Foley's School Privacy Policy
Introduction
FOLEY’S SCHOOL (hereafter referred to as “the School”) commits to privacy and secure processing of the personal data it maintains for their clients, associates and collaborators, in an open and transparent manner. The School are also committed to the collection and processing of any personal data, in full compliance with the General Regulation on the Protection of Personal Data of the European Union (Regulation 2016/679, GDPR) (hereafter referred to as “the Regulation”) and the legislation in force in Cyprus that governs the collection and processing of Personal Data of Individuals (L. 125 (I)/2018). Personal Data involves any Data relating to an identified or identifiable natural person (‘data subject’).
The Foley’s School Privacy Policy governs the collection, use, disclosure, transfer, and storage of Personal Data. Going through the School’s privacy practices enables all data subjects in relation to the School to understand how Foley’s School deals and processes with their Personal Data. This document includes and explains the following fields regarding the processing of Personal Data:
2 The purpose of the School processing your personal information
3 The lawful basis for processing
4 The type of personal information processed by the School
5 The way the School processes your personal information
6 The use of cookies by the School’s website
7 The way the School protects your personal information
8 Your subject rights under the Regulation
9 Information retention period by the School
1 RELEVANT DEFINITIONS
__________________________________________________________________________________________________________________________________________________________________
Under the General Data Protection Regulation (Regulation (EU) 2016/679) (GDPR), the meaning of each of the following terms is given below:
a Personal Data – includes any information relating to an identified or identifiable natural person (data subject), being one who can be identified directly or indirectly by reference to an identifier such as a name, identification number, location data, an online identifier or to one or more factors specific to the physical, phycological, genetic, mental, economic, cultural, or social identity of that natural person.
b Special category Data – includes personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.
c Data Processing – involves any operation or set of operations which is performed on personal data or on sets of personal data, whether by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
d Data Controller – includes a natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
e Data Processor – includes a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.
f Third Party – involves a natural or legal person, public authority, agency, or body other than the data subject, controller, processor, and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
g Consent – involves the data subject and means any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which they, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to them.
2 THE PURPOSE OF THE SCHOOL PROCESSING YOUR PERSONAL INFORMATION
__________________________________________________________________________________________________________________________________________________________________
If you are from the European Economic Area (EEA), the School’s legal basis for collecting and using the personal information described
in this Privacy Policy depends on the Personal Data the School collects and the specific context in which this data is collected. The School may process your
Personal Data:
i
to perform a contract with you
ii
due to your given
consent to do so
iii
since processing is in the School’s legitimate interests, and it is not
overridden by your subject rights
iv
for payment processing purposes
v
to comply with the law
The School uses
the collected information for the following purposes:
Ø To provide and maintain school services.
Ø To notify you about changes to school services.
Ø To allow you to participate in interactive
features of school services when you choose to do so.
Ø To provide client support.
Ø To gather analysis or valuable information so
that the School can improve their services.
Ø To monitor the usage of the services provided.
Ø To detect, prevent, and
address technical issues.
Ø To provide you with news, special offers and
general information about other services and events the School offers.