DATA PROTECTION AND PRIVACY POLICY – CAREER INSTITUTE OF CYPRUS

Privacy Policy

We are committed to protecting your privacy. In this Privacy Policy, we set out how we collect your personal data, how we use it, and what rights and choices you have in relation to the personal data we hold and process.

This Privacy Policy is separate and in addition to client confidentiality obligations, we may owe you. Please refer to the terms and conditions applicable to your engagement for further details.

Who decides why and how we process your personal data?

THE CAREER INSTITUTE OF CYPRUS determines why and how we process your personal data.

What personal data might we collect?

We collect different types of personal data for different reasons. This may include:

Contact information: Information such as your name, job title, postal address, home address where you provide this to us, business address, telephone number, mobile number, fax number and email address.

Payment data: Data necessary for us to process payments and implement fraud prevention measures, including credit/debit card numbers, security code numbers and other such relevant billing details.

Business details: Business information which we necessarily process as part of our instructions or projects we are involved in or otherwise provided by you voluntarily.

Compliance details: Information we are legally required to collect for compliance purposes, such as "know your client" information, details relevant to international sanctions and restrictive measures, and information about relevant and significant litigation, which may impact our ability to act.

Preferences: Information about your preferences, where it is relevant to the services we provide.

Platform information: Your password and other related log-in details for platforms maintained by THE CAREER INSTITUTE OF CYPRUS, where you have access to any.

Publicly available information: Information collected from publicly available resources, including but not limited to information collected from databases we use to carry out compliance checks or credit rating agencies.

Statutory Register Information: Information about you on account of an interest or office you may hold in or certain relationships you may have with a corporate entity, partnership, trust or other vehicle to which we provide services (each such entity, a Third Party Entity).

Details for events: In some cases, we may collect information about you, which may include sensitive information in relation to your health, for the purpose of tailoring our events to your needs. The processing of such data is based entirely on your consent. In the event that you do not want us to maintain such data, we may not be able to take the necessary precautions.

Details collected for funding reasons: In some cases, we may need access to your personal information, such as your place of employment, social insurance contributions and remuneration. This information will be used in order to apply for funding from the Human Resource and Development Agency as required by the rules and regulations that govern the funding of vocational training in Cyprus. If you are a company we may collect information from you regarding your employees and their remuneration, including your social insurance information. The above information/details will only be used for funding purposes and for no other reason. If you are applying for funding you accept that we will share the above information with the HRDA.

When do we collect your personal data?

We may collect personal data about you in various cases, such as:

  • When you or your organisation seek our services
  • When you make an application for registration on a seminar.
  • When you make an application for funding of a training seminar
  • When you or your organisation make an inquiry through our website, in person, over email or over the telephone;
  • When you attend a THE CAREER INSTITUTE OF CYPRUS seminar or other events we may organize, or sign up to receive communications from us, including training;
  • When a Third Party Entity engages us to provide services and you hold an office or an interest in or have certain relationships with that Third-Party Entity; or
  • When you or your organisation provide services to us or otherwise offer to do so.

In some circumstances, we may collect personal data about you from third parties. For example, we may collect personal data from your organisation, other organisations with whom you have dealings including Third Party Entities, government agencies, a credit reporting agency, an information or service provider, or from a publicly available record.

How will we use your personal data?

We will use your personal data for the following purposes (Permitted Purposes):

  • To provide educational services to you, or to tell you about our seminars;
  • To manage and administer your or your organisation's business relationship with us, including processing payments, accounting, auditing, billing, and collection or support services;
  • For compliance with our legal obligations (such as record-keeping obligations), compliance screening or recording obligations (such as under antitrust laws, export controls, trade sanction and embargo laws, for anti-money laundering, financial and credit check and fraud and crime prevention and detection purposes), which may include automated checks of your contact data or other information you provide about your identity against applicable sanctioned-party lists and contacting you to confirm your identity in case of a potential match or recording interaction with you which may be relevant for compliance purposes;
  • To provide updates, reminders, requests, and directions relevant to the role or capacity in which you are interested in a Third Party Entity.
  • To analyse and improve our services and communications to you;
  • To protect the security of and manage access to our premises, IT and communication systems, online platforms, websites, and other systems, preventing and to detect security threats, fraud, or other criminal or malicious activities;
  • To monitor and assess compliance with our policies and standards;
  • To identify persons authorised to trade on behalf of our clients, customers, suppliers and/or service providers;
  • To comply with our legal and regulatory obligations and requests anywhere in the world, including reporting to and/or being audited by national and international regulatory, law enforcement and tax reporting bodies;
  • On instruction or request from your organisation or a relevant Third Party Entity;
  • To communicate with you through the channels you have approved to keep you up to date on the latest legal developments, announcements, and other information about our services, products and technologies, including client briefings, newsletters and other information, as well as events and projects we may organise;
  • To comply with court orders and exercises and/or defend our legal rights; and
  • For any purpose related and/or ancillary to any of the above or any other purpose for which your personal data was provided to us.

Where you have expressly given us your consent, we may process your personal data also for the following purposes:

  • For customer surveys, marketing campaigns, market analysis, sweepstakes, contests or other promotional activities or events; or
  • To collect information about your preferences to create a user profile to personalise and foster the quality of our communication and interaction with you (for example, by way of newsletter tracking or website analytics).
  • To apply for funding of a vocational training seminar on your behalf via the Human Resource and Development Agency.

With regard to newsletters, legal updates and other general communications, you have the opportunity to opt-out of receiving such communications at any time. We will not use your personal data for taking any automated decisions affecting you or creating profiles other than those described above.

Depending on for which of the above-Permitted Purposes we use your personal data, we may process your personal data on one or more of the following legal grounds:

  • Because processing is necessary for the performance of a client instruction or other contract with you or your organisation or a Third Party Entity;
  • To comply with our legal obligations or
  • Because processing is necessary for purposes of our legitimate interest or those of any third-party recipients that receive your personal data, provided that such interests are not overridden by your interests or fundamental rights and freedoms.

We may also process your data based on your consent where you have expressly given that to us.

How will we share your personal data?

We may share your personal data in the following circumstances:

  • We may share your personal data between Third Party Entities on a confidential basis where this is required for the purposes set out above of or other products and services, as well as for administrative, billing and other business purposes.
  • We may disclose your contact details on a confidential basis to third parties for the purposes of collecting your feedback on the companies service provision, to help us measure our performance and to improve and promote our services;
  • We may share your personal data with companies providing services for money laundering checks, credit risk reduction and other fraud and crime prevention purposes and companies providing similar services, including financial institutions, credit reference agencies and regulatory bodies with whom such personal data is shared;
  • We may share your personal data with any third party to whom we assign or novate any of our rights or obligations;
  • We may share your personal data with courts, law enforcement authorities, regulators or attorneys or other parties where it is reasonably necessary for the establishment, exercise or defence of a legal or equitable claim, or for the purposes of a confidential alternative dispute resolution process;
  • We may also instruct service providers within or outside THE CAREER INSTITUTE OF CYPRUS, domestically or abroad, eg shared service centres, to process personal data for the Permitted Purposes on our behalf and in accordance with our instructions only. Career Institute of Cyprus will retain control over and will remain fully responsible for your personal data and will use appropriate safeguards as required by the applicable law to ensure the integrity and security of your personal data when engaging such service providers;
  • We may also use aggregated personal data and statistics for the purpose of monitoring website usage in order to help us develop our website and our services.

We will otherwise only disclose your personal data when you direct us or give us permission to do so, when we are required by applicable law or regulations or judicial or official request to do so, or as required to investigate actual or suspected fraudulent or criminal activities.

Can you refuse to share your personal data with us?

In general, we receive your personal data where you provide this on a voluntary basis, and there will typically be no detrimental effect for you if you wish not to provide this or otherwise withhold your consent for it to be processed. However, there are certain cases where we will, unfortunately, be unable to act without receiving such data, for example where we need to carry out legally required compliance screening or require such data to process your instructions or orders, or otherwise to provide you with our online services or communications.

Where it is not possible for us to provide you with what you request without the relevant personal data, we will let you know accordingly.

How do we keep your personal data safe?

We take appropriate technical and organisational measures to keep your data confidential and secure, by our internal policies and procedures regarding storage of, access to, and disclosure of personal data. We may keep your data in our electronic systems, in the systems of our contractors, or in paper files.

Personal data we receive from you about other people

Where you provide us with the personal data of other people, such as your employees, directors of your companies, or other persons you may have dealings with, you must ensure that you are entitled to disclose that personal data to us and that, without being required to take further steps, we can collect, use and disclose that data in the manner described in this policy. More specifically, you must ensure that the individual whose personal data you are sharing with us is aware of the matters discussed in this Privacy Policy, as these are relevant to that individual, including our identity, how to get in touch with us, the purposes for which we collect data, our disclosure practices, and the rights of the individual about our holding of the data.

Transfers of personal data abroad

The Career Institute of Cyprus is active across the world. This means that we may transfer your data abroad if required to do so for the Permitted Purposes. In certain cases, this may include transferring data to countries that do not offer the same level of protection as the laws of your country (such as the data protection legislation of the EU/EEA).

When making such transfers, we will ensure that they are subject to appropriate safeguards by the General Data Protection Regulation (Regulation 2016/679) or other relevant data protection legislation. This may include entering into the EU Commission’s Standard Contractual Clauses. Please get in touch at info@thecicy.com if you wish to obtain further information on the appropriate safeguards to which we are adhering.

All entities and offices within The Career Institute of Cyprus will ensure an adequate level of protection for your data at all times.

How long do we keep your data?

We delete your data once it is no longer reasonably necessary for us to keep it for the Permitted Purposes, or, where we have relied on your consent to keep your data, once you withdraw your consent for us to do so, and we are not otherwise legally permitted or required to keep the data.

Importantly, the Career Institute of Cyprus will keep your data as necessary for defending or making legal claims until the end of the period during which we may retain the data and otherwise until the settlement of any such claims, as relevant.

What rights do you have?

Subject to certain conditions under applicable legislation, you have the right to:

  • Obtain information regarding the processing of your data;
  • Request a copy of the personal data which we hold about you;
  • Have any inaccurate data we hold about you corrected;
  • Object or restrict our use of your data;
  • Ask that we not subject you to automated decision-making that uses your data;
  • Object to us using your data for direct marketing purposes;
  • Submit a complaint if you have concerns about how we are handling your data.

To do any of the above, please contact us at info@thecicy.com To enable us to process your request, we may require that you provide us with proof of your identity, such as by providing us with a copy of a valid form of identification. This is to ensure that we appropriately protect the personal data we hold from unauthorized access requests and comply with our security obligations.

We may charge you a reasonable administrative fee for any unreasonable or excessive requests we may receive, and for any additional copies of the data, you may request.

About complaints, we will promptly respond to your requests and complaints. If you are unhappy with our response, you may submit a complaint to the relevant privacy regulator. We can provide you with the details of the relevant regulator upon request.

Correcting and updating your data

Where any personal data you have provided us with has changed, or where you believe the personal data we hold is inaccurate, please let us know at info@thecicy.com. In addition, please note that if you hold an office or are interested in or have certain relationships with a Third Party Entity to which we provide services, you and/or the Third-Party Entity may have a contractual or legal obligation to notify us of any change within a prescribed period. We cannot be responsible for any loss that may arise due to us having any inaccurate, incomplete, inauthentic, or otherwise deficient personal data which you or a Third Party Entity have provided to us. Please also let us know if you wish to withdraw any requests.

Cookies

We may store cookies on your devices to deliver a better user experience for you on our websites. Please see our Cookies Policy

Get in touch

We would be happy to hear your views about our website and this Privacy Policy. Please let us know any questions, comments, or clarifications you may have at info@thecicy.com.

Changes to our Privacy Policy

This Privacy Policy was last updated on 01 January 2022. We have the right to update the contents of this Privacy Policy from time to time to reflect any changes in the way in which we process your data or to reflect legal requirements as these may change. In case of updates, we will post the revised Privacy Policy on our website. Changes will take effect as soon as the revised version is made available on our websites.

COOKIES POLICY

Our website collects some personal data from its users.

Policy summary

Personal data was collected for the following purposes and using the following services:

Analytics

Google Analytics

Personal Data: Cookies and Usage Data

Interaction with external social networks and platforms

LinkedIn button and social widgets, and Twitter Tweet button and social widgets

Personal Data: Cookies and Usage Data

Contact information

Owner and Data Controller

Chief Information Security Officer

Owner contact email: info@thecicy.com

Full policy

Owner and Data Controller

Chief Information Security Officer

Owner contact email: info@thecicy.com

Types of Data collected

Among the types of Personal Data that this Website collects, by itself or through third parties, there are Cookies and Usage Data.

Complete details on each type of Personal Data collected are provided in the dedicated sections of this privacy policy or by specific explanation texts displayed before the Data collection.

The Personal Data may be freely provided by the User, or, in case of Usage Data, collected automatically when using this Website.

All Data requested by this Website is mandatory and failure to provide this Data may make it impossible for this Website to provide its services. In cases where this Website specifically states that some Data is not mandatory, Users are free not to communicate this Data without any consequences on the availability or the functioning of the service.

Users who are uncertain about which Personal Data is mandatory are welcome to contact the Owner.

Any use of Cookies by this Website or by the owners of third-party services used by this Website serves the purpose of providing the service required by the User, in addition to any other purposes described in the present document and the Cookie Policy, if available.

Users are responsible for any third-party Personal Data obtained, published, or shared through this Website and confirm that they have the third party's consent to provide the Data to the Owner.

Mode and place of processing the Data

Methods of processing

The Data Controller properly processes the Data of Users and shall take appropriate security measures to prevent unauthorized access, disclosure, modification, or unauthorized destruction of the Data.

The Data processing is carried out using computers and/or IT-enabled tools, following organizational procedures and modes strictly related to the purposes indicated. In addition to the Data Controller, in some cases, the Data may be accessible to certain types of persons in charge, involved with the operation of the site (administration, sales, marketing, legal, system administration) or external parties (such as third-party technical service providers, mail carriers, hosting providers, IT companies, communications agencies) appointed, if necessary, as Data Processors by the Owner. An updated list of these parties may be requested from the Data Controller at any time.

Place

The Data is processed at the Data Controller's operating offices and in any other places where the parties involved with the processing are located. For further information, please contact the Data Controller.

Retention time

The Data is kept for the time necessary to provide the service requested by the User, or stated by the purposes outlined in this document, and the User can always request that the Data Controller suspend or remove the data.

The use of the collected Data

The Data concerning the User is collected to allow the Owner to provide its services, as well as for the following purposes: Analytics and Interaction with external social networks and platforms.

The Personal Data used for each purpose is outlined in the specific sections of this document.

Detailed information on the processing of Personal Data

Personal Data is collected for the following purposes and using the following services:

Analytics

The services contained in this section enable the Owner to monitor and analyze web traffic and can be used to keep track of User behavior.

Google Analytics (Google Inc.)

Google Analytics is a web analysis service provided by Google Inc. Google utilizes the Data collected to track and examine the use of this Website, prepare reports on its activities, and share them with other Google services.
Google may use the Data collected to contextualize and personalize the ads of its advertising network.

Personal Data collected: Cookies and Usage Data.

Place of processing: US

Interaction with external social networks and platforms

This type of service allows interaction with social networks or other external platforms directly from the pages of this Website.

The interaction and information obtained through this Website are always subject to the User's privacy settings for each social network. This type of service might still collect traffic data for the pages where the service is installed, even when Users do not use it.

LinkedIn button and social widgets (LinkedIn Corporation)

The LinkedIn button and social widgets are services allowing interaction with the LinkedIn social network provided by LinkedIn Corporation.

Personal Data collected: Cookies and Usage Data.

Place of processing: US

Twitter Tweet button and social widgets (Twitter, Inc.)

The Twitter Tweet button and social widgets are services allowing interaction with the Twitter social network provided by Twitter, Inc.

Personal Data collected: Cookies and Usage Data.

Place of processing: US

Additional information about Data collection and processing

Legal action

The User's Personal Data may be used for legal purposes by the Data Controller, in Court, or the stages leading to possible legal action arising from improper use of this Website or the related services.

The User declares to be aware that the Data Controller may be required to reveal personal data upon request of public authorities.

Additional information about User's Personal Data

In addition to the information contained in this privacy policy, this Website may provide the User with additional and contextual information concerning particular services or the collection and processing of Personal Data upon request.

System logs and maintenance

For operation and maintenance purposes, this Website and any third-party services may collect files that record interaction with this Website (System logs) or use for this purpose other Personal Data (such as IP Addresses).

Information not contained in this policy

More details concerning the collection or processing of Personal Data may be requested from the Data Controller at any time. Please see the contact information at the beginning of this document.

The rights of Users

Users have the right, at any time, to know whether their Personal Data has been stored and can consult the Data Controller to learn about their contents and origin, to verify their accuracy, or to ask for them to be supplemented, canceled, updated, or corrected, or for their transformation into anonymous format or to block any data held in violation of the law, as well as to oppose their treatment for any legitimate reasons. Requests should be sent to the Data Controller at the contact information set out above.

To determine whether any of the third-party services it uses honor the Do Not Track requests, please read their privacy policies.

Changes to this privacy policy

The Data Controller reserves the right to make changes to this privacy policy at any time by giving notice to its Users on this page. It is strongly recommended to check this page often, referring to the date of the last modification listed at the bottom. If a User objects to any of the changes to the Policy, the User must cease using this Website and can request that the Data Controller remove the Personal Data. Unless stated otherwise, the then-current privacy policy applies to all Personal Data the Data Controller has about Users.

Information about this privacy policy

The Data Controller is responsible for this privacy policy, prepared starting from the modules provided by iubenda and hosted on iubenda's servers.

Definitions and legal references

Personal Data (or Data)

Any information regarding a natural person, a legal person, an institution, or an association, which is, or can be, identified, even indirectly, by reference to any other information, including a personal identification number.

Usage Data

Information collected automatically from this Website (or third-party services employed in this Website), which can include: the IP addresses or domain names of the computers utilised by the Users who use this Website, the URI addresses (Uniform Resource Identifier), the time of the request, the method utilised to submit the request to the server, the size of the file received in response, the numerical code indicating the status of the server's answer (successful outcome, error, etc.), the country of origin, the features of the browser and the operating system utilized by the User, the various time details per visit (e.g., the time spent on each page within the Application) and the details about the path followed within the Application with special reference to the sequence of pages visited, and other parameters about the device operating system and/or the User's IT environment.

User

The individual using this Website, which must coincide with or be authorised by the Data Subject, to whom the Personal Data refers.

Data Subject

The legal or natural person to whom the Personal Data refers.

Data Processor (or Data Supervisor)

The natural person, legal person, public administration, or any other body, association, or organisation authorised by the Data Controller to process the Personal Data in compliance with this privacy policy.

Data Controller (or Owner)

The natural person, legal person, public administration or any other body, association or organization with the right, also jointly with another Data Controller, to make decisions regarding the purposes, and the methods of processing of Personal Data and the means used, including the security measures concerning the operation and use of this Website. The Data Controller, unless otherwise specified, is the Owner of this Website.

This Website

The hardware or software tool by which the Personal Data of the User is collected.

Cookies

Small piece of data stored in the User's device.

Legal information

Notice to European Users: this privacy statement has been prepared in fulfillment of the obligations under Art. 10 of EC Directive n. 95/46/EC, and under the provisions of Directive 2002/58/EC, as revised by Directive 2009/136/EC, on the subject of Cookies.

This privacy policy relates solely to this Website.

Latest update: November 2021

Terms of use

Copyright

All information on this website or any of our apps, including but not limited to designs, logos, text, graphics, information architecture, coding, documents, and information (content), is the property of THE CAREER INSTITUTE OF CYPRUS. The copyright trademarks and other intellectual property in the content are owned by THE CAREER INSTITUTE OF CYPRUS or its licensors.

You may read the content and make copies for your personal use. You may also download/print documents and information from this website to read it or circulate within your organisation so long as any copies you make are complete, unaltered, and properly attributed to The Career Institute of Cyprus. If you wish to use the information for any other purpose, you must obtain our prior written consent.  If you wish to ask for such permission or to obtain further information please contact the Career Institute of Cyprus at info@thecicy.com

Linking

You may not create any electronic links to this website or our apps without our prior consent. Please send any such requests to info@thecicy.com

The linked sites included in this website or our apps (if any) are not under the control of The Career Institute of Cyprus and are included for convenience only. We do not endorse or accept any responsibility for any content on or any software downloaded from any website linked to this website or our apps. The inclusion of any link does not imply an endorsement by the Career Institute of Cyprus of the linked website nor a relationship between us and the organisation providing the linked website.

Disclaimer

The content of this website and our apps are for general information purposes only for the clients and professional contacts of the Career Institute of Cyprus. No other use of the content is permitted without the prior written consent of the Career Institute of Cyprus.

The content does not purport to be comprehensive nor does it constitute legal advice and it should not be relied on or treated as a substitute for legal advice. While every effort has been made to ensure that the information contained on this website or our apps is complete and accurate at the date of publication, the Career Institute of Cyprus gives no warranty as to the adequacy, accuracy, or completeness of the information contained on this website or our apps, and accepts no liability arising from any inaccuracy or omissions in or the use of or reliance on the information contained in this website or our apps. The Career Institute of Cyprus accepts no responsibility for any loss of whatsoever sort and howsoever arising which might occur from reliance by any person on the content of this website or our apps. You should take formal legal advice on any particular matter. If you require legal advice on a matter, please contact your usual contact at the Career Institute of Cyprus.

© Copyright 2024 by Career Institute of Cyprus