Privacy Policy

You are here:
  1. Home
  2. Privacy Policy

Introduction

  • The Foundation for the Management of European Lifelong Learning Programmes ("IDEP") wishes to be transparent about the data it collects and how it uses this data.  During the course of our relationship with you, we may collect and process personal data.

    The collection and processing of personal data is carried out in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 and the Protection of Individuals with regard to the Processing of Personal Data and the Free Movement of Such Data Act (L.125(I)/2018), as amended and other applicable data protection laws, as amended from time to time, This Privacy Statement describes the practices, types of personal data, how long we keep personal data, the type of data we collect and how long we keep it.

Our Authorities

  • When we process your personal data:

    • These are processed lawfully and transparently. This means that we provide you with information about the processing of your personal data (transparency), that the processing matches the description you have been given (fairness) and that it is based on at least one of the lawful bases set out in the GDPR Data Protection Certification Scheme (lawfulness).
    • They are collected for specified, explicit and legitimate purposes and are not further processed in a way incompatible with those purposes. ("purpose limitation"). This means that we specify exactly what personal data is collected, the purpose of its use, and limit the processing of personal data to only what is necessary to achieve the relevant purpose.
    • It is adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed ("data minimisation"). This means that we do not process any personal data beyond what is required.
    • They are accurate, and, where necessary, up to date. Every reasonable step is taken to ensure that personal data that are inaccurate, taking into account the purposes for which they are processed, are erased or rectified without delay ("accuracy").
    • They are kept in a form which permits identification of the data owners only for the period necessary for the purposes for which the personal data are processed ("storage restriction"). This means that where possible, we process personal data in a way that restricts or prevents the identification of the data controller.
    • Processing in a manner that ensures appropriate security of personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures ("integrity and confidentiality").

Categories of Personal Data

  • We process the following categories of personal data:

    For beneficiaries/potential beneficiaries: Contact details such as name, surname, business telephone number, fax number, e-mail address.
    For recruitment purposes: In addition to the above, personal characteristics such as date of birth, country of birth, study/degree information.
    For employees: In addition, payroll information, bank account details, etc.
    In the context of mobility, we may process personal data that fall under the special categories of personal data, in particular data concerning the health of the beneficiary/potential beneficiary and related to his/her physical health, as defined in the above mentioned European and Cypriot legislation.  In particular, data which are necessary for the appropriate financing and/or financial management of the beneficiary/potential beneficiary and which are related, inter alia, to transport, any adjusted distribution, any accompanying/assistant accompanying expenses, etc.

    If during the course of our business relationship there is a change to your personal data, you should ensure that the above details (as and where applicable) are updated by contacting us as soon as possible.

Purpose of Data Processing

  • We will process your personal data (as and where applicable) in order to:

    • The evaluation and selection of funding applications (e.g. participation in eTwinning, TCA, etc.)
    • Communicating with beneficiaries with ongoing studies on issues related to their studies (primary audits, participation in dissemination activities, etc.)
    • Recruiting and concluding agreements with partners.
    • Issues related to the employer-employee relationship.
    • Disseminating information about the Programme to potential beneficiaries and inviting them to information/dissemination activities organised by IDEP.

Legal Basis for Processing

  • We are committed to your confidentiality. As part of the values we stand for, we will always take into account your fundamental rights as a data owner. We process your personal data for the purposes set out above on the lawful basis that (i) the processing is necessary to comply with a legal obligation to which we are subject (ii) the processing is necessary for the performance of an agreement which you have entered into with us and in order for us to take steps at your request prior to entering into those agreements (iii) you have given your consent (if and where applicable) and (iv) the processing is necessary for the purposes of the legitimate interests we pursue.

    Where we decide to rely on explicit consent to process personal data, we will contact the data controller accordingly. Where consent is based solely on the achievement of a lawful basis for processing personal data, that data controller will have the right to withdraw that consent at any time.

Recipients of Personal Data

  • We disclose your personal data to the following categories of recipients:

    • Our auditors, trustees, lawyers, solicitors, valuers, consultants, accountants and other professional advisers (as they may be employed from time to time.)
    • Our IT Service Providers and other companies that assist us in the efficient operation of our business by providing concierge services, technological expertise, folder storage and file management, logistical services and solutions.
    • Banks and/or other financial institutions, payment service providers, insurance companies, and,
    • Public Authorities (where applicable), for the purposes described above.

    When we transfer personal data to countries outside the EEA, we make such transfers to a recipient (i) located in a country that provides an adequate level of protection for personal data or (ii) under appropriate safeguards in accordance with the provisions of applicable data protection laws (e.g., under an agreement in the form of standard data protection clauses adopted by the European Commission), the form of which is available at https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en.

    Your rights as a data controller
    Under the General Data Protection Regulation (GDPR), you have the following rights:

    • The right of access - you have the right to request a copy of the information we hold about you. You have the right to confirm whether or not we process your personal data and, where we do, to provide your personal data, together with certain additional information.  Such additional information includes, but is not limited to, details of the purposes of the processing, the categories of personal data concerned and the categories of recipients of the personal data.  The right to obtain a copy of your data does not adversely affect the rights and freedoms of others.
    • The right to rectification - you have the right to correct data we have about you that is incomplete or inaccurate. You have the right to correct any inaccurate personal data about you, and, taking into account the purposes of the processing, to complete any incomplete personal data about you. In such a case, please contact us at this address dpo@idep.org.cy.
    • The right to erasure (right to be forgotten) - where certain criteria are not met, you can request that the data we hold about you is deleted from our records. In certain circumstances you have the right to have your personal data deleted without undue delay.  These situations include where (i) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed (ii) you withdraw consent in the case where the processing is based solely on consent(iii) you object to processing which is based on our legitimate interests and there are no compelling legitimate grounds for the processing (iv) the processing is for direct marketing purposes (v) the personal data have been unlawfully processed (vi) the personal data have been subjected to unlawful interference by third parties (vii) the personal data have been processed for direct marketing purposes (viii) the personal data have been unlawfully processed for marketing purposes (viii) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed (viii) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
    • The above shall not apply where processing is necessary (i) for the exercise of the right to freedom of expression and information (ii) to comply with a legal obligation requiring processing under a law to which we are subject and, (iii) for reasons of public interest or for the establishment, exercise or defence of legal claims.
    • The right to restrict processing - where certain criteria are met, you can request and restrict processing. In certain circumstances you have the right to obtain from us the restriction of the processing of your personal data.  These situations include where (i) you dispute the accuracy of the personal data for a period of time that allows us to verify the accuracy of the personal data, (ii) the processing is unlawful but you object to the erasure and request restriction of use of the data instead (iii) we no longer need the personal data for processing purposes but you require personal data for the establishment, exercise or defence of legal claims (iv) and you object to processing based on legitimate interests
    • Where processing has been limited on the basis of the above, we will continue to store your personal data.  However, we will only otherwise process it (i) with your consent (ii) to establish, exercise or defend legal claims (iii) to protect the rights of another natural or legal person, or (iv) for reasons of important public interest.
    • The right to object to processing - you have the right to object to certain types of processing. You have the right to object to the processing of your personal data on grounds relating to your particular situation, but only to the extent that the legal basis for the processing is that the processing is not necessary for (i) the performance of a task carried out in the public interest or the exercise of any official authority vested in us, or (ii) the purposes of legitimate interests pursued by us or a third party.  If you make such a request, we will stop processing your personal data unless we have compelling legitimate grounds for the processing which override your interests, rights and freedoms, or if the processing is for the establishment, exercise or defence of legal claims.   In addition, you have the right to object where your personal data is processed for direct marketing purposes, including profiling.
    • The right to data portability - where certain criteria are met, you have the right to transfer the data we hold about you to another organisation.
    • You have the right to receive personal data that you have provided to us in a structured, commonly used and machine-readable format and the right to transmit this data to another data controller.  However, please note that this right to data portability only arises where (a) the processing is based on consent (as and where applicable) or is necessary for the performance of a contract to which you are a party, and (b) the processing is carried out by automated means (as and where applicable). In accordance with these requests, we will not adversely affect the rights and freedoms of others.
    • The right to withdraw consent (when and if the legal basis for "consent" is applicable) - where when certain criteria are met, you have the right to withdraw your consent. To the extent that the legal basis for processing your personal information is consent (where and when applicable), you have the right to withdraw consent at any time and such withdrawal will not affect the lawfulness of the processing prior to the withdrawal.
    • The right to lodge a complaint with a Supervisory Authority:

    You have the right to lodge a complaint with the Office of the Data Protection Commissioner in Cyprus at any time.

Retention of personal data

  • We will process and store your personal data for as long as we maintain the relationship and as required under applicable law. Your personal data may be retained for longer periods for the purposes of our legitimate interests in the event of the commencement of legal proceedings as well as in order to fulfil our legal and/or regulatory obligations.

Security

  • As part of our privacy policy, we process personal data that is adequate, relevant and limited to what is necessary in relation to the aforementioned purposes and we apply appropriate technical and organisational measures to ensure a satisfactory level of security appropriate to the risk involved. These measures are designed to prevent unauthorised or unlawful processing, accidental loss, destruction or damage to personal data.

Contact the Office of the Data Protection Commissioner

  • The Office of the Commissioner for Personal Data Protection (Commissioner) is the supervisory authority that regulates personal data in the Republic of Cyprus. You can contact the Commissioner in any of the following ways:

    Going to their website: dataprotection.gov.cy
    Phone: +357 22818456

    By email: commissioner@dataprotection.gov.cy
    Postal: Office of the Commissioner for Personal Data, 1 Iasonos Street, 1082 Nicosia, Cyprus.

Further Information

Modifications

    • This Privacy Notice is subject to regular review and is updated from time to time.  If necessary, we will notify you of changes as soon as possible.