How and why the Cyprus Securities and Exchange Commission uses personal data and how this applies in
different areas of our work
This privacy notice informs you of what to expect when the Cyprus Securities and Exchange Commission
(“CyLAS”), collects personal information about individuals (herein referred to as “personal data”).
It is important that you read this together with any other privacy notice we may provide on specific occasions
when we are collecting or processing personal data about you, so that you are fully aware of how and why
we are using your data. This privacy notice supplements any other notices and is not intended to override
them.
To understand how personal data are used across CyLAS, we explain the core activities that we undertake
and how we may use the personal data that we collect to perform these activities and the lawful basis behind
it. We also provide information about your rights and how to contact us if you have any questions.
The General Data Protection Regulation
The European General Data Protection Regulation (EU) 2016/679 (“Reg. 2016/679”, “Regulation”), which
came into force on 25 May 2018, establishes a single legal framework for the protection of personal data in
all EU Member States.
The Regulation contributes to the homogenous and consistent application of personal data protection
legislation in all Member States of the European Union. At the same time, it strengthens the fundamental
rights of ΕU residents and imposes a framework of strict control on controllers and processors, establishing
the accountability principle, which obliges them not only to take measures to implement the Regulation but
also to demonstrate their compliance.
The Board of CyLAS and its employees, place great emphasis on compliance and the creation of a data
protection culture.
The data we collect
Personal data, or personal information, means any information about an individual from which that person
can be identified. It does not include data where the identity has been removed (anonymous data).
Depending on the aspect of work we perform, we may collect any or all of what is classified as personal data.
Examples of personal data include: first name, last name, telephone number, fax number, email address, age,
gender, date of birth, nationality, country of residence, marital status etc.
How we collect your personal data
We use different methods to collect data from and about you depending on the specific aspect of work we
perform, including but not limited to:
• direct interactions
• your physical submissions of forms and documents
• your online submissions via emails, portals, reporting systems etc.
• your electronic applications for employment
• technology platforms, social media analytics, inland and abroad public authorities, publicly available
paid sources, investigations and inspections etc.
Controller
CyLAS is the controller and responsible for your personal data (referred to as the “Commission”,
“Organization”, “we”, “us” or “our” in this privacy notice).