Portal Privacy and Cookie Notice
Last updated: February 2019
This privacy notice (“notice”) applies to the processing of personal data by the Directorate General for European Programmes, Coordination and Development (DG EPCD) in connection with the processing of personal data on the Information Portal for Funding Programmes website (“Portal”), www.fundingprogrammesportal.gov.cy, including any personal data you may provide though the use of the Portal when you sign up to receive email alerts and newsletters, register for partnerships, use our contact forms or participate in social media functions with our Site.
This Portal is not intended for children and we do not knowingly collect personal data relating to children.
References in this notice to “you” or “your” are references to individuals who use the Portal.
References in this notice to “DG EPCD”, “we”, “us” or “our” are references to the Directorate General for European Programmes, Coordination and Development. The DG EPCD is a public body of the Republic of Cyprus, housed at 29 Byronos Avenue, 1096 Nicosia, Cyprus.
2. Importance of personal data protection
We recognise that the use and disclosure of personal data has important implications for us and for the individuals whose personal data we process. To ensure that we handle personal data properly, we have adopted a global approach to privacy compliance (including both privacy and cookies policies), based on the stipulations of the relevant EU legislation, “Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)”.
A copy of Regulation 2016/679 can be downloaded here.
3. Purpose of this notice
This notice aims to give you information about how DG EPCD collects and processes your personal data when you use the Portal. It is important that you read this notice, in particular the part on Cookies Policy, together with any other notices we may provide on specific occasions when we collect or process your personal data, so that you are fully aware of how and why we are using your personal data. This notice supplements the other notices and is not intended to override them.
4. Who is the controller for the personal data processed?
A “controller” is a person or organisation who alone or jointly determines the purposes for which, and the manner in which, any personal data is, or is likely to be, processed. This notice is issued on behalf of DG EPCD as controller. Unless we notify you otherwise, DG EPCD is the controller for your personal data.
If you have any questions about this notice, including any requests to exercise your rights, please contact us using the contact details set out below:
Directorate General for European Programmes, Coordination and Development
29 Byron Avenue, 1096 Nicosia, Cyprus
Telephone: +357 22 602900
5. How to make a complaint about the use of your personal data by us
If you have any concerns or would like to make a complaint about our processing of your personal data, you can send us an email reporting this. You may also raise your concerns with the local data protection authority directly, which is the Office of the Commissioner for Personal Data Protection in Cyprus (website here). However, we would encourage you to contact us in the first instance as we aim to promptly, efficiently and satisfactorily resolve any concerns or complaints you may have in relation to our processing of your personal data.
6. Changes to the notice or to your personal data
This notice was last updated on the “Last updated” date stated at the begining of this notice.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us. If you wish to update your personal data, please contact the team of the Information Portal for Funding Programmes at the email firstname.lastname@example.org, as is also mentioned on the relevant Members section of the Portal.
7. Third party links
This Portal may include links to third-party websites. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our Portal, we encourage you to read the privacy notice of every website you visit.
8. The personal data we collect about you
Personal data includes data that may reveal the identity of a natural person. We collect and process two sets of data: personal data that is necessary in order for you to register and receive our newsletters and email alerts and aggregated data collected by cookies for the operation of our website.
We collect, use and share aggregated data such as statistical or demographic data for any purpose. Aggregated data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this notice.
We do not collect any special categories of personal data about you through our Portal (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
We collect, use, store and transfer different kinds of personal data. We have grouped together the following categories of personal data to explain how this type of information is used by us. These terms are used throughout this notice:
- “Contact Data”: including your email address;
- “Identity Data”: including your first name, last name, username, password;
- “Profile Data”: including information collected progressively when you visit our site including your referral website, pages you visit, actions you take, patterns of page visits and information from forms you fill in;
- “Technical Data”: includes information collected when you access our Portal or client knowledge portal, your internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you are using; and
- “Usage Data”: information about how you use our Portal.
9. How your personal data is collected
We collect your personal data mainly through cookies and when you register to receive our newsletters and email alerts. We use different methods to collect personal data from and about you, including through the channels set out below.
Direct interactions: You give us your Contact Data and Profile Data directly, for example, when you:
- submit a Contact Us form on our Portal;
- subscribe to receive our email alerts and newsletters;
- fill in the form expressing interest to cooperate with other partners for submitting a joint proposal for a call of proposals that is published in the Portal;
- submit a third party form we create for participation in the events we organise;
- give us some feedback (for example, by completing a survey).
Automated technologies or interactions: We receive Technical Data about your browsing actions and, based on the preferences and selections of each user, we automatically send weekly email alerts regarding the publication of new calls or/and newsletters through email regarding relevant news. We collect this data by using cookies or when you access our Portal by logging into your Member account, we log the account username and password and the time of entry.
Third parties or publicly available sources: We receive Technical Data from analytics providers such as Google based outside the EU.
10. If you fail to provide personal data to us
If you fail to fill in the information required according to the mandatory fields for registering to receive our email alerts and newsletters, we will not be able to send these to you.
11. How we use your personal data
When you use our Portal we will use your personal data in the following circumstances:
- we use your contact details (usually your email) in order to send you our automated weekly email alerts, when calls for proposals are published in our Portal on the thematic categories you have selected to be notified about;
- we use your contact details (usually your email) in order to send you our Newsletter, in case you request this, which includes announcements and news concerning the funding programmes and related news and activities such as the organisation of relevant seminars and other events;
- we use your email in order to reply to you when you send us a message through the Contact us section, asking for information;
- we use the data that you provide when you register your interest to be a partner/coordinator in a specific call for proposals in the “Add a new cooperation profile” page in the Portal, in order to find other potential partners for cooperation;
- we use the contact information you give us when you register in the events we organise, for example through an online registration form, in order to notify you regarding your participation and to send you relevant information regarding the specific event for which you have expressed your interest;
- other than the above functions, which are necessary in order for us to provide to you the specific services you request from us, we also use Google analytics which is a third party that collects data such as online identifiers including cookie identifiers, internet protocol addresses, device identifiers, in order to provide us with statistics on visitor information to improve our Portal’s performance, such as browser usage and new visitor numbers, the type of device used by users to access the Portal, in order for us to identify which functions are most popular and need to be improved etc.
What is a cookie?
Cookies are text files containing small amounts of information which are downloaded to your device when you visit a website. Cookies are then sent back to the originating website on each subsequent visit, or to another website that recognises that cookie. Cookies are useful because they allow a website to recognise a user’s device, preferences and generally help to improve your online experience. You can find more information about cookies at: www.allaboutcookies.org and www.youronlinechoices.eu.
What types of cookies are used on this Portal and how long do they last?
There are different types of cookies. Although they mainly work in the same way, there are some minor differences. The table below sets out the type of cookie used, what its purpose is and how long it lasts.
Type of cookie
Used by application server to help to uniquely identify a client device (browser) to enable the site to maintain user session variables
Until the Browser is closed
Used by application server to help to uniquely identify a client device (browser) to enable the site to maintain user session variables
Until the Browser is closed
These cookies enable Google Analytics to function. This software helps us take and analyse visitor information such as browser usage and new visitor numbers
AddThis cookies allow users to share content via Social Networking websites and email
Determines if the visitor has been informed that using Chrome is recommended for optimum browsing experience
Determines the height of the screen in order to optimise browsing experience
If you want to restrict or block any of the above cookies, you should do this through the web browser settings for each browser you use and on each device you use to access the internet. Please be aware that some areas of our Portal may not function if your web browser does not accept cookies. However, you can allow cookies from specific websites by making them "trusted websites" in your web browser. The "Help" function within your web browser should tell you how to make these changes. Alternatively, websites such as https://www.attacat.co.uk/resources/cookies/how-to-ban can help with information on how to manage cookies.
13. Disclosures of your personal data
We do not disclose your personal data to third parties.
14. Data security
Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, we implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk of processing, including:
- the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
- the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident; and
- a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.
We ensure that those who have permanent or regular access to personal data, or that are involved in the processing of personal data, or in the development of tools used to process personal data, are trained and informed of their rights and responsibilities in when processing personal data.
The DG EPCD is committed to preserving the integrity of personal data and to deter unauthorized access to such data stored in its databases. Our priority is the prevention of data corruption and the prevention of unauthorized access to DG EPCD’s systems. Software security controls are used to protect personal data from loss, misuse and unauthorized access, destruction, and any other breach.
15. Data retention
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for.
16. Data Processor
For the time being, the information registered in the Portal is kept in the servers of the company DW Dynamic Works Ltd, which has undertaken the development and maintenance of the electronic system on behalf of the DG EPCD. DW takes all necessary technical and organizational measures and acts as processor. It processes personal data only under written instructions and directions from the DG EPCD as Data Controller.
17. Your legal rights
Under certain circumstances, you have rights under data protection laws in relation to your personal data. It is DG EPCD’s policy to respect your rights and DG EPCD will act promptly and in accordance with any applicable law, rule or regulation relating to the processing of your personal data.
Details of your rights are set out below:
- right to be informed about how personal data is used – you have a right to be informed about how we will use and share your personal data. This explanation will be provided to you in a concise, transparent, intelligible and easily accessible format and will be written in clear and plain language;
- right to access personal data – you have a right to obtain confirmation of whether we are processing your personal data, access to your personal data and information regarding how your personal data is being used by us;
- right to have inaccurate personal data rectified – you have a right to have any inaccurate or incomplete personal data rectified. If we have disclosed the relevant personal data to any third parties, we will take reasonable steps to inform those third parties of the rectification where possible;
- right to have personal data erased in certain circumstances – you have a right to request that certain or all personal data held by us is erased. This is also known as the right to be forgotten.
- right to restrict processing of personal data in certain circumstances, including where personal data is used for marketing purposes – you have a right to block the processing of your personal data in certain circumstances. This right arises if you are disputing the accuracy of personal data, if you have raised an objection to processing, if processing of personal data is unlawful and you oppose erasure and request restriction instead or if the personal data is no longer required by us but you require the personal data to be retained to establish, exercise or defend a legal claim;
- right to data portability – in certain circumstances you can request to receive a copy of your personal data in a commonly used electronic format. This right only applies to personal data that you have provided to us (for example by completing a form or providing information through a Portal). Information about you which has been gathered by monitoring your behaviour will also be subject to the right to data portability. The right to data portability only applies if the processing is based on your consent or if the personal data must be processed for the performance of a contract and the processing is carried out by automated means (i.e. electronically);
- right to object to processing of personal data in certain circumstances, including where personal data is used for marketing purposes – you have a right to object to processing being carried out by us if (a) we are processing personal data based on legitimate interests or for the performance of a task in the public interest (including profiling), (b) if we are using personal data for direct marketing purposes, or (c) if information is being processed for scientific or historical research or statistical purposes. You will be informed that you have a right to object at the point of data collection and the right to object will be explicitly brought to your attention and be presented clearly and separately from any other information; and
- right not to be subject to automated decisions where the decision produces a legal effect or a similarly significant effect – you have a right not to be subject to a decision which is based on automated processing where the decision will produce a legal effect or a similarly significant effect on you.
You may exercise any of your rights at any point using the contact details set out in Section 4. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one calendar month. Occasionally it may take us longer than one calendar month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
Should you have the need for clarification or objections, or to file a complaint, you may contact the Office of the Commissioner for Personal Data Protection in Cyprus (website here). However we would encourage you to contact us directly in the first instance, as we aim to resolve all matters arising in the fastest way possible. For this purpose you nay contact us using the contact details given at Paragraph 6.
We try to respond to all legitimate requests within one calendar month. It may take us longer than one calendar month if your request is particularly complex or in case you have made a number of requests. In this case, we will notify you and keep you updated.