|
Introduction The processing of personal data in Cyprus is governed by the Processing of Personal Data (Protection of the Individual) Law, which entered into force on 23rd November 2001 to address privacy issues arising out of the collection, storage, processing and use of personal data. The Law was amended in 2003 in order to harmonise Cyprus legislation with the Directive of the European Union (95/46/EC) on the protection of individuals with regard to the processing of personal data. As a result, Cyprus Law is now essentially in line with the European Union’s Directives on the protection of individuals with regard to the processing of personal data. The Law's objective is to protect the fundamental rights of individuals, by setting out specific obligations for those processing personal data. Centaur’s Trust Data Protection Policy Personal data protection deals with the protection of personal information relating to an individual against unauthorised and illegal collection, recording and further use. The Law grants certain rights to all individuals in relation to how the information about them is collected, used and processed. It also gives them the right to submit to the Office of the Commissioner complaints relating to the application of the Law. Centaur Trust aims to meet the obligations imposed by the Cyprus Processing of Personal Data (Protection of the Individual) Law of 2001 ("the Law"). In collecting information about our clients our aim is to safeguard their best interests and to act in compliance with the Law, whilst ensuring that we will not transmit or disclose to third parties information about our clients, except in cases where this is necessary and is connected directly with the fulfilment of the instructions of our clients. All our clients may at any time request a copy of any personal data which we hold in electronic form about them. Section 4 of the Law sets out a series of conditions to be met for lawful processing of personal data. We aim to comply with these conditions as follows. Condition 1: Personal Data must be processed fairly and lawfully.We aim to ensure that, wherever possible, individuals are advised of the Personal Data which has been obtained or retained, its source and the purposes for which such Personal Data may be used or disclosed. If the Personal Data is not received directly from the individual concerned, we will try to ensure that we have authority to use this information, and that we will let the individual know that we are holding and using that additional information as soon as possible. Condition 2: Personal Data must only be used for specified legitimate purposes. We shall only use Personal Data for legitimate purposes and according to the terms and purposes as specified in our engagement letter with the client. Data collected for the purpose of specific engagements should not be used for other purposes such as marketing unless the client is informed and the processing can be justified under condition 1. Condition 3: Personal Data to be adequate, relevant and not excessive. The Personal Data held and used by us must be adequate, relevant and not excessive for the reasons for which we are holding it. We will not collect Personal Data that is simply useful rather than necessary and relevant to the particular engagement for which we need it. Condition 4: Personal Data to be accurate and where necessary to be kept up to date. At the time Personal Data is collected from a client we make sure that this data is accurate by confirming it with the client at the time it is collected. The use of inaccurate or out-of-date information may conceivably cause harm to the client. As a result we will try to keep Personal Data of all clients, such as address details, contact details etc, up to date. This is achieved by asking all our clients periodically to confirm the details we have for them on record and to notify us about any changes. Condition 5: Personal Data not to be kept for longer than is necessary. We should not keep Personal Data for longer than is necessary for the reasons for which it is required. This includes the length of time as may be necessary for the purpose of defending any legal proceedings brought against us in relation to the use of the Personal Data or as required by law and the professional bodies of which we are members with. Other Conditions: Confidentiality and Security of processing. Section 10 of the Law provides that appropriate technical and organisational measures must be taken for the security of data and their protection against accidental or unlawful destruction, accidental loss, alteration, unauthorised dissemination or access and any other form of unlawful processing. Such measures shall ensure a level of security which is appropriate to the risks involved in the processing and the nature of the data processed. We have established internal procedures to meet these requirements. Our procedures include: Ø Internal procedures particularly in relation to computers (servers and workstations). The essential measures which have been undertaken within Centaur Trust to avoid unauthorised Processing of Personal Data include, among other things, Ø The use of well known protection software to protect our information technology management system from unauthorised third party access. Ø Strict control of access to Personal Data, by checking the authenticity of the persons to whom Personal Data is disclosed, and by limiting personnel access to Personal Data, Ø Use of a shredding machines whenever we are disposing any Personal Data; Ø Precautionary steps to reduce the chances of the destruction of Personal Data, including taking appropriate precautions against burglary, fire and natural disaster; Back-up facilities have been developed in such a way that a back-up of our management system is carried out daily. Ø We ensure that any third party who is processing Personal Data maintains the same standards in relation to security as us. Conclusion Our aim in developing our Data Protection policy is to demonstrate how Centaur Trust aims to meet the obligations imposed by the Cyprus Processing of Personal Data (Protection of the Individual) Law of 2001 ("the Law"). In collecting information about our clients, our aim is to safeguard their best interests and to act in compliance with the Law, whilst ensuring that we will not transmit or disclose to third parties information about our clients, except in cases where this is necessary and is connected directly with the fulfilment of the instructions of our clients. Should you require any further information or clarification regarding our Data Protection Policy, our Data Protection officer will be pleased to assist you. His contact details are as follows: Mr Haig Assadourian Telephone: +357 22 499 994 Fax number: +357 22 499 984 Email:
This e-mail address is being protected from spambots. You need JavaScript enabled to view it
This policy is not to be taken as providing legal advice or guidance regarding the rights of individuals under the Law. Individuals should take their own advice if they require it. Below are the relevant contact details of the office of the Commissioner for Personal Data Protection. Office of the Commissioner for Personal Data Protection 40, Themistokli Dervi str.Natassa Court, 3rd floor1066, Nicosia PO Box 23378, 1682 Nicosia Tel: +357 22818456, Fax: +357 22304565, E-mail:
This e-mail address is being protected from spambots. You need JavaScript enabled to view it
|
