Summer Club Privacy Notice

INTRODUCTION 

CYENS Centre of Excellence (“CYENS”, “us,” or “we”) are committed to respecting your privacy and protecting your personal data. We define personal data broadly as information that directly identifies an individual or that makes an individual identifiable when combined with other information. 

This Summer Club Privacy Notice (“Privacy Notice”) describes how we handle and protect your personal data in connection with CYENS’s registration process and participation at our Summer Clubs. In case of a conflict between this Privacy Notice and applicable law, applicable law will govern. 

This Privacy Notice only applies to the personal data of those who provide their and their child(ren) information during the online registration process and during the participation of the child(ren) at the Summer Clubs. This personal data is submitted directly to CYENS through the online application process and follow-up communications.  

This Privacy Notice does not apply to the personal data of our employees, partners, clients, vendors or any other person from whom CYENS collects personal data for other purposes. 

At CYENS we take your privacy and your child(ren) seriously and are committed to ensuring that the personal data collected is protected in accordance with the EU General Data Protection Regulation (GDPR) and other local data protection laws and used in line with your expectations. 

By submitting your personal data and your child(ren) personal data to us, you acknowledge that you have read and understood this Privacy Notice and agree to the use of the personal data collected as set out herein. 

PERSONAL DATA WE COLLECT 

With regards to the CYENS Summer Clubs we collect different types of Personal Data using information given by you and/or your child(ren) directly to us. 

Occasionally we may gather some Personal Data automatically (through technologies which give us information about you and/or your child(ren), for example from publicly accessible sources such as social media where we may collect data included on your profile)  

Personal Data is collected and processed solely for the purposes and in the contexts described in this Summer Club Privacy Notice. Any processing of Personal Data by us will have a lawful basis (such as consent, the performance of a contract or legal obligation, or the pursuit of a legitimate interest) as required under the GDPR or any other applicable legislation.  

Το ensure that we are meeting our responsibilities and duties under our arrangement and/or agreement with you, we collect, process, and maintain different types of Personal Data including, but not limited to:  

  • Identification data:  
  • Name  
  • Gender  
  • Contact details:  
  • Telephone  
  • Email addresses  
  • Educational background data 
  • Visual images and audio and/or video recordings; 
  • Disability or medical considerations; 
  • Dietary requirements; 
  • Other personal details you voluntarily provide to us; 

We may also collect certain demographic data that qualifies as sensitive personal data, such as race, ethnicity, and disability to help us understand the diversity of our participants. When collected, this sensitive personal data is generally done so on a voluntary consensual basis.  

If we ask you to provide any other personal data not described above, then the personal data we will ask you to provide, and the reasons why we ask you to provide it, will be made clear to you at the point we collect it. If we ask you to provide personal data that we consider to be mandatory for us to perform the purpose for which the data was originally collected, we will inform you of such at the time of collection. In addition, we will also inform you of the consequences for not providing us with the mandatory personal data.  

USE OF YOUR PERSONAL DATA 

We collect and use your and/or your child(ren) personal data: 

  • for the operation, management and delivery of our Summer Clubs; 
  • to communicate with parents/guardians and the child(ren); 
  • for health and safety of the child(ren); 
  • maintaining records in relation to our Summer Clubs; 
  • fostering our diversity and inclusion programs and practices; 
  • protecting our legal rights to the extent authorized or permitted by law. 

We may use your data where it is necessary for academic research purposes: We collect information that you supply when you respond to requests for your input to research and data collected during the research. Unless otherwise declared the data we collect will be stored and processed anonymously. In cases where image and video recordings are necessary for documenting scientific data, an effort will be made not to capture faces or other identifiable characteristics of a person. Images and video recordings will be kept anonymously. In the case where a record of the names (pseudonymization algorithm) of the participants must be kept for the duration of the research experiment, that record will be securely stored by person in change of the experiment and that person will be made known to the participants beforehand.  

We may also use your and/or your child’(ren)s personal data for CYENS analytics purposes, including in aggregated/pseudonymized form, to improve our application process and offerings and augment our ability to attract interest to our Clubs. 

LEGAL BASIS FOR PROCESSING YOUR PERSONAL DATA 

Our processing of your and/or your child’(ren)s personal data for the purposes mentioned above is based: 

  • in part, on our legitimate in evaluating the suitability of the applicants for our Summer Clubs and to manage our relationship with you and your child(ren); 
  • in part, in as a publicly funded body, to conduct research or for the performance of a task carried out in the public interest; 
  • in part, on your consent, if we offer your child the opportunity to participate in our Summer Clubs or if we collect sensitive personal data for legally permitted purposes other than compliance with our legal obligations regarding public health and safety. 

DATA RECIPIENTS AND TRANSFERS  

We may share anonymous personal and/or aggregated data we collect, or you share with us with the following third parties as may (depending on each case) be necessary: 

• researchers, administrative assistants, employees of CYENS 

• for research purposes by other academic institutions 

Except to the extent necessary to accomplish the CYENS uses and purposes described in this Privacy Notice, we do not disclose your personal data to other third parties. We do not otherwise share or sell your personal data to third parties. 

DATA RETENTION 

CYENS retains personal data, as necessary, for the duration of the Summer Clubs. 

We may also retain personal data for longer than the duration of the Summer Clubs should we need to retain it to protect ourselves against legal claims, use it for analysis or historical record-keeping, or comply with our information management policies and schedules. If you request that we delete your personal data, CYENS will make reasonable attempts to delete all instances of the information in their entirety. For requests for access, corrections, or deletion, please refer to the “Your Rights TO YOUR PERSONAL DATA” section of this Privacy Policy. 

DATA STORAGE AND SECURITY  

We employ organizational and technical security measures to protect your Personal Data, such as limiting access to your Personal Data, secured networks, and encryption. We ensure that your Personal Data is protected against unauthorized access, disclosure, or destruction by utilizing practices that are consistent with standards in the industry to protect your privacy.   

Please note, however, that no system involving the transmission of information via the Internet or the electronic storage of data is completely secure, no matter what reasonable security measures are taken. Although we take the protection and storage of your Personal Data very seriously, and we take all reasonable steps to protect your Personal Data, we cannot be responsible for data breaches that occur outside of our reasonable control. We will, however, follow all applicable laws in the event a data breach occurs, including taking reasonable measures to mitigate any harm as well as notifying you of such breaches as soon as possible.  

YOUR RIGHTS TO YOUR PERSONAL DATA  

As data subjects, you are entitled to exercise the rights set out in the GDPR and domestic data protection legislation. The GDPR provides that data subjects have, subject to certain conditions and limits:  

  • a right of access, to rectify and erase their Personal Data collected by us;  
  • be informed about your personal data;  
  • the right to data portability;  
  • to request its restriction or to object to the Processing of their Personal Data.   
  • In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your Personal Data for a specific purpose, you have the right to withdraw your consent for that specific Processing at any time.  
  • obtain and reuse your personal data;  
  • object to the processing of your personal data;  
  • object to how your personal data is used in automated decision making, if applicable;  
  • lodge a complaint with a supervisory authority; and  
  • obtain a copy of Standard Contractual Clauses (if applicable).  

These rights may be limited, for example, if fulfilling your request would reveal personal data about another individual, or if you ask us to delete personal data which we are required by law to keep or which we need to defend claims against us.  

If we process your personal data in reliance upon your consent, you can contact us at any time to withdraw your consent.  

To exercise any of these rights, please contact us by using the contact details under the “Contact US” heading below.  

We will respond to such requests in accordance with the requirements GDPR and privacy laws. Please note that in order to fulfil your request, we may need you to provide certain personal data to verify your identity. Depending upon GDPR and privacy law, individuals may also designate an authorized agent to exercise these rights on their behalf.  

The data subjects are entitled to file a complaint with a Supervisory Authority.  

CHANGES TO THIS PRIVACY POLICY  

We reserve the right to modify, revise, or otherwise amend the Privacy Policy at any time and in any manner. If we do so, however, we will notify you and obtain your consent to the change in processing. Unless we specifically obtain your consent, any changes to the Privacy Policy will only impact the information collected on or after the date of the change.  

DATA PROTECTION OFFICER  

The Data Protection Officer we have appointed for you to contact in the event of questions or complaints regarding this Privacy Policy as follows: Anthoula Fotsiou Psoma at dpo@cyens.org.cy  

CONTACT US  

To ask questions or comment about this Employee Privacy Notice and our privacy practices or if you need to update, change, or remove your personal data or exercise any other rights,  

Via Email: dpo@cyens.org.cy  
Via Mail:  CYENS Cenre of Excellence, Dimarchias Square 23, 1016 Nicosia, Cyprus  
Via phone: +357 757474 Â