or requests in respect of personal data should be directed to our email at firstname.lastname@example.org
Who We Are
Our main offices are located at 7B Zinas Kanther, 3035, Limassol, Cyprus.
We strive to protect personal data and apply high standards of conduct when it comes to privacy issues. We ensure that our employees are provided with the appropriate training in order to handle personal data promptly and in accordance with the laws. Furthermore, We endeavor to ensure that any parties with whom We co-operate apply the same high standards when it comes to data protection and privacy as We do.
What data do We hold?
We process data in the context of providing our services to our clients. The categories of data We may collect and process, according to each case, include:
1. Full name
2. Date of birth
3. I.D. Card number or Passport number
4. Contact Details, including the address of residence in Cyprus (if applicable), telephone number and email address
5. any other information You may
provide to Us.
Important notice on Special Category Data
In certain instances, the personal data that Weprocess may include "Special Category Data" (which includes information on a person's race, ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic or biometric data processed for the purpose of uniquely identifying a natural person, health data, data on a person's sex life or sexual orientation or data relating to a person's criminal record or alleged criminal activity). In such instances, legal bases for processing that data may include explicit consent (where the Special Category Data has been provided to Us by the data subject for any of the above-listed purposes) or the processing is being necessary for compliance with a legal obligation.
Why do We need them?
We ensure that the data collected and processed is relevant to one or more processing activities and that we do not collect or process more or less data than what is reasonably required for achieving the purpose of each processing activity. Furthermore, for each purpose of processing, there is always at least one lawful basis to secure that the rights of individuals are safeguarded by all means.
We collect personal data so that we can provide our services and generally for the following purposes:
a) Performance of our contractual obligations
b) Compliance with legal obligations to which we are subject
c) Pursuing a legitimate interest
We do not collect, and we do not use any personal data other than that specifically mentioned above without your explicit consent unless You ask Us to do so.
We don’t use
automated decision-making processes or profiling while processing personal
Sources and Recipients of Data
The sources of data may include clients, intermediaries, data subjects directly, connected, third parties connected to the data subject (for example, their employer or another service provider who provides services to the data subject) or open-source material.
Reasonable endeavours are made to ensure that data is only accessible by those with a need for access to fulfil the purposes set out above. Requests for access to be restricted in any particular manner should be made to email@example.com email and will be considered and, where possible with reference to legal and regulatory obligations, actioned.
The following is a list of potential recipients of data (in each case including respective employees, directors and officers):
· different departments within the Companyfor the purpose of managing registrations and admissions, handling any claims, and creating client’s profiles;
· employees of the Companywho are acquainted with the GDPR and have signed a Confidentiality Agreement with Us;
· third parties with whom the Company engages for the hosting of events or other marketing initiatives;
· regulators or other governmental or supervisory bodies with a legal right to the material or a legitimate interest in any material.
· third parties with whom the Companyengages for the provision of information systems and portals, including maintenance and IT support;
Where the Companyis entering into an engagement with a third party pursuant to which data may be processed by that third party, We will seek to enter into an agreement with that third party setting out the respective obligations of each party and itwill seek to be reasonably satisfied that the third party has measures in place equal to those of the Companyto protect data against unauthorised or accidental use, access, disclosure, damage, loss or destruction.
In the event that any such third party is outside of the European Union and where the data being transferred would include personal data which would be protected under applicable Data Protection regulation,Wewill ensure that Wemeet the relevant requirements of that Data Protection regulation prior to carrying out any such transfer. This may include only transferring the data where We are satisfied that:· the non-European Union country has Data Protection laws similar to the laws in the European Union;
· the recipient has agreed through contract to protect the information in the same Data Protection standards as the European Union;
· We have obtained consent from relevant data subjects to the transfer;
· if transferred to the United States of America, the transfer will be to organizations that are part of the Privacy Shield.
Rights of Data subjects
Data subjects in the European Union (or any jurisdiction with equivalent legislation to the European Union General Data Protection Regulation) have certain rights in respect of their personal data (including the right to withdraw any consent to processing previously given; the right of access to data; or to have data corrected, updated, rectified or erased; or for access to data to be restricted or provided to any third party; or to object to any particular processing; or to lodge a complaint with the relevant supervisory authority; or the right of data portability).
In any case in which a data subject chooses not to provide any personal data, or where any of the rights set out above are exercised to limit the processing of personal data, We may be unable to provide relevant services, or there may be restrictions on the services which can be provided.
Should You believe that any personal information We hold on You is incorrect or incomplete, You have the ability to request to see this information, rectify it or have it deleted by contacting Us at the email address firstname.lastname@example.org , or by calling Us at +357 25 829160
In the event that You wish to complain about how we have handled your personal data, You may contact Us at the above email address and telephone number. We will then investigate Your complaint and work with You to resolve the matter.
If You still feel that Your personal data has not been handled appropriately according to the law, You can submit your complaint with the Office of the Commissioner for Personal Data Protection, at 1 Iasonos Street, 2nd Floor, 1082 Nicosia, tel. +357 22 818456, email address email@example.com
Retention of data
The Company retains personal data in accordance with the Data Retention Policy. Any personal data provided to Us is retained to fulfil the purposes for which the data was collected. After the fulfilment of the purposes for which the personal data was collected, such data will be destroyed, and a Destruction Certificate will be retained in our records, unless destruction is prohibited for legal, regulatory or technical reasons.
Any requests for further information in relation to the continued processing of specific data and requests for destruction of data should be made to firstname.lastname@example.org
For further information on the retention and destruction processes of the Institute, please request the Institute’sData Retention Policy at email@example.com
Use of Personal Data in Legal Proceedings
If it becomes necessary that the Company has to take action against You for any reason whatsoever, including but not limited to recovering from You any money You owe to Us, You expressly agree that the personal data provided by You can be relied upon in identifying and taking legal action against You.