The scope of this policy covers the below mentioned processing activities involving personal or sensitive data where the Centre acts as controller.
The following personal information CRoLEV collects and uses accordingly, namely:
All processing activities shall be based on the following principles:
- Collected for specified, explicit and legitimate purposes only
- Accurate and, where necessary, kept up to date
- Retained only for as long as necessary
- Processed lawfully, fairly and in a transparent manner
- Processed securely, in an appropriate manner to maintain security
- Adequate, relevant and limited to what is necessary
Moreover, CRoLEV will only use collected data in a manner that is appropriate considering the basis on which that data was collected, as set out in the table above.
Examples include the use of data to reply to enquiries sent to CRoLEV, to send news updates where this has been consented to, any other relevant activity connected with the Centre’s activities, etc. No personal data will be shared with third parties unless an explicit consent has been provided by the individual or when CRoLEV is using a third party purely for the purposes of processing data on CRoLEV’s behalf and there is a data processing agreement in place, with that third party that fulfils CRoLEV’s legal obligations in relation to the use of third party data processors.
CRoLEV takes the principles of data minimisation and removal seriously and has internal policies in place to ensure that only the minimum amount of data for the associated purpose is requested and that data is promptly deleted once it is no longer required. Where data is collected on the basis of consent, CRoLEV will seek renewal of consent at least every three (3) years. Where removal of consent is desired, information per project and activity may be found in the corresponding consent form and can be activated.
Regarding cookies, i.e. small files of letters and numbers that are downloaded on to a person’s device when visiting a website, these are used by many websites, e.g. remembering a person’s preferences, recording what a person has put in his/her shopping basket, or counting the number of people looking at a website. Where cookies are used to collect personal data, the Centre lists these purposes in the table above.
However, CRoLEV may also use some cookies that do not collect personal information but that do help the Centre collect anonymous information about how people use the Centre’s website. For this purpose, Google Analytics is used. Google Analytics generates statistical and other information about website usage by means of cookies. The information collected by Google Analytics about usage of CRoLEV’s website is not personally identifiable. The data is collected anonymously, stored by Google and may be used to create reports about website usage.
All those in scope of the policy are responsible for adhering to the requirements of this policy and provide periodic reporting to the Centre on its compliance with this policy.
This Policy is subject to all the laws, rules and regulations that the Centre and UCLan Cyprus are governed by. In the event this policy allows the exercise of discretion, such discretion must be exercised within the confines of the Centre’s and the University’s statutory obligations and shall not contravene any of their legal, accounting or other regulatory requirements.