1. INTRODUCTION
1.1 We take privacy and the protection of personal information seriously. This Privacy Policy sets out details about how we gather, use and share personal information and about individual privacy rights. How we use personal information depends upon the context in which it is made available to us.
1.2 Our Controller provides help and guidance to make sure we apply good practice standards to protecting personal information. Our Controller can be reached by email at admin@cmscy.com.cy, if you have any questions about how we use personal information.
1.3 This Privacy Policy provides up to date information about how we use personal information. We may make minor updates to this Privacy Policy from time to time, however if we make any material changes to the manner in which we process and use your personal information, we will announce this clearly on our website.
2. ABOUT US
2.1 We are what is known as the “controller” of the personal information which we gather and use. When we say “we” or “us” in this Privacy Policy, we mean CMS Training Centre.
3. WHAT KINDS OF PERSONAL INFORMATION WE USE
3.1 We use a variety of personal information depending on the circumstances under which personal information is made available to us.
3.2 We may use personal information in the following circumstances:
(a) Business Contacts: We hold the names, job titles, employer details and professional contact details for various business contacts, including client, supplier contacts and interested parties who have signed up to receive our courses from time to time, and wish to be informed of future training courses.
(b) Clients – Training Services: If you have signed up to one of our training courses, we will process your name, job title, CIC no., employer details, professional contact details and information about your performance on the training course. We may also collect and use some special categories of personal data such as dietary information or disabilities in relation to access. Also, any information that will be required for any HRDA applications for funding.
(c) Contract Auditors/Tutors: If you are a consultant, we will process your name, professional and personal contact details, CV and professional background, payment details and information about the work you carry out for us. We may also collect and use some special categories of personal data such as dietary information or disabilities in relation to access; and hold details of your passport for booking flights.
(d) Referring Consultants: If you are a consultant that refers sales opportunities to CMS, we will process your name, professional and personal contact details, CV and professional background and information about the work you refer to us.
(e) Employees: If you are an employee of CMS Training Centre, we will require your personal data for your employment contract, CIC No. terms and conditions of employment, bank details for payment of your salary, CV, training requirements for HRDA application forms.
4. HOW WE GATHER YOUR PERSONAL INFORMATION
4.1 We only use personal information which we have obtained directly for the purposes described in this Privacy Policy.
4.2 Personal Information is gathered in the following ways:
(a) Business Contacts: These may be collected via forms on our website, or in the course of business-as-usual correspondence with business contacts.
(b) Clients – Training Services: Personal information will be gathered directly from the individual that has signed up to attend one of our training courses.
(c) Contract Auditors/Tutors, Consultants and Job Applicants: Personal information will be gathered directly from you or from your third-party references.
5. WHY WE USE PERSONAL INFORMATION
5.1 We will use personal information for the following purposes:
(a) Clients – Training Services: We require to process personal information in order to perform the Booking agreement which we have entered into with the individual who has signed up to attend one of our training Courses. Where our Booking agreement for training services is entered into with a corporate entity for the provision of training to their employees, our processing of personal information is in the legitimate interests of such corporate entity to improve and/or add to the qualifications and skills of their employees.
(b) Contract Auditors/Tutors: We process the personal information of Contract Auditors/Tutors for the legitimate interests of determining whether or not to employ a particular individual for a role in our organisation. Where we engage a Contract Auditors/Tutors, we process their personal information for the purposes of entering into and performing our contract with the Contract Auditors/Tutors. We process racial and ethnic origin information about consultants for the substantial public interest of monitoring equal opportunities within our organisation, and we process certain health information about consultants for the substantial public interest of supporting Contract Auditors/Tutors with particular medical conditions or disabilities; and dietary needs.
5.2 If we are not provided with access to personal information for the purposes outlined in this paragraph 5, we may not be able to offer certain services, or we may not be able to complete the HRDA applications, on your behalf, therefore this service will not be offered.
6. HOW LONG WE KEEP PERSONAL INFORMATION
6.1 We will retain personal information for as long as it is necessary for the purposes we need to use it for (legitimate reason) or when there is a lawful basis/requirement for keeping such data.
6.2 Generally, in respect of personal information gathered in the context of a Training course, we will retain personal information for the duration of the HRDA application until funding has been received and a period of up to 1 year after the contract has expired or terminated, in case such personal information is required for the exercise or defence of a legal claim during this period. E.g The Ministry of Labour investigating an accident at work and may need access to training records.
6.3 We may also retain personal information for as long as required by law or regulation or instruction of a relevant accreditation body.
6.4 We will retain the personal information of business contacts that receive our training courses until they opt-out or unsubscribe from our e-mails and notifications.
7. SHARING PERSONAL INFORMATION WITH THIRD PARTIES
We only share personal information with third parties:
(a) to the extent necessary for fulfilling the purposes outlined in paragraph 5, including where necessary for the provision of services;
(b) where we are under a legal or contractual obligation to do so; or
(c) where is it fair and reasonable for us to do so in the circumstances.
8. PRIVACY RIGHTS
8.1 Individuals are entitled to exercise any of the following privacy rights in respect of our processing of personal information, unless there is a legal or lawful basis which does not allow us to proceed with the fulfilment of a particular right:
(a) Access: Individuals can request access to a copy of their personal information held by us, along with details of what personal information we use, why we use it, who we share it with, how long we keep it for.
(b) Rectification: Individuals can ask us to change or complete any inaccurate or incomplete personal information held about them.
(c) Erasure: Individuals can ask us to delete their personal information where it is no longer necessary for us to use it, or where we have no legal basis for keeping it.
(d) Restriction: Individuals can ask us to restrict the personal information we use about them where we are not able to erase their personal information or where an individual has objected to our use of their personal information.
(e) Object: Individuals can object to our processing of their personal information.
(f) Portability: Individuals can ask us to provide them or a third party with some of the personal information we hold about them in a structured, commonly used, electronic format so it can be easily transferred.
(g) Withdraw Consent: Generally, we do not require consent to process personal information and so we do not ordinarily ask for consent to process personal information. However, where we do ask for consent to process personal information, individuals have the right to withdraw their consent at any time.
8.2 We are required to verify the identity of anyone requesting to exercise their privacy rights and we may ask individuals to provide valid identification documents when making a request to allow us to do this.
8.3 We will not make any charge for responding to any request from an individual exercising their privacy rights, and we will respond to any requests in accordance with our obligations under data protection laws.
8.4 Individuals can make a complaint about how we have used their personal information to us by contacting us as noted in 1.2 above and/or the Commissioner of Data Protection in Cyprus by clicking >HERE<.
Last Updated: May 25, 2018
