+357 22643000 (ext. 310)
info@csrcyprus.org.cy

GDPR Policy

GENERAL INFORMATION

In the context of the General Data Protection Regulation (GDPR) (EU) 2016/679 and the Cyprus legislation (125(Ι)/2018), CSR Cyprus hereby informs you of its policy regarding the processing of your personal data.

Your personal data are processed by CSR Cyprus (non-profit organisation registered in Cyprus with Registration Number 4583). CSR Cyprus commits to treat your personal data with the utmost care. Further on in this Privacy Notice, you will find the necessary information regarding the processing of your personal data as a member, associate, or representative of a CSR Cyprus Member.

2. PROCESSING OF PERSONAL DATA

The process of your personal data is strictly done in the context of your relationship with CSR Cyprus. Your personal data is collected for specified, explicit and legitimate purposes and treated confidentially and with the utmost care. The process is lawful, fair, transparent and limited to the data strictly necessary to provide a good service.

2.1 WHICH PERSONAL DATA ARE PROCESSED?

As part of the relationship between you and CSR Cyprus, the following personal data may be processed:

As part of the relationship between you and CSR Cyprus, the following personal data may be processed for the representatives of CSR Cyprus Members, or for participants in events/trainings:

  • Personal identification data: Surname, First name, Identity Card Number, Address, Telephone number
  • Financial identification data: Account numbers
  • Electronic identification data: E-mail address
  • Professional identification data: Professional activity, current job, function.

If you are an employee of an organization or company that has a contractual relationship with CSR Cyprus (e.g. supplier, customer, client, service provider), we will process your business data (e.g. business e-mail address, business phone number) and personal data (e.g. Surname, first name etc.) in the context of the execution of this contractual relationship.

2.2. PROCESSING purposes

Based on the relationship between you and CSR Cyprus, personal data may be processed for the following purposes:

  • Member enrolment, administration and membership management
    • Registration, attendance or participation at the events of CSR Cyprus and offering of related training services.
  • Supplier administration and supplier management
  • Accounting operations and human resources management
  • Execution of agreements

CSR Cyprus will use any personal individual data submitted to CSR Cyprus only for the scope referred herein and as long as such person is authorised to represent a CSR Cyprus Member to CSR Cyprus. 

2.3. COOKIES

CSR Cyprus website uses only strictly necessary cookies: these cookies are essential for you to browse the website and use its content.

CSR Cyprus does not use cookies that retrieve personal data from website visitors, neither for profiling nor for marketing purposes. Only necessary cookies are used to ensure proper and safe functionality of the website.

2.4. REGISTERED USER ACCOUNT, PASSWORD AND SECURITY

To register for CSR Cyprus as a Member or to the CSR Cyprus website, you must complete the registration process by providing CSR Cyprus with current, complete, and accurate information as prompted by the registration form.  

If a representative of a CSR Member who is authorised to have access to any platform used by CSR Cyprus for CSR services purposes, such as the CSR Cyprus website platform, a User may be provided with access to such platform online.

A User shall take full responsibility and protect his/hers or any third party’s, passwords or links provided by CSR Cyprus.

The Users are solely responsible for any activity that occurs under the use of internet platforms.

The CSR Cyprus Members and to the extent applicable the User/s nominated by a CSR Cyprus Member agree to notify CSR Cyprus immediately upon learning of any unauthorized use of any password provided by CSR Cyprus or any other breach of security. From time to time, CSR Cyprus's (or its authorized third-party suppliers) staff may log in to the CSR Cyprus website in order to maintain or improve the website or any services that may be provided or offered by the website. You hereby acknowledge and consent to such access.

2.5. DURATION OF PROCESSING

CSR Cyprus will only retain your data for the period necessary for the purposes of achieving and fulfilling the objectives under 2.2 (above) unless a longer retention period is required or justified by applicable law or another legal obligation.

3. WHO HAS ACCESS TO YOUR DATA

Within CSR Cyprus: Your personal data is available to CSR Cyprus employees and Board of Directors, solely to the extent necessary to perform their duties as set out in the Memorandum  and Articles of Association of CSR Cyprus.

Outside CSR Cyprus: CSR Cyprus will not sell, share, or otherwise make available your personal data to other parties, except in cases where the disclosure of the personal data to a third party is necessary for the performance of services for and on behalf of CSR Cyprus.  More specifically your personal data may be sent to:

  • Companies or any legal entity cooperating in the framework of activities linked to the work of CSR Cyprus (e.g., subcontractors, service providers, trainers) and with appropriate Data Processing Agreement for restricted use and data control within the framework of the services concerned.
  • competent authorities within the framework of legal and regulatory obligations.

4. PROTECTION OF PERSONAL DATA

CSR Cyprus has implemented several technical and organisational measures for the security and protection of your personal data, whether these are in electronic and/or printed form. Technical measures include appropriate actions to address online security, risk of data loss, alteration of data or unauthorised access, taking into consideration the risk presented by the processing and the nature of the personal data being processed. Organisational measures include, among others, the restriction of access to personal data solely to authorised persons with a legitimate need to know for the purposes of the processing operation.

5. LAWFULNESS OF PROCESSING

With respect to your interest and fundamental rights and freedoms, CSR Cyprus processes your personal data based on one (or more) of the following legal bases:

  • the data subject has given consent to the processing of his or her personal data for one or more specific purposes;
  • processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
  • processing is necessary for compliance with a legal obligation to which the controller is subject;
  • processing is necessary in order to protect the vital interests of the data subject or of another natural person;
  • processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  • processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party.

6. DATA SUBJECT’S RIGHTS

Within the framework of the General Data Protection Regulation, you are granted a number of rights with regard to the processing of your personal data. These are:

  • Right of information
  • Right of access and copy of data
  • Right of rectification of such data
  • Right to have the data deleted (right to be forgotten)
  • Right to limitation of processing
  • Right to transferability of data
  • Right to object to processing
  • Right in relation to automated decision-making and profiling

If you have any questions about or wish to exercise these rights, or if you wish to withdraw your consent you should notify us in writing, by visiting the Contact Section on CSR Cyprus website or by contacting CSR Cyprus at:

Email: info@csrcyprus.org.cy.
Address: P.O. Box 21657, 1511 Nicosia

7. QUESTIONS/ COMPLAINTS

For any further information regarding your personal data and this Privacy Notice, you may contact us at info@csrcyprus.org.cy or by phone at +357 22 643000.

If you are dissatisfied with the way CSR Cyprus deals with your personal data, you have the right to lodge a complaint to the Cyprus Personal Data Protection Authority.

Commissioner for the Protection of Personal Data (the Commissioner)

Address: 1 Iasonos Street, 2nd Floor,1082 Nicosia, Cyprus.
Telephone: +357 22 818456

Email: commissioner@dataprotection.gov.cy

Website:  www.dataprotection.gov.cy.