A few words about https://birdlifecyprus.org
The domain https://birdlifecyprus.org is the website of the organization BIRDLIFE CYPRUS (hereinafter “Organization”).
The personal data you give us during your visit at our website or your sign in as a member are processed and are kept in a record under the Organization’s responsibility.
What are personal data?
The term “personal data”, as used to this Policy, refers to natural person’s information either individuals or professionals such as full name, postal address, e-mail address, telephone number, credit card data, etc. that can be used to identify the identity of the website’s visitor, hereinafter referred to as “Personal Data” or “Data”.
What is the Processing of Personal Data?
Processing of personal data is the collection, registration, organization, structure, storage, adjustment or alteration, recovery, search for information, use, disclosure by the transfer of Data, dissemination or any other form of disposal, association or combination, limitation, erasure or destruction to natural person’s personal data.
What Data do we collect?
A) When you subscribe as a member, we process your name, surname, postal address, telephone number, email address, date of birth, preferred language and the amount of your subscription. When it comes to buying a joint or family subscription, we collect the corresponding data for each member. The same applies to the gift membership.
B) When you donate and adopt a bird, we process your name, surname, postal address, telephone number, email address and the amount paid.
C) When purchasing the Organization’s products, we process your name, surname, postal address, telephone number, e-mail address and the amount paid.
D) If you have given your consent to send you newsletter we include your email to our newsletter email list.
For what purpose do we process your data?
We collect your Data solely for the purposes of the services provided at the https://birdlifecyprus.org website and in particular for:
- tracking the visits to our website
- communicating with you with the contact details you provide us with via the communication form (https://birdlifecyprus.org/contact-us)
- the sign up, entry and renewal of memberships,
- the statistical analysis of members’ data,
- the gift membership,
- the donation or adoption of a bird,
- supporting us through the purchase of the Agency’s products,
- send newsletters periodically,
- complying with the obligations imposed from the current legislation,
- the better operation of our Organization’s website and the improvement of your navigation on it, using cookies. Learn more about the Cookies Policy of our website here.
Your Data is processed exclusively for the aforementioned purposes or in certain occasions for the purpose of the legal/regulatory compliance of our Organization or for supporting legal claims.
What is the legal basis for the processing of your Data by the Organization?
Regarding the sign up, entry and renewal of the memberships, the donation or the adoption of a bird, the support through the purchase of the Organization’s products, the processing is done according to the legal basis “performance of a contract”.
Regarding the gift membership, the processing is done according to the legal basis “prior to entering into a contract”.
Regarding the statistical analysis of members’ data, the processing is done according to the legal basis “legitimate interests of the Organization”.
Who are the recipients of your Data?
The recipients of your Data are the strictly necessary personnel of the Organization, which is committed to confidentiality, and the cooperating with us companies which process your Data as Data Processors on our behalf and based on our instructions, indicatively mentioned Lightblack Solutions Ltd, Mailchimp.
Moreover, it is possible to share or send your Data when have explicitly requested it or it is a legal obligation.
How do we ensure that our Data Processors respect your Data?
Our Data Processors have agreed with the Organization and are contractually bound in writing:
- to keep confidentiality,
- not to transfer Data to third parties without our written permission,
- to undertake organizational and technical data security measures,
- to comply with the legal framework for the protection of personal data, in particular with the General Data Protection Regulation (GDPR)
Do we transfer your Data abroad?
Regarding the sending of the newsletter, we transfer your Data to countries outside the EEA, specifically to the USA to the company Mailchimp with which we cooperate, always using the appropriate safeguards.
Regarding the rest of the purposes, we do not transfer your Data outside Cyprus. Your Personal Data are stored and processed only within Cyprus.
When do we erase your Data?
We delete your consent Data for the newsletter when you declare that you no longer wish to receive it by clicking the unsubscribe link in the footer of any email you receive from us, or by contacting us or after 6 months from the last newsletter sent.
We delete the Data that Cookies collect based on the Cookies Policy.
For how long will we send you newsletters?
We will send you newsletter only with your consent, for as long as your data are in the newsletter email list, i.e. for as long 6 months have not passed since the last newsletter sent to you or you have declared that you do not wish to receive our newsletters anymore.
Are your Data safe and secure?
We commit to safeguard your Personal Data. We have taken all the appropriate organizational and technical measures to secure and protect your Data from any form of accidental or fraudulent processing.
We use electronic security certification (SSL – Secure Socket Layer) to ensure the secured exchange of data the website and your browser.
These measures are reviewed and amended when deemed necessary.
The processing of your Data is allowed only to persons authorized from us, employees and associates only for the purposes mentioned above (see question number 5).
What are your rights?
You have the right to access your data.
This means you have the right to be informed from us about whether we process your Data. If we process your Data you can request to be informed about the purpose of processing, the type of Data we keep, the recipients, the retention periods, whether we do automated decision making, as well as about your other rights, such as rectification, erasure, restriction of processing and to lodge a complaint with the Hellenic Data Protection Authority.
You have the right to rectify your inaccurate Data.
If you notice that your Data are inaccurate, you can submit a request so we can rectify (i.e. correct your name or update your contact details).
You have the right to erase your Data / right to be forgotten.
You can request from us to delete your personal data if they are not necessary for the aforementioned purposes or if you wish to withdraw your consent in case this is the only lawful basis for processing.
You have the right to Data portability.
You can request form us to receive in a readable format your Data that you have provided us or request from us to transfer your Data to another data controller.
You have the right to restrict the processing of your Data.
You can request from us to restrict the processing of your Data for as long as the examination of your objections is pending.
You have the right to object to the processing of your Data.
You can object to the processing of your Data or to withdraw your consent and we will stop the processing if there are no other imperative and legitimate reasons that override your right.
How can you exercise your rights?
To exercise your rights you can send us a request to the Organization’s postal address (P.O. Box 12026 2340, Nicosia, Cyprus), or to the Organization’s email address (email@example.com) with subject title “Exercise of the right of access/ rectification/ erasure/ portability/ restriction/ objection of my Personal Data”, or to the website’s electronic communication form (https://birdlifecyprus.org/contact-us) providing a description of your request and we will ensure to examine it and reply as soon as possible.
When do we respond to your requests?
We will reply to your requests for free without delay, and in any case within (1) one month after we receive your request. However, if your request is complex or you submit a large number of requests, we will notify you within one month in case we need to take another two (2) months extension, within which we will respond back to you.
If your requests are obviously unfounded or excessive particularly because of their recurring nature, the Organization may impose a reasonable fee, taking into account the administrative costs for providing information or performing the requested action, or refuse to respond to the request justifying the answer to you.
Where do you address your inquiries on the progress of your requests?
For more information you can call (+357) 22 455 072.
Do we make decisions based solely on automated processing, including profiling when processing your Data?
We do not make decisions, nor do we make profiling, based on the automated processing of your Data.
Do we process Data of minors?
We do process Data of children under 16 years old, for the purpose of subscribing a minor member (junior or family membership). If you are under 16 years old, you must have your parent’s consent before signing in to the services of our website or subscribing to our newsletter. If we find that we have collected Data of a child under 16 years old, without meeting the above condition, we will erase these Data as soon as possible.
Which law applies to the processing of your Data?
We process your Data in accordance with the General Data Protection Regulation 2016/679 / EU and in general the current national and European legislative and regulatory framework for the protection of personal data.
Who can you contact if we violate the applicable law for the protection of Personal Data?
You can contact the Office of the Commissioner for Personal Data Protection for matters concerning the processing of your Personal Data. Regarding the jurisdictions of the Authority and the lodge of a complaint you can visit its website (http://www.dataprotection.gov.cy/ ð Information For The Public ð Lodge A Complaint) where detailed information is provided.
How will you be informed on any changes to this Policy?
We update this Policy whenever necessary. If there are any significant changes to the Policy or the way we use your Data, we will notify you by posting those changes on a visible place to our website, before the changes come into force, in any other appropriate manner. We encourage you to read this Policy on a regular basis in order for you to be aware on the way your Data are protected.
The Organization is the Data Controller of the Data it processes. Our address is P.O. Box 12026 2340, Nicosia, Cyprus, telephone number: (+357) 22 455 072, email address: firstname.lastname@example.org.
If you want to contact us for matters related to the processing of your Data and the exercise of your rights, you can contact the Organization’s Data Protection Coordinator to the telephone number: (+357) 22 455 072 or to the postal address P.O. Box 12026 2340, Nicosia, Cyprus, or to the email address email@example.com.