14;
  • Greek Law 4624/2019 on the protection of personal data.

The Policy describes all personal data processed by Odyssea, the legal basis for such processing, the purposes for which data is used, to whom it may be disclosed, and the rights available to you as a data subject. It forms an integral part of the Terms of Use governing access to our Platform.

Odyssea strives to always keep your personal data safe and comply with all applicable data protection provisions. We shall not collect more personal data than what is necessary for the purposes for which it is collected, and we will not use your information for any purpose incompatible with the scope of our services, nor share it with anyone except as described in this Policy.

Scope of This Policy

This Policy covers the processing of personal data that occurs when you:

  • Visit and navigate our main website at odyssea.com (including registering for courses, submitting contact forms, or subscribing to our newsletter);
  • Access or use our Talent Platform at talent.odyssea.com as a Job Seeker, a Company looking to recruit employees and post job openings, an NGO or Recruiter facilitating the onboarding and management of Job Seekers, or an Endorser.

Where provisions differ between the two properties, the relevant section notes this explicitly. This Policy does not apply to third-party websites or services that may be linked from our pages, which may be subject to their own privacy notices.

For information about how we use cookies and similar tracking technologies, please refer to our separate Cookie Policy, available on both websites.

Amendments to This Policy

We may update this Policy at our discretion from time to time, for example to comply with new legal or regulatory obligations or to reflect technical changes. We ask you to check periodically for the latest version, as indicated by the Effective Date at the bottom of this document.

If any significant changes are made to the use of your personal data in a manner different from that stated at the time of collection, we will notify you by posting a notice on our websites or by sending you an email. Where required by applicable data protection legislation, we will also ask for your renewed consent.

Data Controller and Contact Information

The Data Controller responsible for the collection, processing, and use of your personal data under this Policy is:

ODYSSEA A.M.K.E.

Trade name: Odyssea

17 Nikiforou Mandilara Str., Ag. Ioannis Rentis, 18233 Athens, Greece

GEMI No: 137879803000 | Tax ID: 997167843 (Tax Office of Nikaia)

Tel: (+30) 210 8839877

General enquiries: info@odyssea.com

Data protection requests: dpo@odyssea.com

 

Personal Data We Collect

The term “personal data” has the meaning defined under GDPR: any information relating to an identified or identifiable natural person. It does not include anonymous data.

odyssea.com — Course Registration & Website Visitors

When you register for a course or otherwise interact with odyssea.com, we may collect information you provide directly, including:

  • Full name, email address, phone number
  • Gender, date of birth, country of origin
  • Language proficiency (Greek and English)
  • Desired course and how you heard about Odyssea
  • Curriculum Vitae (CV)
  • Motivations for joining / goals after completing the course
  • Relevant experience or background, and any other information in open text fields

We limit our collection to information necessary for the registration and administration of our courses. We do not collect sensitive personal data unless you voluntarily provide it (which we discourage). Please ensure that any personal data you provide is accurate and up-to-date.

talent.odyssea.com — Talent Platform Users

When you register and create a Profile on the Talent Platform, we collect information depending on your role:

  • Job Seekers: Identification data (full name, photo, date of birth, country of origin, gender, hashed password); educational background, vocational and general skills (computer skills, language skills, work permits, driver’s licence, etc.); professional experience, qualifications, and certificates; personal information in your mini bio or uploaded CV; whether you have participated in Odyssea courses or livelihood programmes; and information in any “About Me” video you upload. You may also receive Endorsers’ assessments and feedback, which will be visible on your profile.
  • Companies: Contact details and personal data of authorized representatives or employees using the Platform on behalf of their organization. Companies may also post job openings on the Platform, in which case we collect the content of those postings and any associated application management activity.
  • NGOs and Recruiters: Contact details and personal data of representatives of organizations that use the Platform to facilitate the onboarding and ongoing management of Job Seekers on their behalf. This includes the identity of the Job Seekers they manage and any activity carried out in connection with those profiles.
  • Endorsers: Full name, photo, date of birth, country of origin, gender, and hashed password.

Without the required identification data, a Profile cannot be created and the full features of the Platform cannot be accessed. The email address provided during registration may be used for profile verification and activation, communications regarding your profile, contact by Endorsers, and — if you have given consent — for newsletter distribution.

Note on Job Seekers onboarded by an NGO or Recruiter: Where an NGO or Recruiter registers a Job Seeker on the Platform on their behalf, that Job Seeker’s personal data is provided to Odyssea indirectly. In such cases, in accordance with Article 14 GDPR, Odyssea will inform the Job Seeker directly — at the latest at the point of their first interaction with the Platform — of the processing of their data and of their rights under this Policy.

Note on video content: Any “About Me” video uploaded by a Job Seeker is processed on the basis of the User’s consent. Users should be aware that video content may incidentally contain sensitive information (such as health-related or biometric data). We encourage Users not to include such information in their videos. Uploaded videos are accessible to authorized Platform Users (including Companies and Endorsers) for the purposes of recruitment and assessment.

Registration via LinkedIn or Google

The Talent Platform offers the option to sign up using your LinkedIn or Google account. Only if you give your express consent in accordance with Article 6(1)(a) GDPR prior to registration will LinkedIn or Google disclose your name, email address, language preference, and profile picture to the Platform. No other data is transferred from these services without your explicit consent.

Communications

When you contact us through any channel (email, contact form, etc.), we may collect your name, email address, and any other personal information contained in your message, solely to respond to your enquiry, complaint, or request.

Financial Data

Where applicable, we may collect personal data relating to payments made in the course of subscriptions to the Platform (such as billing name, billing address, and transaction identifiers). Payment processing is carried out on the basis of contract performance. Note that full payment card details are processed directly by our payment service provider and are not stored by Odyssea. Our payment service provider acts as an independent data controller or as our data processor, as applicable, and is subject to their own privacy and security obligations.

Data Collected Automatically

When you visit either website, we automatically collect certain technical data, including:

  • IP address (anonymized where applicable);
  • Browser type and version, operating system;
  • Referring source, pages visited, duration of visit;
  • Device information, device ID, access data, frequency of use, and means of connection.

This data is collected solely to ensure the correct and fast operation of our websites, to improve their functions, and to guarantee stability and security. While it is not collected to be associated with identifiable individuals, its nature means it could allow identification through processing and linking with data held by third parties. For full details on automatically collected data and tracking technologies, please refer to our Cookie Policy.

Legal Basis for Processing

Whenever we process personal data, we do so on a lawful legal basis. We may process your data where:

  • Contract performance: Processing is necessary for the performance of the agreement concluded with a User and/or for any pre-contractual obligations thereof — including the creation of a User profile, communication regarding services offered through the Platform, facilitation of interaction between Users, and general management of service requests.
  • Legitimate interests: Processing is necessary for our legitimate interests — including the operation, maintenance, security and improvement of our websites and services, processing enquiries, and establishing, exercising or defending legal claims — provided those interests are not overridden by your rights and fundamental freedoms. You have the right to object to processing on this basis (see Section 11).
  • Consent: Processing is based on your prior explicit consent for one or more specific purposes — for example, sending you our Newsletter (see Section 7), uploading an “About Me” video, or providing Endorser assessments and feedback on a Job Seeker’s profile.
  • Legal obligation: Processing is necessary for compliance with a legal or regulatory obligation to which we are subject — for example, disclosure to law enforcement or tax authorities, or auditing in connection with the charitable character of our organization.

If you would like to find out more about the specific legal basis that applies to a particular processing activity, please contact us at dpo@odyssea.com.

Odyssea Newsletter

When you visit our Platform or website, you have the option to register to receive our Newsletter. By filling out the relevant form, you give us your explicit consent to process your email address for the purpose of periodically sending you our newsletter, which may contain:

  • News and updates about Odyssea;
  • Information about the services we provide;
  • Information about new educational courses, training workshops, and employability programmes;
  • Community events and other relevant activities.

To protect your privacy and ensure you have full control over marketing communications:

  • We will limit marketing to a reasonable and proportionate level and only send you communications we believe may be of interest to you.
  • If you no longer wish to receive the Newsletter, you can unsubscribe at any time by clicking the “Unsubscribe” link in any newsletter email, or by contacting us at dpo@odyssea.com. The withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal.

Data Sharing and Disclosure

As part of the overall operation of our services, your personal data may be disclosed to the following categories of recipients, who will process it only as authorized and in compliance with applicable data protection law:

  • Odyssea staff: Authorized personnel (course coordinators, platform administrators, employability advisors) may access your data solely to deliver and manage our services. All personnel are bound by confidentiality obligations.
  • Third-party service providers: We use trusted providers for technical and operational services — such as hosting, cloud infrastructure, technical support, and email delivery. These providers receive only the data needed for their specific tasks and are contractually required, as our data processors, to process it securely and solely for our specified purposes in compliance with GDPR.
  • Financial, legal, and other consultants; donors: Data may be disclosed to our legal and financial consultants within the context of our lawful operation and subject to any accountability or auditing obligations we may have. Donors receive only aggregated, anonymized impact data and reports; no personal data identifying individual Users is shared with donors.
  • Other Platform Users: Job Seekers’ profile details may be shared with Companies using the Platform for recruitment purposes, including in connection with job postings published on the Platform. In addition, Odyssea may share relevant profile information with Companies to which it provides recruitment services outside of the Platform. NGOs and Recruiters who manage Job Seekers through the Platform will have access to the profiles and activity data of those Job Seekers as necessary to fulfill their facilitation role. In all cases, only the information necessary for the relevant purpose is shared, and all recipients are required to treat it confidentially and in accordance with applicable data protection law.
  • Supervisory and public authorities: Where required by law, we may disclose data to competent authorities (law enforcement, tax authorities, regulatory bodies, or supervisory organizations) or in response to a judicial proceeding, court order, or lawful request from a regulator.
  • Anyone else: Only with your prior written consent, unless another legal basis under applicable data protection legislation applies.

We do not sell, rent, or trade your personal data for commercial or marketing purposes. We do not use automated decision-making that produces legal effects or otherwise significantly affects you without appropriate human oversight.

Transfers of Data Outside the European Economic Area

We process your personal data at our operating offices and in any other location where the parties involved in processing — including our subcontractors — are located. Depending on your location, this may involve transferring your data to a country other than your own.

If a transfer to a third country outside the EU/EEA takes place, and that country does not provide an adequate level of data protection as recognized by the European Commission, the transfer will only occur if the protection of your data is guaranteed by:

  • A data transfer agreement based on the European Commission’s Standard Contractual Clauses; or
  • Any other condition or safeguard explicitly provided for by European or local law.

Please note that certain third-party services integrated with our Platform — including analytics providers and social login services such as Google and LinkedIn — may process or store data on servers located outside the EEA. Such transfers are covered by the safeguards described above.

Data Retention

We retain your personal data for as long as is reasonably necessary for the purposes for which it was collected, as described in this Policy, and in accordance with applicable legal obligations.

  • Active Talent Platform profiles: Data is retained for as long as your profile is active or for as long as necessary to provide our services. This applies to all user roles (Job Seekers, Companies, NGOs and Recruiters, and Endorsers).
  • Deleted profiles: Following deletion of your profile, your personal data will be removed within six (6) months.
  • Deactivated profiles: If you deactivate your profile and do not reactivate it for a period of three (3) years from the date of deactivation or from our last contact with you, your data will be deleted at the expiry of that period.
  • Course applicants who do not enroll (odyssea.com): Data will be retained for up to three (3) years from the date of your application. This allows us to inform you of future course openings, new programmes, or other opportunities that may match your interests, on the basis of our legitimate interest in re-engaging candidates who have expressed interest in our services. Any active re-engagement communications will be sent only where you have consented to receive them, or where we have a lawful basis to do so, and you may request deletion of your data at any time by contacting us at dpo@odyssea.com.
  • Enrolled course participants (odyssea.com): Data will be retained for the duration of the course and for a reasonable period afterward to issue certificates, track outcomes, and meet reporting or audit obligations. Personal identifiers will be anonymized once no longer required, though core records (e.g., attendance records, certificates) may be retained longer as part of our educational archive.
  • Legal and regulatory obligations: We may be required to retain personal data for longer periods to fulfill legal, regulatory, fiscal, or accounting obligations, or where data is needed to establish, exercise, or defend legal claims.
  • Backup systems: Deleted data may persist in our backup systems until those systems are scheduled to be overwritten.

Once the retention period expires, personal data will be deleted or anonymized. After expiry, the rights of access, erasure, rectification, and data portability cannot be enforced in relation to that data.

Odyssea may also process your data to generate statistical analyses and reports in the platform Dashboard. Such analyses and reports will contain only anonymous data; no individual can be identified through them.

Your Rights Under GDPR

As a data subject, you may exercise the following rights regarding your personal data processed by us:

  • Right of information: To receive all necessary information about the processing of your personal data — including what data is processed, for what purposes, and how long it will be stored — in a concise, transparent, and accessible format. This Policy fulfills this obligation.
  • Right of access: To obtain confirmation as to whether personal data concerning you is being processed and, if so, to receive a copy of that data along with related information about the processing.
  • Right to rectification: To request correction of inaccurate personal data and completion of incomplete information about you.
  • Right to erasure: To request deletion of your personal data when it is no longer necessary for the purposes for which it was collected; when you have withdrawn consent and no other legal basis applies; when you have successfully objected to processing; when processing has been unlawful; or when deletion is required to fulfill a legal obligation.
  • Right to restriction of processing: To request that we limit the processing of your data in certain circumstances.
  • Right to object to processing: To object at any time to the processing of your personal data based on legitimate interests or for direct marketing purposes. Where you object, we will cease processing unless we can demonstrate compelling legitimate grounds that override your interests, rights and freedoms, or where processing is necessary for the establishment, exercise, or defence of legal claims.
  • Right to object to automated decision-making: To request that you not be subject to a decision based solely on automated processing — including profiling — that produces legal effects or otherwise significantly affects you.
  • Right to data portability: To receive your personal data in a structured, commonly used, machine-readable format, or to have it transmitted directly to another provider, where processing is based on consent or contract and is carried out by automated means.
  • Right to withdraw consent: To withdraw your consent at any time where consent is the legal basis for processing. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.
  • Right to lodge a complaint: To bring a complaint before the Hellenic Data Protection Authority (HDPA) if you consider that the processing of your personal data infringes applicable law:

1–3 Kifisias Ave., 115 23, Athens, Greece

Tel: +30 210-6475600

Email: contact@dpa.gr | Website: www.dpa.gr

We would appreciate the opportunity to address your concerns before you approach the supervisory authority, so please contact us first using the details in Section 4.

How to exercise your rights: Contact us at dpo@odyssea.com. All requests are free of charge. We will reply within one (1) month of receipt; if a request requires additional time, we will inform you within the first month. We may request proof of identity to protect your privacy and ensure data is not disclosed to an unauthorized person. We reserve the right to charge a fee where permitted by law — for instance, where a request is manifestly unfounded or excessive.

Children’s Privacy

Odyssea works with vulnerable youth as part of its social mission. Under Greek Law 4624/2019, which implements the GDPR in Greece, the minimum age for a child to give valid independent consent to the processing of their personal data in the context of information society services is 15 years. In other jurisdictions, the applicable minimum age may differ (e.g., 16 years under GDPR Article 8 in the absence of a lower national threshold).

Where a person between the ages of 15 and 17 (or the applicable minimum age in their jurisdiction) uses our services, they may do so with the verified consent or authorization of a parent or guardian. Persons below the applicable minimum age may not independently register for or use our Platform or websites. If you are below the applicable minimum age, please do not provide any personal information to us without the involvement of a parent or guardian.

If we find that we have collected personal data from a person below the applicable minimum age without appropriate parental or guardian consent, we will delete such information promptly. If you believe we may have inadvertently collected information from or about such a person, please contact us at dpo@odyssea.com.

Security

We take and maintain appropriate technical and organizational security measures designed to prevent and reduce the risk of unauthorized access, disclosure, modification, or accidental destruction of personal data. These measures include, for example:

  • All profile passwords are stored hashed in our databases, so that profiles cannot be compromised even in the event of a security incident.
  • Use of secure servers and encrypted connections (HTTPS/TLS) across our websites and Platform.
  • Access to personal data is restricted to authorized personnel and service providers only.
  • Contractual requirements for all service providers to comply with strict data privacy and security standards.

For the best possible protection of your personal data outside our direct control, we also recommend that your device is protected (e.g., with up-to-date antivirus software) and that your internet service provider takes appropriate network security measures.

While we take all reasonable steps to protect your personal data, no website or internet transmission is completely secure. You accept the inherent security implications of communicating online and will not hold us or our data processors responsible for any data breach unless it is due to our negligence. If we become aware of a breach affecting your personal data, we will notify you and the relevant supervisory authorities as required by applicable law.

Contact Us

Your trust is important to us. If you have any questions, concerns, or requests regarding this Policy or how Odyssea handles your personal data, please contact us:

Email (general): info@odyssea.com

Email (data protection): dpo@odyssea.com

Phone: (+30) 210 8839877

Address: 17 Nikiforou Mandilara Str., Ag. Ioannis Rentis, 18233 Athens, Greece

Scroll to Top