What is the purpose of this document?
Municipality of Athienou (hereinafter referred to as “the Organisation” or “us”, is committed to protecting the confidentiality and security of your personal data under the General Data Protection Regulation of the EU 2016/679 (“GDPR”) and the Law providing for the Protection of Natural Persons with regard to the Processing of Personal Data and for the Free Movement of such Data of 2018 (Law 125 (I) / 2018).
This data protection and confidentiality policy describes how we collect, manage, use and process your personal information during your use and browsing of www.athienou.org.cy or in connection with any of your dealings with our Organisation or to subscribe to our newsletter.
Municipality of Athienou is a “data controller”. This means that we are responsible for deciding how your personal data is stored and used. We are obliged in accordance to by laws to provide you with the information contained in this data protection and confidentiality policy.
This policy applies to every user of our website, as well as to any user who provides personal data through our website or provides personal data in any other way to our Organisation. This policy is not part of any services contract or any other contract. We may amend, update and/or replace this policy from time to time.
It is important that you read this policy along with any other privacy statements we may provide in specific instances when we collect or process personal information about you, so that you know when, how and why we use this information.
Data protection principles
Municipality of Athienou undertakes to comply with the principles related to the processing of personal data set by the GDPR. These principles state that the personal information we hold about you must:
- Be processed lawfully and fairly, in a transparent manner.
- Be collected only for specified, explicit and legitimate purposes which we have clarified to you and are not processed in a manner that is incompatible with those purposes.
- Be relevant to the purposes we have informed you about and are limited to those purposes only.
- Be accurate and kept up to date.
- Be kept for as long as necessary for the purposes we have informed you.
- Be kept safe.
Contact info
If you have any questions regarding this Data Protection and Confidentiality Policy, please contact us in the following ways:
– Address: Municipality of Athienou, Makariou III Avenue, No. 2, 7600 Athienou, Cyprus
– Telephone No.: +357 24440192
– Data Protection Officer Email: dpo@athienou.org.cy
Personal information we collect and why we collect it
Municipality of Athienou maintains the website www.athienou.org.cy through which personal data is collected. Personal data may also be collected and used in any of your dealings with our Organisation. Below are some cases about the personal information we collect and why we collect it:
Traffic monitoring on our website
The website www.athienou.org.cy uses Google Analytics (hereinafter “GA”) to monitor user interaction with our website. We use this data to determine the number of people who use our website, to better understand how they find and use our website and to track their visit in the website.
Although GA records data such as your geographical location, device, web browser and operating system, none of this information personally identifies you. GA also records the IP address of your computer or mobile device, which could be used for your personal identification, however Google does not provide us access to it. We believe that Google is a ‘processor’.
GA uses cookies, details of which can be found in the Google Developer Guides. Disabling cookies in the internet browser shall prevent GA from tracking any part of your visit to pages of our website.
Data Processing of Citizens and Non-citizens
Regarding citizens and non-citizens, personal information may be collected and processed, among others, in the following cases:
- Provision of services by the Municipality of Athienou
When providing our services to any citizen / non-citizen / expatriate in accordance with applicable laws, such as collection of fees and taxes, issuance of permits, water supply, possible objections and more, we may collect and process the following data:
– Name and Surname
– ID no.
– Mobile phone number
– Address
– Email address
- Expression of interest for receiving updates from the Municipality of Athienou through a mass messaging service (web sms)
In case anyone expresses interest in receiving updates from the Municipality of Athienou through a mass messaging service (web sms), the following may be stored / collected:
– Name and Surname
– Mobile phone number
– Address
– Capacity
– Type of updates
- Complaints Handling
Personal information is also collected for communication, complaint handling and investigation purposes received by the call centre of the Municipality of Athienou.
The following information may be used by us in relation to responding to communications and handling complaints of citizens / non-citizens relating to any issue.
– Name and Surname
– Address
– Email
– Telephone
– Personal data depending on the content of the complaint or communication.
Processing of Municipalilty of Athienoy Staff Personal Data
In relation to the staff employed on a permanent or temporary basis in the Municipality of Athienou, the Municipality of Athienou processes personal data related to the commencement, continuation and termination of employment of each employee in our Organisation, as the case may be. The Municipality of Athienou concludes and maintains contracts with the staff which contain appropriate information regarding the personal data which are processed in relation to them and through which the staff is committed in relation to the confidentiality and the level of personal data protection of our Organisation.
GDPR legal basis for the use of your personal information
We shall use your personal data only in accordance with the GDPR legal bases listed below. We will usually use your personal information in the following instances:
- Where the processing is necessary for the fulfillment of our Organisation’s duty which is performed in the public interest or in the exercise of official authority vested in us.
- Where we take steps prior to the conclusion of a contract at your request or when processing is necessary for the performance of a contract to which you are a party.
- When the processing is necessary for the fulfilment of a statutory obligation.
- In case you have explicitly asked us to do something or when you have given us your consent to process your personal data (e.g. answer a question you may have asked us or subscribe to our newsletter).
We may also use your personal information in the following instances, which may be less usual:
- Where the processing is necessary for the satisfaction of our legitimimate interest or that of a third party, in which the data is disclosed, which (interest) overrides your rights and interests.
- Where necessary to protect your vital interests or those of another natural person.
Special purposes for which we may use your personal data
The circumstances in which we may process your personal data are listed below. The following list indicates the circumstances that may involve the processing of personal data, and also states the legal basis in the GDPR according to which we may process your personal data (the legal basis is indicated by the number next to each circumstance and the number corresponds to in one of the GDPR legal bases above), depending on the circumstance.
- Defining or agreeing with you (or a company related to you) the terms on which we work. [2]
- Providing contractual benefits to you. [2]
- Management of the contract we have concluded with you. [2]
- Management and planning of our Organisation, including the keeping of accounting books and their audit. [1], [2], [3], [5]
- Carrying out audits, imposing fees and taxes and issuing licenses. [1], [3]
- Compliance with health and safety obligations. [3]
- Fraud prevention. [1], [2], [3]
- Monitoring of equal opportunities. [1], [2], [3], [5]
- Sending you informative material in relation to our services. [4]
- Submitting to us a complaint or query or any other request (e.g. for the provision of services). [1], [4]
- Monitoring the use of information and communication systems to ensure compliance with our policies. [1], [2], [3]
Certain cases above overlap and there may be various bases which justify the use of your personal data.
Non provision of personal data
If you do not provide specific information when requested to do so, we may not be able to fulfil our duties or contract with you (such as providing you with a service), or we may be prevented from complying with our legal obligations.
Change of purpose
We will use your personal data only for the purposes for which we collected it, unless we reasonably consider that we need to use it for another purpose and that reason is compatible with the original purpose. If we need to use your personal data for any purpose not related to the original purpose, we will notify you and explain the legal basis which allows us to do so. We may process your personal data without your knowledge or consent, when required or permitted by law.
Right to withdraw consent
In the limited instances where you may have given your consent to the collection, processing and transfer of your personal data for a specific purpose, you have the right to withdraw your consent to this processing at any time. To withdraw your consent, please contact the Data Protection Officer in writing at dpo@athienou.org.cy. Upon receipt of notice that you have withdrawn your consent, we will no longer process your information for the purpose or purposes for which you originally agreed on the basis of your consent, unless we have another legal basis for doing so.
Automated decision-making
Automated decision-making occurs when an electronic system uses personal information to make a decision without human intervention. We have the ability to use an automated decision-making process in any of the following cases:
- When it is necessary to conclude or fulfil your contract with us.
- When permitted by law which also provides for appropriate measures to safeguard your rights, freedoms and legitimate interests, such as e.g. for citizens requesting a discount on any fees based on the information they provided.
- In limited cases, with your explicit written consent and where appropriate measures are in place to protect your rights.
If we make an automated decision on the basis of any special category personal data, we must either have your explicit written consent, or it must be justified in the public interest, and we must also take appropriate measures to safeguard your rights.
You shall not be subject to decisions which have a significant impact on you based solely on automated decision-making, unless we have a legal basis for doing so and have notified you in advance.
Data sharing
We may need to disclose your information to third parties, including any of the service providers we work with. We require our third party associates, where possible, to secure your data and treat it in accordance with the law.
Why can we share your personal information with third parties?
We may disclose your personal information to third parties, where required by law or where we have another legitimate interest in doing so.
Which third party service providers process my personal information?
“Third parties” include third party service providers (including consultants and authorised representatives). The following activities are performed by third party service providers: IT and software services, accounting, auditing and legal services.
How secure is my data with third party service providers?
All third party service providers we work with, are required to take appropriate security measures to protect your personal data in accordance with our policies. We do not allow third party service providers to use your personal data for their own purposes. We only allow your personal data to be processed for specific purposes and in accordance with our instructions.
What about other third parties?
We may disclose your personal information to other third parties or you may disclose information to a third party because you have visited us or interacted with our website or our services. For instance, in the context of your interaction with certain functions which we use, such as the “Like” and “Share” button on Facebook and similar functions of other social media platforms e.g. Instagram, Twitter, etc., you may share your personal information with these third parties. We may also need to disclose your personal information to a regulatory authority or to comply with the law.
International data transfer
Upon receiving your consent, your personal data may be transferred outside the European Economic Area (EEA), however none of the service providers with which we work, are based outside the EEA. Whenever your personal data is transferred outside the EEA, we shall ensure that a similar degree of protection and appropriate guarantees are provided, and we shall ensure that when using non-EEA service providers, we shall use specific contracts approved by the European Commission, which provide to personal data the same protection offered within the EEA. Please contact us if you would like to receive more information about the specific mechanism we use when transferring your personal data outside the EEA.
Data Security
We have implemented measures to protect the security of your data, for example to back up and to protect the integrity of electronic communications and data storage systems.
Third parties may process your personal data only with our instructions and where it has been agreed to treat it confidentially and to maintain the source of the information.
Data retention - How long will you use my data?
We shall retain your personal data only for as long as it takes to fulfil the purposes for which we collected it. In order to determine the appropriate period of retention of personal data, we examine the quantity, nature and sensitivity of personal data, the potential risk of damage from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve these goals by other means and any applicable legal requirements.
In some cases, we may pseudonymise your personal information so that it can no longer be associated with you, so that we may use this information without further notice. As soon as the purposes for which we collected your data disappear, we will safely destroy your personal data in accordance with applicable laws and regulations.
Access, correction, deletion and restriction rights
Your rights in relation to personal data
Under certain circumstances, you have the right to:
- Access your personal data. This allows you to obtain a copy of the personal information we hold about you and to verify that we are processing it legally.
- Correct personal information we hold about you. This enables you to correct any incomplete or inaccurate information we have about you. Please let us know once your personal information changes during your relationship with us.
- Delete your personal information. This allows you to ask us to delete or remove your personal information where there is no reason to continue processing it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to the processing (see below).
- Object the processing of your personal information, where we invoke a legitimate interest (or legitimate interest of a third party) and there is a reason for your particular situation that prompts you to oppose the processing for this reason.
- Non-automated individual decision-making, which concerns you and is made solely on the basis of automated processing, including the creation of an individual profile, which produces legal results that concern you or affect you in a similar way, where you do not consider such processing legal.
- Restrict the processing of your personal data. This allows you to ask us to suspend the processing of your personal information, for example if you wish to confirm the accuracy or the purpose of processing.
- Data portability. You can request the transmission of your personal information to another controller.
If you wish to exercise any of the above rights, please contact the Data Protection Officer at dpo@athienou.org.cy.
Data protection and complaints officer
Taking into account the scale, nature, scope and purposes of our Organisation, we have appointed Ms. Stalo Tziakouri as Data Protection Officer (DPO) to oversee compliance with this data protection and confidentiality policy. If you have questions regaridng this data protection and confidentiality policy or how we handle your personal data, please contact the Municipality of Athienou Data Protection Officer at dpo@athienou.org.cy. You also have the right to file a complaint at any time with the Office of the Personal Data Protection Commissioner, the supervisory authority for personal data protection of the Republic of Cyprus.
Data breaches
We shall report any data breach in the Municipality of Athienou within 72 hours of the breach if it appears that the personal data stored in a recognisable form has been stolen.
COOKIES
Our website www.athienou.org.cy uses “cookies”, a technology which stores data on your computer or mobile phone, using the functionalities of your web browser, in order to collect statistics for visitors of its website. More information regarding the Policy in relation to the cookies of our Organisation is posted on our website.
Changes to this data protection policy
This privacy policy may change from time to time depending on the legislation or industry developments. We shall not explicitly inform our citizens or users of our website regarding these changes. Instead, we encourage you to periodically check this page for any policy changes.
Recognition and Acceptance
By continuing to use www.athienou.org.cy, you acknowledge that you have read, understood and agree to the contents of this policy.