JUNIOR ACHIEVEMENT – YOUNG ENTERPRISE CYPRUS LTD

Privacy Notice

1. Introduction

 Junior Achievement – Young Enterprise Cyprus Ltd, (“we”) are committed to privacy issues and want to be transparent about the data we collect and how data is used. In particular, the personal data which is processed by us is that of (a) natural persons who participate in the Junior Achievement Programs (as applicable from time to time) including inter-alia, students, teachers, mentors, alumni and volunteers, (b) natural persons who are employees, directors, shareholders and authorized representatives of our partners or other contractors being legal entities and (c) who are visitors to our website, (“you”).

During the course of our relationship with you we collect and process personal data. We are a data controller in respect of your personal data. This means that we determine the purposes and means of the processing of your personal data.

For the purposes of this Privacy Notice, ‘personal data’ means any information relating to an identified or identifiable natural person and ‘processing’ means any operation or set of operations which is performed on personal data, whether or not by automated means, such as collection, recording, storage, use, disclosure, erasure or destruction.

Pursuant to the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (the “GDPR”) and other applicable data protection laws, as amended from time to time we are required to notify you of the information contained herein.

2. Processing of Personal Data

 

When we process your personal data it is:

• Processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’);

This means that we provide information to you in respect of the processing of your personal data (transparency), that the processing matches the description given to you (fairness), and that it is based on at least one of the lawful basis set out in the GDPR (lawfulness).

• Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes(‘purpose limitation’);

This means that we specify exactly what personal data is collected, the purpose of use and limit the processing of personal data to only what is necessary to meet the relevant purpose.

• Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’);

This means that we do not process any personal data over and above of what is required.

• Accurate and, where necessary, kept up to date; every reasonable step is taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’);

This means that we have in place processes for identifying and addressing out-of-date, incorrect or unnecessary personal data.

• Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed (‘storage limitation’);

This means that wherever possible, we process personal data in such a way that limits or prevents identification of the data subject.

• Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’)

3. Categories of Personal Data

 

We process the following categories of personal data:

• Contact information such as first name and last name, telephone number, fax number, e- mail address, residential/work address, country of birth;

• Personal characteristics such as date of birth and/or nationality;

• Employment and occupation information and educational background (including but not limited to CV, professional memberships, job title and responsibilities, professional qualifications).

If during the course of our relationship there is a change in your personal data you must ensure that the above details (as and where applicable) are updated by contacting us as soon as practically possible.

4. Purposes of Processing

 

We will process your personal data (as and where applicable) for the purposes of:

• meeting our obligations under our relationship (including but not limited to in relation to our program and/or any business entered into between us);
• establishing, maintaining and administering your registration/participation to our programs;
• operation, management and control of the affairs of our programs and their purposes and for future JA and other related opportunities;
• general planning and operation of our programs;
• maintaining our IT systems, including our administrative and management systems, processes and policies;
• maintaining and developing our relationship with you and;
• complying with any requirement of law and/or regulation and/or of any competent authority or professional body (where applicable) of which we are a member.

5. Lawful Basis of Processing

 

Wearecommittedtoyourprivacy.Aspartofthevalueswestandfor,wewillalwaysconsideryour fundamentalrights as adatasubject. Weprocessyourpersonaldatafor thepurposes mentioned aboveonthelawfulbasisthat:

• the processing is necessary for compliance with a legal obligation to which we are subject;
• the processing is necessary for the performance of an agreement which you have entered into with us and in order to take steps at your request prior to entering into the said agreement(s);
• you have given consent (if and where applicable); and
• the processing is necessary for the purposes of the legitimate interests pursued by us.

Such legitimate interests include, inter-alia, our programs and/or educational interests and the management, operation and communicating of our programs (including inter-alia, newsletters. promotional material and greeting cards), and/or our exercise or defense of legal claims and/or to disclose information to other data recipients such as our service providers, auditors and technology providers and/or to comply with obligations or internal policy requirements of our programs, and/or to monitor and improve our relationships with you and/or to keep our internal records and/or to monitor communication to/from you using our systems and/or to protect the integrity of our IT systems.

Where we decide to rely on explicit consent to process personal data, we will contact the relevant data subject to request this accordingly. Where we require such consent from a child under the age of 16, we will seek written consent from the holder of parental responsibility over the child prior to the collection of the child’s personal data. In case consent is relied solely upon to achieve a lawful basis of processing of personal data, the relevant data subject (or as otherwise applicable) will have the right to withdraw this consent at any time.

To the extent that the legal basis for our processing of your personal information is consent (as and where applicable), you have the right to withdraw that consent at any time such withdrawal will not affect the lawfulness of processing before the withdrawal.

For children below the age of 14, parents have the right to withdraw their consent in relation to collection and processing of their child’s personal data.

6.     Recipients of Personal Data

 

We disclose your personal data to the following categories of recipients:

• other member companies and/or entities of and/or affiliated entities to the group of companies which Junior Achievement – Young Enterprise Cyprus Ltd belongs to;

• our partners, our auditors, administrators, lawyers, tax advisors, valuators, consultants, accountants, investment advisors and other professional advisors (as shall be engaged from time to time);

• our IT service providers and other companies who assist us with the effective operation of our business by providing concierge services, technological expertise, file storage and record management, logistic services and solutions;

• banks and/or other financial institutions, payment services providers, insurance and companies; and

• public and regulatory authorities (where applicable), for the purposes described

7.      Transfer outside of the EEA

When we transfer personal data to countries located outside of the EEA we carry out such transfers to a recipient:

• who is in a country which provides an adequate level of protection for personal data, or
• under appropriate safeguards pursuant to the provisions of applicable data protection laws (e.g. under an agreement in the form of standard data protection clauses adopted by the European Commission),                            the      form      of      which      is      available      at https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model- contracts-transfer-personal-data-third-countries_en.

In some (exceptional) cases we may carry out such transfers where we have obtained the explicit consent from the relevant data subjects in respect of the proposed transfer, provided that the data subject has been informed of the possible risks of such transfer (due to the absence of an adequacy decision and appropriate safeguards).

8.     Automated Decision Making and profiling

 

We do not use any automated decision-making.

9.     Your Rights

 

Under the GDPR you are entitled to the following rights:

• The right to access – you have the right to request copies of your personal data.

• The right to rectification – you have a right to request the correction of any personal data we hold which you believe is inaccurate. You also have the right to request to have any incomplete personal data about you

• The right to erasure (right to be forgotten) – where certain criteria are met you have the right to request that your personal data be erased from our records.

• The right to restriction of processing – where certain criteria are met you have the right to request the restriction of processing of your personal data.

• The right to object to processing – where certain criteria are met you have the right to object to certain types of

• The right to data portability – where certain criteria are met you have the right to transferred your personal data to another organization.

10. Our Website

 

 

We use a number of cookies on our website https://jacyprus.org/ for analytics and for marketing features, which inter-alia allow us to better track usage of our website and to reach users who have previously visited our website. In doing so, we may collect and/or process personal data of visitors to our website, which is adequate, relevant and limited to what is necessary. Further information about how we use cookies on our website can be found on our Cookie Policy which is available at https://jacyprus.org/.

 

11.   Security

 

As part of our privacy policy, we process personal data which is adequate, relevant and limited to what is necessary in relation to the purposes mentioned above and implement appropriate technical and organizational measures to ensure an adequate level of security appropriate to the applicable risk. Such measures aim to prevent unauthorised or unlawful processing, accidental loss, destruction or damage of personal data and include inter-alia, pseudonymization and encryption of personal data.

12.  Retention of personal data

 

 

We shall process and store your personal data for as long as we maintain our (business) relationship and for six years thereafter and/or as required under applicable law. Your personal data may be retained for longer periods for the purposes of our legitimate interests in case of any legal process commencing prior to the completion of the six year period.

13.  Further Information

 

For any questions regarding the processing of your personal data, or, in case you wish to exercise any of your rights (where applicable) in respect of your personal data you may contact us in writing by sending an inquiry as follows:

By email at: info@jacyprus.org

By post:           184, Kyrinias Avenue

2112 Aglantzia,

Nicosia

14.  Complaints

If you wish to lodge a complaint or if you feel that we have not addressed your concern in a satisfactory manner you may contact the Office of the Commissioner for Personal Data Protection as follows:

By post:       15 Kypranoros, Nicosia 1061 , Cyprus
P.O.Box 23378, 1682 Nicosia, Cyprus

By email at: commissionerdataprotection.gov.cy

15.  Amendments

 

This privacy notice is kept under regular review and is updated from time to time. We will, where appropriate, notify you about amendments as soon as practically possible.