T.S. CHILDREN’S CENTER LTD respects your privacy and your personal data and is committed to protecting them. This policy explains to you how we process and use the personal data we collect and lists, inter alia, your rights and our obligations for such collection, process and use of your personal data under the law.
Controller of your personal data
The controller of the personal data we keep in order to provide to you our services is T.S. CHILDREN’S CENTER LTD with address at Andrea Kalvou, Ayios Athanasios, 4107, Limassol, Cyprus and number 4A and registration number HE 356380.
Type of Personal Data we collect
In case that you are one of the users of our website, children/pupils (existing or prospective) or their parents, staff, suppliers, contractors and/or other people we deal with in business or visiting the childcare/nursery school, we may collect your personal data including: name and surname, residential address, telephone numbers, email address, identification data (identity and/or passport numbers), date of birth, authentication data (e.g. signature). Depending on the kind of the service(s) we provide to you we may collect additional and/or sensitive personal data such as: admissions, academic, disciplinary and other education related records, information about special educational needs, education and employment data, images, audio and video recordings, financial information, courses, meetings or events attended and/or data concerning health or ethnicity. Also we may collect other personal data which may not be obvious to you such as: your internet protocol address and/or your current geo-location.
How we collect your Personal Data
Personal data may be obtained by us:
- Directly from you by filling contact forms and/or through our communication;
- From the parents of the children/pupils and/or other people in person, in the context of our contractual relationship;
- from publicly available sources (e.g. professionals or authorities working with these people, the internet, adverts etc)
What are your rights?
According to the GDPR, you, as data subject, have the following rights:
- The right to access the personal data we hold about you. This means that you can ask us details of your personal data and for a copy of it if this is available.
- The right to have your personal data rectified if any of your personal data held by us is inaccurate or incomplete.
- The right to erase your personal data (partially or in total), subject to the limitations referred to in the present Policy and/or of any law or regulation.
- The right to be informed regarding rectification, erasure or restriction of data processing that affect your personal data.
- The right to object to us using your personal data for a particular purpose or purposes subject to the limitations referred to in the present Policy and/or of any law or regulation.
- The right to object to processing your personal data for direct marketing and/or automated processing including profiling which is related to direct marketing.
- The right to data portability meaning that you can ask to obtain a copy of your personal data in a structured, commonly used and machine readable format. You also have the right to ask for your personal data to be transmitted directly to another data controller in case such transmission is technically feasible.
- The right to revoke the consent at any time if we use your personal data based on your written consent. It is clarified that any processing prior to the receipt of such revocation will not be affected.
- The right to be notified in case of high risk of data breach which affecting your personal data.
Upon receiving your request we will respond to your request (free of charge but in case that your request is ‘manifestly unfounded or excessive’ a fee for our administrative costs may be charged) within reasonable time not exceeding one month.
In case we have not complied with your request or you are not satisfied with our response you have the right to lodge a complaint with the Office of the Data Protection Commissioner.
The rights under Data Protection legislation belong to the individual to whom the data relates. However, we will often rely on parental consent to process personal data relating to children/pupils (if consent is required) unless, given the nature of the processing in question, and the children/pupil’s age and understanding, it is more appropriate to rely on the children/pupil’s consent.
Parents should be aware that in such situations they may not be consulted, depending on the interests of the child/pupil, the parents’ rights at law or under their contract, and all the circumstances.
In general, we will assume that the children/pupil’ consent is not required for ordinary disclosure of their personal data to their parents, e.g. for the purposes of keeping parents informed about the their activities, progress and behaviour, and in the interests of their welfare, unless, in the childcare/nursery school’s opinion, there is a good reason to do otherwise.
However, where a child/pupil seeks to raise concerns confidentially with a member of staff and expressly withholds their agreement to their personal data being disclosed to their parents, we may be under an obligation to maintain confidentiality unless, in our opinion, there is a good reason to do otherwise; for example, where the childcare/nursery school believes disclosure will be in the best interests of the child/pupil or other children/pupils, or is required by law.
Your Obligation to provide Personal Data
You need to provide us with personal data which are absolutely necessary in order to:
- commence and proceed with a contractual relationship with you and/or
- perform of our contractual obligations and/or
- comply with our legal or regulatory or statutory obligations including the money laundering laws which require that we verify your identity before we enter into a contract or a business relationship with you or the legal entity or person for which you are the authorized representative, officer or owner.
We notify you that if you do not provide us with the required data, then we will not be able to commence or continue our business relationship either to you as an individual or as the authorized representative, officer or owner of a legal entity or body or person.
Ways of Use of Your Personal Data
Your personal data may be used for the following purposes:
-Performance of a contract
We process personal data in order to provide our services based on contracts with our clients and/or employees but also to be able to complete our procedures including ‘due diligence’ and ‘know your client’ procedure so as to enter into a contract with prospective clients. The purposes of processing personal data are relevant to the requested services/products, the Standard Terms and Conditions (STC) of our website accessible at www.risepreschools.cy and the contract terms and conditions.
-Compliance with legal, regulatory and law enforcement request
We process personal data in order to comply with number of laws, statutory requirements and regulations to which we are subjects including Tax laws and Anti-Money Laundering Laws as amended from time to time.
We hereby inform you that we cooperate and we shall cooperate with government and law enforcement officials and private parties to enforce and comply with the law and/or regulations to which we are subjects. This means that we will disclose – which is kind of process - any information about you and any personal data of you to such government or law enforcement officials or private parties as we believe necessary or appropriate to respond to claims and legal process to protect our property and rights or the property and rights of a third party, to protect the safety of the public or any person, or to prevent or stop activity we consider to be illegal.
In such case and only if we are legally entitled to notify you, we will take reasonable steps to give a notice to you for the disclosure of your personal data to such third parties as part of legal process.
-Safeguarding or servicing legitimate interests
We advise you that we may process personal data so as to safeguard the legitimate interests of us or of any third party. In simple words, legitimate interest is when we have a business or commercial reason to use your data always respecting the principle of proportionality and necessity.
-Protection of vital interests
We can process your personal data if it is necessary to protect and service your Vital Interests and/or the Vital Interests of your Organisation (Company) and/or the Vital Interests of another natural person(s).
-Acquisition of data subject consent
We have the right to process your personal data for any reasons other than the reasons referred above provided that you have given us your specific consent for such process.
We will keep your personal data for as long as we have a business and/or contractual relationship with you as an individual or in respect of our dealings with a legal entity or body or person you are authorized to represent as an authorised representative. After the expiry of such relationship, we may keep your data for as long as we are obliged and/or entitled to keep such data in accordance to any law or regulation to which we are subjects.
For prospective students (or authorized representatives) we shall keep your personal data for six (6) months from the date of conclusion of all communications which did not lead to cooperation or provision of services.
Sharing of Personal Data
As already mentioned herein, we may share certain personal data with third parties if a legal obligation, court or authority order, legitimate public or private interest, contract or consent exists. Some examples are:
- Supervisory and other regulatory and public authorities
- Our employees
- According to our procedures for combating money laundering and financing of terrorism, the entities that provide information on regulatory compliance
- External legal or other advisors, consultants and associates.
- Auditors and Lawyers
- Companies that developed, hosting and maintaining our information technology infrastructure and/or other systems
- Companies which cooperate with us or help us in order to provide you with an effective provision of our services and/or products by offering technological expertise, compliance expertise, solutions and support and facilitating trading.
If any of your personal data is acquired by a third party as described in the paragraph above, we will take reasonable steps to ensure that your personal data is safely processed.
How you can contact us
If at any time you have questions about our practices or any of your rights described above, you may reach our Data Protection Officer (“DPO”) and our dedicated team that supports this office by contacting us at 7000 5437