Data Protection

Home / Data protection
Go back to Homepage

Purpose and Scope
The University is subject to the Processing of Personal Data (Protection of Individual Law 2001 (138(1)/2001) and its amendments).

DATA PROTECTION CODE OF PRACTICE
The University must comply with the Principles of the Processing of Personal Data (Protection
of Individual Law 2001 (138(1)/2001. The Act contains eight governing Principles relating to the
collection, use and disclosure of data, and the rights of data subjects to have access to personal
data concerning themselves. These Principles are:

THE FIRST PRINCIPLE
Personal data shall be processed, fairly and lawfully according to “specific conditions”
For more information on these conditions, please refer to the Data Protection Code of
Practice

THE SECOND PRINCIPLE
‘Personal Data shall be obtained only for one or more specified lawful purposes and shall not be
further processed in any manner incompatible with that purpose or those purposes’.

THE THIRD PRINCIPLE
‘Personal Data shall be adequate, relevant, and not excessive in relation to the purpose or
purposes for which they are processed.’

THE FOURTH PRINCIPLE
‘Personal Data shall be accurate and, where necessary, kept up to date.’

THE FIFTH PRINCIPLE
‘Personal Data processed for any purpose or purposes shall not be kept for longer than is
necessary for that purpose or those purposes.’

THE SIXTH PRINCIPLE
‘Personal Data shall be processed in accordance with the rights of Data Subjects under this Act.’
The rights of the Data Subject include the following:

– the right of Data Subjects to request access to the information held about them, the purpose
(s) for which the information is being used and those to whom it is or may be disclosed;
– to prevent processing likely to cause damage or distress;
– to prevent processing for the purposes of direct marketing;
– to be informed of the logic behind any automatic decision making;
– to take action for compensation if they suffer damage for any contravention of the Act by the Data Controller;
– to take action to rectify, block, erase or destroy inaccurate data;
– the right to ask the Information Commissioner to assess whether or not it is likely that any
processing of Personal Data has not been carried out in accordance with the Act.

THE SEVENTH PRINCIPLE
‘Appropriate technical and organisational measures shall be taken against unauthorised or
unlawful processing of Personal Data and against accidental loss or destruction of or damage to
Personal Data.’

THE EIGHTH PRINCIPLE
1 ‘Personal Data shall not be transferred to a country or territory outside the European
Economic Area unless that country or territory ensures an adequate level of protection for the
rights and freedoms of Data Subjects in relation to the processing of Personal Data.’

Study

Helpful Links

Contact Info

12 – 14 University Avenue Pyla, 7080 Larnaka, Cyprus

T: + 357 24 69 40 00

F: + 357 24 81 21 20

E: [email protected]

Follow Us

Copyright © 2024 UCLan Cyprus, All rights reserved. Terms & ConditionsData Protection Policy.Cookie Policy

Designed & developed by Action 360x

Date
Dates20242023202220212020201920182017201620152014201320121970