Privacy Notice
Educational Organisation Chr. K. Saveriades (Owner of Casa College and KASA High School.
Introduction
Educational Organisation Chr. K. Saveriades (“the Organisation”) respects your privacy and is committed to protecting your personal data. This Privacy Notice explains how we collect, use, store, and safeguard your personal information when you visit our website or interact with our institutions as a student, staff member, vendor, agent, guest, or other stakeholder. It also outlines your privacy rights and how applicable data protection laws safeguard those rights.
Purpose of this Privacy Notice
This Privacy Notice is intended to provide transparency regarding how and why we process personal data. It should be read together with any additional privacy or fair processing notices that may be provided on specific occasions when we collect or process personal data. These supplementary notices are not intended to override this Privacy Notice.
Our website is not intended for children, and we do not knowingly collect personal data relating to minors without appropriate legal grounds.
Data Controller
Educational Organisation Chr. K. Saveriades is the data controller responsible for your personal data.
The Organisation comprises of two entities:
- Casa College
- KASA High School
References in this Privacy Notice to “Organisation,” “we,” “us,” or “our” refer to the relevant entity responsible for processing your data.
We have appointed a Data Protection Officer (DPO) to oversee compliance with this Privacy Notice. For any questions, requests, or concerns regarding your personal data, please contact DPO@casacollege.ac.cy
Changes to This Privacy Notice
We regularly review this Privacy Notice to ensure compliance with applicable laws, including the EU General Data Protection Regulation (GDPR). We encourage you to keep your personal data accurate and up to date and to inform us of any changes during your relationship with the Organisation.
Third-Party Links
Our website may include links to third-party websites, plug-ins, or applications. Clicking these links may allow third parties to collect or share data about you. We do not control these websites and are not responsible for their privacy practices. We encourage you to review the privacy notices of every website you visit.
The Data We Collect About You
Personal data refers to any information from which an individual can be identified. Depending on your interaction with us, we may collect, use, store, and transfer the following categories of data:
Identity Data: First name, last name, and other identification details where necessary.
Contact Data: Billing and delivery addresses, email address, and telephone numbers.
Financial Data: Bank account and payment card details.
Transaction Data: Details of payments made to and from you.
Technical Data: IP address, login data, browser type and version, time zone, location, operating system, and other technology used to access our website.
Profile Data: Username, password, preferences, interests, feedback, and survey responses.
Usage Data: Information about how you use our website and services.
Where we are required by law or contract to collect personal data, and you fail to provide it, we may be unable to perform the contract or deliver the requested service (for example, registering you for a semester or processing graduation). In such cases, we will notify you accordingly.
How Your Personal Data Is Collected
We collect data using several methods, including:
Direct Interactions
You may provide personal data when you:
- Complete application or registration forms
- Subscribe to our programmes or services
- Make payments
- Participate in competitions, promotions, or surveys
- Communicate with us via email, phone, or other channels
How We Use Your Personal Data
We will only process your personal data were permitted by law. Most commonly, we rely on the following legal bases:
- Performance of a Contract – when processing is necessary to fulfil our obligations to you.
- Legitimate Interests – when processing supports the effective operation and improvement of our educational services, provided your rights do not override those interests.
- Legal Obligations – when processing is required to comply with applicable laws or regulations.
We generally do not rely on consent as the primary legal basis for processing, except where explicitly required.
Purposes for Processing Personal Data
|
Purpose |
Type of Data |
Lawful Basis |
|
Register you as a student or employee |
Identity, Contact |
Performance of a contract |
|
Manage payments, fees, and charges |
Identity, Contact, Financial, Transaction |
Contract performance; Legitimate interests (debt recovery) |
|
Manage our relationship with you, including notifying you of policy changes |
Identity, Contact, Profile |
Contract performance; Legal obligation |
|
Enable participation in surveys, competitions, or promotions |
Identity, Contact, Profile, Usage |
Contract performance; Legitimate interests (service improvement) |
|
Administer and protect our website and IT systems |
Identity, Contact, Technical |
Legitimate interests; Legal obligation |
Sharing Your Personal Data
We will obtain your explicit opt-in consent before sharing your personal data with third parties for marketing or unrelated purposes.
All authorised third-party service providers are required to respect the security of your personal data and process it only according to our instructions.
Opting Out
You may request at any time that we stop sending you communications. Opting out of marketing messages does not affect personal data processed for contractual or legal purposes.
Change of Purpose
We will only use your personal data for the purposes for which it was collected unless we reasonably determine that another compatible purpose applies. Where required, we will notify you and explain the legal basis.
Keeping Your Data Secure
We implement appropriate technical and organisational measures to protect your personal data from unauthorised access, loss, misuse, or disclosure.
We maintain procedures to address suspected data breaches and will notify affected individuals and regulators where legally required.
Data Retention
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including legal, accounting, and reporting requirements.
When determining retention periods, we consider:
- The nature and sensitivity of the data
- The potential risk of harm from unauthorised use
- Legal requirements
- The purposes of processing
In certain circumstances, you may request deletion of your data. We may also anonymise personal data for research or statistical purposes, allowing its use without further notice.
Your Legal Rights
Under applicable data protection laws, you have the right to:
- Request access to your personal data
- Request correction of inaccurate or incomplete data
- Request erasure of your data
- Object to processing based on legitimate interests
- Request restriction of processing
- Request transfer (data portability)
- Withdraw consent where processing relies on consent
To exercise any of these rights, please contact our Data Protection Officer at DPO@casacollege.ac.cy.
Please note that individuals may only access their own data unless authorised through a Consent to Release Information Form.
Fees
Access to your personal data is typically free. However, we may charge a reasonable fee or refuse requests that are clearly unfounded, repetitive, or excessive.
Identity Verification
To protect your information, we may request documentation to verify your identity before fulfilling a request.
Lawful Basis Explained
- Legitimate Interest: Processing necessary for the effective management and operation of the Organisation while respecting your rights.
- Performance of Contract: Processing required to fulfil contractual obligations or take steps at your request before entering into a contract.
- Legal Obligation: Processing required to comply with applicable laws or regulatory requirements.