Privacy Policy

Foundation for the Management οf European Lifelong Learning Programmes

Privacy Policy Information

1. Introduction

The Foundation for the Management of European Lifelong Learning Programmes («ΙΔΕΠ»), desires transparency as regards the data it collects and the way they are used.  During its relationship with you, we may collect and process personal data.

The collection and processing of personal data is carried out in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and Council of April 27th 2016 and of the Protection of Individuals from the Processing of their Personal Data Law (Ν.125(I)/2018), as amended by other applied laws regarding data protection, and as these are periodically amended.  This Privacy Statement describes the practices, types of personal data, the duration of time these are kept,  as well as other relevant information.

2. Our Principles

When we process your personal data:

  • They are legally and transparently processed.  This means that we provide you with information regarding the processing of your personal data (transparency), that the processing matches the description given to you (impartiality), and that it is based on at least one of the legal bases specified in the General Data Protection Regulation System GDPR (legality).
  • They are collected for specific, explicit and legal purposes, and are not further processed in a manner incompatible with these purposes. (“Limitation of purpose”). This means that we determine exactly what personal data is collected, the purpose of their use, and we limit the processing of personal data only to what is necessary to achieve the relevant purpose.
  • They is sufficient, relevant and limited to what is necessary in relation to the purposes for which they are processed (“data minimization”).  This means that we do not process any personal data beyond those required.
  • They are accurate, and, where necessary, up to date.  Every reasonable step is taken to ensure that personal data that are inaccurate, taking into account the purposes for which they are processed, are deleted or corrected without any delay (“accuracy”).
  • They are retained in a format that allows the data holders to be identified only for the period that is necessary for the purposes for which the personal data is processed (“storage restriction”). This means that, where possible, we process personal data in a way that restricts or prevents the identification of the data owner.
  • They are processed in a manner that ensures adequate security of personal data, including protection against unauthorized or unlawful processing and accidental loss, destruction or damage, by using the appropriate technical or organizational measures (“integrity and confidentiality”).
3. Personal Data Categories

We process the following categories of personal data:
For beneficiaries/potential beneficiaries: Contact details, such as first name, surname, business phone number, fax number, email address.
For recruitment purposes: In addition to the above, personal information, such as date of birth, country of birth, information regarding studies/degree.
For employees: Additionally, payroll details, bank account details, et cetera.

Within the framework of mobility, we may process personal data that fall into the specific categories of personal data, in particular data regarding the beneficiary’s/potential beneficiary’s health, as these are defined in the aforementioned European and Cypriot Legislation.  Specifically, information that is essential for the proper financing and/or management of the beneficiary/potential beneficiary and pertain to, among other things, transportation, any customizable distribution, any carer/assistant costs etc.

If, during the course of our business relationship a change in your personal data occurs, you must ensure that the aforementioned information (as and where applicable) are updated by contacting us as soon as possible.

4. Purpose of Data Processing

We will process your personal data (as and when applicable) in order to:

  • Evaluate and select funding applications (e.g. participation in eTwinning, events, TCA, etc);
  • Communicate with beneficiaries with current studies on issues related to their studies (primary audits, participation in dissemination activities, etc);
  • Recruit and conclude agreements with partners;
  • Issues related to the employee/employer relationship;
  • Disseminate information regarding the Programme to potential beneficiaries and to invite them to information/dissemination activities organized by the FFMELLP («ΙΔΕΠ»).
5. Legal Processing Base

We are committed to your privacy. As part of the values we represent, we will always take into account your fundamental rights as a data holder. We process your personal data for the purposes stated above, on the legal basis that: (i) processing is necessary for compliance with the legal obligation to which we are bound (ii) processing is essential for the execution of the agreement that you have contracted with us and in order to take steps at your request before entering into such agreements (iii) you have given your consent (if and where applicable) and  (iv) processing is essential for the purposes of the legitimate interests we pursue.
Where we decide to rely on an express consent to the processing of personal data, we will contact the holder of the relevant data accordingly.  In the event that consent is based solely on the achievement of a legal basis for the processing of personal data, the data holder in question will have the right to withdraw his/her consent at any given moment.

6. Recipients of Personal Data

We disclose your personal data to the following categories of recipients:

  • Our auditors, managers, lawyers, appraisers, consultants, accountants and other professional consultants (as these are employed from time to time.)
  • Our IT Service Providers and other companies that help us in the efficient operation of our business, by providing concierge services, technological specialization, file storage and file management, logistics services and solutions.
  • Banks and/or other financial institutions, payment service providers, insurance companies, and,
  • Public Authorities (as appropriate), for the purposes described above.

When transferring personal data to countries outside the European Economic Area, we make such transfers to a consignee (i) located in a country that provides an adequate level of protection for personal data or (ii) under appropriate safeguards in accordance with the provisions of applicable data protection laws (e.g. under appropriate safeguards in accordance with the provisions of applicable data protection laws (e.g. under an agreement in the form of standard data protection clauses adopted by the European Commission), which is available at  https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en. In some cases we may make such transfers wher we have obtained the express consent of the data holders regarding the proposed transfer, provided that the data holder has been informed of the potential risks of such a transfer (due to lack of adequacy decisions and appropriate safeguards.)
Your Rights as a Data Holder
Under the General Data Protection Regulation (GDPR), you have the following rights:

  • The right of access – you have the right to request a copy of the information we have about you. You have the right to confirm whether we are processing your personal data or not, and, where we are, to access your personal data, along with some additional information.  Such additional information shall include, inter alia, details of the purpose of processing, the categories of relevant personal data, and the categories of recipients of personal data. The right to receive a copy of your data does not have any negative effect whatsoever on the rights and the freedoms of others.
  • The right to correct – you have the right to correct any information we have about you that is incomplete or inaccurate.  You have the right to correct any inaccurate personal data about you and, taking into account the purposes of the processing, to complete any incomplete personal data about you.  In these case, please contact us at dpo@idep.org.cy
  • The right to delete (the right to forget someone) – where certain criteria are not met, you can request the deletion of the data we have about you from our files. In some cases you have the right to receive the deletion of your personal data without any undue delay.  This includes cases where  (i) personal data are no longer required for the purposes for which they were collected or otherwise processed (ii) you revoke the consent in the event that the processing is based solely on consent (iii) you are opposed to the processing based on our legitimate interests and here are no compelling legal reasons for processing (iv) processing is done for direct marketing purposes (v) personal data have been subjected to illegal processing, and, vi) personal data must be deleted for compliance with a legal obligation to which we are subject. The above do not apply when processing is required (i) for exercising the right of free expression and information (ii) for compliance with a legal obligation that requires processing by a law to which we are subject and, (iii) for reasons of public interest or for the establishment, exercise or advocacy of legal claims.
  • The right to restrict processing – where certain criteria are met, you can request and restrict processing.  In some cases you have the right to ensure that we will limit the processing of your personal data.  These cases include those where (i) you question the accuracy of the personal data, for a period that allows us to verify the accuracy of the personal data, (ii) processing is illegal but you oppose the deletion and instead you request the restriction of data use (iii) we no longer need personal data for processing purposes, but you require personal data in order to make, exercise, or defend legal claims (iv) and you object to the processing based on our legitimate interests, pending the verification of this objection.
  • Where processing is restricted on the basis of the above, we will continue to store your personal data.  However, we will process them differently only (i) with your consent (ii) to establish, exercise or defend legal claims (iii) to protect the rights of another natural or legal person, or (iv) for reasons of important public interest.
  • The right to object to processing – you have the right to object to certain types of processing. You have the right to object to the processing of your personal data for reasons related to your particular situation, but only to the extent that the legal basis for the processing is that the processing is not necessary for (i) the execution of a job carried out for the public interest or the exercise of any official authority entrusted to use, or (ii) the purposes of the legitimate interests pursued by us or by a third party.  If you make such a request, we will cease processing your personal data, unless we have a compelling legal reasons for the processing that outeweigh your interests, rights and freedoms, or if the processing is done for the purpose of establishing, exercising or defending legal claims.  Additionally, you have the right to object when your personal data are processed for direct marketing purposes, your profile included.
  • The right to data portability – where certain criteria are met, you have the right to transfer the data we keep about you to another organization.
  • You have the right to receive personal data that you have provided to us in a structured, commonly used and machine-readable format and the right to transfer this data to another data controller.  However, please note that this right to data portability arises only when (a) the processing is based on consent (as and where applicable) or is essential for the execution of a contract to which you are a party, and, (b) the processing takes place through automated means (as  applicable). According to these requests, we will not adversely affect the rights and freedoms of others.
  • The right to revoke consent (when and if the legal basis of “consent” is applicable) – where when certain criteria are met, you have the right to revoke your consent.  To the extent that the legal basis for the processing of your personal information is consent (where and when applicable), you have the right to revoke your consent at any given moment and this revocation  will not affect the legality of the processing prior to revocation.
  • The right to file a complaint to a Supervisory Authority: You have the right to file a complaint to the Office of the Commissioner for Personal Data Protection in Cyprus anytime.
7. Preservation of Personal Data

We will process and store your personal data for as long as we maintain the relationship and as required by applicable law.  Your personal data may be retained for longer periods for the purposes of our legitimate interests in the event of the commencement of any legal proceedings as well as in order to fulfill our legal and/or regulatory obligations.

8. Security

As part of our privacy policy, we process personal data that are adequate, relevant and limited to what is required in relation to the aforementioned purposes and we implement appropriate technical and organizational measures to ensure an adequate level of security appropriate to the risk involved. These measures are intended to prevent unauthorized or unlawful processing, accidental loss, destruction or damage to personal data.

9. Contact the Office of the Commissioner for the Protection of Personal Data

The Office of the Commissioner for the Protection of Personal Data is the supervisory authority that regulates personal data in the Republic of Cyprus. You can contact the Commissioner in any of the following ways:
By visiting their website: dataprotection.gov.cy
By phone: +357 22818456
By email: commissioner@dataprotection.gov.cy
By post: Office of the Commissioner for the Protection of Personal Data, 1, Iasonos Street, 1082, Nicosia, Cyprus.

10. Further Information

Further information or questions regarding the processing of your personal data can be requested by contacting the Data Protection Officer of the Foundation for the Management of European Lifelong Learning Programmes (ΙΔΕΠ) in writing as follows:

  • By e-mail : dpo@idep.org.cy
  • By phone: +357 22448888
  • By post: Prodromou & Dimitrakopoulou 2, 1090 Nicosia, Post Office Box 25484, 1310 Nicosia
Modifications
  • This Privacy Policy Information is subject to regular review and is updated from time to time.  If deemed necessary, we will notify you of any changes as soon as possible.