Privacy Policy

CORA – Privacy Policy

Last updated: 23/11/2025

CORA is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store, share, and safeguard your information when you visit our website, participate in our programs, or use any of our services, in compliance with EU GDPR, ePrivacy Directive, and relevant U.S. privacy laws (such as CCPA/CPRA, Virginia CDPA, Colorado CPA, and others applicable to website visitors).
By using our website or services, you acknowledge that you have read and understood this Privacy Policy.

  1. Who We Are (Data Controller)
    CORA is the controller of the personal data you provide.
    Contact email: info@corainaction.com
    Location: Heraklion, Crete, Greece
    For GDPR-related questions or requests, you may also contact our designated privacy contact:
    Data Protection Contact: info@corainaction.com
  2. What Information We Collect
    We collect the following categories of personal data depending on how you interact with us:
    A. Information you provide voluntarily
    Full name
    Email address
    Phone number
    Age group (if relevant for service eligibility)
    Country of origin or language (for expat support)
    CVs, job history, skills, or employment preferences
    Notes from coaching, counselling, or training sessions
    Payment/billing information (for paid programs)

B. Automatically collected data (website & cookies)
IP address
Device type, browser type, operating system
Pages you visit and interaction patterns
Cookies and similar technologies (see Cookie Policy)

C. Sensitive data (only if necessary and with explicit consent)
For coaching or counselling sessions, you may choose to share information related to:
Emotional or mental wellbeing
Life challenges
Family circumstances
Employment barriers
This information is voluntarily provided and processed only with your explicit consent under GDPR Article 9(2)(a).

  1. How We Use Your Information
    We use your data only for legitimate purposes, including:
    To provide coaching, counselling, training, or community support
    To deliver job-matching assistance
    To improve our programs and services
    To communicate with you about your participation
    To process payments for paid services
    To comply with legal obligations
    To maintain website functionality and security
    To send newsletters or updates (with your consent)
    We do not use your information for automated decision-making or profiling that produces legal effects.
  2. Legal Basis for Processing (GDPR)
    We process personal data based on:
    Your consent
    Performance of a contract (e.g., when you register for a program)
    Legitimate interests (improving services, ensuring security)
    Legal obligations (tax, financial reporting, safeguarding)
    Vital interests (rare cases involving safety/wellbeing)
    Sensitive data is processed only with explicit consent.
  3. How Long We Store Your Data
    We retain your data only for as long as necessary:
    Coaching/counselling notes: Up to 2 years unless legally required otherwise
    Training and workshop records: Up to 3 years
    Job-matching information: Up to 18 months
    Payment records: 5–10 years (legal requirement)
    Website analytics and cookies: 6 months to 2 years
    You may request deletion at any time.
  4. Sharing Your Information
    We do not sell your personal information.
    We may share data only with:
    Partner employers (for job-matching) only with your approval
    External trainers delivering specific sessions
    Payment processors (e.g., Stripe, banks)
    IT service providers (website hosting, email)
    Government programs (e.g., DYPA) when required
    Legal authorities in cases of safety, legal compliance, or fraud prevention
    All partners follow GDPR-compliant data protection standards.
  5. International Data Transfers
    If any data is processed outside the EU/EEA or transferred to U.S.-based services, we ensure compliance through:
    EU–U.S. Data Privacy Framework
    Standard Contractual Clauses (SCCs)
    Adequacy decisions or equivalent safeguards
    You may request details of these safeguards at any time.
  6. Your Rights (GDPR & U.S. Privacy Laws)
    Under GDPR (EU Residents):
    You have the right to:
    Access your personal data
    Request correction
    Request deletion (“right to be forgotten”)
    Restrict processing
    Object to processing
    Data portability (receive your data in a machine-readable form)
    Withdraw consent at any time
    Lodge a complaint with your national Data Protection Authority
    Under U.S. Privacy Laws (California, Virginia, Colorado, etc.):
    You may also:
    Request to know what personal information is collected
    Request deletion
    Request correction
    Opt out of data sharing
    Opt out of targeted advertising
    Request a copy of your data
    CORA does not sell data or engage in targeted behavioral advertising.

To exercise any rights, contact:
info@corainaction.com

  1. Website Cookies and Tracking Technologies
    We use cookies for:
    Website functionality
    Security and spam prevention
    Analytics (anonymous unless consented otherwise)
    Improving user experience
    You may manage or withdraw cookie consent at any time through your browser settings or cookie banner.
    A full Cookie Policy can be generated upon request.
  2. Data Security
    We take measures to ensure your data is protected from unauthorized access, including:
    Encrypted storage
    Secure servers and hosting
    Access restrictions for staff
    Confidentiality agreements
    Regular security audits

Despite strong protections, no method of transmission is 100% secure. We encourage users to exercise care when sharing sensitive information.

  1. Children’s Privacy
    Our services are intended for adults.
    We do not knowingly collect data from individuals under 16 years old in accordance with GDPR and U.S. regulations.
  2. Updates to This Privacy Policy
    We may update this policy to reflect legal requirements or service changes. Updated versions will be published on this page with the revision date.
  3. Contact Us
    If you have questions or wish to exercise your privacy rights, contact:

CORA – Privacy Department
Email: info@corainaction.com
Location: Heraklion, Crete, Greece

Powered by
Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None
Powered by
Scroll to Top