Privacy Notice

Privacy Notice

INTRODUCTION

CYENS – CENTRE OF EXCELLENCE (“CYENS”, “we” “us”, “our” or “ours”) takes your privacy seriously and is committed to ensuring that your privacy is respected and protected in accordance with the provisions of the EU General Data Protection Regulation 2016/679, effective as of 25.05.2018 (the “GDPR”) and the Protection of Natural Persons with regard to the Processing of Personal Data and for the Free Movement of such Data Law 125(I)/2018, as amended and as may be amended or replaced from time to time, effective as of 31.07.2018 (the “Cyprus Personal Data Law”).

This Privacy Notice (the “Privacy Notice”) is addressed to:

  • All natural persons who have been registered to participate to CYENS Exhibitions, Conferences and Events, including in particular Exhibitors, Speakers and Instructors.

With this Privacy Notice we inform you on the way we handle and treat your personal data, including, inter alia, the nature of the personal data we collect and process, the purpose of the processing, the recipients of your personal data, how long we keep your personal data, how we secure your personal data, as well as the rights you have in respect of your personal data held by us.

Personal Data: means any information relating to you which identify or may identify you. Personal data does not mean any data that is anonymized or that cannot identify you in any way.

 

WHO IS RESPONSIBLE FOR YOUR PERSONAL DATA (DATA CONTROLLER)

CYENS is the data controller of your personal data and has the responsibility of the collection, management, handling and processing of your personal data.

CYENS – CENTRE OF EXCELLENCE

Dimarchou Lellou Demetriadi, Nicosia 1016, Cyprus

 

WHAT PERSONAL DATA WE COLLECT

(a) information about you: Name, surname, language, gender, country of origin.

(b) information to contact you: telephone/mobile number, email address and social media accounts.

(c) information on your employment: job title, position, hire dates (start date, end date).

(d) information of any referees and the content of references they provide

(e) information about your educational and professional background: academic and professional qualifications, education level, studies, training, profession, occupation, employment and working history, performance evaluations, skills and similar information related to employment as well as professional work portfolio.

(f) CCTV data: CCTV footage

(g) photographs & video recording

(h) any other information necessary for managing our relationship

(i) information you voluntarily provide to us.

On, before or during your registration process with CYENS as well as during your participation, we may request and process additional personal data, provided always that we are legally entitled do so. If we ask you to provide any other personal data not described above, then the personal data we will ask you to provide, and the reasons why we ask you to provide it, will be made clear to you at the point we collect it. If we ask you to provide personal data that we consider to be mandatory for us to perform the purpose for which the data was originally collected, we will inform you of such at the time of collection. In addition, we will also inform you of the consequences for not providing us with such mandatory personal data. 

Most often, the personal data we collect from you is collected directly from you. In some cases, we may collect personal data about you from third parties or other sources, including, without limitation:

  • automatically: through technologies which give us information about you, for example from publicly accessible sources, such as Linkedin, etc., where we collect your full name, email, work history, and other data included on your profile) 
  • from third parties who introduce you to us: we may obtain personal information about you from third party sources, by way of introduction. For example, we may be passed your details by other parties within the industry/our clients as a potential speaker, exhibitor etc.

In most circumstances, we will get your permission before we collect personal data about you from a third party. 

Some types of personal data is classified as “sensitive” for the purposes of the GDPR e.g. health data, demographic data to help us understand the diversity of our workforce (such as race, ethnicity, religious or spiritual beliefs, sexual orientation and disability), political opinions, biometric data, genetic data or trade union membership where, except for limited statutory purposes (article 9 (2) of the GDPR), it is necessary to obtain your explicit consent before we can collect, hold and use such sensitive personal data. If we collect any sensitive personal data from you to use it for reasons other than based on the foregoing exceptions, we will obtain your consent at the time of collection. You have the right to revoke your consent however any processing prior to the receipt of such revocation will not be affected.

 

WHAT LEGAL BASES WE USE & THE PURPOSES OF PROCESSING

Your personal data is collected and processed solely for the purposes of and in the context described in this Privacy Notice and is based on the following legal bases and for the following purposes:

  • for deciding on whether or not we will enter into an agreement with you (article 6 (1) (b) of the GDPR): to assess your skills, qualifications and suitability for an exhibition, conference or other event and make a decision on whether we will register you as a participant thereof.
  • for performing the terms of the contract entered into between us and you (article 6 (1) (b) of the GDPR) and for the purposes of our and your legitimate interests such as to effectively evaluate your qualifications, manage our relationship with you, ensure that we pursue appropriate candidates and participants and manage and deliver the exhibition, conference or event (6 (1) (f) of the GDPR). Please note that when processing your personal data based on the legal basis of legitimate interest, we always seek to maintain a balance between our legitimate interest and your privacy.
  • when you have provided us with your (explicit) consent (Article 6 (1) (a) – 9 (2) (a) of the GDPR), for example if we offer you the opportunity to participate in our optional recruiting programs. You have the right to revoke your consent however any processing prior to the receipt of such revocation will not be affected.
  • for fulfilling a legal obligation (Article 6 (1) (c) (where applicable), such as regarding public health and workplace safety.

The purposes include:

  • to contact you about the progress of your application or registration;
  • to identify and evaluate you, as a candidate and registrant, for potential participation in exhibitions, conferences of events, as well as for future opportunities that may become available;
  • to keep in touch with you regarding future business opportunities that may become available;
  • to maintain records in relation to exhibitions, conferences and other events;
  • fostering our diversity and inclusion programs and practices;
  • protecting our legal rights to the extent authorized or permitted by law;
  • generally, comply with applicable law.

We may as well use your personal data to protect your vital interests, or those of another person (article 6 (1) (d); for example, we may need to share your personal data with third parties for security reasons (when we believe in good faith that disclosure is necessary to protect our rights, protect your or others’ safety, to investigate fraud, or respond to a related government request).

Your personal data will only be used for the purposes for which we have collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for unrelated purposes, we will notify you and we will explain the legal basis which allows us to do so.

We may have to process your personal data without your consent or knowledge, but only when required to do so by law. We will not make any decisions on the automated processing of personal data without your consent. We also process your personal data to prevent fraud and ensure the security of all aspects of our business.

 

WITH WHOM WE SHARE YOUR PERSONAL DATA

We reserve the right to disclose and share the personal data we collect or you share with us with sub-contractors or third party recipients. When sharing your personal data and the personal data of your child(ren) with third parties, we comply with our legal and regulatory obligations in relation to your personal data, including, without limitation, ensuring that all third party recipients have access to your personal data on a strictly “need to know” basis so that they can fulfil the obligations they have undertaken against and properly provide their services to CYENS, that such third party providers process your personal data and the personal data of your child(ren) exclusively on our behalf and according to our instructions, that such persons will comply with the GDPR and the Cyprus Personal Data Law and maintain appropriate safeguards in place by entering into, where necessary, “data processing agreements ” pursuant to article 28 of the GDPR.

Your personal data may be shared with or accessed by the following recipients:

The above is a non-exhaustive list of persons and entities with whom we might (depending on the circumstances) share your personal data with. There may be other instances and persons to whom we may disclose your personal data as applicable.

In general, except to the extent necessary to accomplish the purposes described in this Privacy Notice, we will not disclose your personal data to third parties and we will not share or sell or market your personal data to third parties or otherwise use your personal data for commercial purposes.

 

TRANSFER OF YOUR PERSONAL DATA OUTSIDE THE EEA

We do not transfer your personal data to countries outside the EEA (European Economic Area) i.e. the EU Member States plus Iceland, Liechtenstein and Norway. 

Exceptionally, your personal data may be transferred to countries outside the EEA if:

(a) this is required for fulling our contractual obligations;

(b) you have granted us your consent;

(c) this is required by law.

Processors in countries outside the EEA, which are not considered ensuring an adequate level of protection of personal data by the EU Commission or a national data protection authority (the so called “Unsafe Third Countries”) are obliged to comply with the data protection level in Europe and provide appropriate safeguards in relation to the transfer of your personal data in accordance with article 46 of the GDPR. Where we use agents/service providers located in such Unsafe Third Countries we will ensure that they (i) apply the level of protection required under the GDPR and (ii) act in accordance with our written instructions and our policies and standards and. Any cross-border transfer of your personal data outside the EEA will be performed by us in line with the applicable provisions of the GDPR and the Cyprus Personal Data Law, such as by using the European Commission’s standard contractual clauses.

 

FOR HOW LONG WE KEEP YOUR PERSONAL DATA (RETENTION PERIOD)
  • When you are applying to be registered with an Exhibition, Conference or Event and attend our premises:
    In case you provide us with your personal data for the purposes of accepting you to participate to one of our Exhibitions, Conferences or Events but we do not accept you, we will securely keep your personal data for up to three (3) months or any other period of time (less or more) required for completing the procedure prior to taking our decision whether or not to accept you.  When we decide not to accept you, your data will be deleted or destroyed or anonymized or if this is not possible (e.g. because your personal data has been stored in backup archives), then we will store it in a way which means it will be isolated and no longer be used by us until deletion is possible, at the latest after we have taken our final decision hence the reason of collecting your personal data has ceased to exist, unless you give us your consent in writing to retain your personal data for the purposes of possible future participation with CYENS Exhibitions, Conferences or Events.
  • When you are registered with an Exhibition, Conference or Event and attend our premises:
    In case you provide us with your personal data for the purposes of accepting you and we do accept you for participation to an Exhibition, Conference or Event your personal data submitted by you before your acceptance as well as other personal data we may request from you from time to time during your participation to such Exhibition, Conference or Event, will be retained and securely stored by us for as long as is needed to fulfil the purposes outlined in this Privacy Notice or for as long as we have a legitimate business interest that is not outweighed by your data protection interests or fundamental rights and freedoms. Generally, this means we will keep your personal data during the period of your participation to the Exhibition, Conference or Event and for an extended reasonable period after your participation to the Exhibition, Conference or Event has expired or terminated, to meet our statutory obligations or defend our legitimate interests for purposes of, inter alia, complying to any audits, and/or defending or initiating any claims and/or for analysis or historical record-keeping and/or complying with our information management policies and schedules and/or for achieving the purposes for which they have been collected. We may as well keep your data for as long as is reasonably necessary for the purposes of our academic research (where applicable). In these cases your personal data will be removed and deleted at the latest after this reason has ceased to exist. 

Where we no longer require your personal data and we have no ongoing legitimate business interest to process it or where you exercise your right of erasure, we will ensure that it is either securely deleted or destroyed or anonymized or if this is not possible (e.g. because your personal data has been stored in backup archives), then we will store it in a way which means it will be isolated and no longer be used by us until deletion is possible.

 

WHERE WE STORE & HOW WE SECURE YOUR PERSONAL DATA

CYENS is committed to ensuring that your personal data is and remains secure and confidential.  In order to prevent unauthorized access, use or disclosure of your personal data, we have put in place suitable physical, electronic and managerial procedures and organizational and technical measures to safeguard, secure and protect the personal data that we collect for you, by utilizing practices that are consistent with the industry standards, such as limiting access to your personal data, secured networks and encryption.  Our security technologies and procedures are regularly reviewed to ensure that they are up to date and effective. We will take all steps reasonably necessary to ensure that your personal data is treated securely and in accordance with this Privacy Notice, the GDPR and the Cyprus Personal Data Law.  

The personal data you provide to us is stored securely with encryption systems in place for safe transmission of data. Unfortunately, the transmission of information via the internet is not completely secure and there cannot be assurance of absolute protection, no matter what reasonable security measures are taken.  We minimize the risks as much as possible according to the security guidelines we follow. While we take reasonable steps to protect all information submitted to us and/or received by us in accordance with the Privacy Notice, we cannot, in any event, guarantee the security of any personal data transmitted to us via e-mail and, in general, through the internet, and as such any transmission is at your own risk and we cannot be responsible for data breaches that occur outside of our reasonable control. We will, however, follow all applicable laws in the event a data breach occurs, including taking reasonable measures to mitigate any harm as well as notifying you of such breaches as soon as possible.   

Certain other personal data you provide to us in paper form is stored in designated secure spaces within our premises where no unauthorized access is permitted.   

All of our partners, employees, consultants, workers and data processors, who have access to, and are associated with the processing of your personal data, are obliged to respect the confidentiality and security of such personal data and comply with the GDPR and the Cyprus Personal Data Law.   

 

CCTV SURVEILLANCE  

The use of CCTV (Closed Circuit TeleVision) constitutes automated processing of personal data (pictures/images) and is protected under the GDPR. CYENS has legally installed CCTV Surveillance Cameras at various places which record only images (not sound), therefore your image may be recorded by the CCTVs when you pass from those places. On where CCTVs are placed, how we use, process, retain and delete your personal data collected through the CCTVs as well as the purposes for collecting it, please refer to “CYENS CCTV Privacy Notice” which can be obtained from our DPO by using the details to the “Contact Us” section below.

 

PHOTOGRAPHS (VISUAL IMAGES) AND /OR VIDEO RECORDINGS

CYENS, from time to time, organizes Exhibitions, Conferences, Events or other Activities, to which, as a CYENS supplier or service provider, may be required or willing to participate. CYENS may engage professionals or instruct other persons to take photos or record videos of the participants to such gatherings for the purpose of posting them to their website or their social media or submitting them to supervision authorities or other entities requiring such material or in any other way publishing them to document the success of the event. Therefore, your image may be captured or recorded at any time during the time of the event you are participating. On how we use, process, retain and delete your photos and/or video recordings collected during an Exhibition, Conference, Events or other Activities please refer to “CYENS Photograph & Video Recording Privacy Notice” which can be obtained from our DPO by using the details to the “Contact Us” section below.

 

WHAT RIGHTS DO YOU HAVE REGARDING YOUR PERSONAL DATA

You have the following rights exercisable any time free of charge:

  • Right of Access: You have the right to request access and receive information from us regarding the processing of the personal data we hold about you (article 15 of the GDPR)
  • Right to Rectification: You have the right to request that we rectify and/or correct and/or complete any of the personal data we hold about you that is incorrect or incomplete (article 16 of the GDPR)
  • Right to Erasure: You have the right, in the event that the requirements specified in article 17 of the GDPR have been met, to request the erasure of the personal data we hold about you. Accordingly, you may request the erasure of your data, for instance, if it is no longer necessary for the purposes for which it was collected. Furthermore, you can also request erasure if we process your data on the basis of your consent and you withdraw this consent (article 17 of the GDPR)
  • Right to Restriction of Processing: You have the right to request the restriction of the processing of the personal data we hold about you if the requirements specified under article 18 of the GDPR have been met. This is the case, for example, if you dispute the accuracy of your personal data. You may then request that processing is restricted for as long as it takes to examine the accuracy of your personal data (article 18 of the GDPR).
  • Right to Data Portability: Provided that the data processing is based on consent or on the fulfilment of a contract and that it is also carried out using automated processing, you have the right to request and receive the personal data we hold about you in a structured, common and machine-readable format and to forward it to another data controller (article 20 of the GDPR).

Right to Object: If processing is based on our legitimate interest, you have the right to object to the processing of the personal data we hold about you. An objection is permissible if processing is either in the public interest or on account of a justified interest of CYENS or a third party (article 21 of th GDPR).

  • Righ to Withdraw Consent: If we rely on your consent (or explicit consent) as our legal basis for processing the personal data we hold about you, you have the right to withdraw that consent at any time. However, the withdrawal of your consent (or explicit consent) shall not affect the lawfulness of processing based on such consent before its withdrawal (article 7 of the GDPR).
  • Right to Raise Concern: You may exercise your above rights or contact CYENS to raise any concerns or request information on the processing of the personal data we hold about you by contacting the Data Protection Officer (DPO) of CYENS at the details provided in clause 12 below (Article 38(4) GDPR).
  • Right to lodge a complaint: If at any case, you are of the opinion that we infringe your privacy, you have the right to lodge a complaint with the Office of the Commissioner for Personal Data Protection of Cyprus (Iasonos 1, 1082, Nicosia – Tel: +357 228184560), either electronically at the email address: commissioner@dataprotection.gov.cy or by post to the Office of the Commissioner at: PO Box 23378, 1682 Nicosia or by fax at: +357 22304565. Please find more information at dataprotection.gov.cy.    

These rights may be limited, for example, if fulfilling your request would reveal personal data about another individual, or if you ask us to delete personal data which we are required by law to keep or which we need to defend claims against us.

To exercise any of these rights, please contact us by using the contact details under the “Contact Us” heading below. We will respond to such requests in accordance with the requirements of the GDPR. Please note that in order to fulfil your request, we may need you to provide certain personal data to verify your identity.

 

DATA PROTECTION OFFICER

Your point of contact for issues related to your personal data is our Data Protection Officer (DPO).

Data Protection Officer (DPO):

Name: Ms. Anthoula Fotsiou Psoma

E-Mail:  dpo@cyens.org.cy

 

CONTACT US 

To ask any questions or comment about this Privacy Notice or file a complaint or exercise any of your rights described above or  for any enquiry as regards the processing of your personal data please contact our DPO as follows:

Email: dpo@cyens.org.cy

Mail:  CYENS Centre of Excellence, Dimarchou Lellou Demetriadi, 23, Nicosia 1016, Cyprus

Phone: +357 22757474

 

CHANGE OF THIS PRIVACY NOTICE

We reserve our right to amend this Privacy Notice from time to time and in any manner. If we do so, we will notify you accordingly, and any changes will become effective upon receipt of such notification or on the date such notification refers to therein. The change will impact the information collected on or before the date of the change.