Privacy Policy
Introduction:
At, PAPHOS CLASSIC VEHICLE CLUB (hereinafter referred as the “Club”), incorporated on 17/08/2004 at the Republic of Cyprus with Registration of Societies Number: 2704 and having its office at: Chrysostomou Papa Danil 40B, 8577 Tala, Paphos, Cyprus, (hereinafter “we”, “us” or “our”) the protection of your personal data is a top priority. This Privacy policy describes how the Club will treat your personal data and/or information of its members or visitors of its official website.
The purpose of this privacy policy ("Policy") is to provide a clear explanation of when, why and how we collect and use personal data of our members or visitors.We have designed it to be as user friendly as possible and have separated it in sections to make it easy for you to find the information that is most relevant to you.
The new European Union (EU) Data Protection Law, the General Data Protection Regulation 2016/679 ("GDPR"), came into effect on 25th of May 2018. The GDPR
gives individuals in the EU more control over how their personal data is used and places certain obligations on businesses that process the information of those individuals.
Terms–Definitions:
Personal Data: means any information relating to an identified or identifiable natural person.
An identified natural person is one whose identity has been established.
An identifiable natural person is one whose identity may be confirmed, directly or indirectly,by information such as:
- Name and surname, identity card number, passport number,telephone number, email (where needed), direct debit details (where needed) billing address, or other factors specific to that natural person’s physical, physiological, mental, economic,cultural, political or social identity.
Consolidated data of a statistical nature, from which the data subject cannot be identified,are not deemed to be Personal Data.
Data Controller:
means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data.
Data Processor:
means a natural or legal person, public authority, agency or other body which processes Personal Data on behalf of the Data Controller.
Data Subject:
is the natural person to which the Personal Data refers and whose identity is known or may be confirmed, directly or indirectly, by reference to an Identity Card number or to factors specific to that person’s physical, physiological, mental, economic, cultural,political or social identity.
Processing:
means any operation or set of operations which is performed on personal dataor on sets of personal data, whether or not by automated means.Such operations are the collection, recording, organisation, structuring, storage, adaptationor alteration, retrieval, consultation, use, disclosure by transmission, dissemination orotherwise making available, alignment or combination, restriction, erasure or destruction of Personal Data.
Consent of the Data Subject:
means any freely given, specific, informed and unambiguousstatement/acceptance by the Data Subject by which he/she agrees to the processing of his/her Personal Data by the Club.
Who we are:
The Club incorporated on 17/08/2004 at the Republic of Cyprus with Registration of Societies Number: 2688, and it is governed under the Societies and Institutions and Other Related Issues Law of 2017 (Law 104 (I) /2017) as amended from time to time.
.
The aim of the Club is to promote the classic car movement in co-operation with other clubs and organizations in Cyprus and abroad who have the same interests and beliefs about old vehicles. The Club does not take into account political, religious, ideological beliefs, ethnic origins and religion and its establishment is with non-profit making purpose.
Who this privacy policy is directed to:
This privacy policy is directed to natural persons (hereinafter our “members”) who are either past, current or potential members of the Club.
On the basis of the present privacy policy, the processing of Personal Data does not affect legal persons such as companies, organisations, associations, institutions, government services and other legal entities.
Identity and contact details of the “Data Controller”, “Data Processor”:
(a) Data Controller:
The Club is the "Data Controller” pursuant to the GDPR, and related Cyprus Legislations, Orders, Decisions, local and EU Regulations and Local and EU Directives and determines how your personal data is kept and processed. The offices of the Data Controller is situated at Chrysostomou Papa Danil 40B, 8577 Tala, Paphos, Cyprus. Telephone: 97 760 997 or Email: sec.pcvccyprus@gmail.com
(b) Data Processor:
The Data Processor is any natural or legal person, public authority, service or other body that processes Personal Data on behalf of the Club. In some cases the Club will be acting as the Data Controller and as the Data Processor in order to comply with the Club’s activities.
How do we collect personal data and/or personal information of our members’?
In order to register our members in our Club’s registry we may collect directly from you and process different types of your personal data and/or personal information in the following ways:
i. On a personal basis, during the performance of a contract or during the process of examining a candidate member’s application.
ii. Through the use of our website and other electronic programmes and social media.
iii. By post and/or electronic mail.
iv. By completing any questionnaires and/or documents, for research purposes aiming at the improvement of our purposes.
v. When your information is published.
vi. By signing up and giving your free and unambiguous consent, subscribe and/ or register for receiving newsletters, notifications or other information about our events.
vii. When you visit any of our offices.
viii. When you visit or browse our website/s.
Other than personal information obtained from you directly (as described above), our Club may also obtain your personal information from third parties we deal with or are connected with you, and from such other sources where you have given your free and unambiguous consent for the disclosure of information relating to you, and/or where otherwise lawfully permitted under the relevant Cyprus legislations, Orders and Regulations and EU Regulations and/or EU Directives.
What categories of personal data do we collect?
We collect and use several types of information from our members, including information by which you may be personally identified and that is defined as personal data under applicable law/s such as:
i. contact information such as your name and surname, identity card number and passport number, gender, nationality and race, preferred language, IP numbers and any websites visited (where applicable) current private and/or business address,telephone or mobile phone number, fax number, email address.
ii. The amount of data that has been received and/or sent by you.
iii. The equipment you use when accessing our products and/or services (such as your mobile, your computer system and platform) to customize the service for you.
iv. Capture of your image via photographic cameras when you visit our events after we have your prior freely given and unambiguous consent.
In case that there will be a need for further processing of your personal data for a purpose other than that for which they were initially collected by our Club you will be informed in advance about the additional purpose and the relevant details in respect to the further processing.
What lawful reasons do we have for collecting and processing members’ personal data:
In order to proceed with a relationship our members must provide their personal data and/or personal information to us which are necessary for the required commencement and continuation of a relationship with our Club.These personal data is processed by the Club throughout the validity period of the registration in members’ registry in order the Club to deal with its main purposes.
Failure to provide us with personal data prevents us from commencing or continuing a relationship with you.
In accordance with GDPR we may rely on the following lawful reasons when we collect and process personal data to operate our Club:
Compliance with legal obligation: We may process personal data in order to meet legal and regulatory obligations such as Societies and Institutions and Other Related Issues Law of 2017 (Law 104 (I) /2017) as amended from time to time,the Regulations or Orders for the time being and from time to time in force, any other Cyprus Legislation/s, Regulations and Orders of various Supervisory authorities in the Republic of Cyprus, the European Union (EU) Data Protection Law, the General Data Protection Regulation 2016/679 ("GDPR") and generally for the purpose of compliance with the Law.
Further legal obligations are:
Consent:
We may rely on your freely given and unambiguous consent at the time you provided your personal data to us for a purpose of the process other than for the purposes set out herein above, then the lawfulness of such processing is based on that consent. You have the right to withdraw consent at any time.However,any processing of personal data will not be affected prior to the receipt of the withdrawal.
Legitimate interests:
We may rely on legitimate interests based on our evaluation that the processing is fair, reasonable and balanced and we make sure that legitimate interest of our Club does not exceed your rights.
Why do we need personal data?
We aspire to be transparent when we collect and use personal data and tell you why we need it, which typically includes:
i. Providing the services of the Club to our members.
ii. To send invitations for events of our Club to our members, once we have their freely given and unambiguous consent.
iii. To send email and/or SMS notifications to our members for our Club’s events once we have specifically requested and received their freely given and unambiguous consent.
iv. Our services may include reviewing members’ files for quality assurance purposes,which may involve processing personal data for the relevant member.
v. Administering, maintaining and ensuring the security of our information systems, applications and websites.
vi. Functionality and security: to detect, prevent, and respond to actual or potential fraud and illegal activities.
vii. Compliance: to enforce our terms and conditions and to comply with our legal obligations as these derive from the applicable laws of the Republic of Cyprus and any amendments or additions thereof from time to time and/or any applicable EU Directives and EU Regulations as those amended thereof from time to time.
In any other way we may describe when you provide the information and/or for any other purpose with your consent provided separately from this privacy policy.
Do we share personal data with third parties?
In the course of our relationship our members’ personal data maybe provided to the following third parties, who may also be the recipients of the personal data under certain circumstances:
i. Supervisory and other regulatory and public authorities, whereby a statutory obligation exists by the Law.Some examples are the income tax authorities, criminal prosecution authorities, external consultants such as Lawyers, Accountants, Auditors etc. The aforementioned third parties are obliged and responsible to comply with the relevant Laws.
ii. Third parties to whom we may disclose personal data may have their own privacy policies which describe how they use and protect personal data. In the event that our Club has a contractual relationship with them does not authorize us to disclose your personal data in any other way beyond the provision of their services.
iii. Any transfer of personal data will always take place after all necessary security measures have been taken, the full control of personal data processors and third party’s assumption of confidentiality obligation and protection of the personal data that they will receive. Please note that third parties are responsible for the application of the applicable data privacy laws, including without limitation the Privacy Policy.
What about personal data security?
Our Club maintains solid information security measures and procedures to safeguard its members’ personal data, in line with its legal obligations developed by Local and/or European standards organisations and/or by international bodies and it complies strictly with the provisions of the GDPR and/or any local legislation of personal data.
Last but not least, we have put in place appropriate technical and organizational measures including physical, electronic and procedural measures to protect your personal data from loss, misuse, alteration or destruction.
How long do we retain personal data?
We will keep our members’ personal data for as long as we have a relationship with them i.e. whilst they are still members on our Club’s registry of members. Once our relationship has ended, we will delete immediately your personal data from our systems either in hard copies or in an electronic form.
The following data are not erased:
i. Data maintained for the purposes of legitimate interest in which litigation and/or investigations might arise in respect of the services and/or products rendering by our Club when we are lawfully requested to do so until the legitimate purposes is completed.
ii. Data maintained accordingly to any retentions periods are set in relevant Cyprus legislations and/or EU Regulations and EU Directives whenever applicable.
iii. The personal data processed for the purposes of sending newsletters etc., as per your prior freely given and unambiguous consent to our Club, shall be kept with us until you notify us in writing that you no longer wish your personal data to be used for this purpose.
Do we change this privacy policy?
We reserve the right to modify or revise our privacy policy from time to time to reflect our current privacy practices. The updated version shall apply and supersede any and all previous versions, including but not limited to hard copies. When we make changes to the privacy policy,we will revise the "updated" date at the bottom of this page. We encourage you to periodically review this Privacy Policy that can be found at our website: www.paphosclassicvehicleclub.com to be informed about how PAPHOS CLASSIC VEHICLE CLUB, PCVC, is protecting your personal data.
What are your data protection rights?
Subject to the provisions of the GDPR, you have certain rights regarding the Personal Data we collect, process or disclose and that is related to you, including the right:
i. To receive access to your personal data (“right to access”).
ii. To rectify inaccurate personal data concerning you (“right to data rectification”)
iii. To request deletion/erasure of your personal data (“right to erasure/deletion”, “right to be forgotten”)
iv. To receive the Personal Data provided by you in a structured, commonly used and machine-readable format and to transmit those Personal Data to another data controller (“right to data portability”)
v. To object to the use of your personal data where such use is based on our legitimate interests or on public interests (“right to object”)
vi. In some cases to request the restriction of processing of your personal data (“right to restriction of processing”)
vii. The member as the Data Subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him/her or significantly affects him/her (“right to a non-automated individual decision-making”).
Our member/s has/have the right to withdraw his/her consent given at any time in relation to the processing of your personal data. KINDLY NOTE that any withdrawal of your consent will not affect the lawfulness of processing based on it prior to withdrawal. If the Club as the Data Controller has a legitimate interest in retaining your personal data,your request to withdraw your consent and have your personal data deleted may be denied. Last but not least, we may need to request specific information from you to help us confirm your identity and ensure your right to access the information or to exercise any of your other rights. This helps us to ensure that personal data is not disclosed to any person who has no right to receive it.No fee is required to make a request unless your request is clearly unfounded or excessive.
How does the Company deals with leaks of Personal Data?
The Club informs the Commissioner for Personal Data Protection in detail of any leak and/or violations within 72 hours of being made aware of such a leak/violation. The Club informs the Data Subject (“natural person” and/or our member) when there is a high risk of violation of his/her rights and freedoms.
How to raise a complaint?
To exercise any of the above rights, or for any questions or complaints about our use of your personal data, please contact us, either by post at Chrysostomou Papa Danil 40B, 8577 Tala, Paphos, Cyprus. Telephone: 97 760 997 or electronically at sec.pcvccyprus@gmail.com
Complaints may also be lodged to the supervisory authority in Cyprus (Office of the Commissioner for Personal Data Protection, by post at 1 Iasonos Str. 1082, Nicosia, Republic of Cyprus. More information can be found at http://www.dataprotection.gov.cy
Applicable Laws and Jurisdiction
This Privacy Policy shall be governed by and interpreted according to the Laws of the Republic of Cyprus and any dispute shall be resolved by the competent Courts of the Republic of Cyprus.
Miscellaneous
The present Privacy policy is not intended to and does not create any contractual and/or other legal rights in or on behalf of any party.The said Policy applies only to the Club’s website and not to any other organizations and we are not responsible for the Privacy policies of such third parties.16 July 2020