Privacy</br> Policy

Privacy
Policy

Data Protection Policy

Α. PURPOSE

I. OUR ORGANIZATION

Frederick University is a private university operating in the Republic of Cyprus, a member state of the European Union. Frederick University was established after a decision by the Council of Ministers of the Republic of Cyprus on 12th September 2007 and following the successful, long-running courses of the Frederick Institute of Technology in education and research. In January 2012, the University received its final license after a decision by the Cabinet.

The mission of Frederick University is the provision of learning opportunities through teaching and research in the areas of science, technology, social sciences, and the arts, as well as a systematic contribution to the wider social context. The education offered is of high quality and leads to recognized qualifications that ensure the University’s graduates professional career and advancement in Cyprus and abroad.

The main objectives of Frederick University are:

1. the promotion of science, knowledge and education through teaching and research aiming at the enhancement of society in general,
2. the dissemination, application and scientific exchange of knowledge, and
3. the provision of high-quality, internationally-recognized undergraduate and postgraduate education.

II. DATA CONTROLLER

In order to improve the services which are provided, Frederick University collects several personal data. Under its capacity as Data Controller, Frederick University defines all the procedures, means and purpose of processing personal data in accordance with the requirements of the relevant European Legislation on Personal Data (General Data Protection Regulation - Regulation 2016/679).

In particular, it is required to facilitate the data subject whenever the latter wishes to exercise its legally and institutionally protected rights. Some of the subject's most fundamental rights are those of information, access, rectification, erasure, restriction of processing, portability, and object. The main importance of these rights is as follows: the data subject has the inalienable right to know not only that personal data are being collected and processed, but also which they are. It has the possibility to request the rectification of inaccurate data and their updating. It also has the right to request the erasure of data, with respect to certain conditions. In particular, it may take such action when, for example, the data are no longer necessary or when the data subject has withdrawn its consent or the processing of data is illegal. In all these cases, the person claims damage to his personality.

Through this Privacy Policy (hereafter "Policy"), we would like to give you an example of some of our practices and policies for the collection, use, exchange and processing of data collected by or for you.

This Policy applies regardless of whether you access to our site through your personal computer, mobile device, or any other technology or device. For any questions, please contact Frederick University's Data Protection Officer through the following email address: dpo@frederick.ac.cy (see contact details of the Data Protection Officer below).

III. JOINT DATA PROTECTION OFFICER AND RELATION WITH THE DATA CONTROLLER

It is underlined that in all cases where Frederick University enters into agreements with either other academic institutions or other organizations / unions / bodies, all parties are considered as “joint controllers”. In addition, Frederick University may delegate to third parties (natural or legal) certain tasks on its behalf. In this case, the third person becomes "data processor". In any case, Frederick University takes all the appropriated measures in order to protect and process legally the personal data (ie written contracts with explicit assignment of responsibilities, etc.)

Β. CATEGORIES AND USE OF COLLECTED DATA 

Purpose of data processingPersonal dataPossible consequences of failure to provide personal dataLegal basis for processing
Enrolment as a student in University’s programs of study Required personal identifying information (eg full name, father's name), contact details, statement of consent Failure to register /
failure to start program of study
Execution of contract / Legal obligation / Consent
Communication with a student or third person or organization to provide information about programs and / or services of the University Contact details (name, address, telephone, e-mail address) Insufficient service Execution of contract / Consent
Data record for historical, statistical and research purposes (archive file) Required personal identifying information (name, surname, address, telephone number, e-mail address, registry number) Failure to archive a file Legal obligation / Consent
Communication with a student or a third party (company, organization) to settle financial obligations/issues Personal Identification data
Financial abeyance
Legal obligation / contract execution
Reports to the national regulatory authorities (eg for tax purposes) Personal identification data, financial information, social security information Failure to perform a legal obligation Legal obligation
submission of student’s data to partner organizations (such as academics, foundations or professional organizations) for communication purposes Personal Data Insufficient communication / poor co-operation Legal obligation / consensus
Collection of data for the purposes of investigating, prosecuting, identifying criminal offenses and safeguarding University property Personal Identification data (image) inability to investigate, prosecute, identify criminal offenses Legal obligation / performance of contract / information / consent


C. DISCLOSURE OF PERSONAL DATA


Frederick University will not assign, disclose or rent your personal information to any third person / organization / entity in a manner different from that described in this Policy. However, we reserve the right to disclose your personal information to third parties:

3.1 In case of compliance with any legal or regulatory obligation as described above

3.2 In order to cooperate with law enforcement agencies to enforce laws and to investigate and prosecute illegal activities, frauds, property damage. We reserve the right to disclose any information relating to you to law enforcement agencies and other competent bodies that, in our estimation, is necessary or related to any fraud investigation or other illegal activity.

In particular, these authorities are:

  • Judicial authorities
  • Police prosecution authorities
  • Financial Services of the Republic of Cyprus


3.3 We will not disclose your personal data to third parties outside the European Union, in countries where there is no secure data protection regime. However, if such a transfer of data is required, it will be done in accordance with the necessary safeguards laid down by European legislation (Regulation 2016/679) and following previous cooperation with the national supervisory authority for the protection of personal data, namely the Office of Personal Data Protection Commissioner of the Republic of Cyprus.

D. TIME LIMIT OF DATA STORAGE

4.1 Your data will be stored for a certain time, with absolute respect to the purpose for which data were collected, in accordance with the principles of data minimization and storage limitation.

Based on those principles, your data will be retained for as long as your contractual relationship with Frederick University is in force. Once your contractual relationship expires, your data will be retained for longer periods of time for historical, research, and statistical purposes. Particularly:

For former students or alumni, their data will be retained for fourty (40) years. After this period, their personal data shall be limited, in accordance with the principle of data minimisation, and may be stored, under the method of pseudonymisation, for longer periods (for 60 years) insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes.

For companies / organizations / other entities, after their contractual relationship with Frederick University, their data will be retained for statistical and historical purposes for fifteen (15) years.

Students’ data, provided with their explicit consent, are stored for a period of one year at the University Archive Office, subject to the legal exercise of data subject's rights (information, access, rectification, erasure, restriction to processing, object). After one year, their data are deleted. It should be noticed that the University takes every appropriate measure (such as pseudonymization and cryptography) to protect and process thοse data in a secure way.

In addition, we align the retention of your data with possible variations resulting from the exercise of your rights to the protection of your personal data. However, in some cases, certain personal information may be retained beyond that time due to possible legal obligations, legitimate interests, etc. Such cases are likely issues related to:

  • Money laundering
  • Taxation
  • Financial Pending
  • Legal Obligation
  • Any other legal issues

E. DATA STORAGE

5.1 Data of both students and academic and other staff of Frederick University are reserved and stored at the Frederick University Archive Office, under the sole supervision of the Office's Managing Director. Access to such data may be granted by the University’s Administration, the Deans of the Schools and the Presidents of the Departments, for academic purposes. Access to data is also permitted to administrative officers during the performance of their duties.

5.2 Other persons’ data (such as suppliers or other persons working with any form of contractual relationship with Frederick University), who are other persons than those described in paragraph 5.1, shall be kept and stored at the Frederick University's Accounting Office under the sole supervision of the Head of the Office. Access to those data is also permitted to the members of Administrative Council of Frederick University.

F. RIGHTS OF PROTECTING YOUR PERSONAL DATA

6.1 At any time while we maintain or process your data, you retain the following rights and you may submit a request through your personal account:

  • Right to information - you have the right to know that personal data are collected and processed
  • Right of access - you have the right to access the personal data we hold for you
  • Right to rectification - you have the right to correct inaccurate or incomplete data that we hold for you
  • Right of erasure - You may request that the data we hold for you shall be deleted and we are obliged to satisfy your request in specific cases when the law allows us
  • Right to restriction of processing - You have the right to obtain from the controller restriction of processing with respect to certain conditions, such as where the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data or where the processing is unlawful
  • Right to data portability - You have the right to request that the data we hold for you be transferred to another organization. This right does not apply when data is processed for purposes of public interest
  • Right to object - you have the right to object to processing of your personal data, unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims
6.2 We will evaluate your request and respond to you about its progress (approval of a request, partial approval of a request, rejection of a request) as soon as possible and in any case within one month of its submission.

6.3 If your requests are repeated or require disproportionate technical efforts or may affect the privacy of third parties, we may either reject them as unfounded or demand a reasonable fee. In any case, the answers to your requests from Frederick University will be reasoned and communicated to you (either in print or electronically)

6.4 You have the right to submit a complaint directly to the National Personal Data Protection Supervisory Authority and the Frederick University’s Data Protection Officer.

G. UPDATING PERSONAL DATA

7.1 Beyond exceptional circumstances, you may check, update or delete some personal information.

7.2 You can obtain a copy of your personal information through your personal account. For your protection, you will need to prove your identity to receive such copies. You should include the necessary information to identify yourself and other relevant information to help us fulfill your request. If you want to end your partnership or your relationship with Frederick University, you can also contact the University Administration (in case you represent a company or other organization) or the Registration Office (for students). We will comply with such requests unless we have a legal obligation or a legitimate interest in not deleting the data.

H. INSURANCE

8.1 Frederick University shall take every necessary and appropriate measure in order not only to protect your personal data but also to prevent or minimize any harm to them. Those measures are compatible with modern best practices and the requirements of European legislation. The methods of pseudonymization and cryptography are reported as typical examples. Of course, Frederick University apply supplement methods to protect personal data, such as the creation of strong security codes, tracking and controlling operations under legal conditions, and strict adherence to a policy of confidentiality. All of these actions intend to prevent data from misuse, unauthorized access or disclosure, loss, alteration or destruction.

I. ADVERTISING MESSAGES.

9. The sending of advertisements and newsletters by any manner (either via electronic form or in print) for University Programs and Events is only made upon free and explicit consent of the data subject, following the relative predictions of the GDPR. It is also possible to send marketing communications under the lawful basis of "legitimate interests", according to the e-Privacy Directive and its relative requirements.

J. CHANGES IN DATA PROTECTION POLICY

10.1 Given the flexibility of the needs of the University as well as the evolution of the legal regulatory framework, Frederick University's Data Policy is subject to regular review and constant updating while providing optimal protection of your personal data. Any updates will be communicated to you via the existing website or by mail or electronic communication, based on the contact details you have given.

K. DEFINITION OF DATA PROTECTION - COMMUNICATION

11.1 In accordance with the requirements of European law (Regulation 2016/679, article 37), we inform you that Frederick University has appointed as Data Protection Officer: Dr. Kouroupis Constantinos, Assistant Professor at the Department of Law of Frederick University.

If at any time you believe we are not complying with the provisions established in this Policy or if you have any other matter related to data protection, please contact the Data Protection Officer through the contact details below.

Email: dpo@frederick.ac.cy
Tel. 22394429