Privacy & Cookie policy

The Digital Security Authority (“DSA”), with this Privacy and Cookies Policy of the National Cybersecurity Certification Authority – NCCA, would like to inform you of the personal data it processes, the purpose of the process, the measures undertaken for their protection as well as your rights concerning your personal data.

The DSA has been mandated the role of the National Cybersecurity Certification Authority – NCCCA in the Republic of Cyprus in accordance with the provisions of Directive (EU) 2019/881, which was enforced on 27 June 2019.

The DSA guarantees the protection of your personal data as any collection and processing of personal data shall be done in full compliance with the General Data Protection Regulation (EU) 2016/679 (hereinafter the “Regulation”), the Law on the Protection of Natural Persons against the Processing of Data of Personal Character and the Free Movement of Data, L. 125(I)/2018, as amended and/or replaced from time to time and the competencies of the DSA which derive from the Security of Networks and Information Systems Law 89(I)/2020, as amended and/or replaced from time to time.

 

1. Types of personal data collected

The personal data collected by the DSA are limited to what is necessary for the accomplishment of the purpose of which they were collected by the data subjects and are used only for that purpose.

The NCCA’s website (website link) it will be possible to create a user profile and password and during the creation of the profile, personal data will be given. The data provided during the creation of the user profile will be collected and processed by DSA only for the purposes given.

When creating the user profile or subscribing to the NCCA newsletter you will be asked to give your consent and the processing of personal data will be based on the user’s consent in accordance with the provisions of Article 6 (1) of the Regulation.

The personal data collected and processed by the DSA for the purposes described herein below include indicatively the name, surname, title, organization, position in the organization, contact details etc.

In addition, the personal data collected are adequate, relevant and limited to what is necessary for the purposes of their processing, as described below.

 

2. Contact form

Through the NCCA’s website (website link) it is possible to communicate with the NCCA by filling in the relevant contact form posted on the website. By filling in the fields of the contact form, the data that has been filled in will be collected and processed by the DSA. When filling out the contact form you will be asked to give your consent and the processing of your personal data will be based on the user’s consent in accordance with the provisions of Article 6 (1) of the Regulation. The DSA will collect, process and store the said data only for the purposes of communicating with you and will be deleted when they are no longer necessary for the purpose for which they were collected.

 

3. Cookies

The NCCA’s website uses cookies. Cookies are small data files created and stored by your browser on your computer’s hard drive. Accessing a website may result in a cookie being stored on your operating system. This cookie contains a specific string of characters that allows the browser to be clearly identified each time the website in question is accessed.

We use cookies to make our website more user-friendly. The processing of personal data based on the use of cookies is legal according to Article 6 (1) of the Regulation. The purpose of these technical cookies is to simplify the use of our website.

Cookies are stored on the user’s computer and transferred to the DSA. As a user, you have full control over the application of cookies. You can disable or restrict cookies by changing your browser settings. Cookies already stored on your hard drive can be deleted at any time. This can also be done automatically. However, disabling cookies for our website may result in some functions of the website not working properly.

 

4. Purpose of processing and use of personal data

Your personal data are processed exclusively and only for the compliance of the DSA with its legal obligations and for the performance of its duties in the exercise of the public authority assigned to it.

 

5. Right of data subjects

You, as a data subject, subject to the limitations provided by the applicable legislative framework for the protection of personal data, have the following rights:

  • Right to be informed of and have access to your personal data;
  • Right of rectification of the data that concern you;
  • Right to withdraw the consent given;
  • Right to be forgotten; and
  • Lastly the right to object and the right to minimize processing and right to transfer your personal data.

If you wish to exercise your legal rights or have any questions regarding the processing of your personal data, you can contact us at the details listed at the end of this privacy policy.

In the event that you consider that the protection of your personal data is affected in any way, you can appeal to the Commissioner for Personal Data Protection following the link here.

 

6. Access to your personal data and transfer to third parties

The DSA may use external partners to carry out the processing on its behalf (“processors”), always in the manner required by the applicable legislation for the protection of personal data. The aforementioned external partners used by the DSA are bound by a legal act or contract for the processing of personal data as required by the Regulation, ensuring that your personal data is protected, as defined by the relevant legislation. In any other case, the DSA does not transmit or disclose personal data to third parties unless it is provided by law in order to fulfill its duties or this is required to comply with the provisions of the applicable legislation or a court decision.

 

7. Data retention period

Without prejudice to the rights described in paragraph 4 above, your personal data is retained for as long as there is a need to carry out the actions necessary to achieve the purpose(s) of the processing. After this period, your personal data will be deleted in absolute security.

 

8. Data Security

To protect your personal data, the DSA takes all appropriate technical and organizational measures to ensure the confidentiality, integrity, availability and authenticity of your personal data. The personal data processed by the DSA is kept in digital and written form, stored in a secure environment within the DSA, encrypted and accessed only by authorized personnel of the DSA.

 

9. Amendments to the Privacy Policy

This privacy policy might be amended from time to time. Please make sure to check this page for new information regarding our privacy policy.

This privacy policy is in effect as of 30/09/2024.

 

10. Contact details

For any questions and/or clarifications you may have concerning the protection of your personal data, or to submit a complaint or to exercise your legal rights feel free to contact us at the following details:

Data Processor:
Digital Security Authority
Andrea Chaliou 1, 2408 Nicosia, Cyprus
Tel.: 22693000
Email: [email protected]

Data Protection Officer:
Tel.: 22693000
Email: [email protected]

Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.