Privacy Policy

Privacy Notice – General Data Protection Regulation (“GDPR”)

 

Please read the following information carefully. This privacy notice contains information about the information collected, stored and otherwise processed about you and the reasons for the processing. It also tells you who we share this information with, the security mechanisms we have put in place to protect your data and how to contact us in the event you need further information.

 

Who are we?

 

CYPRUS ASSOCIATION FOR THE PROTECTION & CARE OF ANIMALS, known as PAWS CAPCA Registered Charity No.1721 regularly collects, uses and is responsible for personal information about you. When we do this we are the ‘controller’ of this information for the purposes of the GDPR and the Data Protection Act 2018.

 

If you need to contact us about your data or the processing carried out you can use the contact details at the end of this document.

 

What do we do with your information?

 

Information collected

When carrying out the functions of the shelter and in the running of the charity [Rehoming, reuniting, registering dogs, microchipping, relocating, or running events, charity collections, donations, membership and carrying out some sales within the charity shop] we collect some or all of the following personal information that you provide:

  1. personal details
  2. family details
  3. lifestyle and social circumstances
  4. financial details
  5. employment details
  6. registration and elated security measures
  7. other personal data relevant to the rehoming of dogs, including data specific to the instructions we need or you give.

Information collected from other sources, including sales details, and financial data relevant to pay pal or other donation sources.

 

The same categories of information may also be obtained from third parties, such as your family and friends, government departments, public records and registers and financial institutions.

 

How we use your personal information: Purposes

We may use your personal information for the following purposes:

  1. to provide rehoming services
  2. to keep accounting records and carry out office administration

iii . to respond to potential complaints or make complaints

  1. to promote and market services

vii. to carry out anti-money laundering and terrorist financing checks

viii. as required or permitted by law.

 

Whether information has to be provided by you, and why

 

We may need information to comply with our professional obligations, and to keep accounting records.

 

The legal basis for processing your personal information

 

We rely on the following as the lawful bases on which to collect and use your personal information:

 

  • If you have consented to the processing of your personal information, then we may process your information for the Purposes set out above to the extent to which you have consented us to doing so.
  • If you are a client, processing is necessary for the performance of a contract for legal services or in order to take steps at your request prior to entering into a contract.

▪ We need your consent to carry out processing of this data for these purposes.

▪ In relation to information we rely on our legitimate interest and/or the legitimate interests of a third party in carrying out the processing for the Purposes set out above.

▪ In certain circumstances processing may be necessary in order that we can comply with a legal obligation to which we are subject (including carrying out anti-money laundering or terrorist financing checks)

 

  • Who will we share your personal information with?

It may be necessary to share your information with the following:

▪ data processors, IT support staff, email providers, data storage providers

▪ other regulatory authorities

▪ business associates, professional advisers and trade bodies, e.g. Paypal

 

Transfer of your information outside the European Economic Area (EEA)

 

This privacy notice is of general application and as such it is not possible to state whether it will be necessary to transfer your information out of the EEA in any particular case or for a reference. However, if you reside outside the EEA or your case or the role for which you require a reference involves persons or organisations or courts and tribunals outside the EEA then it may be necessary to transfer some of your data to that country outside of the EEA for that purpose. If you are in a country outside the EEA or if the instructions you provide come from outside the EEA then it is inevitable that information will be transferred to those countries. If this applies to you and you wish additional precautions to be taken in respect of your information please indicate this when providing initial instructions.

 

Some countries and organisations outside the EEA have been assessed by the European Commission and their data protection laws and procedures found to show adequate protection. The list can be found here. Most do not. If your information has to be transferred outside the EEA, then it may not have the same protections and you may not have the same rights as you would within the EEA.

[I may transfer your personal information to the following which are located outside the European Economic Area (EEA):

  • cloud data storage services based in the USA who have agreed to comply with the EU-

U.S. Privacy Shield, in order to enable me to store your data and/or backup copies of your data so that I may access your data when they need to. The USA does not have the same data protection laws as the EU but the EU-U.S. Privacy Shield has been recognised by the European Commission as providing adequate protection. To obtain further details of that protection see https://ec.europa.eu/info/law/law-topic/data- protection/data-transfers-outside-eu/eu-us-privacy-shield_en.

  • cloud data storage services based in Switzerland, in order to enable me to store your data and/or backup copies of your data so that I may access your data when I need to. Switzerland does not have the same data protection laws as the EU but has been recognised by the European Commission as providing adequate protection; see https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside- eu/adequacy-protection-personal-data-non-eu-countries_en.

We will not otherwise transfer personal information outside the EEA [except as necessary for providing legal services or for any legal proceedings.

If you would like any further information please use the contact details at the end of this document.

 

How long will we store your personal data?

We will normally store all your information:

  • Until at least 1 year after the expiry of any relevant limitation period . Deletion will be carried out (without further notice to you) as soon as reasonably practicable after the data is marked for deletion.
  • Names and contact details held for marketing purposes will be stored indefinitely

You have the right to withdraw this consent at any time, but this will not affect the lawfulness of any processing activity I have carried out prior to you withdrawing your consent. However, where I also rely on other bases for processing your information, you may not be able to prevent processing of your data.

 

Your Rights

 

Under the GDPR, you have a number of rights that you can exercise in certain circumstances. These are free of charge. In summary, you may have the right to:

▪ Ask for access to your personal information and other supplementary information;

▪ Ask for correction of mistakes in your data or to complete missing information we hold on you;

▪ Ask for your personal information to be erased, in certain circumstances;

▪ Receive a copy of the personal information you have provided us or have this information sent to a third party. This will be provided to you or the third party in a structured, commonly used and machine readable format, e.g. a Word file;

▪ Object at any time to processing of your personal information for direct marketing;

▪ Object in certain other situations to the continued processing of your personal information;

▪ Restrict my processing of your personal information in certain circumstances;

▪ Request not to be the subject to automated decision-making which produces legal effects that concern you or affects you in a significant way.

 

If you want more information about your rights under the GDPR please see the Guidance from the Information Commissioners Office on Individual’s rights under the GDPR.

 

If you want to exercise any of these rights, please:

▪ Use the contact details at the end of this document;

▪ We may need to ask you to provide other information so that you can be identified;

▪ Please provide a contact address so that you can be contacted to request further information to verify your identity;

▪ Provide proof of your identity and address;

▪ State the right or rights that you wish to exercise.

 

We will respond to you within one month from when we receive your request.

 

How to make a complaint?

 

The GDPR also gives you the right to lodge a complaint with the Information Commissioners’ Office if you are in the UK, or with the supervisory authority of the Member State where you work, normally live or where the alleged infringement of data protection laws occurred. The Information Commissioner’s Office can be contacted at http://ico.org.uk/concerns/.

 

Future Processing

We do not intend to process your personal information except for the reasons stated within this privacy notice. If this changes, this privacy notice will be amended and placed on the website.

Changes to this privacy notice

This privacy notice was published on 5th July 2020 and last updated on ________________

 

We continually review our privacy practices and may change this policy from time to time.

When we do it will be placed on the website.

 

Contact Details

If you have any questions about this privacy notice or the information we hold about you, please contact us at the details provided on the website