FOLEY’S SCHOOL (hereafter referred to as “the School”) commits to privacy and secure processing of the personal data it maintains for their clients, associates and collaborators, in an open and transparent manner. The School are also committed to the collection and processing of any personal data, in full compliance with the General Regulation on the Protection of Personal Data of the European Union (Regulation 2016/679, GDPR) (hereafter referred to as “the Regulation”) and the legislation in force in Cyprus that governs the collection and processing of Personal Data of Individuals (L. 125 (I)/2018). Personal Data involves any Data relating to an identified or identifiable natural person (‘data subject’).
1 RELEVANT DEFINITIONS
Under the General Data Protection Regulation (Regulation (EU) 2016/679) (GDPR), the meaning of each of the following terms is given below:
a Personal Data – includes any information relating to an identified or identifiable natural person (data subject), being one who can be identified directly or indirectly by reference to an identifier such as a name, identification number, location data, an online identifier or to one or more factors specific to the physical, phycological, genetic, mental, economic, cultural, or social identity of that natural person.
b Special category Data – includes personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.
c Data Processing – involves any operation or set of operations which is performed on personal data or on sets of personal data, whether by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
d Data Controller – includes a natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
f Third Party – involves a natural or legal person, public authority, agency, or body other than the data subject, controller, processor, and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
g Consent – involves the data subject and means any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which they, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to them.
2 THE PURPOSE OF THE SCHOOL PROCESSING YOUR PERSONAL INFORMATION
i to perform a contract with you
ii due to your given consent to do so
iii since processing is in the School’s legitimate interests, and it is not overridden by your subject rights
iv for payment processing purposes
v to comply with the law
The School uses the collected information for the following purposes:
Ø To provide and maintain school services.
Ø To notify you about changes to school services.
Ø To allow you to participate in interactive features of school services when you choose to do so.
Ø To provide client support.
Ø To gather analysis or valuable information so that the School can improve their services.
Ø To monitor the usage of the services provided.
Ø To detect, prevent, and address technical issues.
Ø To provide you with news, special offers and general information about other services and events the School offers.