PRIVACY NOTICE
1. SCOPE OF PRIVACY NOTICE
This Privacy Notice describes our approach to any personal information that we may collect from you, or via a third party about you, and the purposes for which we process such data. It also sets out your rights in respect of our processing of your personal data.
The organisation is committed to protecting your privacy and handling your personal data in a transparent manner.
2. WHO WE ARE AND WHAT WE DO
KDDO Cyprus Network Justice for All is registered with the Registrar of Companies under Registration Number HE 433436 as a non-profit Company by guarantee, without share capital.
The founding members of the organisation are KP Platform Justice for All (an organisation which is also a non-profit, by guarantee, without share capital), the President of the Cyprus Bar Association (CBA), the Vice-President of the CBA and the Secretary of the CBA.
The main purpose of the organisation is to establish, operate and supervise a program to provide free access to legal guidance and free legal representation by registered lawyers to beneficiaries.
The organisation maintains offices in Nicosia and in Limassol, as well as a network of registered lawyers across Cyprus.
Our organisation acts as its own data controller responsible for processing your personal information in relation to the provision of its Services.
3. INFORMATION COLLECTION
We collect and process personal information in the course of conducting our programs, for example, when you contact us and/or request information or legal guidance from us or when you engage one of the lawyers registered with the network.
Our primary goal in collecting your personal information is to help us confirm your identity, provide, improve and develop our services, carry out your requests in relation to our services, investigate or settle inquiries, as well as comply with applicable laws, court orders, other judicial processes, or the requirements of a regulator. Collecting personal information also helps us to enforce our agreements with you, protect rights, property or safety, be they ours or those of third parties, including other users of our services, and includes use of personal data as otherwise required or permitted by law.
To undertake these goals, we may process the following personal information:
- Name and job title.
- Contact information (telephone number, address, email address, ID number, ARC number if applicable, nationality, CBA registration number if applicable).
- Information that you are required to share so that we can provide our services to you. This information depends on the nature of your enquiry and on the legal matter for which you have contacted us.
- Other information relevant to the provision of services.
From time to time, in relation to the provision of our services, the service recipients or associated persons or companies might require us to process the personal information of other third parties.
The aforementioned is a non-exhaustive list which reflects the kinds of personal information we process in the context of providing our services.
4. USE OF YOUR INFORMATION AND LEGAL BASIS FOR PROCESSING
We most commonly use your personal information in the following scenarios:
– To provide our services to you as requested.
– For the purposes of ensuring the quality of our services.
– When we are legally obliged to do so by relevant legislation and/or regulations.
A non-exhaustive list of examples of when information may be used is provided below:
- Service Recipients
Contact information and other personal data that is relevant to the service enquiry may be requested from prospective service recipients when they make initial contact with our organisation. This information enables us to respond to prospective service recipients’ requests. Our legal basis is article 6(1)(b) of the GDPR, as processing is necessary for the performance of a contract to which the service recipient, as the data subject, is a party and article 6 (1) (a) of the GDPR (consent).
- Third parties
We may share your personal information with third parties, such as lawyers registered with our network, or employees/ representatives of the Deputy Ministry of Social Affairs in order for us to assist you in dealing with a legal matter you face. Our legal basis is 6(1)(a) of the GDPR (consent).
- Vendors
We may be required to sub-contract vendors in our effort to provide the highest quality of services to the service recipients. We may require data processors for services such as confidential waste disposal, IT systems or provision of software/ support, cloud services, document and information storage and processing and/or translation of documents. We ensure the relevant data security safeguards and establish the required contractual agreements when using such vendors. Our legal basis is article 6(1)(b) of the GDPR, as processing is necessary for the performance of a contract to which the data recipient, as the data subject, is a party.
5. WHO HAS ACCESS TO YOUR PERSONAL INFORMATION
Lawyers who provide legal guidance at our service centers have access to your personal data. Two members of the Board of our organization and the secretary of the Board also have access to your data.
We do not sell any information to third parties.
Any information collected by us may be shared with the following categories of third parties:
I. The government and/or regulatory authorities.
II. Professional indemnity and/or other relevant insurers.
iii. The lawyers registered with our organisation.
III. Regulators/tax authorities/corporate registries.
IV. Third parties to whom we outsource certain services, such as document processing and translation, confidential waste disposal, provision of IT systems, support or software, document and information storage.
Please note that this list is non-exhaustive; and there may be other instances where it may be necessary to share your personal information with third parties in order to provide our services in the most effective manner.
6. THIRD PARTY CONTRACTORS AND OTHER CONTROLLERS
As stated above, data processors may be sub-contracted to deliver our services, such as confidential waste disposal, IT systems or provision of software/ support, cloud services, document and information storage and processing and/or translation of documents. These parties will process personal information on our behalf and at our direction. We conduct the required due diligence and establish the required contractual agreements when using such sub-contractors to ensure that they process personal information appropriately.
7. PERSONAL DATA RETENTION PERIOD
We retain your relevant personal information for at least seven years from the date of our last interaction, in compliance with our obligations under the EU General Data Protection Regulation and/or related national and international legislation, or for longer if we are required to do so by our regulatory obligations and/or professional indemnity obligations. Unless we hear from you by the end of such a period, we destroy the relevant personal data without further notice and/or liability.
8. CONFIDENTIALITY AND ORGANISATIONAL AND TECHNICAL MEASURES
We are committed to protecting the personal information provided to us; to this end, we have implemented information security policies, rules and technical measures to protect the personal information data under our control from unauthorised access, improper use and/or disclosure, unauthorised modification and/or unlawful destruction and/or accidental loss.
9. LINKED WEBSITES
The organisation may contain links to other websites. However, the organisation does not control these websites or the resources offered by these websites. Please be aware of the terms and conditions and/or privacy policy of such websites before using them. The organisation does not endorse and is not responsible for the validity of any content, promotional materials, services, products or information provided by such linked websites. You acknowledge that the organisation shall not be liable, nor responsible, directly or indirectly, for any damage or loss caused by any content, promotional material, services, products or information from the linked websites.
10. YOUR RIGHTS
In relation to the personal information we hold about you, you have the following rights:
Right to access: Upon your request, we will provide confirmation as to whether we have processed your personal information and, if required, provide you with a copy of that data.
Right to rectification: If the personal information we hold about you is inaccurate or incomplete, you are entitled to request to have it corrected. If we’ve shared inaccurate or incomplete personal information with others, we will inform them about the rectification where possible. If you so require, and where it is possible and lawful to do so, we will also inform you of the parties with whom we have shared your personal information, so that you can contact them directly.
Right to erasure: You may request that we delete or remove your personal information under certain circumstances, such as if we no longer need it and/or if you have the option to withdraw your consent. If you are entitled to erasure and if we have shared your personal information with other parties, we will let them know about the erasure where possible.
Right to restrict processing: You may require us to ‘block’ or pause the processing of your personal information in certain situations, such as where you contest the accuracy of the personal information that we hold, or you object to us holding it. If you are entitled to restriction and if we have shared your personal information with other parties, we will let them know about the restriction where it is possible for us to do so.
Right to object: If we are relying on our own, or a third party’s, legitimate interests to process your personal information, you can request that we stop doing so. We can only deny your request if we can demonstrate compelling legal grounds for the processing.
Right to withdraw consent: In instances where we rely on your explicit consent as the legal basis for processing your personal information, you have the right to withdraw such consent at any time.
Right to lodge a complaint with the Office of the Commissioner for Personal Data Protection: If you are concerned about any aspect of our privacy practices, including the way we’ve handled your personal information, you can report it to the Cyprus Office of the Commissioner for Personal Data Protection.
Please note that some of the abovementioned rights may be limited, for example where we have an overriding interest and/or legal obligation to continue processing the data and/or where data may be exempt from disclosure due to legal/professional privilege and/or obligations of professional confidentiality.
11. CHANGES TO THIS PRIVACY NOTICE
We may periodically update this Privacy Notice so as to reflect any changes regarding our usage of your personal information. We may also make changes, of which you will be notified, to reflect and comply with changes in applicable law and/or regulations.
12. HOW TO CONTACT US
If you have any questions about this Privacy Notice or want to exercise your rights set out herein, please contact us by sending an email to: info@justiceforall.org.cy or calling us on: +357 (22) 797880