1. INTRODUCTION

The Cyprus Symphony Orchestra Foundation, hereinafter “the Foundation”, is a non-profit foundation duly registered in the Register of Institutions of the Registrar of Societies, Clubs and Institutions, with its registered office in Nicosia. The Foundation is registered under registration number 256 in the Register of Institutions of the Registrar of Societies and Institutions and its purpose is to develop and promote the art of orchestral music, to enrich the musical life and musical education of our country and to further involve society in musical activities.   

The Foundation is a social utility and non-profit-making institution under the supervision of the President of the Republic of Cyprus. Among other things, the purposes of the Foundation are to contribute to the elevation of musical standards in Cyprus, to contribute to the preservation of the work of Cypriot and other composers to promote and disseminate contemporary Cypriot musical works, to organise music workshops, lectures, seminars, and to produce and arrange concerts, music productions and/or other musical events. Furthermore, the foundation has the authority and/or competence to create a musical archive and/or a music library archive and to promote publications related to the work, mission, and activities of the foundation. 

The Foundation, as a non-profit organisation under private law, complies with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council dated 27.4.2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data. Further and for the purposes of the effective implementation of certain provisions of the European Union Act, it adopts and applies the Law on the Protection of Individuals with regard to the Processing of Personal Data and the Free Movement of Data 125(I)/2018 as amended and/or modified from time to time. 

2. PURPOSE

Within the framework of fulfilling its obligations under the National Legislation, certain personal data are collected in order to improve the organisation of the Foundation and the events it organises and/or co-organises, as well as to facilitate its relationship with the friends of the Foundation, the members of the Board of Directors of the Foundation, its employees, and collaborators. 

By means of this Privacy Policy (hereinafter the Policy), the Foundation wishes to explain its practices and policies regarding the collection, use, processing, transmission and exchange of data and cookies collected and published on the Foundation’s website.  

This Policy applies regardless of whether the Foundation’s website is accessed through your personal computer, mobile device or any other type of technology or device. For further information or updates, please feel free to contact the Foundation.

3. CATEGORIES AND USES OF THE DATA COLLECTED

4. DISCLOSURE OF PERSONAL DATA

Personal data shall not be transferred, disclosed, or transmitted to any third party/entity in any manner other than as described in this Policy. However, the Foundation reserves the right to disclose personal data to third parties:

4.1 If we are required to disclose or share your personal data in order to comply with any legal or regulatory obligation, to enforce our terms and conditions or to protect our, or our customers’ or third parties’ rights, property, or security.

4.2 To cooperate with law enforcement agencies in enforcing laws, as well as investigating and prosecuting illegal activities such as fraud. We reserve the right to disclose any information about you to law enforcement agencies and other relevant bodies that, in our judgment, is necessary or relevant to any investigation of fraud or other illegal activity.

In particular, these authorities are:

• Personal Data Protection Authorities 
• The Heads of the Department of Labour and Ministry of Labour
• Inspectors
• Police
• Anti-Money Laundering (AML)/Combating Terrorist Financing (CTF) organisations
• Law enforcement agencies

4.3 Finally, we reserve the right to disclose certain personal information to third party/independent service providers, or independent contractors who assist us in maintaining our website and who provide other administrative services to us. We seek to ensure that these third party/independent service providers do not use your personal data for any purpose other than to provide the services for which they are contractually bound. We also enter into contracts with these third parties which require them to comply with the standards of data protection required by law and to only use the data for the purposes for which it was provided to them.

4.4 We will not disclose your personal data to third parties outside the European Union to countries where there is no appropriate data protection regime. However, should such a data transfer need to take place, we will take all reasonable steps to ensure that your data is handled as securely as within the EU/EEA and in accordance with this Policy and the applicable legislation. In addition, we will update the current Policy to cover the cross-border transfer of data and the relevant safeguards for protection of your privacy.

5. HOW LONG DO WE RETAIN THE DATA

5.1 Our policy is to retain your data only for as long as necessary for the purpose for which it was collected, in accordance with the principles of data minimisation and storage limitation. For all of the following reasons, we align the retention of your data with potential variations that may arise from the exercise of privacy rights. However, in some cases, certain personal information may be retained beyond this period due to potential legal obligations, legitimate interests, historical or scientific research, etc. Such situations are likely to include matters relating to:

• Money laundering
• Taxation
• Civil law
• Criminal law
• Labour law
• Any other legal issues
• Historical or scientific research

6. RIGHTS RELATING TO THE PROTECTION OF PERSONAL DATA 

6.1 At any time while we are retaining or processing your data, you have the following rights, and you may submit a relevant request to the Data Protection Officer:

• Right of access – you have the right to access the personal data we hold about you.
• Right of rectification – you have the right to correct inaccurate or incomplete data we hold about you.
• Right to erasure – you can request that the data we hold about you be erased from our records, and we are obliged to comply with your request under certain circumstances.
• Right to restriction of processing – you have the right to request that we restrict the processing of your personal data, and we are obliged to comply with this request when certain conditions apply.
• Right to data portability – you have the right to request that the data we hold about you is transferred to another organisation.
• Right to object – you have the right to object to the processing of personal data concerning you, under specific conditions.

6.2 We will evaluate your request and provide you with an answer on its status (approval of the request, partial approval of the request, rejection of the request) as soon as possible and in any case within one month of its submission.

If the Foundation rejects a request relating to the aforementioned Data Protection Rights, we will communicate the reasons for the rejection. You have the right to complain directly to the regulator and the Data Protection Officer (through the means described in paragraph 11 of this policy).

6.3   We reserve the right to refuse requests that are unreasonably repetitive, require disproportionate technical effort or entail disproportionate technical implications, compromise the privacy of others, or are impossible to implement.

7. UPDATING YOUR PERSONAL INFORMATION

7.1 You may obtain a copy of your personal data through your personal account. For your own security, you will need to prove your identity to obtain such copies. You must include the necessary information to assist us in fulfilling your request. We will comply with such requests unless we are under a legal obligation and/or have a legitimate interest in not deleting the data.

8. SECURITY 

8.1 The protection of your data is extremely important to the Foundation and in this respect, we continuously strive to provide all possible safeguards to protect personal data, limit unauthorized access and/or possible data modifications. This includes measures of information security in line with current best practices to protect your privacy. These measures include technical and organisational measures and monitoring and tracking actions designed to safeguard data against misuse, unauthorised access or disclosure, loss, alteration, or destruction.

9. COOKIES

9.1 A “cookie” is a small text file that is downloaded to your device when you visit a website and allows the website to obtain certain information from your browser, such as your preferences. This site uses cookies and similar technologies to manage login sessions, to provide personalized web pages, and to tailor ads and other content to meet your specific needs and interests.

9.2 You may configure your browser to block all cookies, including cookies related to our services, or to know when a cookie has been set by us. However, it is important to note that many of our services may not function properly if cookies are disabled. For example, we may not remember language preferences. Your browser contains instructions on how to delete or disable cookies.

9.3 For more information about cookies, how they are used and how they apply to the use of personal data, please visit www.aboutcookies.org  or www.allaboutcookies.org.

10. AMENDMENTS TO THE DATA PROTECTION POLICY

10.1 We strive to continually review and update this Policy in order to comply with legal and regulatory requirements, while providing optimal protection for your personal data. Any updates will be communicated to you via the current website.

11. CONTACT US

11.1 If at any time you believe that we are not complying with the provisions set out in this Policy or any other data protection related matter, please contact us by email at [email protected].  Our Data Protection Officer is QuadPrime Cyprus Ltd.