Effective Date: May 1, 2018

This page informs you of our policies regarding the collection, use, and disclosure of personal data when you use our website and the choices you have associated with that data.

Pursuant to the General Data Protection Regulation, national data protection laws of the various Member States, and other privacy regulations, the responsible entity (“Controller”) is:

CODECA – Center for Social Cohesion, Development and Care

11Andrea Dimitriou, Agios Dometios, 2369, Nicosia, Cyprus

(+357) 22 042 091

info@codecacy.org

1. About CODECA

CODECA – Center for Social Cohesion, Development and Care is a non-profitable organisation established and operating in Cyprus since 2016. Our aim is to foster and promote social cohesion, development, and care. CODECA aspires to establish itself as one of the leading organisations in the provision of services and research in the Euro-Mediterranean region in the areas of Social Welfare, Social Entrepreneurship and Education, by utilising new innovative technological means to find solutions to address the various modern and complex challenges. Our mission is to provide high quality services tailored to the needs of our clients to ensure maximum satisfaction. Through a cooperative and efficient model of operation, our aim is to mobilise, inspire and promote lifelong learning, research and innovation. Our trained and experienced team is able to offer high quality services for the benefit of the wider society, through cooperation with various local and international organisations, public and private institutions.

2. Our Privacy Commitment

CODECA complies with all applicable privacy laws in each European Union (EU) country, including the EU’s General Data Protection Regulation ("GDPR”). We strictly abide by Regulation (EU) 2016/679 and repealing Directive 95/46/EC on the protection of natural persons with regard to the processing of "Personal Data” and on the free movement of such data. This Privacy Policy (hereinafter referred to as the "Privacy Policy”) governs the way we collect and process personal data.

"Personal Data" is defined by GDPR as any information relating to an identifiable natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

"Sensitive Personal Data" refers to personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation (referred to as "Special Categories of Data” in the EU General Data Protection Regulation).

By engaging in a CODECA project, study or any other engagement you express your free, specific, informed and unambiguous consent that you agree to the processing of your personal data pursuant to this Privacy Policy and that you have been duly acquainted with, and informed about, the processing of your personal data.

3. What Data We Collect and Process

As part of the projects, studies, and other engagements which are part of CODECA’s normal activity, we will process information you share with us. This may include:

• Directly identifying data, like your full name, home address or personal email address that by itself, or in combination with other readily available data, could identify you, or another member of your household
• Demographic data such as age, gender, marital status, occupation and income range
• Your behaviours and preferences to help us better understand behavior, use, and trends "Behaviour data" refers to when, why or how you take some action or behave in a certain way and “Preference data” refers to the specific choices you make
• Any content or material you choose to submit, upload or share with CODECA, including without limitation, photos, videos and images
• Certain profile information stored in your social media platform account, should you agree to participate in research projects through a third party service such as Facebook or Twitter
• Voluntarily provided or disclosed Sensitive Information. "Sensitive Personal Data" means personal identifying information that discloses or reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation
• Your voice / physical appearance in cases we will be audio/video taping your participation in a focus group discussion, in-person interview or something of a similar nature.

4. How We Use Data

We use the data we collect for the purpose of fulfilling our contractual obligations as to the execution of a particular project, research study or other engagement. We assure you that we adhere to these principles:

• We use tools and methods to make sure that there is no reasonable possibility of identifying you from the reports, apps and any other deliverables that we create. For example, we combine the responses we collect from you with the responses of many others to produce aggregated results from which you cannot be uniquely identified.
• We may use data about you for quality assurance and research and development purposes such as data analysis, audits, and developing new products and services.
• We may use your data to contact you by the means you provide us for this purpose. When we contact you - by phone (including mobile phone), email, SMS, or postal mail depending on what data you provide to us - we usually do so to respond to your inquiries, validate or clarify your response or send you information regarding your participation.
• We may de-identify (anonymize) data about you and use it for historical, academic or longitudinal research. We ensure in such cases that there is no reasonable possibility of re-identifying you from the data used.

5. Use of Cookies and Other Digital Technologies

We receive and store certain types of information automatically when you use our websites, applications and digital services:

• Web forms, such as when you type information into a registration form or type a search query into a search box.
• Technologies like cookies and web beacons may be used on some of our website pages. We use these technologies to manage our projects more efficiently, enhance your experience as a participant, to facilitate navigation, to display information more effectively, for security purposes as well as for site administration purposes. Please be aware that you can adjust the settings in your computer's browser to reject cookies or delete individual or all cookies on your computer by following the browser help file directions.
• Web logging, which enables us to collect the standard information your browser sends to every web site you visit - such as your IP address, browser type and language, and the site you came from - as well as the pages you visit and the links you click while using our sites and digital services.

6. Accessing Your Personal Information and Your Rights

Participation in our projects/studies is always voluntary and you may withdraw at any time. If you withdraw from a project, we may continue processing the data we collected during the time you were a participant. Each person, as a data subject, retains control over his/her data and may at any time exercise his/her rights as provided for in the GDPR, in particular Articles 12 to 23 thereof, and the relevant national legislation, under the specific conditions applicable to each case. By contacting us at info@codecacy.org you may choose to exercise any of your privacy rights listed here:

• The right to obtain information about your personal data without undue delay, including the purpose of the processing, what kinds of personal data are being processed and who are the recipients of such data
• The right to request access to your personal data (including confirmation as to whether or not personal data concerning you are or are not being processed)
• The right to request data rectification/correction, erasure or restriction of processing if you establish or believe that the collected data is inaccurate
• The right to request that certain data about you be erased
• The right to propose other restrictions on the processing of data about you, and
• The right of data portability (“take back”) for data you have provided

Furthermore, if you believe that CODECA has not complied with the Privacy laws or the terms of this Policy, you have the right to file a complaint with the relevant supervisory authority (click here for details).

7. About Minors (Children)

For our projects and research studies, we never knowingly collect data directly from minor children (under age 18). If a specific project is about children, they may participate only after we obtain the explicit consent of a parent or guardian. Once data collection about them has been authorized by a parent or guardian, all of the provisions of this notice apply to data about children of any age (up to the age of 18).

8. Sharing Personal Information Outside the European Union

To conduct its business, CODECA may transfer Personal Data to third-party suppliers or partners that operate in other countries outside the EU. Some of these countries have a different data protection regime, which may provide a lower level of protection than is found in Cyprus or the EU. To ensure that a similar level of data protection is implemented in countries outside the EU, CODECA partners and service providers have entered into contractual agreements that include EU Commission-approved Standard Contractual Clauses for such data transfers.

9. Data Security and Retention

We will retain your data for as long as needed for the purposes described in this Notice and in accordance with applicable law. When you are no longer an active respondent, we will continue to use data about your demographic characteristics, as well as behavior and preference data for historical and statistical research, but we keep this data separate from data that could be used to identify you, and strictly limit access to your identifying data. All data will be permanently de-identified when we no longer need to identify you for audit, legal, fraud prevention or related purposes. CODECA ensures, among others, that appropriate technical and organizational measures are taken to ensure an appropriate level of security when processing your data, in particular against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access to personal data, in accordance with Article 32 of the GDPR.

This Notice replaces any other statement, whether written or oral, made to you about our practices with respect to CODECA's collection and use of personal data about you.

This Privacy Policy may be modified at any time and an updated version will be posted on our website each time. For this reason, users are invited to refer to this Policy regularly.