Privacy Policy for Academia Gnosis
1. Introduction
Academia Gnosis (hereinafter referred to as "we," "us," or "our") is committed to protecting the privacy and security of your personal data. This Privacy Policy explains how we collect, use, store, and disclose your personal information when you use our website (////)
2. Data Controller
The data controller responsible for your personal data is:
Academia Gnosis 1 Deligiannis Street, 1055 Nicosia, academia.gnosis@cy.net, +357 99 753810
3. Types of Personal Data We Collect
We may collect the following types of personal data from you:
4. How We Use Your Personal Data
We may use your personal data for the following purposes:
5. Legal Basis for Processing Personal Data
Our legal basis for processing your personal data may include:
6. Sharing Your Personal Data
We may share your personal data with the following categories of recipients:
7. Security of Your Personal Data
We have implemented appropriate technical and organizational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. These measures are regularly reviewed and updated.
8. Retention of Your Personal Data
We will retain your personal data for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable laws and regulations.
9. Your Rights Under the GDPR (and other applicable laws)
You have certain rights regarding your personal data, including:
10. Children's Privacy
Protecting the privacy of children is especially important to us. We will only collect and process personal data relating to children under the age of 16 with the explicit consent of their parent or legal guardian. If you are a parent or guardian and believe that your child has provided us with personal data without your consent, please contact us immediately, and we will take steps to remove the information.
11. Cookies and Similar Technologies
Our Website may use cookies and similar tracking technologies to enhance your browsing experience and collect usage data. You can manage your cookie preferences through your browser settings. Please refer to our separate Cookie Policy [Link to Cookie Policy if you have one, otherwise explain cookie usage here].
12. Links to Other Websites
Our Website may contain links to other websites that are not operated by us. We are not responsible for the content or privacy practices of these websites. We encourage you to review the privacy policies of any third-party websites you visit.
13. Changes to this Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will post any changes on this page and update the "Last Updated" date at the top. We encourage you to review this Privacy Policy periodically.
14. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or the processing of your personal data, please contact us at:
Dr Svetlana Mardapitta
1 Deligiannis Street, 1055 Nicosia
+357 99 753810
academia.gnosis@cy.net
umka@cy.net
svetlana@cy.net
Last Updated: 20.04.2025
1. Introduction
Academia Gnosis (hereinafter referred to as "we," "us," or "our") is committed to protecting the privacy and security of your personal data. This Privacy Policy explains how we collect, use, store, and disclose your personal information when you use our website (////)
2. Data Controller
The data controller responsible for your personal data is:
Academia Gnosis 1 Deligiannis Street, 1055 Nicosia, academia.gnosis@cy.net, +357 99 753810
3. Types of Personal Data We Collect
We may collect the following types of personal data from you:
- Contact Information: Name, email address, phone number, postal address. This may be collected when you contact us through the website, sign up for tours, or request information.
- Usage Data: Information about how you use our Website, such as your IP address, browser type, operating system, referring URLs, pages visited, and the dates and times of your visits. This is often collected through cookies and similar tracking technologies.
- Child-Related Information (with parental/guardian consent): Name, age, and any other information you provide about your child when expressing interest in our programs or signing up for tours. We will only collect and process this information with the explicit consent of the parent or legal guardian.
- Form Submissions: Information you provide through online forms on our Website, such as tour booking forms or contact forms.
4. How We Use Your Personal Data
We may use your personal data for the following purposes:
- To respond to your inquiries and provide you with information about our school and programs.
- To process your requests for tours or other services.
- To improve and personalize your experience on our Website.
- To monitor and analyze Website usage and trends.
- To send you updates, newsletters, and other information about our school (only with your consent where required by law).
- To comply with legal obligations.
5. Legal Basis for Processing Personal Data
Our legal basis for processing your personal data may include:
- Consent: Where you have given us explicit consent to process your personal data for specific purposes (e.g., sending newsletters, processing child-related information). You have the right to withdraw your consent at any time.
- Legitimate Interests: Where processing is necessary for our legitimate interests in operating our school and providing information about our services, provided that your interests and fundamental rights do not override those interests.
- Compliance with Legal Obligations: Where processing is necessary for us to comply with legal obligations.
6. Sharing Your Personal Data
We may share your personal data with the following categories of recipients:
- Our staff and authorized personnel who need access to the information to perform their duties.
- Third-party service providers who assist us with website hosting, analytics, email delivery, and other services. We will have contracts in place with these providers to ensure they protect your data in accordance with applicable laws.
- Legal authorities if required by law or legal process.
7. Security of Your Personal Data
We have implemented appropriate technical and organizational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. These measures are regularly reviewed and updated.
8. Retention of Your Personal Data
We will retain your personal data for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable laws and regulations.
9. Your Rights Under the GDPR (and other applicable laws)
You have certain rights regarding your personal data, including:
- The right to access your personal data that we hold.
- The right to rectification of inaccurate or incomplete personal data.
- The right to erasure ("right to be forgotten") under certain circumstances.
- The right to restriction of processing under certain circumstances.
- The right to data portability to receive your personal data in a structured, commonly used, and machine-readable format and to transmit it to another controller.
- The right to object to the processing of your personal data under certain circumstances.
- The right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
- The right to withdraw your consent at any time where we are relying on consent to process your personal data.
- The right to lodge a complaint with a supervisory authority. In Cyprus, the supervisory authority is the Commissioner for Personal Data Protection.
10. Children's Privacy
Protecting the privacy of children is especially important to us. We will only collect and process personal data relating to children under the age of 16 with the explicit consent of their parent or legal guardian. If you are a parent or guardian and believe that your child has provided us with personal data without your consent, please contact us immediately, and we will take steps to remove the information.
11. Cookies and Similar Technologies
Our Website may use cookies and similar tracking technologies to enhance your browsing experience and collect usage data. You can manage your cookie preferences through your browser settings. Please refer to our separate Cookie Policy [Link to Cookie Policy if you have one, otherwise explain cookie usage here].
12. Links to Other Websites
Our Website may contain links to other websites that are not operated by us. We are not responsible for the content or privacy practices of these websites. We encourage you to review the privacy policies of any third-party websites you visit.
13. Changes to this Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will post any changes on this page and update the "Last Updated" date at the top. We encourage you to review this Privacy Policy periodically.
14. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or the processing of your personal data, please contact us at:
Dr Svetlana Mardapitta
1 Deligiannis Street, 1055 Nicosia
+357 99 753810
academia.gnosis@cy.net
umka@cy.net
svetlana@cy.net
Last Updated: 20.04.2025
What we store | How/Where it is stored |
Personnel files | Hard copies are kept securely within the Director’s office in a locked cupboard. * You can request to see your personnel files at any time through the head or deputy |
Performance management documentation | Electronically on the server and data system Hard copies are kept within the Director’s office * You can request to see your performance management at any time through the head or deputy |
Attendance information | Electronically on the server and data system It is sent to backup link via a secure link Hard copies are kept within the Director’s office * You can request to see your attendance information at any time through the Director |
Data sharing
We do not share information about you with any third party without your consent unless the law and our policies allow us to do so.
Where it is legally required or necessary (and it complies with data protection law) we may share personal information about you with:
o Our local authority
– to meet our legal obligations to share certain information with it, such as safeguarding concerns and information about staff performance and staff dismissals
o The Department for Education
- to meet our legal obligations to share information linked to performance data.
o Your family or representatives
- to carry out our public task in the event of an emergency
o Other staff members
- to carry out our public tasks, for example having access to your school email address so that information can be shared effectively Our regulator Ofsted, in order to comply with our public task
o Suppliers and service providers
– to enable them to provide the service we have contracted them for, such as payroll
o Central and local government
- to complete the legal obligation for things such as the workforce census
o Auditors
- coming under a legal obligation, Trafford may be asked from auditors about financial information related to schools.
o Survey and research organisations
- to meet our legal obligation in relation to ‘freedom of information’ requests
o Trade unions and associations
- to carry out our public task in light of any key discussions within school linked to disciplinary/capability procedures or for events such as redundancy.
o Security organisations
- in order to keep our school secure and under the lawful basis of public task, we pass on certain staff member information so that they can be contacted if necessary (such as the Operations Manager).
o Health and social welfare organisations
- to carry out our public task in line with our attendance management policy with organisations such as occupational health
o Police forces, courts, tribunals
- to meet our legal obligations to share certain information with it, such as safeguarding concerns or to carry out our public task in relation to a tribunal.
o Employment and recruitment agencies
- to meet the public task of supplying requested references.
o The Directors
- to carry out our public task within the school and remain accountable to them for finance and personnel issues.
Transferring data internationally
Where we transfer personal data to a country or territory outside the European Economic Area (EEA), we will do so in accordance with data protection law.
For Pupil
Under data protection law, individuals have certain rights regarding how their personal data is used and kept safe, including the right to:
- Object to the use of personal data if it would cause, or is causing, damage or distress
- Prevent it being used to send direct marketing to you
- Object to decisions being taken by automated means (by a computer or machine, rather than by a person)
- In certain circumstances, have inaccurate personal data corrected, deleted or destroyed, or restrict
- processing
- Claim compensation for damages caused by a breach of the data protection regulations
- To exercise any of these rights, please contact our data protection officer.
How to access personal information we hold about you
Individuals have a right to make a ‘subject access request’ to gain access to personal information that the school holds about them.
If you make a subject access request, and if we do hold information about you, we will:
- Give you a description of it
- Tell you why we are holding and processing it, and how long we will keep it for
- Explain where we got it from, if not from you
- Tell you who it has been, or will be, shared with
- Let you know whether any automated decision-making is being applied to the data, and any consequences
- of this
- Give you a copy of the information in an intelligible form
If you would like to make a request, please contact our data protection officer (DPO).
Your other rights regarding your data
Under data protection law, individuals have certain rights regarding how their personal data is used and kept safe. You have the right to:
- Object to the use of your personal data if it would cause, or is causing, damage or distress
- Prevent your data being used to send direct marketing
- Object to the use of your personal data for decisions being taken by automated means (by a computer or
- machine, rather than by a person)
- In certain circumstances, have inaccurate personal data corrected, deleted or destroyed, or restrict
- processing
- Claim compensation for damages caused by a breach of the data protection regulations. To exercise any of these rights, please contact our data protection officer (DPO).
Complaints
All
We take any complaints about our collection and use of personal information very seriously.
If you think that our collection or use of personal information is unfair, misleading or inappropriate, or have any other concern about our data processing, please raise this with us in the first instance in writing.
To make a complaint, please contact our data protection officer (DPO) Dr Chrysanthos Mardapittas gnosis@cy.net Alternatively, you can make a complaint to the Information Commissioner’s Office:
Contact us
If you have any questions, concerns or would like more information about anything mentioned in this privacy notice, please contact our DPO officer
Deligianni 1, 1055, Nicosia, Cyprus
Tel.:+357 22 312790, Tel.:+357 22312174, Fax:+357 22374114
e-mail: umka@cy.net, academia.gnosis@cy.net, rims.academia.gnosis@cy.net
Children’s records | Retention period | Status | Authority |
Children’s records - including registers, medication record books and accident record books pertaining to the children | A reasonable period of time after children have left the premises | Requirement | Statutory Framework for the Early Years Education |
Until the child reaches the age of 18 | Recommendation | Normal limitation rules (which mean that an individual can claim for negligently caused personal injury up to 3 years after, or deliberately caused personal injury up to 6 years after the event) are postponed until a child reaches 18 years of age | |
Records of any reportable death, injury, disease or dangerous occurrence | 3 years after the date the record was made | Requirement | The Reporting of Injuries, Diseases and Dangerous Occurrences Regulations |
Personnel records | Retention period | Status | Authority |
Personnel files and training records (including disciplinary records and working time records) | 6 years after employment ceases | Recommendation | Personnel and Development |
Health Checks | 6 months | Recommendation | The following basic information should be retained after the certificate is destroyed: the date of issue; the name of the subject; the type of disclosure; the position for which the disclosure was requested; the unique reference number; and the details of the recruitment decision taken |
Pay | |||
Wage/salary records (including overtime, bonuses and expenses) | 7 years | Requirement | Taxes Law |
Maternity Pay records | 7 years after the end of the tax year to which they relate | Requirement | Statutory Maternity Pay |