How we use your personal information
This privacy notice aims to let you know how and for what purposes Cyprus College uses, processes, and looks after your personal information. Below we provide information about the processing of your personal data and the data protection rights you are afforded. The content and scope of the data processing are largely based on each of the products and services that you have requested or that have been agreed with you.
We process personal data in compliance with the provisions of GDPR and the applicable local legislation as amended from time to time. Mainly for compliance with legal obligations, for the performance of contractual obligations, and for the purposes of safeguarding our legitimate interests.
We may use your personal information for various purposes, including but not limited to:
- Providing academic and administrative services.
- Processing applications for admissions.
- Managing and maintaining student and employee records.
- Sending notifications and updates.
- Billing and financial transactions.
- Research and analysis to improve our services.
- Complying with legal and regulatory requirements.
- For marketing and communication with your consent.
Information We Collect
We process personal data that we receive from you in the context of our business and/or academic relationship. To the extent necessary and in order to provide our services we also process personal data that may also be obtained from publicly available sources.
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (known as “anonymous data”).
We may collect and process personal information in the context of our business and/or academic relationship, including but not limited to:
- Contact information (e.g., name, address, email, phone number).
- Educational and employment history.
- Financial information (e.g., billing details).
- Academic and administrative records.
- Information provided in communication with us.
Automatically Collected Information: We may collect certain information automatically when you interact with our websites and applications. This may include:
- Device information (e.g., IP address, browser type, device type).
- Usage information (e.g., pages visited, actions taken).
- Cookies and similar tracking technologies.
Some types of information are classified as ‘sensitive’ for the purposes of European data protection law and there are additional restrictions on how we may use and hold this information.
Generally, it is necessary to obtain your consent before we can hold and use such information. However, we may hold and use such information without consent for limited statutory purposes such as monitoring compliance with our equal opportunities policies and health and safety rules, or if necessary to protect your vital interests, for legal claims, or in the public interest.
We will always communicate to you the purposes for which we wish to use your sensitive information when it is being collected, and, if necessary, obtain your consent at that time. In such cases, you will be able to withdraw your consent at any time.
When applying online for a role with us on our careers website, applicants will need to supply sufficient information for us to be able to evaluate their application. We will usually require that you provide your name, contact details, details of your qualifications, skills, experience, employment history and information about your expectations. We may ask for other personal data (including special categories of data and criminal records) during your application or after we’ve made an offer, we will explain why and how it will be processed when it is requested. We may also collect personal data about you from third parties, such as references supplied by former employers or conduct background checks.
For more detail about our recruitment processes, please visit our website.
Who we disclose your personal data with
With regard to the transfer of data to recipients outside the university, we note that as an academic institution we are under a duty to maintain discretion with respect to student(s) related and other matters and assessments of which we acquire knowledge as an academic institution. We may disclose information that concerns you if we are legally required to do so pursuant the provisions of the GDPR, applicable local legislation as amended from time to time as well as any other relevant legislation.
We may disclose your personal data to third parties in order to comply with any legal obligation or in order to enforce or apply our terms and conditions, in response to legal requests or to protect our rights and other agreements and/or based on your consent/instructions.
Personal data is shared with (when required), including but not limited to:
- Service providers who assist in the operation of our services.
- Academic and administrative partners.
- Government and regulatory authorities when required by law.
- Governmental Institutions
- Accreditation Bodies
- Professional Bodies
- Research Institutions
- Insurance companies
- Hospitals & Private Clinics
- Funding Agencies / Partner Institutions submitting to Funding Agencies
- Partner Universities for Erasmus purposes
- Career Promotion Organizations
- Other private organizations offering assistance to students
When we share your information with third parties, we take all necessary actions to ensure the security and confidentiality of your data in accordance with the highest industry standards and will comply with all provisions and requirements of the provisions of this Privacy Notice and the local laws and regulations on the protection of personal data (as amended from time to time) and GDPR and any legislation to success it or complement it.
We carefully select and work with third-party service providers, partners, and entities who understand and adhere to the principles and obligations set forth in the GDPR.
We require that all third parties who have access to your data implement stringent security measures to protect your personal information. This includes measures such as encryption, access controls, and regular security assessments to mitigate risks and protect the confidentiality and integrity of your data.
Data transferred to a country outside the European Union
GDRP and the applicable local legislation as amended from time to time prohibits the transfer of personal information outside the European Economic Area (“EEA”) unless specific requirements are met for the protection of that personal information.
We assess whether the destination country or region offers an adequate level of data protection. In cases where the level of protection is not considered adequate, we implement measures, such as the use of Standard Contractual Clauses (SCCs) or other appropriate safeguards, to protect your data during the transfer.
Please note that if service providers in a third country are used, all reasonable and practicable measures will be taken to ensure that they will comply with the data protection level in Europe in accordance with the GDPR.
Any transfers to parties located outside the European Union will be in line with the legal and regulatory provisions of the GDPR and applicable local legislation as amended from time to time.
We are committed to upholding the highest standards of data protection and security, even when your data crosses international borders.
Why do we process your data (purpose of the processing) and on what legal basis
We process the aforementioned personal data in compliance with the provisions of GDPR and the applicable local legislation as amended from time to time.
We process personal data based on legal grounds, including:
- Legal Compliance: As an academic institution, we are subject to various legal obligations
- Contractual Obligations: To fulfill our contractual obligations with you.
- Legitimate Interests: To pursue our legitimate interests or those of third parties, provided they do not override your fundamental rights, interests and freedoms.
In more rare cases, we based on legal grounds such as:
- Vital Interests: In rare circumstances, we may process personal data to protect someone’s vital interests. This would typically involve situations where someone’s life or health is at risk, and the processing is necessary to protect them.
- Public Interests: As an educational institution, Cyprus College may process data when it is necessary for the performance of a task carried out in the public interest or in the exercise of official authority.
- Consent: In cases where we do not rely on other legal bases, we may obtain your explicit consent to process your data. You have the right to withdraw your consent at any time. Such consent-based processing will be clearly communicated to you, and you may be provided with the option to opt-in or opt-out.
On the basis of your consent
In certain circumstances (e.g. marketing), we rely on your explicit consent as the legal basis for processing your personal information. When we request your consent, we will present you with clear and specific information about the data processing activity and its purpose, allowing you to make an informed decision.
You have the right to withdraw your consent at any time. If you choose to withdraw your consent, it will not affect the lawfulness of the processing that occurred before the withdrawal.
Please note that we will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so
What data protection rights you have
The following are the rights you have pursuant to the provisions of the GDPR and the applicable local legislation (as amended from time to time) in relation to the data protection including:
- Access: You have the right to request access to the personal data we hold about you. This includes the right to obtain confirmation whether your data is being processed and to receive a copy of your data in a structured, commonly used, and machine-readable format.
- Rectification: You can request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
- Erasure: You can request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no valid reason for us continuing to process it. Please note however that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
- Objection: Subject to the legal basis on which the processing activity is based, you can object to processing of your personal data. We will cease processing your data unless there are compelling legitimate grounds for the processing that override your interests, rights, and freedoms.
- Restriction of Processing: You can request the restriction of processing of your personal data in certain situations. When this right is exercised, we may continue to store your data but will not process it further without your consent or for legal purposes.
- Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format and, where technically feasible, request that we transmit your data to another organization.
- Withdraw Consent: In case the processing of the data is performed subject to your consent, you may withdraw consent at any time where we are relying on consent to process your personal data. However, we note that this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will of course advise you if this is the case at the time you withdraw your consent.
- Note that we behold the right to charge you with an administrative fee, in cases where requests are deemed manifestly unfounded or excessive, in particular because of their repetitive character.
- Exercising Your Rights:
Your data protection rights are an essential part of your privacy, and we are committed to facilitating the exercise of these rights in a transparent and lawful manner.
If you choose not to give your personal information
In the context of our relationship we may need to collect personal information by law, or under the terms of a contract we have with you. Without this data, we may, in principle, not be in a position to close or execute a contract with you.
If you choose not to give us this personal information, it may delay or prevent us from meeting our obligations. It may also mean that we cannot perform services needed to efficiently provide you with our services. Any data collection that is optional would be made clear at the point of collection.
To what extent we carry automated individual decision-making, including profiling
In establishing and carrying out a business relationship, we generally do not use automated individual decision-making, including profiling. If we use this procedure in individual cases, we will inform you of this separately.
Online Teaching and Learning
Information on the processing of student personal data via the online platforms used by the Cyprus College for online learning and teaching purposes is provided in the separate notice on “Online Teaching and Learning – Personal Data”, which is available at https://cycollege.ac.cy/en/policy-for-online-teaching-and-learning/.
We are dedicated to ensuring the protection of your privacy and the exercise of your data protection rights. If you have any queries, questions, concerns, or if you wish to exercise your data protection rights, please do not hesitate to reach out to us.
You can contact us as noted below or by using the link: Cyprus College – Data Subject Privacy Rights Request.
Your privacy, inquiries, and concerns are of utmost importance to us. We are committed to addressing your needs and providing the necessary support in a timely and transparent manner.
When you visit our website, our system automatically collects information about your visit, such as your browser type, your IP address and the referring website. You can set your browser not to save any cookies of this website and you may also delete cookies automatically or manually. However, please note that by doing so you may not be able to use all the provided functions of our website in full.
We are dedicated to maintaining the security of your personal information and employ reasonable measures to safeguard it. We have put in place appropriate security measures to prevent your personal data from being accidentally lost, destroyed, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
We continuously monitor and update our security measures to mitigate risks and protect your data to the best of our ability.
How long we keep your personal information
We will retain your personal information for as long as necessary in accordance with applicable laws and other regulations. The specific retention period may vary depending on the nature of the data and the legal requirements imposed upon us. Our commitment is to ensure that your personal information is only retained for the duration required to fulfill the purposes for which it was collected and to comply with our legal obligations. We will regularly review and assess the need for retaining your information and will securely dispose of it when it is no longer needed, in a manner consistent with our data retention policies and applicable legal requirements.
Who is responsible for the data processing and who you can contact
The entity responsible for your data processing is:
EUROPEAN UNIVERSITY- CYPRUS LTD – Cyprus College Nicosia (HE 83353)
6 Diogenous Street, 2404 Egkomi, Nicosia, Cyprus
Telephone: +357 22713000
Fax: +357 22662051
SPS INSTITUTE OF EDUCATION LTD – Cyprus College LimassolC(HE 57275)
56 Arch. Makariou III Avenue, 3065 Limassol, Cyprus
Telephone: +357 25867300
Fax: +357 25867400
Data Protection Officer contact details:
6 Diogenous Street, 2404 Egkomi, Nicosia, Cyprus
Telephone: +357 22559665
We take your privacy seriously and are committed to resolving any issues promptly. If you have any questions, or want more details about how we use your personal information, you may contact us at the above contact details and we will be happy to provide you with further details.
Note: Cyprus College website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and we are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.