Privacy Policy of College of Tourism & Hotel Management (COTHM)
Introduction
College of Tourism & Hotel Management (hereinafter "COTHM", "we", "our", "us") respects your privacy and is committed to safeguarding your personal data in compliance with the EU General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679), and the applicable local legislation, including Law 125(I) of 2018 in Cyprus.
This policy explains how we collect, use, disclose, and protect your personal data when you interact with us through our website, applications, and services. By engaging with our services, you agree to the terms outlined in this Privacy Policy.
1. Data We Collect
We collect personal data that you provide directly through your interactions with us. The categories of personal data include:
Contact Information: Name, address, email, phone number.
Academic Information: Educational history, student records, examination results, exam papers, assignments.
Employment Information: If you are employed by COTHM, details related to your employment, such as payroll information, employment history, CV and performance.
Financial Information: Payment details and financial transactions.
We may also collect special categories of personal data (e.g., health data, ethnic origin) where necessary, subject to your explicit consent or as required by law.
We do not collect any data automatically when you visit our website.
2. How We Use Your Personal Data
Your data is processed for specific, legitimate purposes. These include:
-
Providing Educational Services: Managing applications, student's records, issuing certifications, and facilitating student exchange programs.
-
Administration and Legal Obligations: Handling payments, maintaining records, and ensuring compliance with regulatory and legal obligations (e.g., immigration or anti-money laundering laws).
-
Communication and Marketing: With your consent, we may send you newsletters, updates, and promotional material.
-
Employment and HR Functions: Managing employment contracts, payroll, performance, and benefits for staff members.
-
Website Operations: We use your personal data only for providing educational services, administrative tasks, and other core functions. We do not collect or track any data when you visit our website.
3. Legal Basis for Processing
We process your data based on one or more of the following legal grounds:
-
Contractual Necessity: Processing is necessary for the performance of a contract (e.g., student enrolment, employment).
-
Legitimate Interests: To pursue our legitimate interests, provided they do not override your fundamental rights.
-
Legal Compliance: Compliance with legal obligations to which COTHM is subject.
-
Consent: For marketing and certain special categories of data, we rely on your explicit consent, which can be withdrawn at any time.
4. Data Retention
We will retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, and as required by applicable law. For academic purposes, student data may be retained for up to 50 years, and financial records will be retained for 7 years in compliance with local regulations.
5. Data Sharing and Transfers
We may share your personal data with third parties only when necessary:
-
Academic and Research Institutions: Partner universities (e.g., Erasmus+).
-
Service Providers: Third-party providers supporting our services (e.g., IT services).
-
Regulatory Bodies: Government departments, accreditation agencies, and law enforcement as required by law.
When transferring data outside of the European Economic Area (EEA), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs), to protect your data in compliance with GDPR requirements.
6. Your Data Protection Rights
You have the following rights under GDPR:
-
Access: The right to request access to the personal data we hold about you.
-
Correction: The right to request the correction of inaccurate personal data.
-
Erasure: The right to request the deletion of your data ("right to be forgotten").
-
Objection: The right to object to processing based on legitimate interests.
-
Restriction: The right to restrict the processing of your data in certain situations.
-
Data Portability: The right to receive your data in a structured, commonly used, and machine-readable format.
To exercise any of these rights, please contact us using the information provided below.
7. Data Security
We take appropriate technical and organizational measures to secure your personal data and protect it from unauthorized access, alteration, disclosure, or destruction. Measures include, access controls, and regular security reviews.
8. Cookies
At College of Tourism & Hotel Management (COTHM), we do not use cookies or any similar tracking technologies on our website. This means we do not store or access information on your device for tracking purposes, and your browsing experience on our website remains free from cookie-based tracking.
Should our policy regarding cookies change in the future, we will update this Privacy Policy accordingly and provide clear options for managing your preferences.
9. Changes to This Policy
This policy may be updated from time to time. We will notify you of any changes by posting the updated policy on our website.
10. Contact Us
If you have any questions or concerns about this Privacy Policy or wish to exercise your rights, please contact our Data Protection Officer.
College of Tourism & Hotel Management (COTHM)
29 Onasagorou Street, 1011 Nicosia,
P.O.Box 21115 - 1502, Nicosia, Cyprus
Email: info@cothm.ac.cy / constantinos@cothm.ac.cy (DPO)
Phone: +357-22462846