Why we collect your personal data and
how we will use it
Based on the new EU privacy regulation,
also known as GDPR, we inform you that ICPAC collects, stores, processes and
uses personal data as reflected in this application form, as explained below.
As part of our operational business processes and routines which affect you, we
may process personal data based on one or more of the following legal bases
defined in and allowed by GDPR, specifically (a) your explicit consent; (b)
specific legislation; (c) our legitimate interests; or (d) a contract we may
enter with you for the provision of a service or product to you. In certain
occasions, we may also process your personal data in discharging obligations we
perform in the public interest or when exercising public authority assigned to
us.
Specifically in relation to processing your
application, we use your personal data to seek clarifications or further
information from you; include your personal details on the Students Register of
ICPAC and / or other regulatory bodies as applicable; accept and process
disciplinary claims which you log with us (or which are lawfully logged by
others against you);and communicate with you for all matters related to your
student registration with us such as exam dates, trainings, circulars,
pronouncements, other 3rd party services potentially of interest to you, etc.
In case of a ruling against you following a disciplinary process, we shall
publish specific details and the outcome of that process (including reprimands,
fines or other penalties) in the Accountancy magazine. Based on our legal and
regulatory obligations, we also collect special categories of data as defined
in the GDPR, such as a copy of your identity or passport and a police-certified
Criminal Record.
Please note that incorrect, inaccurate or
misleading information for any of the mandatory fields may not allow us to
process your application or fulfil the objectives for which such data is
collected.
How long we keep your personal data
(retention period)
Personal data may be maintained by us in
physical and / or electronic form and be processed in ways designed to respect
the principles of purpose limitation; data minimization; data accuracy; integrity
and confidentiality; and retention limitation. In line with our retention
policy, your personal data shall be maintained for a defined retention period
as per ICPAC’s retention policy, At the end of the retention period, defined
operational processes or routines shall result in personal data being deleted
or destroyed in controlled ways. In some circumstances we may anonymise your
personal information (so that it can no longer be associated with you) for
research or statistical purposes in which case we may use this information
indefinitely without further notice to you.
Ways to access, update or delete your
personal data handling preferences
Under GDPR you have the right to request
access to the personal data we hold relating to you. You may also inform us for
the need to update your personal data as your circumstances change, remembering
however, your ongoing obligation to provide us complete and accurate
information. The GDPR also allows you to object to certain types of processing
(such as automated profiling) or to withdraw your consent to processing for
those cases where the said processing is performed based on such a consent from
you. Finally, you have the right to be provided with your personal data in an
easily readable format so that you can transfer it to another Data Controller
if you so wish.
If,
for some extreme reason, you wish us to completely delete your personal data,
we will contact you to understand - and if possible address the reason for your
request - and to take those measures that, at our discretion, will correct the
underlying matter which has caused concern to you. If despite those efforts,
you continue to wish to delete your data completely, subject to the provisions
of the next paragraph we will proceed with the relevant actions within the
specified timelines in accordance with the GDPR, and we will notify you
accordingly.
To
exercise any of the above rights, please email our Data Protection Officer
(“DPO”) at dpo@icpac.org.cy. To the extent there are no legal, professional or regulatory
requirements that allow or compel us to continue processing your personal data
or not to proceed with your request for another lawful reason, we shall comply
and inform you in accordance with GDPR. Even in those cases where we shall not
proceed with the execution of your request, we commit to inform you of the
status of such instructions and the rationale underlying our decision.
Access to your personal data
Within ICPAC, your personal information can be
accessed by or may be disclosed internally on a need-to-know basis, based on
user access rights management processes. Your personal information may also be
accessible and / or accessed by authorized third parties, including suppliers
and advisers as outlined in our Privacy Policy available https://www.icpac.org.cy/selk/privacyPolicy.aspx .
Technical & Organisational Privacy
Measures
A
core element of our mission is to empower our members by providing knowledge,
training, guidance and support. Equally importantly, your right to privacy and
the protection of your personal data are very high in our priorities.
Therefore, although in the technologically advanced age we live no one can
guarantee that such data will never be accessed by unauthorized personnel or
misused, we inform you that we use appropriate technical and organizational
means designed to protect the confidentiality, integrity and availability of
your data. Such measures include a number of specialized tools and technologies
for network and information security, targeted implementation and compliance
procedures which are consistent with GDPR, restrictions and limits even to
authorized members of our team when accessing your personal data, and other
equally important protection and security measures.
Queries & Complaints
ICPAC is committed to acknowledge, consider
and respond to all queries and complaints that it receives from any natural
person who believes is affected by our processing of his / her data. To
communicate such queries or complaints please contact us on dpo@icpac.org.cy , and we shall seek to
respond to the substance of your query as soon as practical, within a 30-day
window as stipulated by GDPR. If despite our responses and actions to address
your concerns, you are not satisfied, you have the right to address the matter
to the Cyprus Data Protection Commissioner whose offices are at Jason street 1,
2nd Floor, Nicosia 1082. The Commissioner’s office can be reached on +357
22818456 and their email address is commissioner@dataprotection.gov.cy .