Personal Data Processing & Private
Information Notice
Why we collect your personal data and
how we will use it
Based on the new EU privacy regulation,
also known as GDPR, we inform you that ICPAC collects, stores, processes and
uses personal data as reflected in this application form, as explained below.
As part of our operational business processes and routines which affect you, we
may process personal data based on one or more of the following legal bases
defined in and allowed by GDPR, specifically (a) your explicit consent; (b)
specific legislation; (c) our legitimate interests; or (d) a contract we may
enter with you for the provision of a service or product to you. In certain
occasions, we may also process your personal data in discharging obligations we
perform in the public interest or when exercising public authority assigned to
us.
Specifically in relation to processing your
application, we use your personal data to seek clarifications or further
information from you; include your personal details on the Students Register of
ICPAC and / or other regulatory bodies as applicable; accept and process
disciplinary claims which you log with us (or which are lawfully logged by
others against you);and communicate with you for all matters related to your
student registration with us such as exam dates, trainings, circulars,
pronouncements, other 3rd party services potentially of interest to you, etc.
In case of a ruling against you following a disciplinary process, we shall
publish specific details and the outcome of that process
(including reprimands, fines or other penalties) in the Accountancy magazine.
Based on our legal and regulatory obligations, we also collect special
categories of data as defined in the GDPR, such as a copy of your identity or
passport and a police-certified Criminal Record.
Please note that incorrect, inaccurate or
misleading information for any of the mandatory fields may not allow us to
process your application or fulfil the objectives for which such data is
collected.
How
long we keep your personal data (retention period)
Personal data may be maintained by us in
physical and / or electronic form and be processed in ways designed to respect
the principles of purpose limitation; data minimization; data accuracy;
integrity and confidentiality; and retention limitation. In line with our
retention policy, your personal data shall be maintained for a defined
retention period as per ICPAC’s retention policy, At the end of the retention
period, defined operational processes or routines shall result in personal data
being deleted or destroyed in controlled ways. In some circumstances we may
anonymise your personal information (so that it can no longer be associated
with you) for research or statistical purposes in which case we may use this
information indefinitely without further notice to you.
Ways to access, update or delete your personal
data handling preferences
Under GDPR you have the right to request
access to the personal data we hold relating to you. You may also inform us for
the need to update your personal data as your circumstances change, remembering
however, your ongoing obligation to provide us complete and accurate
information. The GDPR also allows you to object to certain types of processing
(such as automated profiling) or to withdraw your consent to processing for
those cases where the said processing is performed based on such a consent from
you. Finally, you have the right to be provided with your personal data in an
easily readable format so that you can transfer it to another Data Controller
if you so wish.
If, for some extreme reason, you wish us to
completely delete your personal data, we will contact you to understand - and
if possible address the reason for your request - and to take those measures
that, at our discretion, will correct the underlying matter which has caused
concern to you. If despite those efforts, you continue to wish to delete your
data completely, subject to the provisions of the next paragraph we will
proceed with the relevant actions within the specified timelines in accordance
with the GDPR, and we will notify you accordingly.
To exercise any of the above rights, please
email our Data Protection Officer (“DPO”) at dpo@icpac.org.cy . To the
extent there are no legal, professional or regulatory requirements that allow
or compel us to continue processing your personal data or not to proceed with
your request for another lawful reason, we shall comply and inform you in
accordance with GDPR. Even in those cases where we shall not proceed with the
execution of your request, we commit to inform you of the status of such
instructions and the rationale underlying our decision.
Access to your personal data
Within ICPAC, your personal information can
be accessed by or may be disclosed internally on a need-to-know basis, based on
user access rights management processes. Your personal
information may also be accessible and / or accessed by authorized third
parties, including suppliers and advisers as outlined in our Privacy Policy
available https://www.icpac.org.cy/selk/privacyPolicy.aspx .
Technical & Organisational Privacy
Measures
A
core element of our mission is to empower our members by providing knowledge,
training, guidance and support. Equally importantly, your right to privacy and
the protection of your personal data are very high in our priorities.
Therefore, although in the technologically advanced age we live no one can
guarantee that such data will never be accessed by unauthorized personnel or
misused, we inform you that we use appropriate technical and organizational
means designed to protect the confidentiality, integrity and availability of
your data. Such measures include a number of specialized tools and technologies
for network and information security, targeted implementation and compliance
procedures which are consistent with GDPR, restrictions and limits even to
authorized members of our team when accessing your personal data, and other
equally important protection and security measures.
Queries & Complaints
ICPAC is committed to acknowledge, consider
and respond to all queries and complaints that it receives from any natural
person who believes is affected by our processing of his / her data. To
communicate such queries or complaints please contact us on dpo@icpac.org.cy,
and we shall seek to respond to the substance of your query as soon as
practical, within a 30-day window as stipulated by GDPR. If despite our
responses and actions to address your concerns, you are not satisfied, you have
the right to address the matter to the Cyprus Data Protection Commissioner
whose offices are at Jason street 1, 2nd Floor, Nicosia 1082. The
Commissioner’s office can be reached on +357 22818456 and their email address
is commissioner@dataprotection.gov.cy .