Under GDPR, the GC School (hereinafter referred to as the “School”) is classified as a “data controller”, an organisation that collects and uses information of EU citizens. Therefore, the School is required to comply with this legislation.
But going beyond the requirements of GDPR, the School wants its users to feel they are being treated respectfully, and with the utmost goal of protecting their privacy, when they share their personal data with the School. This Data Policy has been prepared to explain how the School collects, uses and stores the personal information of its users.
I. Information that we collect from you and your use of this site
When you visit https://www.gcsc.ac.cy and/or its subdomains, namely: shop.gcsc.ac.cy and courtsgcsc.ac.cy you may be asked to provide certain information about yourself, including the pupil’s number, date of birth, name, contact and financial details before you are able to proceed with using the online-payment system.
1. Information you give us
We receive and save any information you enter on our website or give us in any other way. You provide most such information when you make a payment, or set-up a recurring card payment or direct debit mandate, or communicate with us for any other reason. This information may include the pupil’s number, date of birth, name, contact and financial details.
You can choose not to provide information, although it may be needed to make a payment.
2. Automatic information
We automatically receive and save certain types of information whenever you interact with the online-payments website. We use the information to monitor website traffic and to assist with the navigation and user experience of the website.
Information that we will automatically receive includes:
Requested URL (Uniform Resource Locator)
IP (Internet Protocol) address (this may or may not identify a specific computer)
Domain name from which you access the internet
Software (browser/operating system) used to access the page
Date and time pages were visited.
For further information about cookies, please see AboutCookies.org.
II. How we use your information
Personal Data collected as part of the payment process will be held primarily to settle your account. This data will be retained by reputable third-party banking and distribution institutions who handle our customers card transactions and and may be used for any of the following purposes: accounting, billing and auditing, administrative and legal purposes, security and payment verification.
We may also use and analyse the information we collect so that we can manage and improve the services on the website. Demographic and statistical information about user behaviour may be collected and used to analyse the popularity and effectiveness of the website. Any disclosure of this information will be in aggregate form and will not identify individual users.
III. How we handle the data submitted by you
1. Data Protection Legislation
The School is your data controller. Personal information will only be collected and/or processed by the School in accordance with the GDPR and the relevant legislation in force.
2. Data Security
Please protect sensitive data at all times throughout your online transaction. Make sure that nobody can see over your shoulder when typing in personal information and close your browser when you have finished. The School and its third party suppliers have used their reasonable endeavours to ensure that access to information provided and the payments you make whilst using this site are secure. We work to protect the security of your information during transmission. The site is secured using a firewall to offer you secure communications by automatically encrypting all data when it is entered.
You should be aware that the computer that you use to attach to the online-payments system (via a web browser) must also be secure, and include the latest operating system, software and anti-virus updates. The use of a shared computer to connect to the online-payments system could increase the risk that other will see your sensitive information.
The School online-payments system will require you to enter your credit card details. The online-payments system will always have a web address (URL) that starts with https://www.gcsc.ac.cy or https://shop.gcsc.ac.cy
3. Disclosure of your information
Except as set out in this policy or as required by law, your personal data will not be provided to any third party without your prior written consent
The information you provide to us will be held on our computers in European Economic Area. It may be accessed by or given to third parties some of whom may be located outside the European Economic Area who act for us for the purposed set out in this policy or for other purposes approved by you. Those parties process information and may provide support services to the School or on the School’s behalf.
Countries outside the European Economic Area do not always have strong data protection laws. However, we will always take steps to ensure that your information is used by third parties in accordance with this policy.
We employ other companies and individuals to perform functions on our behalf and in turn they may also use third parties for these functions. Examples include processing credit card payments and hosting the website (hereinafter referred to as the “Contracted Agencies”). The Contracted Agencies have access to personal information needed to perform their functions, but may not use it for other purposes.
Personal information provided by you may occasionally be shared with other organisations for the prevention of fraud. Should you fail to honour a payment to the School, the School may disclose sufficient personal data to a third party to enable it to pursue and recover the debt from you. Third parties may include lawyers, agents appointed by the School (for example, debt recovery and tracing agents) and the Courts.
4. Monitoring Use of School’s Systems
In order to protect the security and working of School’s network and computer systems, it may be necessary to monitor or log the use of these systems. If there are indications of abuse of systems or that individuals may be using systems in excess of their authority, files, messages and any or all uses of the systems may be intercepted, monitored, recorded, copied, audited, inspected and disclosed to authorised School and law enforcement personnel.
IV. Links to external websites
V. How to contact us
Should the information we hold about you be incorrect, you can change and update your personal information and can have your information corrected by contacting us.
Where requested, we will provide you with a readable copy of the personal data that we keep about you, by contacting us at the address below. We may require proof of your identity before supplying you with this information to ensure confidentiality.