Home page

Kubo+ is a dedicated digital platform supports the entire leadership journey, enabling structured diagnostics, continuous learning, and transparent program monitoring. The platform creates a single environment where participants develop leadership capability while HR gains visibility into program progress and impact.

Participant Experience

Leaders access learning materials, diagnostics, exercises, and program updates through their individual accounts. The platform supports preparation, reflection, and continuous engagement throughout the program.

HR & Program Monitoring

HR team can monitor participation, engagement, and progress through dedicated dashboards that provide visibility into program activity and development trends.

Digital Diagnostics

Pre- and post-program assessments are conducted digitally, enabling efficient data collection and structured leadership insights.Program ReportingThe platform generates structured reports and analytics that support program evaluation and leadership cap

The protection of your personal data is important to us.

By means of this policy, “MINDEX PRIVATE COMPANY”, under the distinctive title “MindEx IKE”, established in the Municipality of Vyronas, at 26 Andromedas Street, VAT No. 801093107, Tax Office KEFODE ATTIKIS, GEMI No. 148926909000, which is also established in Athens (23 Mavromichali Street, Postal Code 10680), determines and communicates the terms under which, acting as α “Data Controller” in accordance with the law, collects, stores, uses and in general processes your personal data, which it collects when you visit, register or use its websites (hereinafter the “Websites”) and its mobile applications (hereinafter the “Applications”).

This Privacy Policy also describes the manner of use, disclosure and protection of your personal data, the choices available to you regarding your personal data, as well as how you may contact us. This Privacy Policy complies with Regulation (EU) 679/2016 and Law 4624/2019 and any other applicable legislation. For any questions regarding this Privacy Policy, as well as any matter related to the processing of your Data and the exercise of your rights, you may contact us at the following email address [email protected]

1. A few words about the Kubo+ platform by MindEx, which constitutes a digital infrastructure supporting training programs, diagnostic procedures and reporting to corporate clients. The use of the platform shall always take place within the framework of a concluded contract with a natural or legal person (employer – client), who will also bear responsibility for the lawfulness of the processing of your data.

2. What is Personal Data?

The term “personal data” refers to any information relating to an identified or identifiable natural person, that is, information of natural persons for example: full name, postal address, email address, contact telephone number, etc., which identify or may identify your identity, hereinafter “Personal Data or Data”.

3. What is Processing of Personal Data?

Any operation or set of operations which is performed, with or without the use of automated means, upon personal data or sets of personal data, such as : collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

4. Is the provision of your Personal Data mandatory?

The provision of Data to the Company may be necessary to achieve the purposes defined in this Privacy Policy or may be optional. The mandatory or optional nature of the provision of Data is indicated by an asterisk (*) next to the personal data of mandatory nature. If you refuse to provide the data indicated as mandatory, it will be impossible to achieve the primary purpose for which such Data is collected. The provision of additional Data to the Company, beyond those indicated as mandatory, is optional and does not entail consequences regarding the main purposes of the collection of Data, as their provision serves exclusively to optimize the quality of the services provided by us and especially the use of the platform.

5. What Personal Data do we collect?

We ensure that we collect only the necessary Personal Data from you, which is appropriate and clear for the purpose for which it is intended to be used and registered on the platform. This Data includes the following:

a. Data you provide to us when registering and creating a user account, via the internet or your mobile device, specifically data such as email address and password/login and first name, last name, company, role (as mandatory), while job position, photograph, phone number, resume, phone number (as optional). Additionally, in the context of creating/managing your account and your automatic inclusion on the platform, we may collect and/or you may optionally enter additional information as well as related account preferences/settings.

b. Education data, and specifically those related to participation in programs, attendance & completion stats, quizzes/surveys/physio metric tests, evaluation feedback (these data are used only for development and evaluation purposes).

c. Diagnostic data, and specifically merely indicative responses to assessments and pre- and post-evaluations.

d. Information collected from the use of cookies in your web browser.

e. educational information, such as studies, skills, foreign language knowledge, professional experience

6. How do we use your Personal Data?

Where applicable, we use your Data:

For the purposes of your registration and use of the platform and subject to your consent to this Privacy Policy. In general, the purpose is the implementation of training programs, diagnostic procedures, monitoring of progress, reporting to our clients and improvement of the learning experience. The platform supports access to material (educational) and participation in activities (participant accounts). In addition, it provides access to HR managers of each company (admin accounts), meaning they will have access to dashboards, monitoring engagement and progress reports. In all cases, Admins must use the Data in accordance with applicable data protection legislation.

Your Data are used under conditions of confidentiality and anonymity. In particular, individual responses are not disclosed, while all reports to HR departments are anonymous (where required) and aggregated.

Finally, we inform you that the processing of your Data is carried out either by specially authorized personnel of the Company or through IT systems and electronic devices of the Company and exceptionally by third parties who, having been contractually bound to confidentiality and data protection obligations, perform tasks necessary for achieving purposes strictly related to the use of our Websites and services.

7. What is the legal basis for processing your Data?

√ the legislation for data protection that specifies various reasons for which a company may collect and process your personal data, including the terms of our contractual relationship

√ your consent, where required. When collecting your personal data, we will always inform you which data is necessary and which is optional.

√ the obligations of the Company arising from the law (e.g., tax legislation, e-commerce legislation, etc.)

√ the legitimate interest of our Company. In specific cases, we collect your Data in a way that is reasonably expected as part of the operation of our business and that does not materially affect your rights, freedom, or interests.

8. Who are the recipients of your Data?

Access to your Data is granted to the Company's authorized personnel, which is limited to the absolutely necessary individuals and who are bound by confidentiality obligations, as well as to the businesses or third-party service providers cooperating with us, who process your Data as Data Processors on our behalf, in accordance with our instructions and based on a specific agreement for the processing of your data. Additionally, your data may be used by our cloud providers and technical partners, but always within the framework of personal data protection.

8a. Our partners have agreed and contractually committed in writing with the Company to:

Maintain confidentiality, and to bind their personnel with the corresponding obligations,

not transfer Data to third parties without our written permission,

take organizational and technical security measures to protect the data, safeguarding their logical and physical security such as secure software and physical protection,

inform us of any incident concerning the breach of your personal data,

delete or return your Data to us upon the termination of our contract,

and comply with the legal framework for the protection of personal data, especially the General Data Protection Regulation (GDPR).

9. How are your Data disclosed?

Sharing Data by Our Company

The Company shares your Data with:

√ Third-party service providers who process personal data on behalf of the Company, for example (indicatively listed) for the Company's processing and technical support, management and maintenance of our data, email distribution, research and analysis, management of promotional activities, as well as management of certain services and elements. When we use third-party service providers, we enter into agreements that require them to implement appropriate technical and organizational measures to protect your personal data.

√ Other third-party entities, to the extent required for the following purposes: (i) compliance following a request from an authority of the Greek State, a court decision or applicable law, (ii) prevention of illegal uses of our Websites and Applications or violations of the Terms of Use of our Websites and Applications and our policies, (iii) our protection from third-party claims, and (iv) contribution to the prevention or investigation of cases of fraud (e.g., counterfeiting). √ Other third parties to whom you yourself have given your consent.

10. Policy for Data Processors:

What is the policy we apply with third-party Data Processors according to the above:

√ We provide only the information needed to perform their specific services.

√ They can use your Data only for the exact purposes we define in our contract with them.

√ We work closely with them to ensure that your privacy is respected and always protected.

√ If we stop using their services, any of the data they hold will be deleted or anonymized.

11. How do we ensure compliance of processors?

The Processors acting on our behalf have agreed and contractually committed to:

√ maintain confidentiality,

√ not send your Data to third parties without the Company's permission,

√ take appropriate technical and organizational security measures,

√ comply with the legal framework for the protection of personal data, and in particular Regulation (EU) 979/2016 (otherwise GDPR).

12. Data Transfers

The personal data we collect (or process) within the scope of our Websites and Applications will be stored within the European Union. However, some of the recipients of the Data with whom the Company shares your Personal Data may be in countries other than the one in which your Personal Data was originally collected. The legislation in these countries may not provide the same level of data protection as the country that originally provided your Personal Data. Nevertheless, when we transfer your Personal Data to recipients in other countries, including the USA, we commit to protecting your Personal Data as described in this Privacy Policy and in accordance with applicable law.

13. For how long do we retain your Data?

We retain your Personal Data as long as necessary to fulfill the purposes set out in this Privacy Policy (unless a longer retention period is required by applicable law). In general, this means that we will retain your Personal Data for as long as you have an account with our Company. At the end of this retention period, your data will be fully or anonymously deleted, for example by aggregating it with other data, so that it can be used in a non-identifiable way for statistical analysis and business planning.

14. Security

We are committed to safeguarding your Personal Data. Recognizing the importance of the security of your Personal Data, we have taken all appropriate organizational and technical measures for the safety and protection of your Data from any form of accidental or unlawful processing. We use the most modern and advanced methods to ensure the highest possible security. Specifically, we are hosted on servers within the EU, with ISO-certified Cloud hosting (Hetzner) with role-based access, encryption, and appropriate backup and monitoring. Additionally, the information used to identify you as an account user consists of two elements: the Username and the Personal Security Password. Each time you enter your details, you are granted access to your personal account. This process is securely carried out through encryption when transmitting your information over the internet and to the Company’s servers. In the same manner, you are given the ability to change your Personal Security Code (Password) as often as you wish. After entering the desired code, the new code is encrypted and stored in the Company's systems. For this reason, the only person who knows your code is yourself, and you are solely responsible for maintaining the confidentiality of the code from third parties. These measures are reviewed and modified whenever and wherever deemed necessary.

15. Your Rights

You have the right to access your Personal Data. This means that you have the right to be informed by us if we are processing your Data. If we are processing your Data, you can request to be informed about the purpose of the processing, the type of your Data we hold, to whom we provide them, how long we store them, whether automated decision-making takes place, as well as about your other rights, such as correction, deletion of data, restriction of processing, and lodging a complaint with the Data Protection Authority. You have the right to correct inaccurate personal data. If you find that there is an error in your Data, you can submit a request to us to correct it (e.g., correcting a name or updating a change of address). You have the right to deletion / right to be forgotten. You can ask us to delete your data if it is no longer necessary for the purposes of processing. You have the right to data portability. You can request to receive in a readable format the Data you have provided or ask us to transmit it to another data controller. You have the right to restrict processing. You can request that we restrict the processing of your Data for as long as your objections to the processing are under review. You have the right to object and withdraw consent for the processing of your Data. You can object to the processing of your Data, and we will stop processing the Data, unless there are other compelling and lawful reasons that override your right. If you have given your consent for the collection, processing, and use of your personal data, you can withdraw your consent at any time with future effect.

16. Exercise of Rights

To exercise your rights, you can submit a relevant request to us at the email address [email protected] with the subject "Exercise of Right" and we will review it and respond to you as soon as possible.

Identity verification

To protect the confidentiality of your information, we will ask you to verify your identity before proceeding with any request you submit under this Privacy Policy. If you have authorized a third party to submit a request on your behalf, we will ask them to prove that they have your permission to act for this purpose.

17. When do we respond to your Requests?

We respond to your Requests without delay, and in any case within one (1) month from the time we receive your request. However, if your Request is complex or there is a large number of your Requests, we will inform you within the month if it is necessary to take an extension of another two (2) months during which we will respond to you.

18. Applicable Law

The applicable law is Greek law, as shaped in accordance with the General Data Protection Regulation 2016/679/EU, Law 4624/2019 (as in force), and in general the applicable national and European legislative and regulatory framework for the protection of personal data. Any dispute arising from or related to the protection of your Personal Data shall be subject to mediation in accordance with the Mediation Regulation of the European Organization for Mediation and Arbitration (EOMD). In the event that the dispute or any part thereof is not resolved through mediation, the dispute or the unresolved part thereof shall be resolved exclusively, definitively, and irrevocably by an arbitral tribunal, which is appointed and conducts the arbitration in accordance with the EOMD Arbitration Regulation.

19. Where can you turn if we violate the applicable law for the protection of your Personal Data?

You have the right to file a complaint with the Data Protection Authority if you believe that the processing of your Personal Data violates the applicable national and regulatory framework for the protection of personal data. Data Protection Authority, Postal address: Kifisias 1-3, PC 115 23, Athens, tel.: 210.6475600, email address: [email protected]

20. How will you be informed of any modifications to this Policy?

We update this Privacy Policy whenever necessary. If there are significant changes to the Privacy Policy or the way we use your Personal Data, we will post the updated version on our website before the changes take effect and will notify you in any appropriate manner.

We encourage you to read this Policy regularly to understand how your Data is protected.

Athens, 05.05.2026