Website Privacy Notice
The Cyprus Chamber of Commerce and Industry (“CCCI”, “we”, “us”) is a private corporate body functioning under special law. The CCCI is the union of Cypriot businessmen, the interests of whom it promotes by submitting to the government and the Parliament the members’ positions on matters in which they are involved, while, through its participation in tripartite bodies and committees, it conveys and promotes the views of the business community.
This privacy notice describes how we process your information when you visit our website ccci.org.cy (regardless of where you visit it from) and tells you about your privacy rights.
How To Contact Us
What Personal Data We Collect About You Through Our Website
Who We Share Your Personal Data With
How Long We Store Your Data For
Where We Store Your Data
Marketing Communications Preferences
How We Protect Your Personal Data
Cookies and Social Media Plugins
How to Contact Us
The CCCI is the Controller of your Personal Data. We have appointed a Data Protection Officer (DPO) who is responsible for overseeing questions in relation to this privacy notice.
Email address: firstname.lastname@example.org
Postal address: 38, Grivas Dhigenis Ave. & 3, Deligiorgis Str.,
P.O.Box 21455, 1509 Nicosia
You have the right to make a complaint at any time to the Office of the Commissioner for Personal Data, the Cypriot supervisory authority for data protection issues. You may find more information about making a complaint to the Office of the Commissioner of Data Protection by visiting the website www.dataprotection.gov.cy
You can request access to your personal data including copies of all the Personal Data we hold about you and you can request for these to be corrected in case they are inaccurate.
You can object to the processing of your data where we are relying on a legitimate interest to process it and, you can always object if your Personal Data is being processes for direct marketing purposes.
You can ask us to suspend the processing of your Personal Data for example if you want us to establish its accuracy or the reason for processing it.
You can also request us to delete or remove your Personal Data when there is no good reason for us to continue processing it.
Furthermore, whenever we rely on your consent to process your Personal Data you may withdraw your consent at any time.
How to exercise your rights. If you want to exercise any of the rights described above, please contact us using the contact details in the Contact Us section in our website or by e-mailing/writing to us at the addresses provided in the “How to Contact Us” section of this Notice.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your Personal Data or to exercise any of your other rights. This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
What Personal Data We Collect About You Through Our Website
Most of the personal information we process is provided directly by you when you use our website and when you use our online forms. In particular:
Type of data
Lawful basis for processing
When you make an enquiry, request or complaint by using our online “Contact Us” form, we process your Personal Data so we can fulfil your information request to us.
(a) your name
(b) your e-mail
(c) the content of your message
Our legal basis for this processing is our legitimate interests in order to handle all requests, enquiries and complaints
Data collected through cookies
For any cookies which are not strictly necessary for the operation of our website, we will seek your consent which you can withdraw at any time.
Who We Share Your Personal Data With
We may share your Personal with third parties in the ways that are described in the table below.
Why we share it
Our service providers provide us support including, for example, website development, hosting, maintenance, backup, storage, virtual infrastructure, and other services which may require them to access or use Personal Data about you.
Our lawyers, accountants, bankers, auditors and insurers may need to review your personal data to provide consultancy, compliance, banking, legal, insurance, accounting and similar services.
Legal and Tax Authorities, Regulators and Participants in Judicial Proceedings
The CCCI may disclose your Personal Data if we believe it is reasonably necessary to comply with a law, regulation, order, subpoena, or audit or to protect the safety of any person, to address fraud, security or technical issues, or to protect our legal rights
How long we store your Personal Data
We will only retain your Personal Data for so long as we reasonably need to use it for these purposes unless a longer retention period is required by law (for example for regulatory purposes). You can find out more about the retention periods of your Personal Data by contacting us at the contact details provided above in the “How To Contact Us” section of this Notice.
Where We Store Your Personal Data
Your Personal Data are held in Cyprus. Personal Data that you provide us may be stored, processed and accessed by us, our staff, sub-contractors and third parties with whom we share Personal Data in Cyprus or elsewhere inside or outside of the EU for the purposes described in this notice. We may also store Personal Data in locations outside the direct control of CCCI (for instance, on servers or databases co-located with hosting providers).
Whenever we transfer your Personal Data outside the European Economic Area (EEA), we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- We will only transfer your Personal Data to countries that are deemed to provide an adequate level of protection for Personal Data by the European Commission.
- Where we use certain service providers, we may use specific contracts approved by the European Commissioner which give Personal Data the same protection it has in Europe.
- Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to Personal Data shared between Europe and the US.
Please contact us if you want further information on the specific mechanism used by us when transferring your Personal Data out of the EEA.
How We Protect Your Personal Data
The CCCI uses industry-standard physical, managerial, and technical safeguards to preserve the integrity and security of your personal information. We limit access to your Personal Data to those employees and other staff who have a business need to have such access. All such persons are subject to a contractual duty of confidentiality.
We have put in place procedures to deal with any actual or suspected Personal Data breach. In the event that personal information is compromised as a result of such a breach of security, the CCCI will promptly notify those persons whose personal information have been compromised, in accordance with the notification procedures required by applicable law.
Marketing Communications Preferences
You can ask us to stop sending you marketing messages or modify your email preferences at any time through any of the following methods:
- by following the opt-out links on any marketing message sent to you; or
- by contacting us at any time using the contact details provided
Cookies and Social Media Plugins
Our website uses session and persistent cookies in order to provide you with an easy and comfortable web service. We will seek your consent to use any cookies which are not strictly necessary for the operation of our website, which you can withdraw at any time.
We use session cookies (which are automatically deleted at the end of each session) that, for example, allow us to identify you as the same user (but no more) over a session on our website.
Social Media Plugins
On certain webpages of our website we have the so-called social media plugins, in particular Facebook’s “like” button, Twitter’s buttons, LinkedIn’s button and Google’s YouTube’s button. When you visit our website, your browser will establish a direct connection to the respective Facebook, Google, LinkedIn and/or Twitter server and load the button from there. At the same time Facebook, Google, LinkedIn and/or Twitter will know that the respective page on our website has been visited. This processing is based on your consent.
We have no influence on the data that Facebook, Google, LinkedIn and Twitter collect on the basis of the buttons. According to the available information, however, if you do not click on the respective buttons no personal data will be collected and stored unless you have logged onto to your Facebook, Google, LinkedIn or Twitter account. In that case certain user data (including your IP address at the time) may be collected and linked to the account information already present at Facebook, Google LinkedIn or Twitter, respectively. If you wish to prevent this, please log out of your social media accounts before visiting our website.
In addition, clicking a button may also lead to a collection of certain data, such as the user’s IP address. Facebook, Google, LinkedIn or Twitter may set cookies as well, unless you have disabled the acceptance and storage of cookies in your browser settings.
We receive no information from Facebook, Google, LinkedIn or Twitter about which social media buttons you may have clicked or seen on our website, but, if at all, we may receive a summarized, non-person-related statistical report on the use of the buttons.
If you wish to obtain more information on the subject go to:
Quality and Environmental Management Policy
Having a leading role in the commercial world and the national economy in general, the CCCI aims to systematically meet the requirements of each member and all other stakeholders for sustainable development in the most efficient and effective way.
To achieve our goal, the Organisation’s management is committed to:
- Comply with all the provisions of the laws and regulations affecting the operations of the CCCI
- Provide to its entire staff with the infrastructure needed to deliver quality and environmentally friendly services
- To record, investigate and evaluate all opportunities for improvement, including derogations from the guidelines and procedures of the Organisation
- To provide systematic improvement of working methods, work environment and continuous upgrade of its technology
- To universally implement and continuously improve the management system by involving all executives and staff
- To appoint competent and experienced staff
- To foster partnerships and information sharing with all external providers and other stakeholders
- To maintain effective channels of communication and consultation with staff and all stakeholders. Among other things the operation of Committee on Health, Safety and Environment
- To define and review the goals and objectives of environmental management, quality and health and safety at work
- To create the necessary conditions encouraging staff to participate in the formulation of management system policies
For the most effective implementation of the above goals and objectives the Organization has designed and implemented an integrated management system in accordance with ISO 9001: 2015 and ISO 14001: 2015 standards.
EVENT PRIVACY NOTICE
- WHAT IS THE PURPOSE OF THIS DOCUMENT?
The Cyprus Chamber of Commerce is committed to protecting the privacy and security of your personal information. This privacy notice tells you about the information we collect from you when you register to attend one of our events. In collecting this information, we are acting as a data controller. By law we are required to provide you with information about us, about how and why we use your data and about the rights you have over your data.
- 2. DATA PROTECTION PRINCIPLES
We will comply with data protection law and principles, which means that your data will be:
- Used lawfully, fairly and in a transparent way.
- Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
- Relevant to the purposes we have told you about and limited only to those purposes.
- Accurate and kept up to date.
- Kept only as long as necessary for the purposes we have told you about.
- Kept securely.
- THE KIND OF INFORMATION WE HOLD ABOUT YOU
Events attended in person
When you register to attend one of our events, we will collect, store, and use the following categories of personal information about you:
- The information you have provided to us when completing a booking form or when registering online to attend our events, including organization, title, first name, last name, job title, telephone number, mobile number, email address, address, city and postal code.
- Where there is a participation fee to attend the event we also ask for payment and if you choose credit card as a method of payment we ask for card number, expiry date, cardholder name and signature.
- Communication information. When you send us an e-mail or other communication we retain that communication in order to process your enquiries and respond to your requests.
- Surveys you may be requested to fill out in some events.
Additionally, when you register to attend one of our online events we collect the following information about you:
Organization, title, first name, last name, job title, telephone number, mobile number, email address, address, city and postal code
Online events will be recorded for post-conference streaming so that all registered attendees will be able to revisit the sessions and catch up with the talks they’ve missed.
- HOW IS YOUR PERSONAL INFORMATION COLLECTED?
We collect personal information about you from the following sources:
- You directly
- Your employer/organisation
- Associations affiliated to us wishing to invite you to an event organized by them
- HOW WE WILL USE INFORMATION ABOUT YOU
We will only use your personal information when the law allows us to. Most commonly, we will use your personal information in the following circumstances:
- Where we need to perform the contract, we have entered into in order to provide a service to you and your organisation. In other words, we will use your information in order to arrange that you attend our events.
- Where we need to provide you with the information, products and/or services that you request from us.
- Where we need to comply with a legal obligation.
- We may in some circumstances rely on your consent, notably when we want to send you our newsletters and circulars. In those circumstances, we will specifically ask whether you agree to us using your data in specified ways. You can withdraw your consent and ask us to delete your information at any time – please see section 11.
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. As you have shown interest in attending our events, we rely on this legal basis to send you information and updates about future events that may be of interest to you. If you DO NOT wish to receive this information, you have the right to object to this by contacting our Data Protection Officer at email@example.com or by clicking the unsubscribe link at the bottom of our e-mails.
Some of the above grounds for processing will overlap and there may be several grounds which justify our use of your personal information.
- AUTOMATED DECISION-MAKING
You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making.
- 7. DATA SHARING
We may share your data with third parties, including the event organisers and third-party service providers where required by law, where it is necessary to administer the working relationship with your business or where we have another legitimate interest in doing so.
We may sometimes charge a fee to attend an event. If this happens, our communications about the event will provide details of the data processor, we use to collect payments.
We require third parties to respect the security of your data and to treat it in accordance with the law and we have appropriate agreements in place.
- DATA SECURITY
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees and agents who have a business need-to-know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality. Details of these measures may be obtained from our Data Protection Officer.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
- DATA RETENTION
We will retain your personal information only for as long as we need it or until you withdraw your consent or you object to processing when exercising your rights in accordance with section 11 below. You can contact our Data Protection Officer at firstname.lastname@example.org to find out more about our retention times.
RIGHTS OF ACCESS, CORRECTION, ERASURE, AND RESTRICTION
Under certain circumstances, by law you have also the right to:
- Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
- Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
- Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
- Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
- Request the transfer of your personal information to another party but only for information processed by automated means and where the processing is based on your consent or on contract
- Right to withdraw consent at any time for processing for any purpose for which you have given consent.
If you want to exercise any of the above rights, please contact our Data Protection Officer at email@example.com.
- DATA PROTECTION OFFICER
We have appointed a Data Protection Officer to oversee compliance with this privacy notice. If you have any questions about this privacy notice or how we handle your personal information, please contact our Data Protection Officer at firstname.lastname@example.org. You have the right to make a complaint at any time to the Commissioner of Personal Data Office, the Cyprus supervisory authority for data protection issues.
Responsibility for implementing our policy lies with the CCCI Directorate along with the support of all staff. Based on the experience, proven competence and the great potential of our staff, the management looks forward to the systematic satisfaction of all stakeholders regarding the quality of services provided, always in combination with responsible environmental management.
The policy of the organization is available to all stakeholders and is continuously monitored so that it remains relevant and appropriate for the organization and is reviewed regularly during Management Meetings.