This Privacy Statement sets out how Costas Argyrou Museum website (hereinafter called the “Museum”, “our Museum”, “we”, “us”) processes personal data, whether on individuals (including personal data in respect of individuals who are clients, job applicants, summer intern applicants, trainee applicants, website visitors, contacts, office visitors, office staff, intermediaries or other third parties that the Museum interacts with, or any individual who is connected to those parties) or otherwise. This Privacy Statement also sets out the rights of the individuals in respect of the personal data that the Museum holds and processes.
This Privacy Statement is in line with the provisions of EU Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter called the “General Data Protection Regulation” and/or “GDPR”). The Museum and each of its partners, consultants and employees of the Museum shall comply with the GDPR in relation to the holding and processing of personal data, particularly in the context of the provision of services.
WHAT PERSONAL DATA DO WE HOLD?
“Personal data” is any information that relates to you and that identifies you either directly from that information or indirectly, by reference to other information that we have access to. The Museum processes personal data in the context of providing services to its clients. The categories of personal data we may collect and process, according to the particulars of each case, include:
- Contact information: Information such as your name, job title, postal address, home address (utility bill), business address, telephone numbers, mobile numbers, Skype address, fax number and email addresses.
- Payment data & financial information: Data necessary for us to process payments and implement fraud prevention measures, including bank account details, VAT Numbers, Tax Identification Numbers and other such relevant billing details.
- Business details: Business information which we necessarily process as part of our instructions or projects we are involved in or otherwise provided by you voluntarily.
- General: any other information you may provide to the Museum.
PERSONAL DATA WE COLLECT FROM YOU
We collect personal data directly from you, for example, as follows:
- When you use our website, we collect information about your visit and how you interact with our website.
- When a Third-Party Entity engages us to provide services and you hold an office or an interest in or have certain relationships with that Third-Party Entity.
- When you apply for a job or a traineeship position or a summer intern position or any other position at our Museum, we will ask you for information relevant to your application.
- If you visit the Museum, we may collect information that we need in order to identify you and complete necessary security checks, such as your identity card or passport.
- When you or your organization seek our services.
- When you or your organization make an enquiry in person, over email or over the telephone.
- When you or your organization provide services to us, or otherwise offer to do so.
HOW WE USE PERSONAL DATA WE COLLECT FROM YOU
The Museum determines why and how we process your personal data. In each case, your personal data will be controlled by our Museum which you have given instructions to. We will only use your personal data fairly and where we have a lawful basis to do so. We are allowed to use your personal data if we have your consent or another legally permitted reason applies. These include to fulfil a contract with you, when we have a legal duty to comply with, or when it is in our legitimate business interest to use your personal data. We can only rely on our legitimate business interest, if it is fair and reasonable to do so. Our use of your personal data depends on how and where you interact with us. See below a list of the ways that we use your personal data, and which of the reasons we rely on to do so.
USES OF PERSONAL DATA
OUR LAWFUL BASIS FOR THE USE OF YOUR PERSONAL DATA
To improve our website.
Where we have your consent or where it is necessary so that we can deliver our website effectively.
To fulfil instructions received from the client and provide our services. Personal data may be processed by each of our partners, consultants and employees.
To fulfil our contract with our client(s).
What are Cookies?
Cookies are small files saved to your computer’s hard drive that track, save and store information as well as your interactions and usage of our website. The primary purpose for collection of data from users to our site is to allow an efficient and personalized experience while browsing our site.
You are advised that if you do not consent to the use and saving of cookies from this website on to your computer hard drive then you should take necessary steps within your web browser security settings to block all cookies from this website.
Who owns the data?
Is this a 1st party or 3rd party cookie?
PRINCIPLES WE ADHERE TO
Our Museum is committed to and adhering to the following principles of processing personal data in accordance with Article 5 of the GDPR. In particular, the personal data we collect is:
- Processed lawfully, fairly and in a transparent manner in relation to the individual concerned;
- Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
- Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
- Accurate and, where necessary, kept up to date;
- Kept in a form which permits identification for no longer than it is necessary or as required by relevant international or national legislation;
- Processed in a manner that ensures appropriate security of personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical and organizational measures.
How do we keep your personal data safe?
We take appropriate technical and organizational measures to keep your personal data confidential and secure, in accordance with our internal policies and procedures regarding storage of, access to and disclosure of personal data. We may keep your personal data in our electronic systems and/or in paper files
SHARING AND TRANSFERRING YOUR PERSONAL DATA
We treat your personal data with respect and confidentiality and do not share it with third parties except as described below:
- We may disclose your personal data to other entities connected to the Museum for the purpose of our internal business processes (such as administration) and for the purpose of providing a service.
- Where it is necessary to transfer data from us to anywhere outside of the EU and EEA, we will comply with any transfer requirements applicable under GDPR and national legislation. Please note that we do not transfer any personal data outside of the EU and EEA.
- We may share personal information when necessary with law enforcement and regulatory authorities if required.
- We may also share your personal data when you have consented to us doing so.
- The following is a list of potential recipients of data (in each case including respective employees, directors and officers):
- Employee, partners and consultants of the Museum. Please note that all the employees of the Museum are subject to a duty of confidentiality;
- Other service providers (legal, governance or otherwise, including any bank or financial institution providing services in relation to any matter on which the Museum is instructed) where disclosure to such information is necessary to fulfil an obligation of the museum;
- Any sub-contractors, agents or service providers of the Museum;
- Law enforcement agencies where this is necessary in order for the Museum to fulfil legal obligations;
- Regulators or other governmental or supervisory bodies with a legal right to the material or a legitimate interest in any material;
- Any registrar of a public register where the data is to be included in a public registry.
KEEPING YOUR PERSONAL DATA
We do not keep your personal data for any longer than is necessary to fulfil the purpose for which we collected it, or to comply with any legal, regulatory or reporting obligations or to assert or defend against legal claims.
YOUR RIGHTS REGARDING YOUR PERSONAL DATA
You have certain rights regarding how we use and keep your personal data. These are:
- The right to information: the right to be informed about the contact details of our Museum, the purposes of processing, the categories of data processed, the recipients of the data, the existence of the rights provided by the GDPR and the conditions in which the same can be exercised;
- The right to access to personal data: the right to access the personal data we use and process about you;
- The right to rectification: the right to request and obtain inaccurate data rectification, as well as the completion of incomplete data, concerning you. Please note that our Museum takes reasonable steps to check the accuracy of and correct the information, even in case this right is not exercised by you. Nevertheless, please let us know if any of your information changes so that we can keep it accurate and up to date.
- The right to data deletion: the right to request the deletion of your personal data where there is no compelling reason for its continued processing by our Museum;
- The right to restriction of processing: the right to ‘block’ or suppress the processing of your personal data;
- The right to object: the right to object at any time the processing of your personal data, for grounded and legitimate reasons;
- The right to data portability: the right to receive personal data concerning you in a structured manner, commonly used and easily readable format, as well as the right that these data be transmitted by us to another data controller;
- The right not to be subject to an automated decision: the right to request and obtain withdrawal, cancellation or reassessment of any decision based exclusively on processing by automated means which produces legal effects or similarly affects you to a significant extent. Please note that our Museum does not carry out processing activities which produce automated decisions. If at any time our Museum carries such processing activities, we will inform you before such processing takes place;
- The right to lodge a complaint with an authority or to address justice: the right to complain to the relevant privacy regulator for personal data processing and the right to address the courts for the defence of any rights guaranteed by the GDPR which have been violated. We can provide you with the details of the relevant regulator upon request.
Please note that under GDPR these rights are subject to certain conditions. You can learn more for exercising any of these rights by contacting us at email@example.com
To enable us to process your request, we will require you to provide satisfactory proof of your identity in order to ensure that your rights are respected and protected. This is to ensure that your personal data is disclosed only to you.
AMENDMENTS TO THIS PRIVACY STATEMENT/COMPLAINTS
This Privacy Statement is governed by Cyprus law.
For any complaints or further information please contact us at firstname.lastname@example.org.