LAST UPDATE: 2021.05.06
- Who we are:
The Be Your Own Boss Programme is offered for free to young people aged 18-35. Participants have the opportunity to attend interactive 4-days business courses where they explore the practical side of starting and running a business and decide if self-employment is right for them. During the courses, entrepreneurs share their knowledge and experience in strategy setting, marketing, sales, accounting, business planning, etc. After the courses, the participants who are interested, receive individual mentoring for an entire year to develop, design and test their business idea and then mature their business plan. Participants who are ready to start their own business can present their business plan to the Business Launch Group that evaluates the viability of their business plan. The Be Your Own Boss Programme is the very first Enterprise Programme of Prince’s Trust International to run outside of the UK.
We, at the Be Your Own Boss Programme, are committed to protecting the personal data that we collect. We aim to be clear and transparent and not do anything you would not reasonably expect. We do this by ensuring you are provided with an explanation about how we collect and process the information you provide us with, or that we collect about you, whether online, via phone, email, in letters, or in any other correspondence or from third parties.
We collect and use personal data to ensure that we can manage our relationships with our supporters, and to better understand how we can meet and exceed our supporters’ expectations. This allows us to fundraise more efficiently and effectively to ultimately help us reach our goal that every young person should have the chance to succeed.
The partners of the Be Your Own Boss Programme, listed below, process certain types of personal data for the purposes of the project. Each partner is responsible for the personal data they collect and process during their activities under the framework of the project:
- Prince’s Trust International, UK. https://princestrustinternational.org/
- Bizrupt, Greece. https://www.bizrupt.gr/
- Action Finance Initiative, Greece. https://www.afi.org.gr/
For further information, you can contact us at:
- How we collect your personal data
We collect personal data both directly and indirectly:
Directly. We obtain personal data directly from individuals in a variety of ways, including but not limited to the following cases:
- an individual registers via MS Forms to express interest about the Proggramme;
- an individual registers to attend in meetings (physical or online) and events we host and during attendance at such events;
- we establish cooperative relationships with an individual;
Indirectly. We obtain personal data indirectly about individuals from a variety of sources, including:
- our networks and contacts;
- social and professional networking sites (g., Facebook, Instagram, LinkedIn).
- What types of data do we collect?
We only collect the data that are necessary for the smooth implementation of our Programme. These data fall into the following categories:
- contact details (name/surname, e-mail address, street address, mobile phone number);
- personal information (e.g., educational level);
- eligibility criteria (unemployed or part-time, time of education, if the existing business, if they have a business idea);
- demographics (e.g., age, gender);
- statistics (e.g., where did you learn about the programme, if you are looking for loan);
- information about your business idea;
- videos and photos (from people that attend our courses).
Where appropriate we may also ask your interests and motivation for supporting the programme, we will never make this question mandatory, and only want to know the answer if you are comfortable providing us with that information.
In some limited circumstances, the personal information that the Programme collects may include information that is considered “sensitive data”. This may include personal information regarding health and information concerning criminal offences. Where this information is collected, we will tell you so you know why it is needed.
If you are under 16 you should ask permission of a parent or guardian before sending personal or sensitive information to anyone online.
- Bases of lawful processing
We process personal data on the following legal bases:
Legal obligations – for processing activities required for compliance both with applicable national and European legislation as well as with the specific legal and regulatory Safeguarding framework of Prince’s Trust International.
Consent – in order to manage, implement, finance, and evaluate the programme and our work in the best possible way. Also to contact you for clarifications regarding your application, refer you to the Programme that is taking place in the area you submitted that you are living and during and after the completion of the programme, in order to ask you about your business, your employment, your education and your positive outcomes in your life in general.
Code of Conduct consent – This agreement determines what is expected of you, as a participant in the Be Your Own Boss Programme. The rules are designed to keep you and the other participants safe during online delivery.
- What we do with your personal data
We process your personal data with the purpose of:
- Conducting research (e.g., interviews, surveys);
- Disseminating our project’s results to different types of stakeholders;
- Sending invitations and providing access to guests attending our events and webinars;
- Administering, maintaining, and ensuring the security of our information systems, applications, and websites;
- Processing online requests or queries, including responding to communications from individuals;
- Complying with contractual, legal, and regulatory obligations.
- How we secure your personal data when we process it
We continuously apply a personal data risk assessment process to identify, analyze, and evaluate the security risks that may threaten your personal data. Based on the results of this risk assessment, we define and apply a set of both technical and organizational measures to mitigate the above security risks, including but not limited to:
- Data Protection Policies to guide our personnel when processing your data;
- Written contracts with organizations that process personal data on our behalf;
- Non-Disclosure Agreements with our personnel;
- Back up process, antimalware protection, access control mechanisms, etc.
- Some of our partners have appointed a Data Protection Officer.
- Do we share personal data with third parties?
We may occasionally share personal data with trusted third parties to help us deliver efficient and quality services. When we do so, we ensure that recipients are contractually bound to safeguard the data we entrust to them before we share the data. We may engage with several or all the following categories of recipients:
- Parties that support us as we provide our services (e.g., cloud-based software services such as Dropbox, Microsoft SharePoint, Google);
- Our professional advisers, including lawyers, auditors, and insurers;
- Dissemination services providers (e.g., Mailchimp);
- Law enforcement or other government and regulatory agencies or other third parties as required by, and in accordance with applicable law or regulation;
- The Prince’s Trust International according to our relevant contractual obligations.
- Do we transfer your personal data outside the European Economic Area?
We do not own file servers located outside the European Economic Area (EEA). However, some partners may use cloud and/or marketing services from reputable providers such as SharePoint, Dropbox, Mailchimp, Google, etc., situated both inside and outside the EEA. We always check that such providers comply with the relevant GDPR requirements before start using their services.
- cookies to improve site performance;
- cookies for anonymous traffic statistics;
- cookies for Google Advertising Features.
Then we provide detailed information on each of these types of cookies.
- Your rights
You have the following rights regarding our processing of your personal data:
- Right to withdraw consent – You can withdraw consent that you have previously given to one or more specified purposes to process your personal data. This will not affect the lawfulness of any processing carried out before you withdraw your consent.
- Right of access – You can ask us to verify whether we are processing personal data about you and if so, to have access to a copy of such data.
- Right to rectification and erasure – You can ask us to correct our records if you believe they contain incorrect or incomplete information about you or ask us to erase your personal data after you withdraw your consent to processing or when we no longer need it for the purpose it was originally collected.
- Right to restriction of processing – You can ask us to temporarily restrict our processing of your personal data if you contest the accuracy of your personal data, prefer to restrict its use rather than having us erase it, or need us to preserve it for you to establish, exercise or defend a legal claim. A temporary restriction may apply while verifying whether we have overriding legitimate grounds to process it. You can ask us to inform you before we lift that temporary processing restriction.
- Right to data portability – In some circumstances, where you have provided personal data to us, you can ask us to transmit that personal data (in a structured, commonly used, and machine-readable format) directly to another entity.
- Right to object – You can object to our use of your personal data for direct marketing purposes, including profiling or where processing has taken the form of automated decision-making. However, we may need to keep some minimal information (e.g., e-mail address) to comply with your request to cease marketing to you.
To ask us to do anything of the above, you can contact us by email: firstname.lastname@example.org. We will promptly examine your request against the relevant requirements of the laws and regulations governing privacy and personal data protection and we will answer the latest within 30 days after receiving your request. We will ask you for identification (e.g., photocopy of your identity card or passport) to avoid non-authorized reveal of your personal data. If for reasons of the complexity of the request or a multitude of requests, we are unable to respond promptly, we will notify you within 30 days of any delay, which in no case may exceed two months from the expiration of the 30-day deadline.
- How long do we retain personal data?
We retain personal data to provide our services, stay in contact with you, and comply with applicable laws, regulations, and contractual obligations to which we are subject. After the expiry of contractual obligations, and unless further legitimate grounds for retention arise, we will dispose of personal data in a secure manner.
- Disclaimer of liability for third party websites
We may also provide social media features that allow you to share information on your social networks and interact with our project on various social media sites. The use of these social media features may result in the collection or sharing of information about you. We recommend that you check the privacy policies and regulations of the social networking sites you interact with, so that you can be sure that you understand what information may be collected, used, and disclosed by these sites.
We do not knowingly collect, use, or disclose information from children under the age of 16. If we learn that we have collected the personal information of a child under 16 we will take steps to delete the information as soon as possible. Please immediately contact us if you become aware that a child under 16 has provided us with personal information.