The General Data Protection Regulation (GDPR) represents a change in the law relating to personal data and replaces existing data protection laws.
The GDPR came into effect on May 2018 and its aim is to increase transparency in relation to the way in which personal data is collected, stored and used. GDPR will give individuals more control on how their personal information is used.
Who we are
CS halls of residence is owned by Vagadinou Holding Limited, a Cyprus based real estate company with registered number HE 377559.
Our principal place of business is at 17 Vragadinou 3041 Limassol,Cyprus and our registered office is 3 Chrysanthou Mylona, Limassol 3030, Cyprus.
Telephone: +357 9699909;
The contact details of our data protection officer are: firstname.lastname@example.org
How do we collect Personal Data?
We collect and process different types of personal data which are received from our clients via:
- Our website, online forms, email, telephone or any other means of communication with you;
- Third parties such as your academic institutions or employers;
Information that we collect
We collect the following personal data:
- First and last name
- Telephone Number
- Date of Birth
- Home Address
- Such other contact details you have supplied us with
- Email/ Skype Address
- Passport / ID Card/ Driver’s License and/or such other biographical information/data which may confirm your identity, including your date of birth, passport number, national ID card details, nationality and/or country of domicile.
- Bank account details
- Any document/information related to your financial situation such as income, assets, liabilities, expenditures.
- Any information about your physical and/or mental health.
- Any information about your education, family, employment and such other information which might be necessary for the provision of any service to you or required by the relevant legislation from time to time.
- Information on how you use our website as well as internet protocol addresses, browser type and version, browser plug-in types and versions, time zone setting and location, operating system and platform and other technology on the devices you use to access our website.
Lawful reasons for collecting, processing and disclosing personal data
CS processes your personal information to meet our legal, statutory and contractual obligations and continue providing you with our services. We will never collect any unnecessary personal data from you and do not process your information in any way, other than already specified in this policy.
In accordance with GDPR we may rely on the following lawful reasons when we collect and process personal data to operate our business.
- Compliance with legal obligation: We may process your personal data to meet legal and regulatory obligations.
- Contract: We request and process your data to establish a co-operation with us.
- Consent: We rely on your freely given consent at the time you provide your personal data to us to establish co-operation with us. You have the right to withdraw consent at any time. However, any processing of personal data will not be affected prior to the receipt of the withdrawal.
- Health and safety: we rely on health and safety reasons when collecting and storing data concerning your health.
- Legitimate interests: We rely on the legitimate interests based on the evaluation that the processing of your personal data is private, reasonable and sensible. A legitimate interest translates to when there is a business reason to use our client’s information.
How we use your personal data and how it is stored
CS takes your privacy very seriously and your personal data is kept confidential. However, in order to be able to provide our services to you, and depending on the nature of such services we may share any information about you, amongst others, to:
- Courts or tribunals;
- Governmental and quasi-governmental authorities;
- Our delegates, other related/affiliated companies or other persons or entities assisting us in the performance of the services we provide to you or directly related to the performance of the services we provide to you, including but not limited to banks, professional advisors, accountants, lawyers etc.;
- Any other person or entity following any restructuring of CS, as long as it uses your data for the purposes of the provision of the services, we currently provide you.
We require any third parties to whom we provide your personal data to have appropriate measures in place to fulfil their obligation of compliance with the GDPR. When we share any information, as referred above, we ensure that any disclosure we make is compliant with GDPR.
What are your rights under GDPR?
GDPR gives you certain rights regarding the personal data we collect, process or disclose and that is related to you, including the:
- Right to access your personal data.
- Right to correct and rectify personal data concerning you.
- Right to erase personal data concerning you.
- Right to receive the personal data provided by you in a structured, commonly used and machine-readable format and to transmit those personal data to another data controller.
- Right in some cases to object to the use of your personal data.
- Right in some cases to restrict the processing of your personal data.
- Right to withdraw the consent given to us regarding the processing of your personal data at any time.
You can request the information we hold about you and exercise any of your above rights by sending an email at email@example.com
The above rights are subject to certain limitations and we may be entitled, subject to any applicable laws from time to time, to refuse requests where exceptions apply.
We might request for specific information from you to confirm your identity and ensure your right to access the information or to exercise any of your rights. This is to ensure that your data is protected and kept secure.
How Long We Keep Your Data
CS only retains personal information for as long as is necessary, based on the applicable laws, depending on the category of your data and the purpose for collecting it, and we have strict review and retention policies in place to meet these obligations.
Consequences of Not Providing Your Data
You are not obligated to provide your personal information to CS. However, as this information is required for us to provide you with our service, we will not be able to offer our services without it.
Changes to our policy
We may use your information for marketing purposes. If you object to receive any marketing emails from us at any time, please contact us at firstname.lastname@example.org.
Lodging a Complaint
Commissioner for Personal Data Protection
1 Iasonos str., 1082 Nicosia
P.O.Box 23378, 1682 Nicosia
Tel: +357 22818456
Fax: +357 22304565
For more information about the GDPR, you can visit the Information Commissioner’s Office website at www.dataprotection.gov.cy
The Information Commissioner’s Office is the independent organisation that upholds information rights in the public interest.
LAST UPDATED 28 January 2020