Last updated: 12 June 2019
Under the Regulation, The Cyprus Institute is the Data Controller for all the personal data it maintains and processes. As a Data Controller, The Cyprus Institute is allowed to collect, maintain and process the personal data of all customers and collaborators.
We collect and use several types of data for the individuals we co-operate with, including Data by which subjects may be identified (“Personal Data” means any Data relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person), such as your first and last name, identity number, e-mail address, address and province, telephone number, education details and training records, employment Data, financial and / or banking Data, as well as other Data related to demographics, other (online) contact Data and possibly health related Data, etc.
Further to other media of collection, we collect and use on or through our Website including:
We collect and use your information under the following lawful bases:
We do not share your Personal Data with third parties except as indicated below:
We also disclose your Personal Data to other third parties, including official authorities, courts, or other public bodies:
We may disclose aggregated Data about our users, and Data that does not identify any individual, without restriction. In particular, we may transfer non-Personal Data and process it outside your country of residence. We may combine non-Personal Data we collect with additional non-Personal Data collected from other sources. We also may share aggregated Data with third parties, including advisors, advertisers and investors, for the purpose of conducting general business analysis.
The Data that we collect about you, including Personal Data, is safely stored and processed in Cyprus and/or in remote cases in the Countries within the European Union.
The period for which we keep your Personal Data that is necessary for compliance and legal enforcement purposes varies and depend on the nature of our legal obligations and claims in the individual case.
To the extent we have collected your Personal Data for purposes of provision of services, customer management, and customization of content (for descriptions of these purposes see above), we keep your Personal Data for as long as you have an account with us, as needed to provide you with our respective services and in compliance with relevant laws of Cyprus.
There are different legal bases that we rely on to collect, use and disclose your Personal Data, namely:
We take appropriate security technical and organisational measures (including physical, electronic and procedural measures) to safeguard your Personal Data from unauthorized access, unlawful use, intervention, modification or disclosure under the requirements of the Regulation. For example, only authorized employees are permitted to access Personal Data, and they may do so only for permitted business functions. In addition, we have trained our employees on how to handle, manage and process personal data, applied upgraded technical measures and transformed our policies and procedures in a way that will comply with the General Data Protection Regulation.
We reserve the right to use automated decision-making in the following cases: When deemed necessary to provide services to you, with your written, express consent, and if the appropriate measures have been taken to safeguard your rights.
We strive to provide you with choices regarding the Personal Data you provide to us.
You can choose not to provide us with certain Personal Data, but that may result in you being unable to use certain services.
When you register with us, you may be given a choice as to whether you want to receive email messages, newsletters or advertising material about product updates, improvements, special offers, or containing special distributions of content by us. If consented yet later on you decide you no longer want to receive commercial or promotional emails or newsletters from us, you will need to avail yourself of the unsubscribe mechanism set out in the applicable communication. It may take up to thirty days for us to process an opt-out request. We may send you other types of transactional and relationship e-mail communications, such as service announcements, administrative notices, and surveys, without offering you the opportunity to opt out of receiving them as these will related directly to your relationship with us.
If you provided Personal Data, you may terminate your relationship with us at any time as per the provision of the between us agreement or engagement. If you choose to do so, your Personal Data will be deleted in accordance with our retention policy.
Subject to the provisions of the General Data Protection Regulation, you have the following rights in regard to your Personal Data: (Please note, these rights are not absolute and in some cases, they are subjected to conditions as defined by law)
In case you require any clarification, additional data, wish to exercise any of your rights and/or have a complaint, you are kindly asked to contact the Data Protection Officer of our Institute:
Telephone: +357 22 397 539
In addition to the above, if you consider that the processing of Personal Data on the part of the Institute breaches the applicable legislation on data protection, you have the right to make a complaint to the competent supervisory authority, and in particular to the Office of the Commissioner for the Protection of Personal Data:
Office address: Iasonos 1, 1082 Nicosia
Postal address: P.O. Box 23378, 1682 Nicosia
Telephone: +357 22818456
Fax: +357 22304565