HOW WE USE PERSONAL INFORMATION ABOUT YOU
Ioannides Tennis Academy takes the protection of personal data extremely seriously and we always strive to ensure that, at all times, it is protected with appropriate procedural, organizational and technical measures, and that data is only collected and used for appropriate and legitimate purposes.
Ioannides Tennis Academy will only use your personal information to provide the services previously agreed with you in the Letter of Engagement and any supporting Schedules. We will only use this information in accordance with your instructions and current data protection regulations.
We may receive personal information from you that falls into the category of sensitive personal data, required in order to complete money laundering checks. This information will only be used for the purpose of preventing money laundering and terrorist financing, by any express consent from you, or as otherwise required by law.
WHAT PERSONAL DATA WE MAY COLLECT ABOUT YOU
Ioannides Tennis Academy is bound by the requirements of the General Data Protection Regulation (GDPR). As a client of Ioannides Tennis Academy, we may need to ask for personal information about you.
- Personal information including addresses, contact details, date of birth
- Bank account details.
HOW WILL THIS DATA BE PROCESSED?
Personal information is only processed by Ioannides Tennis Academy in accordance with the services previously agreed
Please note that we may also process some of this personal information for the following purposes:
- Updating our client records system.
HOW LONG WE KEEP YOUR DATA FOR
We will typically hold your personal information for 7 years after the closure of your account in line with regulatory data retention requirements.
SHARING AND TRANSMITTING PERSONAL DATA
Ioannides Tennis Academy will NEVER sell, rent, share or disseminate any of the controller’s data to any third party.
Your personal data may be transferred to appropriate third parties as follows:
We may occasionally need to transfer your personal data to one of our software providers, where the data has become damaged and needs to be repaired.
HOW WE COMMUNICATE WITH YOU
Ioannides Tennis Academy may contact you using telephone numbers, email addresses, or addresses ‘volunteered’ by you as part of an initial communication with Ioannides Tennis Academy.
We may occasionally send text messages to your mobile phone number, but this will only be in relation to services agreed with you. These texts will never contain your personal details and will never be used for marketing purposes.
We will only send text messages to your mobile if you specifically agree to receive them.
SECURITY OF DATA
Ioannides Tennis Academy is committed to ensuring that your information is secure. In order to prevent unauthorized access or disclosure, we have put in place various physical, electronic, and managerial procedures to safeguard and secure the information.
RIGHT OF ACCESS TO DATA ABOUT YOU
GDPR gives you the legal right to access personal data about you that is held by Ioannides Tennis Academy. It allows you to check the lawfulness of any data processing, to ask for incorrect data to be changed, and for data about you to be erased (within any legal or regulatory constraints).
You have the right to make a complaint at any time to the relevant data protection supervisory authority. We would, however, appreciate the chance to deal with your concerns before you approach the supervisory authority so please contact us in the first instance.
KEEPING YOUR PERSONAL DATA SECURE
Measures in place to ensure the safety of personal data.
Article 32 of the GDPR obliges data controllers and data processors to implement the technical, physical and organisational measures necessary to ensure an appropriate level of security in relation to data processing.
We have set out the below physical, technical and organizational security measures in place to ensure the safety of personal data processing:
Physical security measures
• Keeping offices and storage units locked;
• Only authorised persons have access to personal data;
• Personal data are locked in the cabinets if the authorized person is away from his desk;
• Keeping server rooms or cabinets locked;
• Cabling desktop machines and laptops to desks;
• Implementing clean desk policies;
• Ensuring that shredders are in place and that they are functioning correctly;
• Ensuring that fire alarms are in place and that they are functioning correctly;
• Ensuring that ICT equipment such as hard drives and old laptops, computers and mobile devices are securely disposed of at end of life;
• Conducting periodical audits of the above measures.
Technical security measures
• Ensuring that all computing devices such as PCs, mobile phones, and tablets are using an up-to-date operating system;
• Encryption of data;
• Ensuring all computing devices are regularly updated with the manufacturer’s software and security patches;
• Using antivirus software on all devices;
• Implementing a strong firewall;
• Ensuring data backups are taken and are stored securely in a separate location;
• Ensuring that data backups are periodically reviewed and tested to ensure they are functioning correctly;
• Ensuring that data is collected and stored securely;
• Ensuring that two-factor authentication is enabled for remote access;
• Email disclaimer paragraph;
Organizational security measures
• Communicating the importance of company data and all the measures they can take to protect it to employees;
• Conducting ongoing staff training on data protection;
• Documenting data collection and retention policies;
• Ensuring the use of strong passwords by having a password policy in place that is enforced;
• Ensuring remote access is supported by a remote access policy;
• Documenting data back-up policies;
HOW TO COMPLAIN
We hope that we can resolve any query or concern you may raise about our use of your information.
The General Data Protection Regulation also gives you right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in Cyprus is the Commissioner of Personal Data Protection who may be contacted at http://www.dataprotection.gov.cy/dataprotection/dataprotection.nsf/All/2FBD2ACD407DEFE8C22582B9002E7019.
HOW TO CONTACT US