The Cyprus Organisation for Standardisation (CYS) is the National Standards Body of Cyprus which operates as a limited company under private law having as sole shareholder the Republic of Cyprus. Through the Accreditation and Standardization, Technical Information Law (N.156(I)/2002) the activities of standardization have been allocated to CYS. It is managed by a 7- member-Board of Directors which consists of representatives from the Ministry of Finance, the Μinistry of Energy, Commerce Industry & Tourism as well as organisations from the private sector such as the Consumer Association, the Cyprus Chamber of Commerce and Industry, the Cyprus Employer’s and Industrialists Federation, the Technical Chamber of Cyprus, and the academic Institutions.
CYS has the following objectives:
- Strengthen the national standardisation system and effectively promote the national interests on the European and International Standardisation system.
- Implement the European and International standards so as to enhance the competitiveness of the Cyprus economy and businesses and also to ensure consumer health, safety and environmental protection.
CYS at International level is a full member of ISO, IEC and ITU and at European level, of the three European Standardisation Bodies CEN, CENELEC and ETSI.
How we use your information
In its everyday business operations, CYS makes use of a variety of personal data about identifiable individuals, including data about -
- Visitors to our website
- Customers, including subscribers to our webstore and our subscription services
- Members of standards committees
- Traders and economic operators
- Other stakeholders
This privacy notice tells you what to expect when CYS collects personal information.
Information we collect
When you contact us regarding our business operations or to purchase products and services from us, the personal data we will collect from you can include:
- Your name
- Your home or work address
- Your email address and or phone number
- Your job title
- Your payment and delivery details, including billing and delivery addresses, credit card or bank account details
- Usernames and passwords
- And any other data you provide
The lawful basis for use of your personal data
We process data where it is necessary for the following purposes:
- To fulfil a legal obligation with which we must comply.
- For the performance of a task carried out in the public interest or in the exercise of official authority, which includes:
- responding to any comment, feedback or complaint you may send to us and to investigate any complaint received from you about our operations, products or services, and
- monitoring use of our website and on-line platforms in order to correct or improve their use and content.
- For the performance of a contract to which you have agreed or in order to take steps at your request prior to entering a contract.
- To protect our legitimate interests in order to ensure we can exercise our legal rights for purposes such as legal claims, regulatory, business and legal compliance and to prevent fraud.
- With your consent to contact you regarding relevant events, products and services, market research or studies.
We may share your personal information with the following third parties -
- Our agents or sub-contractors for functions carried out on our behalf such as auditing services, sales of standards, provision of prescribed functions under law and courier/delivery services. These parties only have access to such information as necessary to perform their functions and may not use it for any other purpose.
- Our providers of professional business services such as financial and legal advisors, accountants and auditors.
- Our audit and oversight bodies to provide access to or disclose personal information such as is necessary for any certification agreement we have entered into or otherwise to protect CYS.
- Our external suppliers of personal data processing services, e.g. document management services.
All third parties used by us to process personal data must provide the same level of protection for your data as we do. Your personal data may also be shared with government authorities in accordance with law or if required for compliance with law or to protect our legitimate interest.
Purpose of processing
People who purchase standards
We use third party providers for sales of standards on-line. The third parties may only use the data for the agreed purposes and in accordance with data protection requirements. They also provide CYS with information on standard sales which can include personal data of standards purchasers from Cyprus which we may use to contact you from time to time with updates and offers of other services which may be of interest to you. You can unsubscribe from this listing at any time.
Professional qualification registries
CYS retains professional qualification registries. Where we collect personal information when processing scheme requests the data is collected for the purpose of providing the requester with the unique id and we will hold the associated personal data for so long as the number remains valid or you advise us of a change of contact.
Events, Marketing and Communications
You consent that during the CYS events you may be photographed or video recorded. Such photos and videos are used exclusively by CYS for reporting of such events and are not used for any commercial purpose.
In those cases where you will request subscription to the relevant CYS newsletters, you agree that your personal data that you have agreed to provide, will be included in a contact list and you will be regularly contacted with relevant communications.
CYS do not use your personal data for any commercial purposes and do not transfer these personal data to third parties for any other purpose without your explicit consent.
We formulate standards through consultation with a wide range of stakeholders who contribute to the process on a voluntary basis. When applying for membership of a standards committee you provide us with personal data which will be used to validate your application and upon acceptance to the committee you will have access to the on-line platforms used to share documents amongst committee members.
This information is shared with the standardization organisation developing the standard in accordance with the personal data protection policies of the organisation. CYS, as member of the standardization organisations, is party to the agreement on implementation of the data protection policies.
As part of its consultations on standardization work CYS hosts an on-line platform allowing people to make a comment on draft standards. When registering with the on-line platform you are providing us with personal information. This information is shared with the standardization organisation hosting the standardization work and is held in accordance with the personal data protection policies of the organisation. CYS, as member of the standardization organisations, is party to the agreement on implementation of the data protection policies.
Traders and Economic Operators
Where we have enforcement functions we collect personal information about people who are responsible for compliance with law. This information may be shared where we determine it necessary to uphold the law and it may also be shared where we have a written agreement with another public body for such arrangement.
Your rights to access, restrict and delete your personal data may be subject to exceptions when it is processed for these purposes.
All the personal data collected by CYS are retained for the period that you remain active within the CYS system and are reviewed every 5 years in order to determine if it should be deleted.
Photographs and videos of events are retained by CYS for the performance of the intended purpose and are archived for historical recording purpose.
In some occasions CYS are required by law to maintain records of personal data for specific purposes e.g. for audit or reporting to authorities. Following the completion of the relevant statutory period your personal data are deleted.
Security of Personal Data
CYS has organisational, physical, administrative and technical measures in place to protect the personal data we collect and process. We monitor the measures to ensure information is secure and operating in a manner to reasonably protect the collected and processed information. The information security systems and measures are upgraded from time to time to limit risks of unauthorised disclosure.
In the event of a data breach, CYS will issue breach notifications as may be required under law.
The following apply with regard to your data:
- You can request access to and rectification or deletion of your personal data or the restriction of the processing, unless the processing is required by law.
- You can object to the processing, unless required by law, and you can request to receive your personal data in a portable format. In case this may incur expenses to CYS, you may be requested a compensation;
- In those cases where the processing is based on your consent only and no other legal basis e.g. legitimate interests or necessary for the performance of a contract, you have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal;
- In case your contact with CYS did not sufficiently address your request, you may further contact the relevant Data Protection Authority. As CYS is a legal entity based in Cyprus, it operates under the remit of the Cyprus Data Privacy Commissioner.
Changes to the Privacy Statement
We will post any changes to this privacy notice on our website in order to inform you of the personal data we collect, how it is used and the circumstances, if any, it can be disclosed. If we decide to use personal data in a significantly different manner to that stated in this Privacy Statement or for a different purpose for which it was collected, we will notify you of such change and if appropriate you will be given a choice as to whether we use your information in the new manner.