Instagram Facebook Envelope
Donate
Subscribe
Donate
Subscribe
Instagram Facebook Envelope
Instagram Facebook Envelope
Donate
Subscribe
Instagram Facebook Envelope
PRIVACY POLICY AND DATA PROTECTION

1.    Purposes and objectives

1.1. Queer Collective Cy (hereinafter the “Collective”)  is committed to handling Personal Data responsibly in order to earn and preserve the trust of its members and any third party interacting with the Collective.

  1. This Policy defines the main principles applicable to the Processing of Personal Data by the Collective with a view to guarantee every individual’s right to privacy. 
  2. The Collective Processes Personal Data in order to comply with its legal obligations, carry out administrative tasks, and comply with requirements for the proper performance of its relationships towards its members and third parties with whom there is any relationship.

2.    Scope

  1. This Policy is global in scope and applies to the Collective everywhere and to all Processing of Personal Data of Data Subjects.
  2. The requirements defined in this Policy shall also be applied to third parties Processing Personal Data on behalf of the Collective, such as consultants, service providers, or other partners, or persons making complaints or reports to the Collective for cases related to LGBTQI+-related acts of discriminatory treatment and/or violence and/or alike conduct.
  3. This Policy concerns all Personal Data the Collective is Processing and applies to any individual’s Personal Data, whether, in particular, a member, a party to an agreement with the Collective, such as a subcontractor or service provider or any consultant.
  4. This Policy also concerns all Personal Data the Collective is Processing and equally applies to any kind of Personal Data Processing regardless of the medium used (electronic, paper, other) and purposes listed in paragraph 4.2.2 below.
  5. This Policy does not apply to data related to legal entities.

  1. Definitions
    1. “Collective” or “Controller” means Queer Collective Cy and it shall also constitute the data controller, i.e. the person which determines the purposes and means of the Processing of Personal Data of the Data Subjects subject to this Policy; you may contact the Collective at info@queercollective.cy 
    2.  “Consent” means the Data Subject’s freely given specific and informed indication of their wishes by which the Data Subject signifies their agreement to the Processing of their Personal Data for the purposes described;
    3. “Data Subject” means an identified or identifiable natural person to whom Personal Data that are being Processed relates; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to their physical, physiological, mental, economic, cultural or social identity; this definition includes members of the Collective, third parties in a relationship with the Collective, and persons making complaints or reports to the Collective for cases related to LGBTQI+-related acts of discriminatory treatment and/or violence and/or alike conduct;
    4. “Personal Data” or “Data” means any information relating to a Data Subject;
    5. “Personal Data Processing” or “Processing” or “Processed” means any operation or set of operations performed upon Personal Data, whether or not by automatic means, such as collection, recording, organisation, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction;
    6. “Policy” means this privacy and personal data protection policy;
    7. “Processor” or “Data Processor” means any person Processing Personal Data on behalf of the Collective;
    8. “Recipient” means the natural or legal person to whom/which Personal Data are disclosed and these may be (a) regulatory and/or governmental authorities and/or services, and other organisations with whom the Collective cooperates; 
    9. “Sensitive Data” or “Special Categories of Personal Data” means Personal Data that reveal racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.

  1. Requirements
    1. The Processor, or any other natural or legal Processing Personal Data on behalf of the Controller, shall only act upon instructions from the Collective, and must comply with the terms of this Policy, the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), and all other relevant applicable national and EU law.
    2. The Processor, or any other natural or legal Processing Personal Data on behalf of the Controller, shall comply with the following processing principles:
      1. Legitimate and fair processing

Processing of personal data may only be carried out on a legitimate basis and in a fair and transparent manner. The Collective may only process personal data based on one or more of the legitimate bases explained below in paragraph 4.2.2.

  1. Explicit and lawful purpose
    1. Personal data needs to be collected for one or more specific and legitimate purpose(s) and should not be processed in a way incompatible with this/those purpose(s); further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall, subject to appropriate safeguards for the rights and freedoms of the Data Subject (including data minimisation, anonymisation, and pseudonymisation), not be considered to be incompatible with the initial purposes.
    2. No Personal Data may be Processed unless the purpose of the Processing has been precisely defined beforehand and is legitimate under applicable law. Under the conditions provided for by applicable law, the purpose of Processing may not vary in time, except if Data Subjects are duly notified by electronic or other communication and give their consent to such variation and/or amendment where required.
    3. Generally, the purposes of Processing of Data Subjects’ Personal Data within the context of this Policy are in relation to fulfilling the obligations and duties of the Collective under its mandate, as expressed in the objects stated in the regulations of the Collective in connection with the Data Subjects.
    4. The main legal bases for processing Data Subjects’ Personal Data are as follows:

  • It is necessary to protect the vital interests of the relevant Data Subjects or those of another data subject or a third party, not overridden by the interests, fundamental rights or freedoms of the relevant Data Subject;
  • To ensure the safety and security of members or other related individuals both within and beyond the mandate of the Collective or third parties;
  • Performance of obligations to Data Subject: We process Personal Data in order to provide our services and/or information and/or assistance to members and/or in order to comply with obligations to third parties with whom we have a relationship such as payments and/or social insurance obligations. In view of this, we need to verify the Data Subject’s identity and pertinent details we shall be needing for the purposes of such obligations;
  • For the purposes of safeguarding legitimate interests: We Process Personal Data so as to safeguard the legitimate interests pursued by us or by a third party. A legitimate interest is when we have a lawful reason to use the Data Subject’s information. Despite that, it must not unfairly go against what is right and best for the Data Subject. Examples of such processing activities include initiating complaints before independent authorities, initiating legal claims and/or preparing our defence in litigation procedures;
  • Consent: Our storage and use of the Data Subject’s Personal Data is based on their consent (other than for reasons described or implied in this Policy when consent is not required). The Data Subject may revoke consent at any time and request erasure of their Personal Data; however, any processing of personal data prior to the receipt of such request will not be affected;
  • To investigate or settle enquiries or disputes: We may need to use personal information collected from the Data Subject to investigate issues or to settle disputes with them because it is in our legitimate interests to ensure that issues and disputes get investigated and resolved in a timely and efficient manner; 
  • To comply with applicable laws, court orders, other judicial process, or the requirements of any applicable regulatory authorities: We may need to use the Data Subject’s personal information to comply with any applicable laws and regulations, court orders or other judicial process, or the requirements of any applicable regulatory authority.  We do this not only to comply with our legal obligations but because it may also be in our legitimate interest to do so.
  • Public interest, scientific or historical research purposes or statistical purposes: We may need to use and/or process personal information collected from the Data Subject to investigate and/or document cases of LGBTQI+-related acts of discriminatory treatment and/or violence and/or alike conduct, and/or in order to undertake scientific or historical research, because it is in the interest of our Collective’s objects;
  • For administrative purposes and/or keeping a record of who are our members and/or our partners;
  • Fulfilling statutory requirements; and
  • To notify members and/or partners of any upcoming events, matters, activities, projects, and meetings of the Collective.

  1. Quality and proportionality of data

Personal Data shall be accurate, up to date, adequate, relevant, and not excessive in relation to the purposes for which they are Processed.

  1. Length of the retention period of personal data
    1. Personal Data shall be retained for as long as it is necessary for the purposes for which they are Processed.
    2. Personal Data of members shall be retained for as long as they remain members of the Collective. After the end of their membership, for whatever reason, such Personal Data shall be retained for up to a further maximum of 6 years.
    3. Personal Data of any third parties in a relationship with the Collective shall be retained up to the end of the relationship with the Collective; after the end of the said relationship, such Personal Data shall be retained for up to a further maximum of 6 years.
    4. Personal Data of any persons reporting LGBTQI+-related acts of discriminatory treatment and/or violence and/or alike conduct shall be retained for up to 6 years since the submission of the complaint; such information may be anonymised and/or pseudonymised following the 6 years since the submission of the complaint to the extent of making the Data Subject unidentifiable, and may be used in its anonymised and/or pseudonymised form for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes.

  1. Open and fair processing

Personal Data shall not be collected or obtained by deceit or other underhanded methods. For the sake of fair Processing of Data, Data Subjects receive the information that will make Processing a transparent one (in particular: identity of the Controller, purposes of the Processing, categories of Recipients, what are the rights of Data Subjects, and, where appropriate, that their Data may be disclosed for specific purposes). The Collective is responsible for ensuring that the proper information is provided to the Data Subjects at the time of Data collection unless law stipulates otherwise.

  1. Security and confidentiality
    1. The Collective shall adopt or require that be adopted technical and organisational security and confidentiality measures that are appropriate in relation to the risks associated with the Processing so as to prevent, in particular, accidental or unlawful destruction or accidental loss, alteration, disclosure of, or unauthorised access to, the Data.
    2. The Collective however cannot guarantee the security of the Data during their transmission to the Collective by the Data Subjects. Any information or Data that the Data Subjects send to the Collective is done at their own risk and the Collective can only guarantee the security of Data that has been received and is in the Collective’s possession. 
    3. The Data Processed can be viewed only by the Processor, competent public officials and it may be disclosed to other government authorities or third parties if the Collective is under an obligation to do so or for other lawful purposes.
  2. Rights of Data Subjects
    1. Sensitive Data or Special Categories of Data may be Processed only where strictly necessary for the Collective’s legitimate purposes and in accordance with any safeguards required by law.
    2. The Data Subject has the rights of (i) access to a copy of the information comprised in their Personal Data, (ii) restriction of Processing of Personal Data, (iii) objection to processing that is likely to cause or is causing damage or distress, (iv) prevention of processing for direct marketing, (v) objection to decisions being taken by automated means, (vi) rectification, blockage, erasure or destruction of inaccurate Personal Data where considered right by the Collective or Office of the Commissioner for Personal Data Protection in case of recourse to them, (vii) lodging a complaint with the Office of the Commissioner for Personal Data Protection or other supervisory authority, (viii) right to portability, and (ix) claim to compensation for damages caused by a breach of the terms of this Policy, the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), and all other relevant applicable national and EU law and regulations. Data Subjects have the right, in case that they do not want us to use their personal information anymore, to opt out by informing the Collective by sending a pertinent e-mail to info@queercollective.cy  If a Data Subject decides to do so, the Collective may not be able to continue to provide information, services and/or assistance requested by the Data Subject, or continue to have any form of relationship with them, and it will have no liability to that Data Subject in this respect.
  3. Complaints mechanism

The Data Subject has the right to lodge a complaint with the Office of the Commissioner for Personal Data Protection 1 Iasonos str., 1082 Nicosia, P.O.Box 23378, 1682 Nicosia Tel: +357 22818456, Fax: +357 22304565, Email: commissioner@dataprotection.gov.cy and/or lodge a complaint in accordance with the Collective’s complaints mechanism.  Individuals wishing to lodge a complaint with the Collective complaints mechanism must do so in writing by e-mail at info@queercollective.cy 

  1. Data to be collected and processed

5.1 The Personal Data that may be collected and Processed by the Collective in relation to members of the Collective

as well as third parties in cooperation with the Collective, such as consultants, service providers, subcontractors, or other partners, is listed as follows:

  • Name;
  • Surname;
  • E-mail address;
  • Mobile telephone number;
  • Address and postal code;
  • Other contact details;
  • Place of birth;
  • Date of birth;
  • Passport or ID number;
  • Nationality; 
  • Member ID number; 
  • Status of payment of any possible due payments; and
  • Report of circumstances of LGBTQI+-related acts of discriminatory treatment and/or violence and/or alike conduct, in cases of such complaints.

  1. Personal Data Disclosures
    1. The Collective may, in the conduct of its business, have to disclose Personal Data for administrative purposes or for the purpose of fulfilling legal obligations under applicable law, or requirements of regulatory authorities, affiliated companies or third parties.
    2. Any such disclosure shall take place in strict compliance with applicable law and it shall only be carried out for a specified, explicit and legitimate purpose, compatible with legal requirements under Cyprus Law and the General Data Protection Regulation. Thus, the Collective shall always duly justify the disclosure, and provide evidence that the disclosure is compatible with the purpose of the initial Processing and of the legal requirements under Cyprus Law, the General Data Protection Regulation and/or this Policy.
    3. Such disclosure shall only concern Personal Data which are relevant and not excessive for the purpose of the disclosure.
    4. Before any personal data disclosure, the Data Subject shall be notified and consent shall be requested, where applicable, and/or the pertinent authorisation shall be obtained, where applicable.
    5. No Personal Data shall be disclosed and/or transferred to any operator outside Cyprus.

  1. Enforcement

The Collective reserves the right to take such action as it deems appropriate against users who breach this Policy. Violators are subject to disciplinary action up to and including termination of legal relationships, and civil or criminal prosecution, as appropriate. Disciplinary action shall be conducted in accordance with applicable policies.

  1. Review And Updates To The Policy

This Policy will be reviewed and updated annually or more frequently if necessary, to ensure that any changes to the Collective’s practices are accurately reflected. Any changes to this Policy shall be duly communicated to Data Subjects and consent shall be requested, where applicable.

Questions or recommendations regarding this document should be directed to info@queercollective.cy