Privacy Policy

PRIVACY POLICY  

  1. Important Information and Who We are  

Purpose of Privacy Policy  

[... ] (hereinafter referred to as  “the Company” “We”, “our”, “Us” ) endeavours to conduct its operations in alignment with the provisions for safeguarding data protection and privacy as these derive from the principles of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural person with regard to the processing of personal data and on the free movement of such data (the General Data Protection Regulation hereinafter the “ GDPR ”) as well as with the applicable local law(s) as amended from time to time and any other legal and/or regulatory obligations.  

The purpose of the Privacy Policy is to provide you with all the necessary information of Our tools and applicable mechanisms in ensuring Our compliance with your data protection; thus, keeping your data safe from unauthorized access as well as with safeguarding your data privacy thus, empowering Our Users to make their own decisions about who can process their data and on what grounds.  

Within the following sections you will be informed on how We gather and process your personal data by Us and the personal information We share with authorised Third Parties or that Third Parties share with Us and how in doing so We comply with Our legal obligations to you. You will also find information on the data protection rights you are afforded, the privacy principles upon which this Privacy Policy has been shaped and the details of the Controller and of the relevant authority which you can contact.   

This Privacy Policy applies to the personal data of Our Website Users, whether registering / acting as Candidates, Service Providers, Visitors and to other people whom We may contact in the course of performing Our operations whether in assisting you with finding a job, providing you with training course – for developing your professional skills - facilitating with accommodation or immigration matters, providing you a service, receiving a service from you or while visiting Our Website. The content and scope of the data processing are largely based on each of the products and services that you have requested / applied for or that have been agreed with you.   

This Privacy Policy is provided in a layered format so that you can click through to the specific areas set out below. Please also make use of the Glossary to understand the meaning of some of the terms used in this Privacy Notice.  

It is important that you read this privacy policy together with any other privacy policy or fair processing policy We may provide on specific occasions when We are collecting or processing personal data about you so that you are fully aware of how and why We are using your data. This privacy policy supplements other notices and privacy policies and is not intended to override them.   

Controller   

[……………….. ] is the controller and responsible for your personal data. We have appointed a responsible person who has been engaged for overseeing any enquiries in relation to this Privacy Policy as well as for attending to any requests in exercising your legal rights.  

If you have any questions or require more details on how We use your personal information you may contact Us, at the contact details below, and We will ensure that We will attend to your request.  

 

Contact details :  

Full name of the legal entity …………  

Name / title of the responsible person:  ……….      

Email address:  [email protected]      

Postal address: 36 Agias Elenis str, Galaxias Building, Block B, 6 th floor, office 602, 1061 Nicosia, Cyprus  

Telephone number: 00 357 22 272 252   

You have the right to make a complain, at any time, to the Cyprus Data Protection Commissionaire on  commissioner @ dataprotection.gov.cy     ( hereinafter referred to as “ the CDPC ”). We would, however, appreciate the opportunity to deal with any concern you may have before you approach the CDPC.  

Privacy Principles   

The Privacy Policy has been drafted in alignment with the main principles relating to processing of personal data as these derive from GDPR. The guiding privacy principles articulated in the present Privacy Policy are as follows:  

  • lawfulness, fairness and transparency   – all personal data must be processed lawfully, fairly and in a transparent manner.  
  • purpose limitation   – data must only be collected and processed for legitimate purposes which are specifically and explicitly stated.  
  • data minimisation   – only data which is relevant for the purpose should be collected and processed.  
  • accuracy   – reasonable steps should be taken to ensure that data remains accurate and is kept up to date.  
  • storage limitation   – data should not be kept for any longer than is necessary (unless it is being processed for archiving purposes in the public interest, for scientific purposes, or for statistical or historical purposes).  
  • integrity and confidentiality   – data must be kept securely, and technical and organisational measures should be put in place to protect it from unauthorised or unlawful processing.  
  • accountability   – data controllers must be able to demonstrate compliance with all the GDPR principles.  

 

  1. The data We collect about you  

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).  

 

We may process, collect, use, store and transfer different kinds of data about you which We have grouped together as follows:  

 

  1. Identity Data: includes [first name, last name, username or similar identifier, title, date of birth, gender, registration number – for an entity / organisation].  
  2. Contact Data: includes [billing address, residential address, email address, telephone /fax numbers, registered office address – for an entity /organisation].  
  3. Educational / Occupational Data:  includes [name of the school(s) / Universities / Academies, degree(s) / diploma(s), job experience, languages, skills and any other form of qualifications ].  
  4. Financial Data: includes [bank account and payment card details].  
  5. Transaction Data: includes [details about payments from you and other details of services you have purchased from Us / through Us].  
  6. Technical Data: includes [internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this Website].  
  7. Usage Data: includes [information about how you use Our Website and services].  
  8. Marketing and Communications Data:  includes [your preferences in receiving marketing from Us and Our third parties and your communication preferences].  

It will include market research to generate audience insights so that the Service Providers and/or Third Parties and/or Us can:  

  1. provide aggregate reporting to advertisers or their representatives about the audiences reached by their ads, through panel-based and similarly derived insights;  
  2. provide aggregate reporting to publishers about the audiences that were served or interacted with content and/or ads on their property by applying panel-based and similarly derived insights;  
  3. associate offline data with an online user for the purposes of market research to generate audience insights if vendors have declared to match and combine offline data sources;  
  4. combine this information with other information previously collected, including from across Websites and applications.  

We also process, collect, use and share  Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does  not directly or indirectly reveal your identity. For example, We may aggregate your Usage Data to calculate the percentage of Users accessing a specific Website feature. Hover, if We combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, We treat the combined data as personal data which will be used in accordance with this Privacy Policy.  

Sensitive Personal Data   

We will proceed with processing of  special categories of personal data ( Sensitive Personal Data ) only to the extent that this is absolutely necessary for the purposes of carrying out Our obligations and in the course of exercising specific rights in the field of employment and social security and always in accordance with the provisions of the GDPR 216/679 as well as where you  have explicitly provided Us with your consent for processing those personal data for one or more specified purposes.  

If Sensitive Personal Data is inferred, its processing will not be incompatible with the original purposes and it will be made having identified a lawful basis for the processing of the special category data.  

It is important that the personal data We hold about you is accurate and current. Please keep Us informed if your personal data changes during your relationship with Us.  

 

Opting not to provide personal data   

You have the right to opt not to provide any personal data. However, where We need to collect personal data either by law, under the terms of a contract We have with you or as this might be requested and you fail to provide that data, We may not be able to provide you with Our services or to perform a contract We have with you or trying to enter with you. If you choose not to give Us this information this could potentially deprive Us from being able to provide you with Our services.  

Any data collection that is optional would be made clear at the point of collection.  

  1. How is your personal data collected?  

We use different methods to collect data from and about you including through:  

  1. Direct interactions:  consisting of the information you will opt to upload to the Website or by filing in online forms or by corresponding with Us by post, phone, e-mail or otherwise.  
  2. Automated technologies or interactions:  as you interact with Our Website We may automatically collect Technical Data about equipment, browsing actions and patterns. We collect this personal data by using cookies and other similar technologies.    Please see out  cookie policy for further details.  
  • Technical Data from the following parties:   
  1. Analytics providers ( such as Google Analytics, Facebook Pixel or other relevant tools that the Website will be connected and track user behaviour ) which may be based outside the European Union;  
  2. Advertising Networks, which may be based on both inside and outside the European Union; and  
  3. Search Information Providers ( such as Google, Bing )    which may be based both inside and outside the European Union.  

 

  1.  External third parties or publicly available sources:  We may receive personal data about you from various third parties and public sources such as referees, social network platforms i.e. LinkedIn etc.  

 

  1. How We use your personal data (purpose) and on what legal basis  

We will only use your personal data when the law allows Us to. Most commonly, whatever Our relationship with you is, We may also, process, your personal data in the following circumstances:  

 

  1. For compliance with a legal obligation where the processing is necessary for compliance with a legislation / regulation;  

 

  1. For the performance of contractual obligation –  where the processing is necessary for the execution or preparation of a contract to which you will be a party;  

 

  1. For the purposes of safeguarding legitimate interests –  where the processing is necessary for safeguarding the legitimate interest of the Controller or those of a third party provided they do not exceed your rights or interests ;  

 

  1. Upon the granted consent of you, being the data subject;   

 

 

  1. For the purposes of protecting Our vital interests or of another natural person.  

Kindly note that We may process your personal data for more than one lawful ground depending on the specific purpose for which We are using your data. Please contact Us if you need details about the specific legal grounds, We are relying on to process your personal data where more than one ground has been set out in the table below.  

Purpose/Activity  

 

Type of data  

 

Lawful basis for processing including basis of legitimate interest  

 

To register you as a Member / Service Provider   

 

(a) Identity  

(b) Contact  

(c) Educational / Occupational  

 

Performance of a contract with you  

 

To process and provide you with Our services, including:  

  1. For recruitment purposes  
  2. For vocational training purposes  
  3. For migration and mobility (accommodation) purposes  
  4. For marketing purposes  
  5. Manage payments, fees and charges  
  6.  Collect and recover money owed to Us  

 

(a) Identity  

(b) Contact  

(c) Financial  

(d) Transaction  

(e) Marketing and Communications  

(f) Educational / Occupational  

 

(a) Performance of a contract with you  

(b) Necessary for Our legitimate interests (such as  to provide efficient and effective services to Our customers and make / receive payments for such services – where applicable, to track and ensure fulfilment of any request with the involved parties,  for internal administrative purposes, run – grow and develop Our business, operate Our Website / platform)  

 

To manage Our relationship with you which will include:  

(a) Notifying you about changes to Our terms or privacy policy  

(b) Asking you to leave a review or take a survey   

 

(a) Identity  

(b) Contact  

(c) Educational / Occupational  

(d) Marketing and Communications  

 

(a) Performance of a contract with you  

(b) Necessary to comply with a legal obligation  

(c) Necessary for Our legitimate interests (such as to keep Our records updated and to study how customers use Our products/services, to develop them and grow Our business for internal administrative purposes, operate Our Website/Platform)  

 

To administer and protect Our business and this Website/Platform (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)  

 

(a) Identity  

(b) Contact  

(c) Technical  

 

(a) Necessary for Our legitimate interests (for running Our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)  

(b) Necessary to comply with a legal obligation  

 

To deliver relevant Website content and advertisements to you and measure or understand the effectiveness of the advertising We serve to you  

 

(a) Identity  

(b) Contact  

(c) Educational / Occupational  

(d) Usage  

(e) Marketing and Communications  

(f) Technical  

 

Necessary for Our legitimate interests (to study how customers use Our products/services, to develop them, to grow Our business and to inform Our marketing strategy)  

 

To use data analytics to improve Our Website /platform, products/services, marketing, customer relationships and experiences  

 

(a) Technical  

(b) Usage  

 

Necessary for Our legitimate interests (to define types of customers for Our services, to keep Our Website updated and relevant, to develop Our business and to inform Our marketing strategy)  

 

To make suggestions and recommendations to you about products / services that may be of interest to you based on the personal data you have declared and any section you have made on Our products / services  

 

(a) Identity  

(b) Contact  

(c) Technical  

(d) Usage  

(e) Educational / Occupational  

 

Necessary for Our legitimate interests (to develop Our products/services and grow Our business)  

 

 

CANDIDATES  

We will use the personal data We collect about you for:  

  1. Recruitment Purposes   

 

  • Identification purposes.  
  • Assessing data about your skills, qualifications, and suitability for the job vacancy.  
  • Performing background and reference checks, where applicable.  
  • Providing you with recruitment services and facilitating you at the recruitment process.  
  • Enabling you to upload your personal data and submit your CV in order to apply online for job vacancies and/or receive alerts about job vacancies We may consider to be suitable for you.  
  • Storing your details (and updating them when necessary) on Our database in order to contact you in relation to recruitment.  
  • Store and process your data to allow it to match your details with job vacancies.  
  • Communicate with you either via post, telephone, email or any other way about the recruitment process and any queries raised.  
  • For keeping records related to the hiring processes.  
  • Comply with legal or regulatory requirements.  
  • To deal with any enquiries you have about Our services and Website/Platform.  

 

  1. Vocational Training  

 

  • Identification purposes.  

 

  • Assessing data about your skills and qualifications.  

 

  • For storing your details (and update them when necessary) on Our database, in order to be able to contact you with regard to vocational trainings and/or receive alerts about potential trainings We may consider to be suitable for you.  

 

  • Communicate with you for available trainings / educational programs for your personal and professional development and for enhancing your skills.  

 

  • Carrying out Our obligations arising from any contracts entered in relation to your recruitment and/or training.  

 

  • Communicating, either by post, telephone, e-mail or any other way, with you regarding available trainings.  

 

  • To deal with any enquiries you may have about the services and Website/Platform.  

 

 

  1. Integration and Mobility  

-     Identification purposes.  

Communicate with you and provide you with services / assistance on possible accommodation matters.  

Communicate with you and provide you with services / assistance with immigration issues.  

Providing interactive migration information guidance.  

  • To conduct pre-employment checks, including determining your legal right to work and carrying out criminal record and credit checks where applicable.  

 

  • Communicating, either by post, telephone, e-mail or any other way, with you regarding the above matter(s).  

 

  • To deal with any enquiries you may have about the services and Website/Platform.  

 

 

  1. Marketing Activities  

 

  • For developing and marketing other products or services.  
  • For providing you promotions, offers, networking and client events and general information about the industry sectors which We might consider to be of interest to you.  
  • Displaying promotional excerpts from your details on Our Website(s) a success story (provided that We will have your express consent in advance for doing so).  
  • Communicating, either by post, telephone, e-mail or any other way, with you regarding the marketing activities.  
  •  

 

  1. Research Activities   

 

  • To explore, evaluate and analyse the current industry conditions an employment framework in the hotel sector in Cyprus, the labour market access, employment recruitment and hiring, investigate the local hotel industry’s (Cyprus) quantitative and qualitive needs, analyse the training needs, identify accommodation shortages and other difficulties and/or matters related to “hotel staffing problem” and propose solutions and make new data available for the scientific community.  

 

  1. Establishing, exercise or defend legal claims  

 

SERVICE PROVIDERS:  

  1. EMPLOYERS   

We will use the personal data We collect about you for:  

  1. Recruitment Purposes  

 

  • Identification purposes.  
  • For storing your details (and update them when necessary) on Our database, in order to be able to contact you with regard to recruitment activities and potential candidates and/or receive alerts about potential candidates We may consider to be suitable for you.  
  • To enable you to receive services in respect of recruitment matters (including but not limited to finding potential candidates, training, assistance with issues of migration / accommodation).  
  • For storing your details (and update them when necessary) on Our database, in order to be able to contact you with regard to recruitment activities and potential candidates and/or receive alerts about potential candidates We may consider to be suitable for you.  
  • Maintaining records of Our meetings / correspondence in order to be able to provide you with targeted services.  
  • Store and process your data to allow you to match your job vacancies with potential candidates.  
  • To respond to your enquiries and communicate with you via post, email, phone or any other means.  
  • To allow you to access and use Our Website/Platform.  
  • Comply with legal or regulatory requirements.  

 

  1. Vocational Training  
  • - Identification purposes.  
  • For storing your details (and update them when necessary) on Our database, in order to be able to contact you with regard to vocational trainings with potential / interested candidates / service providers and/or receive alerts about potential trainings We may consider to be suitable for you.  
  • Communicate with you for available trainings / educational programs seeking to improve the personal and professional development of potential candidates / service providers, Users of the platform, and for enhancing their skills.  
  • Carrying out Our obligations arising from any contracts entered in relation to vocational trainings.  
  • Communicating, either by post, telephone, e-mail or any other way, with you regarding the above matter(s).  

 

  1. Integration and Mobility  

 

-     Identification purposes.  

Communicate with you and provide you with services / assistance on possible accommodation matters.  

Communicate with you and provide you with services / assistance with immigration issues.  

Providing interactive migration information guidance.  

-    To conduct pre-employment checks, if needed.  

 

-    Communicating, either by post, telephone, e-mail or any other way, with you       regarding the above matter(s).  

 

  1. Marketing Activities  

 

  • For developing and market other products or services.  
  • For providing you with promotions, offers, networking, trainings and events which We mightconsider to be of interest to you and that might be related to the industry sector of the Employer.  
  • Displaying promotional excerpts from your details on Our Website(s)/Platform a success story  (provided that We will have your express consent in advance for doing so ).  

 

  • Communicating, either by post, telephone, e-mail or any other way, with you regarding the marketing activities.  

 

 

  1. Research Activities  
  • To explore, evaluate and analyse the current industry conditions in the hotel sector in Cyprus, the labour market access, employment recruitment and hiring, investigate the local hotel industry’s (Cyprus) quantitative and qualitive needs, analyse the training needs, identify accommodation shortages and other difficulties and/or matters related to the “hotel staffing problem” and propose solutions and make new data available for the scientific community.  

 

  1. Establishing, exercise or defend legal claims  

 

 

  1. SUPPLIERS  

We will use the personal data We collect about you:  

  • For performing certain legal obligations – entering into agreement.  
  • To enable Us to receive and manage services from you.  
  • For facilitating Us targeting appropriate marketing campaigns.  
  • For assisting Us to establish, exercise or defend legal claims.  
  • To deal with any enquiries you have about Our Services and Website/Platform.  
  • To allow you to access and use Our Website/Platform.  

 

VISITORS  

We will collect, use and store the personal information for the following reasons:  

  • to allow you to access and use Our Website/Platform.  
  • to receive enquiries from you through the Website/Platform.  
  • for improvement and maintenance of Our Website/Platform and to provide technical support for Our Website/Platform.  
  • to ensure the security of Our Website/Platform.  
  • to evaluate your visit to the Website/platform and prepare reports or compile statistics to understand the type of people who use Our Website/Platform, how they use Our Website/Platform and to make Our Website/Platform more intuitive. Such details will be anonymized as far as reasonably possible and you will not be identifiable from the information collected.  
  • If you have provided a personal email address or mobile phone number and consented to contact you (including by email or post) with information about Our services which either you request.  

The services of this platform/ Website are not directed or intended for individuals under the legal age to form a binding contract in their country of residence, and We do not knowingly collect or solicit information from children. If We become aware that a child under that age has provided Us with personal information, We take steps to remove such information from Our servers as soon as practically possible. If you are aware that an individual under the legal age to form a binding contract in their country of residence has provided Us with personal information, please contact Us at  [email protected] .    

 

  1. Disclosures of your personal data  

We may disclose information that concerns you if We are legally required to do so pursuant the provisions of the GDPR, applicable local legislation as amended from time to time as well as any other relevant legislation. We may from time to time disclose personal data to other entities in the group or to third parties for any of the purposes listed above; or to enforce or apply Our terms and conditions and other agreements and/or based on your consent/instructions.    

Where the party to whom We share your personal information is a legal entity, We hereby affirm that We will take all reasonable steps and/or actions to confirm that the employees and/or representatives of such a third party will execute their duties in accordance with the highest industry standards and will comply with all provisions and requirements of the provisions of this Privacy Policy and the local laws and regulations on the protection of personal data (as amended from time to time) and GDPR and any legislation to success it or complement it.   

 

We may share your personal information with Our group companies where it is in Our legitimate interests to do so for internal administrative purposes (for example, ensuring consistent and coherent delivery of Our services to Our customers, corporate strategy, compliance, auditing and monitoring, research and development and quality assurance).  

 

Examples of relevant third parties or categories of third parties to whom We may disclose Personal Data includes any legal - governmental or regulatory authority insurance companies, social security bodies and third party service provider(s) who render services in connection with (among other things) recruitment, payroll, employee benefits, vocational training, research, security; integration and mobility matters. Also, We may disclose Personal Data with third party service providers who perform functions on Our behalf ( including external consultants, business associates, auditors, accountants, legal advisors technical support functions, IT consultants, storage providers);  companies that assist Us in Our marketing – analytics, advertisement and promotional activities.  

When We disclose your Personal Data to third parties who perform services on Our behalf, We ensure that such service providers use Personal Data only in accordance with Our instructions, and We do not authorise them to use or disclose Personal Data except as necessary to perform services on Our behalf or to comply with applicable legal obligations.  

We may also disclose Personal Data to third parties:   

  • if We are under a duty to disclose or share your personal information in order to comply with any legal or regulatory obligation, any lawful request from government, regulator or law enforcement officials or prevent illegal activity;  
  • in order to enforce or apply Our terms and conditions or any other agreement or to respond to any claims, to protect Our rights or the rights of a third party or to prevent any illegal activity; or  
  • in the course of preserving / defending Our legal rights;   
  • where it is in Our legitimate interests to do so to run, grow and develop Our business, such as if We sell or transfer all or part of Our business or assets or if We are in meaningful discussions about such possibility (including through a merger, reorganisation, spin-off, dissolution or liquidation).  

Marketing  

We strive to provide you with choices / information about products and services of ours that We think you might like, as well as those of Our partner companies.  

If you have agreed to receive marketing, you may always opt out at a later date. Kindly note that you have the right at any time to ask Us to stop contacting you for marketing purposes or giving your data to other members of Our group / partner companies.  

If you no longer wish to be contacted for marketing purposes you may do so by logging into the Website and checking or unchecking relevant boxes to adjust your marketing preferences or by following the opt-out links on any marketing material sent to you or by Contacting Us at any time at [email protected].  

  1. International Transfers (Outside the European Union and the European Economic Area)  

GDPR and the applicable local legislation, as amended from time to time, prohibits the transfer of personal information outside the European Economic Area (“EEA”) unless specific requirements are met for the protection of that personal information.  

Your personal data will be transferred to countries outside the European Union or EEA in cases where (i) it is required by law – (reporting obligations under tax law); or (ii) if you have granted Us your consent or (iii) if Our affiliates / associates are based outside the EEA.   

Whenever We transfer your personal data out of the EEA, We ensure a similar degree of protection is afforded to it by ensuring that We will transfer your data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.  

You should be aware that transferring personal data to a third country or an international organisation entails possible risks to you due to the absence of an adequacy decision and appropriate safeguards to their use.  

 

  1. Third-party links  

This Website / platform may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave Our Website / platform, We encourage you to read the privacy policy of every website you visit.  

 

  1. Cookie Policy  

Cookies are  small text files stored in a user’s devise . When you visit Our Website Our system automatically collects information about your visit, such as your browser type, your IP address and records your navigation to the Website. Cookies do not contain any information that could identify the individual user personally. You can set your browser not to save any cookies of this Website and you may also disable cookies manually. However, please note that by disabling or refusing cookies some parts of this Website may become inaccessible or not function properly.  Additional information on how We use cookies and how you can control these can be found in Our Cookie Policy  

 

  1.   Consent  

According to the provision of GDPR your consent must be freely given, be specific, must be a result of an informed and unambiguous indication, by statement or by a clear affirmative action for the process of the personal data relating to you. Insofar that you have granted Us consent to the processing of personal data. We are able to process them in accordance with the provisions of the present Privacy Policy. Where you have granted Us consent to the processing of personal data for marketing purposes, the lawfulness of such processing is based on your consent. Any such consent granted, may be revoked at any time by contacting us here .  It must be noted that the withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.   

It must be brought to your attention that We will use your personal data for the purposes for which We collected it and to which you have provided your consent however We may proceed with the processing of personal data for purposes other than those for which the personal data were initially collected only where We reasonably consider that the processing is compatible with the purposes for which the personal data were initially collected. In such a case, no legal basis separate from that which allowed the collection of the personal data is required.  

Please note that We may process your personal data without your knowledge or consent, where this is required or permitted by applicable law / regulations.  

 

  1. Data Security  

In accordance with one of the principles of GPDR We are committed to take all reasonable and appropriate steps for your personal data to be processed in a manner that adheres to the data protection principles and ensures appropriate security, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’).  

We thus enforce physical, electronic and managerial measures for safeguarding your personal data secure in connection with all the elements of collection, storage, process and disclosure. These measures include:  

 

  1. Building awareness about data protection and providing educating and training to relevant staff to ensure they are aware of Our privacy obligations when handling personal data;  
  2. Administrative and technical controls to restrict access to personal information on a ‘need to know’ basis such as; authorised access to personnel / associates / agents / contractors / other third parties who need it to carry out their responsibilities;  
  3. Encryption, pseudonymisation or anonymisation of personal data whenever possible;  
  4. Technological security measures, including fire walls, encryption and anti-virus software;  
  5. Physical security measures, such as staff security passes to access Our premises;    
  6. We have in place a procedure to deal with any suspected personal data breach and will notify you and any applicable regulator in the event of a data breach as soon as practically possible.  

 

Whilst We use appropriate security measures (technical and organisational) to safeguard your personal data, you should be aware that the internet is an insecure environment; thus, the transmission of data over the internet is never completely secure.  We endeavour to protect personal information, and We will continue to update these measures, as appropriate, but We cannot guarantee the security of data transmitted to Us or by Us.  

 

  1. Data Retention  

Employers & Service Providers  

We will hold your personal information on Our systems for the longest of the following periods: (i) as long as is necessary to fulfil the purposes (the relevant activity or services) We collected it for (ii) any retention period that is required by law or (iii) until you request to be erased.  

Candidates  

We will retain your personal data for a period of 18 months after your last application date (if you are unsuccessful, We shall retain your personal data for a period of 18 months upon your explicit consent).   

We retain your personal data for that period to be able to demonstrate in the event of a legal claim, that We have not discriminated against candidates on prohibited grounds and that We have conducted the recruitment exercise in a fair and transparent way. Moreover, and subject to your consent, We retain such personal data in case a similar job vacancy becomes available for which you will be a fitting candidate. Following this period, We will securely destroy your personal data.  

  1. Your Legal Rights  

Pursuant to the provisions of GDPR and the applicable local legislation, as amended from time to time, you are afforded with various rights, in relation to your personal data. In particular, you have a right to:  

 

(a) Receive access to your personal data (commonly known as a “data subject access request”). This enables you to request to obtain from Us a copy of the personal data We hold about you and to check that We are lawfully processing. You are thus eligible to obtain details of any personal data used for profiling (including the categories of data used as an input to construct / create a profile and details on which segments you have been placed into).  

 

Note : the first copy of this information is provided free of charge but We reserve the right to charge you with an administrative to charge a reasonable fee for subsequent copies.  

 

(b) Request correction (rectification) of your personal data which We process. This enables you to have any incomplete or inaccurate data We hold and process about you, completed and/or corrected; though We may need to verify the accuracy of the new data you provide to Us.  

 

(c) Request erasure of your personal data. This right provides you with the opportunity request from Us to erase personal data concerning you (known as the “right to be forgotten”) where there is no good reason for Us to continue to process it. Indicatively, but not exhaustively, such reasons are considered to be (i) the personal data are no longer necessary in relation to the purposes which were collected or processed and (ii) the consent on which the processing has been given has been withdrawn). Please note that We may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.   

 

Your rights to rectification and erasure apply to both the ‘input personal data’ (the personal data used to create the profile) and the ‘output data’ (the profile itself or any ‘score’ assigned to you).  

 

In addition, you also have the right to request from Us to erase your data where you have exercised your right to object to processing (see Object to processing below).  

 

(d) Object to processing of your personal data , including profiling, where We are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground; as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where We are processing your personal data for direct marketing purposes. If you object to processing for direct marketing purposes, then We shall stop the processing of your personal data for such purposes. In some cases, WeWe may demonstrate that We have compelling legitimate grounds to process your information which override your requests.  

 

(e) Request the restriction of processing of your personal data. You have the right to request from Us to suspend the processing of your personal data in the following cases:  

 

(1) If you consider that your data is not accurate;  

(2) Where processing of your personal data may be unlawful but you do not wish for Us to erase it;  

(3) Where you need Us to maintain the data even if it is not relevant any more, but you want Us to keep it for use in possible legal claims;  

(4) Where you may have already objected to the use of your personal data but We need to verify whether We have overriding legitimate grounds to use it.  

Your right to restrict processing applies to any stage of a profiling process ( whether data collection / automated analysis to identify correlations / at applying the correlation to an individual to identify characteristics of present or future behaviour ).  

 

(f) Request to receive a copy of your personal data in a format that is structured and commonly used and transfer such data to other organisations. You may request the transfer of your personal data directly by Us to other organizations (data portability).  

 

(g) Withdraw your consent with regards to the processing of your personal data at any time where We are relying on consent to process your personal data. However, We note that any withdrawal of consent shall not affect the lawfulness of processing which was based on consent before it was withdrawn or revoked by you. If you opt to withdraw your consent, We may not be able to provide certain products or services to you. We will of course advise you if this is the case at the time you withdraw your consent.  

 

To exercise any of your rights, or if you have any other questions about Our use of your personal data, please contact Us at  [email protected]  

 

If you consider that you have exercised any or all of your data protection rights and still feel that your concerns about how We use your personal data have not been adequately addressed by Us, you have the right to file a complaint with the Commissioner for Personal Data Protection. For the contact details of the Commissioner for Personal Data Protection please see para. (14)of this Privacy Policy .      

 

What We may need from you  

We may need to request specific information from you in order to help Us verify your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up Our response.  

 

  1. Time limit to respond  

We try to respond to all legitimate requests within a month. Occasionally, it may take longer than a month if a request is particularly complex and/or you have made a number of requests. In such case(s), We will notify and keep you updated on your request(s).  

 

  1. Changes to the Privacy Notice  

We reserve the right to modify this Privacy Policy from time to time.   

To let you know when We make any such modifications to this Privacy Policy, We will amend the revision date at the top of the first page. Any such modifications will apply from that revision date. Therefore, We encourage you to occasionally review this Privacy Policy to be informed about how We are protecting your information.   

 

  1. How to Contact the Supervisory Authority  

 

Office of the Commissioner for Personal Data Protection  

Independent Supervisory Authority for the protection of the individual.  

Office address: Iasonos 1, 1082 Nicosia, Cyprus  

Postal address: P.O.Box 23378, 1682 Nicosia, Cyprus  

Tel:  +357 22818456  

Fax:  +357 22304565  

Email: commissionerdataprotection.gov.cy  

Website:    https://www.dataprotection.gov.cy         

 

 

 

  1. Glossary  

“Candidates”  

means the persons who are seeking to receive services from and/or through the Platform for recruitment purposes and/or integration / mobility (accommodation) services and/or vocational trainings and/or as for any other service the Candidate will consent to receive.  

“CDPC”  

means the Cyprus Data Protection Commissionaire.  

“Company” or “Controller” or “Us” or “We” or “Our” or “Platform”  

instant.com.cy. [the definition given in section 1 of this Privacy Policy.]  

“Cyprus”  

means the Republic of Cyprus.  

“DPO”  

means the Data Protection Officer.  

“GDPR”  

means the General Data Protection Regulation (EU) 2016/679.  

“Sensitive Personal Data”  

means personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation.  

“Service Providers”  

means based on the context of the text:  

 

  1. The Employers (legal or natural person) who seek via the use of the Website/Platform to fulfilling their job vacancies with potential candidates and/or for receiving services in relation to integration / mobility (accommodation) for their employees / potential employees and/or for vocational training of their employees and/or for potential employees and/or for any other services they will agree with the Website / Platform.  

 

  1. The persons (legal or natural) – referred to herein as the “Suppliers” who have agreed to provide their services through the Website/Platform and/or via integration to their own platforms; under the terms which they will agree with the Website/Platform.  

“Third Parties”  

means:  

  • Service providers acting as processors based in Cyprus who provide IT and system administration services.  
  • Professional advisers acting as processors including lawyers, bankers, auditors, health care providers and insurance providers based, car leasing companies and any other relevant services providers for incoming hotel staff who provide consultancy, banking, legal, insurance and accounting services.  

“Personal Data”  

means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person; as this has been defined in Article 2 of the GDPR.  

“Privacy Policy”  

means the present Privacy Policy as this may be amended from time to time.  

“User(s)”  

means the Website Users.  

“Visitor”  

means the person who visits and/or explores the Website/Platform without being registered as a Candidate / Service Provider.  

“Website” or “Platform”  

instant.com.cy  

“Website Users”  

means all the persons, whether Candidates, Service Providers, Visitors or otherwise as the case may be who visit the Website/Platform.