The Pafos Innovation Institute (PII) recognises that data collection and personal privacy are important issues in the digital economy and online commerce.
PII collects, processes and stores data following the General Data Protection Regulation (GDPR) as of 25 May 2018.
This policy explains what types of information will be collected from students and the public when they interact with PII, including through our website, and how this information will be used.
I. GENERAL INFORMATION
1. SCOPE OF DATA PROCESSING
1. 1. Personal data
- PII processes personal data that we receive from you in the context of our business and/or academic relationship, including collecting and processing your personal data/information.
- Personal data, or personal information, means any information from an individual from which that person can be identified. Personal information PII will collect from students includes, for example:
- Full name
- Contact details
- Residency details
- Details of your education and work experience
- Personal identification documents and numbers
- Health information including information about your health insurance
- Details about your parents and family
- Examination transcripts and results.
- The PII collects, processes and uses your personal data insofar as it is necessary for operating a functional educational institution and delivering our online content and services, including the PII website. Generally, it is necessary for PII to obtain your consent before we can collect and use such information. The only exception to this is where it is technically impossible for us to obtain prior consent and processing of the data.
1.2 Data collected through your interaction with our website
- Every time the PII website is accessed, our system automatically records data and certain information concerning the accessing computer/user. The data is compiled in log files on our system, whereby the IP address is truncated immediately after collection. Personal profiles cannot be generated based on truncated IP addresses. This data is not stored with other personal data of the user.
1. 3. Cookies
1.4 Data collected by third parties and external service providers
2. DELETION OF DATA AND DATA STORAGE PERIOD
2. 1. Personal data
- Your personal data will be deleted or locked as soon as the purpose for which it has been collected has been fulfilled. Data may remain on record beyond this period if such is specified in European or national legislation from European Union Regulations, laws or other provisions to which the PII is subject.
- Data will be locked or deleted if a storage period specified in the above standards expires unless the conclusion or fulfilment of a contract requires the data to remain on record further.
2.2 Data collected through your interaction with our website
- The temporary storage of the IP address on our server is necessary for granting the user’s system access to the PII website. For this purpose, the user’s IP address must remain stored on the PII server for the duration of the session.
- Data storage in log files is required to ensure the functionality of the PII website. Furthermore, the data enables us to optimise the website and guarantee the security of our IT systems. Data analysis for marketing-related purposes is not performed in this context.
- The purposes described in 2.2 a. and b. constitute the PII’s legitimate interests in data processing under Art. 6 (1 f) GDPR. The PII website cannot be provided without recording the data, and the operation of the site on the Internet is impossible without storing the data in log files.
- The data is erased as soon as it is no longer required for the purpose it was requested. Data collected for website availability is deleted when the respective session has ended.
- Cookies are technically necessary to simplify using websites. Several of our website’s functions will not work without using cookies. These functions require the browser to be recognised again after leaving and returning to our website.
- User data collected via technically required cookies is not used to create user profiles.
- The purposes described in 2.3 a. and b. constitute the PII’s legitimate interests in data processing under Art. 6 (1 f) GDPR.
- Cookies are stored on your computer and transferred to our site. Consequently, you as the user, have full control over how cookies are used. By changing the settings in your web browser, you can deactivate or restrict the transmission of cookies to external websites. You can also delete all saved cookies on your system at any time. Restrictions on cookie usage can be managed automatically by your browser. If you disable cookies for the PII website, you may no longer be able to use the site’s full range of functions.
2.4 Data collected by third parties and external service providers
- You can prevent cookies from being installed by third parties using the appropriate setting in your browser software; however, you may not be able to use all functions on the PII website, especially the search and video functions. By using these search query fields, you agree that the data search engine operator collects about you may be processed in the manner previously described and for the purposes described in Article 1.4.a.
- The PII makes available content from external sources, which can be, for example, photographs, documents, videos. In the process, personal data such as IP address, date of access and the like are transferred to the external source. Please note that the PII has no influence on the storage duration or possible analysis of such data.
3. YOUR RIGHTS
If your personal data is processed, you are a data subject, as defined in the GDPR and consequently have the following rights:
3.1. Right of access
- You are entitled to request information from the PII (the “Controller”) on whether we are processing any personal data related to yourself.
3.2. Right to rectification
- You are entitled to request that the PII corrects and/or completes your personal data if this data is incorrect or incomplete. The PII is obliged to do so without delay.
- Where data is processed for research or statistical purposes, the right of rectification can be restricted if it may prevent or seriously impede the achievement of the specific purposes and if the restriction is required to fulfil the research and statistical purposes.
3.3. Right to restriction of processing
- You can request limits to the processing of your personal data if the following applies:
(1) If you contest the correctness of your personal data for a period that allows the PII to check the data’s correctness
(2) Processing of the data is illegal, and you object to the deletion of the data in favour of restricting the personal data’s use;
(3) The PII no longer requires the personal data for processing, but you need it to assert, exercise, or defend a legal claim; or
(4) You have objected to processing under Art. 21 (1) GDPR and it has not yet been established whether the PII’s legitimate interests outweigh your own.
3.4. Right to erase
- You can request that the PII delete your personal data immediately; the PII is then obliged to delete the data immediately, provided one of the following conditions applies:
(1) Your personal data is no longer required to achieve the purposes for which it was collected or otherwise processed.
(2) You withdraw your consent under which processing became legitimate as per Art. 6 (1 a) or Art. 9 (2 a) GDPR, and there is no other legal basis for processing.
(3) You object to processing as per Art. 21 (1) GDPR and your objection is not overridden by legitimate reasons for processing, or you object to processing as per Art. 21 (2) GDPR.
(4) Your personal data has been processed unlawfully.
(5) Deletion of your personal data is necessary for the PII to fulfil a legal obligation imposed by European Union law or the national laws of European Union member states.
(6) Your personal data has been collected in connection with the offer of information society services as per Art. 8 (1) GDPR.
3.5. Notification obligation
- If you have asserted your right to rectification, erasure or restriction of processing against the PII, the PII is under obligation to notify all recipients to whom your personal data has been disclosed of the corresponding rectification or erasure of data or of the restriction of their processing. The PII is exempted from this obligation where such notification proves impossible or unreasonable.
3.6. Right to data portability
- You have the right to receive the personal data concerning yourself that you have provided to the PII and receive the data in a structured, commonly used and machine-readable format. You are also entitled to transmit this data to another controller.
3.7. Right to object
- You are entitled to object against the processing of your personal data where processing is legitimised by Art. 6 (1 e or f) GDPR; this applies in equal measure to profiling legitimised by these provisions.
- Where data is processed for research or statistical purposes, the right to object can be restricted if it may prevent or seriously impede the achievement of the specific purposes and if the restriction is required to fulfil the research and statistical purposes.
3. 8. Right to withdraw your consent under data protection law
- You are entitled to withdraw your consent under data protection law at any time. Your withdrawing consent does not affect the legitimacy of any processing that has occurred with your consent prior to withdrawal.
3.9. Automated individual decision-making, including profiling
- You have the right not to be subject to any decision that entails legal implications for yourself or has similar, substantially adverse effects on yourself if said decision is based solely on automated processing; this includes profiling.
3.10. Right to seek clarifications and to complain
- If you believe that processing of your personal data is in breach of the GDPR, you have the right to seek clarification from the Data Protection Officer at the PII (see below) and to lodge a complaint with a supervisory authority, particularly in the EU member state where you, your place of work, or the locale of the alleged infringement are located.
4. NAME AND ADDRESS OF THE RESPONSIBLE CONTROLLER
- The GDPR, national data protection laws, and other privacy regulations require the PII to act as a responsible entity (“Controller”). For the purposes of this policy, the Controller is:
Pafos Innovation Institute
69, Neophytos Nicolaides Street
Ph: +357 22673726
5. NAME AND CONTACT DETAILS OF DATA PROTECTION OFFICER
- The GDPR, national data protection laws, and other privacy regulations require the PII to appoint a Data Protection Officer. For the purposes of this policy, the Data Protection Officer is:
Dr Vera Lipton
Tel :(+357) 22