Personal Data Protection Policy

  • Home
  • /
  • Personal Data Protection Policy

1.     Purpose and Basic Principles

The Nicosia District Local Government Organization (hereinafter referred to as the "NDLGO") exercises functions for the administration, regulation and management of local affairs within its jurisdiction. The headquarters of the NDLGO are located at 84 Athalassa Avenue, P.O. Box 21943, Nicosia.

This document is intended to provide you with understandable, transparent and direct information regarding the processing of your personal data collected and processed in the context of the implementation of NDLGO's obligations towards you and compliance with its legal obligations and because NDLGO is committed under the applicable legislation to safeguard and protect your right to protection against unlawful processing of personal data and your right to privacy and to protect your personal data.

This Policy is addressed to natural persons who are existing or potential customers of NDLGO, beneficiaries of NDLGO services, third parties, suppliers and partners. By providing your personal information or the information of another person such as a beneficiary in our relationship with each other or you have received authorization to process their data, you accept that we will use it in the manner detailed in this Policy. You should refer the person whose personal information you provide to NDLGO to this Policy.

 

2. Principles of Personal Data Processing

The Personal Data Protection Policy and the processing of personal data based on it is based on the following principles:

  • Legitimacy, objectivity and transparency in processing
  • Limitation of the purpose of processing
  • Minimization of the data being processed
  • Accuracy and timeliness of the data processed
  • Integrity and confidentiality in processing  
  • Limitation of retention/storage time

 

3. Legislative and Regulatory Framework

NDLGO adopts and applies this Policy in the context of its compliance with the provisions of the General Data Protection Regulation (EU) 2016/679 (hereinafter "GDPR"), as incorporated into law, as well as the applicable regulatory framework, including the decisions, circulars and opinions issued by the Commissioner for Personal Data Protection. 

4. Definitions

The term personal data also includes, among others, some sensitive data (or special categories of data) such as, for example, data concerning the health of an individual which reveal information about his or her state of health, any criminal convictions and data revealing racial or ethnic origin.

When we say that your personal data is subject to "processing", this term includes any operation carried out in relation to that data such as collection, recording, organization, structuring, storage, adaptation, alteration, alteration, retrieval, consultation, use, disclosure, dissemination, disclosure, availability, association, combination, restriction, erasure and destruction.

5. Processing of personal data by NDLGO

5.1. Purposes of processing

NDLGO processes personal data in the following cases, for the following purposes:

  1. for the service, communication and support of the subjects.
  2. to enable the NDLGO to comply with its legal obligations or pursue its legitimate interests,
  3. for the performance of a task carried out in the public interest, in accordance with the legal and regulatory framework in force at the time,
  4. where the data subject has consented, by giving specific, explicit and written consent, to the processing of his or her personal data for one or more specific purposes.
  5. for the provision of services resulting from the legal obligations of the NDLGO,
  6. to improve the quality of the NDLGO's services
  7. to ensure NDLGO's compliance with applicable laws and regulatory obligations, European directives and guiding principles, court decisions and other legal procedures, to respond to requests from public and governmental authorities, as defined in Greek and European legislation.
  8. to enforce and defend our legal rights and to protect our business, our business partners and to safeguard our rights, privacy, security or assets, as well as those of our business partners, you or other persons or third parties; to enforce our terms and conditions and to pursue available remedies and limit damages; and

Data being processed

The NDLGO processes personal data such as:

  1. Contact details (such as full name, home address, work address, email address, telephone number, profession, etc.)
  2. Personal data, which are mentioned in the identity card/passport (such as date of birth, identity card number, passport number, etc.)
  3. Ownership status
  4. Your bank information (e.g. IBAN)
  5. Information collected through our website

 

Storage and retention time

Personal data are processed, held and stored by the NDLGO in a secure environment, solely for the purposes for which they are intended and only for as long as necessary to achieve those purposes, without prejudice to cases where they are required by legal or regulatory obligations and the more specific ones provided for by applicable legislation. As regards the exact information on the retention period, please contact the Data Protection Officer of the NDLGO.

Recipients of Personal Data

We may need to share your personal data with our partners and/or third parties to whom NDLGO has delegated, in whole or in part, to perform personal data processing functions on its behalf, in order to better serve and provide our services. However, in no case will we share your personal data to be processed for reasons contrary to those described in this Policy and without informing you in advance.  

In any case, personal data may be transferred to public authorities, supervisory authorities, and in general to any public, administrative, supervisory, judicial or other authority and/or agency in the exercise of the NDLGO's legitimate tasks.

In any transfer to third parties, NDLGO shall take all measures in advance to ensure that the data to be transferred are necessary and shall legally ensure that the organizations to which they are transferred comply with the requirements of applicable law and provide sufficient assurances that appropriate technical and organizational measures are in place to ensure that, when personal data are processed by them, the rights of the customer data subjects are protected.

Rights of the subjects of personal data

The subjects of the processing of their personal data have the following rights:

(a)  The right to be informed and have access to their personal data and to obtain information about them, including their origin, the purposes of their processing, the recipients or categories of recipients and the period of their storage.

b) The right to correct  inaccurate data and to complete incomplete data held.

c) The right to delete  the data, without prejudice, however, to the obligations and legal rights of the NDLGO to keep the data for a minimum specified period of time, under the applicable legal and regulatory framework.

(d) The right to restrict  the processing of data where either their accuracy is contested, or their processing is unlawful, or the purpose of the processing is no longer fulfilled and provided that there is no legitimate reason for their retention.

(e) Right to portability  of the data to another controller, provided that the processing is based on the consent of the data subject and carried out by automated means. The fulfilment of this right is without prejudice to the legitimate rights and obligations of the NDLGO to retain the data and to fulfil its duty in the public interest.

f) The right to object to the processing of data relating to them on grounds relating to their particular situation, in cases where the data are processed for the performance of a task carried out in the public interest or for the purposes of the legitimate interests pursued by the NDLGO or a third party.

(j) The right to withdraw your consent to the processing of your personal data at any time, without however affecting the lawfulness of the consent on which the NDLGO relied prior to your withdrawal. Please note that the withdrawal of your consent may lead to the termination of the services concerned.

Requests from NDLGO data subjects concerning their personal data and the exercise of their rights are submitted to the NDLGO Data Protection Officer at the following e-mail address ([email protected]).

If, when submitting a complaint, the subject feels that he or she has been wronged by the NDLGO or if he or she has doubts about the outcome of his or her request, he or she may also submit it in writing to the Commissioner for Personal Data Protection at the address below:  


 Office of the Commissioner for Personal Data Protection  

Kipraronos 15

1061 Nicosia  

PO 23378  

1682 Nicosia  

Tel.: 22818456 Fax: 22304565

E-mail address: [email protected]

 

Corrections and Changes to the Privacy Policy

NDLGO reserves the right to revise this Privacy Policy when it deems necessary. Therefore, subjects are encouraged to consult it periodically for any changes to comply with new developments and data.

 The latest version of this Policy is always posted on the NDLGO website.

 

Finally, you may request a copy of the most recent version of the Policy in hard copy form. 

 

Nicosia, June 2024