Introduction

In order to operate the School’s online-payments system, we may collect and store personal information you submit to it via this online-payments website or give to the School in any other way. Please read the following privacy policy to understand how the School uses and protects the information that you provide.

This online-payment system is provided and hosted by the School and its third party suppliers. By submitting your personal information, you are consenting to the School holding and using it in accordance with this policy. The policy is subject to change and any changes to it in the future will be notified on this page. By continuing to use this payment site you are agreeing to such changes. We recommend that you check this privacy policy each time you visit this website.

Under GDPR, the GC School (hereinafter referred to as the “School”) is classified as a “data controller”, an organisation that collects and uses information of EU citizens. Therefore, the School is required to comply with this legislation.

But going beyond the requirements of GDPR, the School wants its users to feel they are being treated respectfully, and with the utmost goal of protecting their privacy, when they share their personal data with the School. This Data Policy has been prepared to explain how the School collects, uses and stores the personal information of its users.

For more information about the School’s privacy policy and practices and to exercise your rights under the GDPR concerning your data, please contact the Data Protection Officer: [email protected]

GC School

Nicosia, Cyprus

+357 22464400

 

I. Information that we collect from you and your use of this site

When you visit https://www.gcsc.ac.cy and/or its subdomains, namely: shop.gcsc.ac.cy and courtsgcsc.ac.cy you may be asked to provide certain information about yourself, including the pupil’s number, date of birth, name, contact and financial details before you are able to proceed with using the online-payment system.

1. Information you give us

We receive and save any information you enter on our website or give us in any other way. You provide most such information when you make a payment, or set-up a recurring card payment or direct debit mandate, or communicate with us for any other reason. This information may include the pupil’s number, date of birth, name, contact and financial details.

You can choose not to provide information, although it may be needed to make a payment.

2. Automatic information

We automatically receive and save certain types of information whenever you interact with the online-payments website. We use the information to monitor website traffic and to assist with the navigation and user experience of the website.

Information that we will automatically receive includes:

    • Requested URL (Uniform Resource Locator)

    • IP (Internet Protocol) address (this may or may not identify a specific computer)

    • Domain name from which you access the internet

    • Referring URL

    • Software (browser/operating system) used to access the page

    • Date and time pages were visited.

When you visit some pages on the site, your computer may be issued with a small file – a “cookie”. A cookie is a piece of information in the form of a very small text file that is placed on an Internet user’s hard drive. It is generated by the online-payments web server. The information the cookie contains is set by the server and it can be used by that server whenever the user visits the site. The server uses cookies to recognise your browser session if you visit multiple pages during your interaction with the online-payments system.

You can set your browser to refuse cookies or warn you before accepting them. However, the online-payments website will not function properly without accepting cookies.

For further information about cookies, please see AboutCookies.org.

 

II. How we use your information

1. Fulfilment 

Personal Data collected as part of the payment process will be held primarily to settle your account. This data will be retained by reputable third-party banking and distribution institutions who handle our customers card transactions and and may be used for any of the following purposes: accounting, billing and auditing, administrative and legal purposes, security and payment verification.

2. Analysis

We may also use and analyse the information we collect so that we can manage and improve the services on the website. Demographic and statistical information about user behaviour may be collected and used to analyse the popularity and effectiveness of the website. Any disclosure of this information will be in aggregate form and will not identify individual users.

 

III. How we handle the data submitted by you

1. Data Protection Legislation

The School is your data controller. Personal information will only be collected and/or processed by the School in accordance with the GDPR and the relevant legislation in force.

2. Data Security

Please protect sensitive data at all times throughout your online transaction. Make sure that nobody can see over your shoulder when typing in personal information and close your browser when you have finished. The School and its third party suppliers have used their reasonable endeavours to ensure that access to information provided and the payments you make whilst using this site are secure. We work to protect the security of your information during transmission. The site is secured using a firewall to offer you secure communications by automatically encrypting all data when it is entered.

You should be aware that the computer that you use to attach to the online-payments system (via a web browser) must also be secure, and include the latest operating system, software and anti-virus updates. The use of a shared computer to connect to the online-payments system could increase the risk that other will see your sensitive information.

The School online-payments system will require you to enter your credit card details. The online-payments system will always have a web address (URL) that starts with https://www.gcsc.ac.cy or https://shop.gcsc.ac.cy

3. Disclosure of your information

  • Except as set out in this policy or as required by law, your personal data will not be provided to any third party without your prior written consent

  • The information you provide to us will be held on our computers in European Economic Area. It may be accessed by or given to third parties some of whom may be located outside the European Economic Area who act for us for the purposed set out in this policy or for other purposes approved by you. Those parties process information and may provide support services to the School or on the School’s behalf.

  • Countries outside the European Economic Area do not always have strong data protection laws. However, we will always take steps to ensure that your information is used by third parties in accordance with this policy.

  • We employ other companies and individuals to perform functions on our behalf and in turn they may also use third parties for these functions. Examples include processing credit card payments and hosting the website (hereinafter referred to as the “Contracted Agencies”). The Contracted Agencies have access to personal information needed to perform their functions, but may not use it for other purposes.

  • Personal information provided by you may occasionally be shared with other organisations for the prevention of fraud. Should you fail to honour a payment to the School, the School may disclose sufficient personal data to a third party to enable it to pursue and recover the debt from you. Third parties may include lawyers, agents appointed by the School (for example, debt recovery and tracing agents) and the Courts.

4. Monitoring Use of School’s Systems

In order to protect the security and working of School’s network and computer systems, it may be necessary to monitor or log the use of these systems. If there are indications of abuse of systems or that individuals may be using systems in excess of their authority, files, messages and any or all uses of the systems may be intercepted, monitored, recorded, copied, audited, inspected and disclosed to authorised School and law enforcement personnel.

 

IV. Links to external websites

This website may contain links to other websites that are outside the School’s control and are not covered by this privacy policy. The privacy policies of these other sites may differ from this one.

 

V. How to contact us

Should the information we hold about you be incorrect, you can change and update your personal information and can have your information corrected by contacting us.

Where requested, we will provide you with a readable copy of the personal data that we keep about you, by contacting us at the address below. We may require proof of your identity before supplying you with this information to ensure confidentiality.

We allow you to challenge the data we hold about you and where appropriate you may have the data erased, rectified, amended or completed. For complaints or queries about the privacy policy or data protection queries generally please contact: [email protected].