1. Who we are

The website “startadr.org” is the official online presence of the alternative dispute resolution (ADR) body with the name Alternative Dispute Resolution Institute and the distinctive title startADR, which has been operating since 2016, based in Greece and is registered in the official Register of ADR Bodies of the Ministry of Development and Investments, as well as a recognized ADR body in the European Union.

Our organization provides alternative and online dispute resolution (ADR/ODR) services, as well as educational programs, certifications and digital platforms to support consumers, businesses and professionals.

startADR is the Data Controller of personal data collected and processed in the context of the operation of the website and its related services and platforms (e.g. TravelODR, startODR, training registrations, membership forms, newsletter).

We are committed to protecting the privacy and personal data of all our visitors, members, participants and collaborators, implementing high standards of security, transparency and compliance with the General Data Protection Regulation (EU Regulation 2016/679 – GDPR) and Greek legislation (Law 4624/2019).

For any issue related to this Policy or the protection of your personal data, you can contact startADR at the email address: [email protected].

2. Acceptance of Terms

The following terms constitute the Privacy and Personal Data Protection Policy that startADR applies in the context of the operation of its website, its digital platforms (e.g. TravelODR, startODR) and its services and educational programs.

This Policy applies to all users, members and participants, unless specific terms or privacy policies are provided for specific services or platforms (e.g. Community, Mentorship, Ambassador Program, TravelODR, startODR). In such cases, the specific terms prevail over this Policy.

This Policy is mandatory for all visitors, users, members, participants in training or events, as well as for those who subscribe to newsletters or use the organization's communication and participation tools and forms.

By entering and browsing the website, using the services and completing any communication, participation or registration form, the user expressly declares that he has read, understood and unconditionally accepts this Policy.

startADR reserves the right to modify or update this Policy at any time as deemed necessary, without prior notice. The modifications are effective immediately upon posting on this website.

Continued use of the startADR website and services after any modification of the Policy implies its re-acceptance.

3. Age Limit

The startADR website, platforms and services are addressed exclusively to individuals who have reached the age of 18 and have full legal capacity, in accordance with applicable legislation.

If you are under 18 years of age, you may use our services only with the prior, express and written consent of your legal guardian.

startADR makes every reasonable effort to limit use by minors. However, it is not always able to verify the accuracy of each user's age declaration and, therefore, does not bear any responsibility in the event of a false or misleading declaration by the user.

4. What you need to know about personal data

The protection of personal data is regulated at the European Union level by the General Data Protection Regulation (GDPR, Regulation (EU) 2016/679), which is directly applicable in all Member States since May 25, 2018. In Greece, the implementation of the Regulation is framed by Law 4624/2019.

The GDPR establishes strict and transparent obligations for any organization that processes personal data within the EU, with the aim of effectively protecting the privacy and rights of individuals.

startADR, as Data Controller, fully complies with the applicable legislative framework and takes all appropriate organizational and technical measures to protect personal data collected through the website, platforms, services, Community, as well as its special programs (Mentorship Program, Ambassador Program).

Our commitment is to manage this data with confidentiality, transparency, security, integrity and privacy, while ensuring that processing is limited only to the purposes described in this Policy.

For registration and use of the Community, more specific terms and privacy policy apply, which are available within the respective platform.

5. What personal data do we collect?

startADR collects and processes only the absolutely necessary personal data, depending on the purpose of each processing and the use of our services.

Specifically, we may collect:

Identification details: Name, capacity (e.g. lawyer, mediator, consumer, business).

Contact information: Email address, telephone number, postal address (where required).

Participation/registration data: Information provided through contact forms, registration for training programs, participation in events, submission of disputes through our digital platforms (e.g. TravelODR, startODR) or through registration in the Community.

Community information: username, email, profile photo (optional), professional status, account details, and information you choose to share on your profile or in community discussions.

Details for special programs:

Mentorship Program: information regarding professional experience, specialization, interests, to enable mentor-mentee matching.

Ambassador Program: contact information, professional background, as well as data related to the member's actions/representations within the framework of the program.

Payment details: In case of payment for training or services, billing details (Tax ID, name, postal address) may be requested. startADR does not collect or store card details, as payments are made through banking institutions or electronic payment providers.

Digital activity data: IP address, cookie data and similar technologies (to improve the user experience, statistical purposes or, upon consent, for marketing purposes).

Newsletter and promotions: Email and name (optional) in case of subscribing to newsletters or accepting communication for digital and mail marketing.

startADR does not collect or process special categories of data (sensitive data, such as health, religious or political beliefs), nor does it carry out automated decision-making or profiling.

6. For what purposes do we process personal data?

startADR collects and processes personal data exclusively for specific, legitimate and transparent purposes, which are related to the operation of the entity and the services it provides.

In particular, your data may be used to:

Submitting and managing disputes through our digital platforms or mobile applications (e.g. TravelODR, startODR), including communication with the parties involved and resolution processes.

Registration and participation in startADR educational programs, seminars, workshops and events, as well as for the issuance of relevant certifications.

Management of members and associates, including communication and provision of information about the organization's actions.

Operation and management of the Community, for the purposes of interaction, knowledge exchange, professional networking and information.

Implementation of special programs, such as the Mentorship Program (guidance and skills development) and the Ambassador Program (representation and dissemination of startADR actions).

Communication and service in the event of a request submitted via a contact form or other digital tool.

Compliance with legal obligations, such as issuing receipts for payments or maintaining tax and accounting records.

Informational and promotional purposes, provided that you have given your explicit consent or there is a legitimate interest, e.g. sending newsletters, announcements or invitations to events, information about new platforms or educational activities, digital and mail marketing.

Optimizing user experience on our website, through cookies and analytical tools (e.g. Google Analytics), only with the user's consent.

Security and proper functioning of our services, including the prevention and response to malicious actions or technical problems.

startADR does not process personal data for purposes other than those described in this Policy and is committed to requesting your consent again if processing is required for a new purpose.

7. Lawful basis for processing

The processing of personal data by startADR is carried out in accordance with the legal bases provided for by Regulation (EU) 2016/679 (GDPR), depending on the purpose of the processing each time.

Specifically:

Contract performance: For data necessary to provide our services (e.g. submitting and managing disputes, participating in training programs, registering for events, accessing the Community, participating in a Mentorship or Ambassador Program).

Compliance with a legal obligation: For data required by law, such as billing and tax compliance information.

Consent: For data used for informational or promotional purposes (newsletter, digital and mail marketing, cookies for statistical analysis and marketing), as well as for the provision of certain functions in the Community. Consent can be revoked at any time.

Legitimate interest: In some cases, the processing is based on the legitimate interest of startADR, such as for the security of our systems, the prevention of malicious actions, the improvement of our services and the development of the Community, for the information of interested parties, as long as the rights and freedoms of the subjects do not prevail.

startADR does not process personal data without a lawful basis and ensures that any processing is based on the appropriate legal basis.

8. Why we need personal data

startADR collects and processes personal data exclusively for legitimate, transparent and entirely relevant purposes to the services it provides.

The need to process personal data arises, among other things, from:

the submission and proper management of disputes through our digital platforms or mobile applications (e.g. TravelODR, startODR),

the opportunity to participate in educational programs, seminars, workshops and events,

the operation of the Community, aiming at networking, knowledge exchange and collaboration between members and collaborators,

participation in the special Mentorship (guidance/mentoring) and Ambassador (representation and collaborations) programs,

communication and service through communication forms or other digital tools,

compliance with the organization's tax and accounting obligations,

sending updates, announcements, newsletters and invitations, if you have chosen it, or it arises from the legitimate interest of the organization,

monitoring the operation of the website and optimizing the user experience, through cookies or other tools, only with the user's consent (where required),

protecting the security of our information systems and preventing malicious actions.

In the event that a new processing purpose arises, incompatible with the above, startADR will promptly inform the data subjects and will request, where required, their explicit consent.

9. What is the impact of the processing on the subjects?

The processing of personal data by startADR is carried out with respect for the principles of proportionality and data minimization, as provided for by Regulation (EU) 2016/679 (GDPR).

The data collected is absolutely necessary and appropriate for the purposes for which it is requested and does not belong to special categories (sensitive personal data).

The processing of this data:

does not cause any disproportionate or negative impact on the subjects,

enhances the quality and safety of the services provided (dispute management, training, Community, Mentorship and Ambassador programs),

ensures proper service, communication and compliance with our legal obligations.

All personal data is treated as private and confidential. startADR implements appropriate technical and organizational protection measures to prevent any unauthorized or unlawful processing, as well as their loss, destruction or alteration.

10. How we use personal data

startADR processes personal data in a manner that is fair, transparent and limited to the purpose for which it was collected, in accordance with the principles of the General Data Protection Regulation (GDPR).

Specifically, personal data:

They are registered, organized and stored securely in our information systems.

They are used exclusively for the provision of our services (filing disputes, educational programs, Community, Mentorship and Ambassador programs), as well as for communication with members, participants or partners.

They are only used with consent (unless there is a legitimate interest) for informational or promotional purposes (newsletter, digital and mail marketing).

They are kept confidential and are not transferred to third parties, except in cases expressly mentioned in this Policy or required by law.

They are not used for profiling, automated decision-making or commercial exploitation by third parties.

Data processing is strictly limited within startADR and is carried out exclusively by authorized persons, who are explicitly bound by obligations of confidentiality and privacy, while a classified access policy is strictly followed.

11. Access to your personal data

As a data subject, you have the right to know what personal data startADR holds about you, for what purposes it processes it and how it manages it.

You can request access to your data at any time by sending a request to the email: [email protected].

Through this communication you can also request:

the correction or updating of your personal information, if it is incomplete, inaccurate or out of date,

completing any missing information,

information about the origin, category and recipients of your data,

confirmation of whether or not we are processing your data and on what legal basis.

startADR is committed to responding to your request as soon as possible and in any case within the deadline set by the GDPR, i.e. within one (1) month from receipt of the request, with the possibility of extension in special cases, as provided for by the Regulation.

12. Who has access to personal data?

Only authorized persons who are directly involved in the operation and provision of our services have access to the personal data held by startADR, exclusively to the extent necessary to fulfill their duties and achieve the purposes of the processing (application of a classified access policy).

Specifically, they may have access to:

executives and associates who manage dispute cases (ADR/ODR),

responsible for the implementation of educational programs and events,

Community administrators and coordinators of the Mentorship and Ambassador programs,

partners who support our platforms and information systems (IT technicians, developers, security consultants),

responsible for issuing documents and accounting and tax management.

All these persons have been informed and committed to strict compliance with this Policy and the relevant data protection rules, either by virtue of law or through signed confidentiality agreements.

No third party natural or legal person gains access to your data without your express and written consent, unless required by law or upon order of a competent authority.

13. Who do we share personal data with?

startADR does not transfer personal data to third parties for commercial exploitation, advertising or any other use not directly related to its services.

However, it may share data with third-party partners or entities only when this is necessary for the proper functioning of the services or is required by law. Such cases include, but are not limited to:

Technical partners and IT providers, for the hosting, support and security of the website, the Community and our digital platforms.

Certified partners who participate in ADR/ODR procedures as arbitrators, mediators or facilitators, exclusively for the execution of the procedure.

Training partners (e.g. lecturers, scientific associates) for the implementation of seminars, mentoring or Ambassador programs and actions.

Banking and financial institutions, for the settlement of electronic payments or refunds.

Accountants and tax specialists, for issuing documents and fulfilling accounting obligations.

Legal and advisory partners, if this is deemed necessary to protect the legal interests of the organization.

Competent administrative or judicial authorities, when required by law or following a prosecutorial or judicial order.

All third-party recipients of the data are bound, either by law or by contractual obligations, to maintain confidentiality and implement appropriate security measures, in accordance with the GDPR.

14. Duration of retention of personal data

startADR retains personal data only for as long as is strictly necessary to achieve the purposes of the processing, as described in this Policy and in accordance with the applicable legal obligations.

Specifically:

Dispute data (ADR/ODR): retained for a period of up to ten (10) years from the completion of the process, in order to cover any legal claims or documentation obligations.

Education data: registration, participation and certification data are retained for up to ten (10) years, for the purposes of confirming participation and issuing copies of certificates.

Community Data: retained as long as you remain a registered member of the community. In the event of account deletion, your data is deleted or anonymized within a period of five (5) years, unless required to be retained for legal reasons for a longer period.

Mentorship and Ambassador Program data: retained for the duration of your participation in the program and up to five (5) years after its completion, for record and documentation purposes.

Tax data (such as VAT number, invoice details): are retained for the period of time provided for by tax legislation, and in any case up to twenty (20) years.

Newsletter/marketing data: retained until you withdraw your consent or request your deletion from the relevant communication lists.

Contact data (via contact forms or requests): retained for up to five (5) years after the request has been completed.

After the above time limits have elapsed, personal data is deleted in a secure and irrevocable manner, unless otherwise required by law or upon order of a competent authority.

15. How we protect personal data

The protection of your personal data is a key priority for startADR. For this reason, we implement a combination of organizational and technical measures, in accordance with the General Data Protection Regulation (GDPR), to ensure the privacy, integrity, availability and confidentiality of data.

A. Organizational measures

We implement internal data protection policies and procedures.

We inform and train our executives and associates about their obligations.

We ensure that information provided to subjects is clear, transparent and in understandable language.

We legally bind employees, partners, Community members, mentors and Ambassadors with confidentiality clauses.

B. Technical measures

We use protection systems (firewalls, antivirus, malicious activity detection).

We implement strong password and access control policies.

We perform regular backups with encryption and secure storage.

We ensure that access to our servers and platforms is only by authorized persons.

We systematically monitor and review security measures to ensure they respond to technological developments and emerging risks.

In this way, startADR ensures that your data remains protected at every stage of processing.

16. Rights of data subjects

As data subjects, visitors, users, Community members, participants in programs (training, Mentorship, Ambassador) and startADR partners enjoy all the rights provided for by Regulation (EU) 2016/679 (GDPR).

Specifically, you have the following rights:

Right to information: to receive clear and transparent information about what data about you is held, for what purpose and for how long.

Right of access: to request and receive a copy of your personal data processed by startADR.

Right to rectification: to request the correction or updating of your inaccurate or incomplete data.

Right to erasure (right to be forgotten): to request the deletion of your personal data when it is no longer necessary for the purpose of processing or if you withdraw your consent.

Right to restriction of processing: to request the temporary restriction of the processing of your data, under specific conditions.

Right to portability: to receive your data in a structured, commonly used and machine-readable format or to request its transmission to another controller.

Right to object: to object to processing based on legitimate interest or carried out for direct marketing purposes.

Right not to be subject to automated individual decision-making, including profiling, which may have legal consequences for you.

startADR ensures that the exercise of the above rights is free of charge (unless a disproportionate expense arises, in which case there will be a relevant financial burden), easy and transparent and will respond to your requests within the time limits provided by law.

17. How to exercise your rights

If you wish to exercise any of your rights provided for by the General Data Protection Regulation (GDPR), you can contact startADR by sending a relevant request to the email: [email protected].

Your request should clearly describe the right you wish to exercise and be accompanied by the necessary identification information (e.g. name, contact information, reference to a relevant service or program, e.g. participation in an educational program, Community, Mentorship or Ambassador Program).

startADR will examine your request with due care and will endeavour to respond to you as soon as possible and in any case within one (1) month of receipt, as provided for by the Regulation. In exceptional cases, and if there is objective difficulty, the above deadline may be extended for an additional two (2) months, with prior notice to you.

The exercise of your rights is free of charge. In cases of abusive or repeated requests, startADR reserves the right to request the payment of a reasonable fee to cover administrative costs.

18. Right of appeal to the Personal Data Protection Authority

If you believe that your rights regarding the processing of your personal data have been violated, you have the right to file a complaint with the Personal Data Protection Authority (PDPA), which is the competent supervisory authority in Greece.

The appeal can be made:

if you have previously contacted startADR as the Data Controller and have not received a response within a reasonable time, or

if you consider that the answer you received is not satisfactory.

For more information about the Authority's responsibilities and the complaint submission process, you can visit its official website at: www.dpa.gr.

The appeal to the Authority is independent of the exercise of any other administrative or legal remedy.

19. Cookies and tracking technologies

The startADR website and digital platforms use cookies and similar technologies (e.g. pixels, local storage) in order to ensure their proper functioning, improve the user experience, collect statistical data and, if consent is given, provide personalized updates or promotional content.

The cookies used are categorized as follows:

Strictly necessary cookies: enable the basic functioning of the website and platforms (e.g. maintaining login, secure browsing, recording privacy preferences).

Performance cookies (statistics): collect anonymous information about how users use the website (e.g. number of visitors, most popular pages) and help improve functionality.

Functionality cookies: allow personalization of the experience (e.g. language selection, Community membership preferences).

Marketing cookies: used to display targeted updates and campaigns (e.g. newsletter subscriptions, digital and mail marketing) and to evaluate their effectiveness.

Also, startADR may use cookies from third-party providers, such as:

Google Analytics (usage statistics),

Google Ads (advertisements),

Mailchimp or similar services (newsletter management).

Strictly necessary cookies, performance cookies (statistics) and functionality cookies are always applied based on the legitimate interest of the entity, while marketing cookies are activated only upon your explicit consent, which is provided through the consent mechanism (cookie banner) during the first visit to the website.

Through this mechanism you can:

to be informed in detail about all cookies,

enable or disable categories of cookies at will,

to withdraw or modify your consent at any time.

Consent to cookies, where required, is optional and does not affect access to the basic services of startADR.

20. Alternative Dispute Resolution (ADR/ODS)

startADR is a recognized Alternative Dispute Resolution (ADR) entity in Greece and the European Union, registered in the official Register of ADR Entities of the Ministry of Development and Investments. At the same time, it develops and manages modern electronic platforms and mobile applications for Online Dispute Resolution (ODR), such as TravelODR and startODR, with the aim of making dispute resolution accessible and effective through digital tools.

In the event that any dispute arises between a user/member and startADR regarding the processing of personal data or the use of the website and its services, the possibility of out-of-court resolution is provided through the ADR/ODS procedure.

The relevant application can be submitted directly to the institution, through the official website. www.startadr.org or through the special platforms we manage.

This procedure is independent and does not exclude the right of users to appeal to the competent courts or the Personal Data Protection Authority.

21. Applicable Law and Competent Courts

This Privacy and Personal Data Protection Policy is governed by Greek law, in conjunction with the General Data Protection Regulation (EU Regulation 2016/679 – GDPR) and Law 4624/2019, as well as any other relevant European or national legislation.

For any dispute concerning the interpretation, application or execution of this Policy or the use and processing of personal data by startADR, the Courts of Thessaloniki are exclusively competent.

22. Update date

This Privacy and Personal Data Protection Policy was updated and is effective as of August 27, 2025.

startADR reserves the right to modify or update the content of the Policy whenever deemed necessary, always ensuring timely and transparent information to users through this page.