PRIVACY AND DATA PROTECTION POLICY

1. Purposes and objectives
1.1.The Association is committed to handling Personal Data responsibly in order to earn and preserve the trust of its
members and any third party interacting with the Association.
1.2This Policy defines the main principles applicable to the Processing of Personal Data by the Association with a view
to guarantee every individual’s right to privacy.
1.3The Association Processes Personal Data in order to comply with its legal obligations, carry out administrative
tasks, and comply with requirements for the proper performance of its legal relationships towards its members and
third parties with whom there is any legal relationship.
2. Scope
2.1This Policy is global in scope and applies to the Association everywhere and to all Processing of Personal Data of
Data Subjects.
2.2The requirements defined in this Policy shall also be applied to third parties Processing Personal Data on behalf of
the Association, such as consultants, service providers, or other partners, for instance by way of contractual
provisions, or persons making complaints or reports to the Association for cases related to LGBTI-related acts of
discriminatory treatment and/or violence and/or alike conduct.
2.3The requirements defined in this Policy shall also be applied to third parties Processing Personal Data on behalf of
the Association, such as consultants, service providers, or other partners, for instance by way of contractual
provisions.
2.4This Policy concerns all Personal Data the Association is Processing and applies to any individual’s Personal Data,
whether, in particular, a member, a party to an agreement with the Association, such as a subcontractor or service
provider or any consultant.
2.5This Policy also concerns all Personal Data the Association is Processing and equally applies to any kind of
Personal Data Processing regardless of the medium used (electronic, paper, other) and purposes listed in
paragraph 4.2.2 below.
2.6This Policy does not apply to data related to legal entities.
3Definitions
3.1“Association” or “Controller” means Accept – LGBT Cyprus and it shall also constitute the data controller, i.e.
the legal person which determines the purposes and means of the Processing of Personal Data of the Data
Subjects subject to this Policy; you may contact the Association at [email protected]
3.2 “Consent” means the Data Subject’s freely given specific and informed indication of his/her wishes by which the
Data Subject signifies his/her agreement to the Processing of his/her Personal Data for the purposes described;
3.3“Data Subject” means an identified or identifiable natural person to whom Personal Data that are being Processed
relates; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to
an identification number or to one or more factors specific to his/her physical, physiological, mental, economic,
cultural or social identity; this definition includes members of the Association and third parties in a legal relationship
with the Association, and persons making complaints or reports to the Association for cases related to
LGBTI-related acts of discriminatory treatment and/or violence and/or alike conduct;
3.4“Personal Data” or “Data” means any information relating to a Data Subject;
3.5“Personal Data Processing” or “Processing” or “Processed” means any operation or set of operations performed
upon Personal Data, whether or not by automatic means, such as collection, recording, organisation, storage,
adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making
available, alignment or combination, blocking, erasure or destruction;
3.6“Policy” means this privacy and personal data protection policy;
3.7“Processor” or “Data Processor” means the person or persons Processing Personal Data on behalf of the
Association and it shall jointly be the Secretary and the Treasurer of the Board of the Association, whoever they are
from time to time;
3.8“Recipient” means the natural or legal person to whom/which Personal Data are disclosed and these may be (a)
regulatory and/or governmental authorities and/or services, and other organisations with whom the Association
cooperates;
3.9“Sensitive Data” or “Special Categories of Personal Data” means Personal Data that reveal racial or ethnic origin,
political opinions, religious or philosophical beliefs, trade-union membership, genetic data, biometric data for the
purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex
life or sexual orientation.
4Requirements
4.1The Processor, or any other natural or legal Processing Personal Data on behalf of the Controller, shall only act on
instructions from the Association, and must comply with the terms of this Policy, the Regulation (EU) 2016/679 of
the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the
processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General
Data Protection Regulation), and all other relevant applicable national and EU law.
4.2The Processor, or any other natural or legal Processing Personal Data on behalf of the Controller, shall comply with
the following processing principles:
4.2.1Legitimate and fair processing
Processing of personal data may only be carried out on a legitimate basis and in a fair and transparent
manner. The Association may only process personal data based on one or more of the legitimate bases
explained below in paragraph 4.2.2.
4.2.2Explicit and lawful purpose
4.2.2.1Personal data needs to be collected for one or more specific and legitimate purpose(s) and should not be
processed in a way incompatible with this/those purpose(s); further processing for archiving purposes in the
4.2.2.2No Personal Data may be Processed unless the purpose of the Processing has been precisely defined
beforehand and is legitimate under applicable law. Under the conditions provided for by applicable law, the
purpose of Processing may not vary in time, except if Data Subjects are duly notified by electronic or other
communication and give their consent to such variation and/or amendment where required.