The Limassol District Local Government Organisation – EOA Lemesos (the “Organisation”) is a legal person governed by public law, established and operating pursuant to the District Local Government Organisations Law (Law 37(I)/2022), and acts as a controller of personal data, which it collects directly from data subjects and/or from other sources for the purposes of exercising its competences, as these are defined in the applicable Legislation in force from time to time.

The Organisation also collects and processes personal data relating to tenderers in the context of concluding contracts for supplies, projects, works, or services, as well as personal data of its employees, its collaborators under a services agreement regime, and candidates for employment.

The Organisation is committed to protecting your privacy and handling your personal data in a transparent manner.

1. DEFINITIONS

“Personal Data” means any information relating to an identified or identifiable natural person (“Data Subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

“Processing of Personal Data” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

“Controller of Personal Data” means the natural or legal person, public authority, service or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Republic law, the controller or the specific criteria for its nomination may be provided for by Union law or by the law of the Republic.

“Processor” means the natural or legal person, public authority, service or other body which processes personal data on behalf of the controller.

2. CATEGORIES OF PERSONAL DATA & PURPOSES OF PROCESSING

We collect and process various categories of Personal Data, which we obtain from the Data Subjects themselves in person (e.g. consumers, municipal residents, applicants for town planning/building permits, external collaborators) or through their representatives. We may also collect and process Personal Data, which we lawfully obtain, for the purposes of exercising the Organisation’s competences, from publicly available sources such as the Department of the Registrar of Companies and Official Receiver, the press, the media and the internet.

Depending on the Data Subject, different Personal Data are collected and processed, which include the following:

Processing Activity	Data Subject Category	Data Categories
1. Water supply and sewerage connections, billing, network administration and fault management	Property owners Consumers Municipal Residents Contractors	Identification Data such as: full name, address, ID number Contact Details such as: phone number, email address Property Details such as: water meter number, plot details Financial Data such as: billing details, consumption details
2. Town planning and building permits, derogations, enforcement and complaint management	Municipal residents, Property owners, Architects, Engineers Consultants, Applicants	Identification Data such as: full name, address, ID number Contact Details such as: phone number, email address Cadastral data, plot details Special categories: income, family composition, medical certificates (derogations)
3. Financial management, payments to third parties, billing/collection of fees and public contracts	External collaborators/providers Persons subject to fees	Identification Data such as: full name, address, ID number Financial Data such as: bank account/IBAN, invoices, payments Contact details such as: address, phone number, email address
4. Administrative support, legal services and European programmes	External collaborators	Identification Data such as: full name, address, ID number Contractual data such as: contracts, valuations
5. Management of information systems, technical support, CCTV and system security	External collaborators Office visitors	Access data such as: credentials, usage logs, access rights Image Data (CCTV) such as: facial image, video
6. Internal audit	External collaborators Persons subject to fees	Potentially all data categories
7. Promotion, communication via social media and website, event organisation	Persons subject to fees External collaborators Third parties	Identification Data such as: full name Contact details such as: address, phone number, email address Audiovisual data such as: photographs, videos
8. Website operation	Website visitors	Technical Browsing Data such as: IP address, browser information Usage data such as: cookies, pages visited Technical session identifiers, metadata from interactions with the Organization’s virtual assistant, EOAnna (if the virtual assistant is used), and any other personal data entered by the user

3. PURPOSE & LAWFULNESS OF PERSONAL DATA COLLECTION

As stated above, the Organisation is committed to protecting your privacy and handling your data in an open and transparent manner. Therefore, we process your Personal Data in accordance with the European General Data Protection Regulation ((EU) 2016/679) (the “Regulation”) and the national data protection legislation (the Law Providing for the Protection of Natural Persons with regard to the Processing of Personal Data and for the Free Movement of such Data of 2018 (Law 125(I)/2018)) (the “Law”) as amended from time to time, for one or more of the following reasons:

A. Following the obtaining of consent from the Data Subjects

Where you have expressly given us your consent to processing, the lawfulness of such processing is based on that consent. You have the right to withdraw your consent at any time in cases where such data are used on the basis of your consent. We rely on the legal basis of consent primarily for promotional activities (such as sending informational material in certain cases and taking and using photographs at events).

Β. For the execution of a contract

The Organisation collects and processes Personal Data pursuant to contracts between the Organisation and suppliers of products and/or tenderers for the provision of services, as well as pursuant to contracts with its personnel. The purpose of processing Personal Data depends on the requirements for each product or service, and the contractual terms and conditions provide further details regarding the relevant purposes.

C. For compliance of the Organisation with a legal obligation

The Organisation is required to comply with its legal obligations, duties and competences arising from the District Local Government Organisations Law (Law 37(I)/2022), as amended from time to time. The Organisation is also required to comply with additional applicable laws and regulatory/legal requirements, such as Tax Legislation, the Social Insurance Services legislation, the Safety and Health at Work Law, and town planning legislation.

D. For tasks carried out in the public interest or under the official authority vested in the Organisation as a legal person governed by public law

As a legal person governed by public law established and operating on the basis of the District Local Government Organisations Law (Law 37(I)/2022), the Organisation has the authority and obligation to exercise, within the boundaries of the Limassol district, its competences and duties, including water supply, sewerage, solid waste management, and town planning and building permits.

4. SECURITY MEASURES FOR THE PROTECTION OF YOUR DATA

The Organisation takes all necessary technical and organisational measures to protect the Personal Data it processes. The Organisation collects and processes Personal Data in accordance with Regulation (EU) 2016/679 and the relevant legislation applicable in the Republic.

The processing of Personal Data is carried out only by authorised employees and collaborators under a services agreement regime of the Organisation, and the Organisation does not transmit or disclose personal data to any third party without the consent of the data subject, unless such transmission or disclosure is necessary for the performance of a contract, compliance with a legal obligation, the protection of a vital interest, or the performance of a task in the public interest.

The Organisation has appointed a Data Protection Officer who ensures the implementation of the Regulation's provisions and advises the Organisation on matters relating to the fulfilment of its obligations.

5. DATA RETENTION PERIOD

The Organisation retains your Personal Data in accordance with the Principles governing the Regulation. Specifically, the Organisation collects and processes only the Personal Data necessary for the specific and defined purposes for which your Data are collected, and retains them in an identifiable form only for the period required for their lawful processing in accordance with those purposes.

In summary, the Organisation retains Personal Data for the following periods:

PERSONAL DATA	RETENTION PERIOD
Contracts of suppliers/collaborators	6 years from the termination of the contract
Provision of water supply/sewerage services	7–10 years from the last transaction
Town planning/building permits records	Permanent retention (public records)
Recorded call centre calls	Up to 3 months from each call
Image Data (CCTV)	Up to 1 month from recording
Fleet management (GPS) data	Up to 3 years
Legal cases	10 years after final completion

6. RECIPIENTS OF YOUR DATA

In the fulfilment of our contractual and/or legal/regulatory obligations, your Personal Data may be disclosed to external collaborators of the Organisation who provide services and/or products to the Organisation. Such subcontractors are contractually bound to the Organisation through a separate agreement and are subject to the obligations of the Regulation.

Some examples of recipients:

• Providers of software applications (e.g. SSM COMPUTER SOLUTIONS, CYCOM BUSINESS SOLUTIONS LTD)
• Accountants, auditors and legal advisors of the Organisation
• Technicians and/or consultants in information technology matters and/or network infrastructure providers
• Providers of closed-circuit surveillance systems (CCTV)
• Credit and financial institutions
• Public and wider public sector authorities (e.g. Audit Office, Social Insurance Services)
• Records storage companies (e.g. Iron Mountain) and cloud providers (e.g. AnyCloud)
• External collaborator providing call centre services (EVRESIS SERVICES LTD)
• Local Authorities (Municipalities, Community Councils), Public Services, Department of Lands and Surveys

7. TRANSFER OF YOUR DATA TO A THIRD COUNTRY OR INTERNATIONAL ORGANISATION

Your Personal Data are not transferred to third countries (i.e. countries outside the European Economic Area) or to international organisations.

8. LINKED WEBSITES

The Organisation may contain links to other websites. However, the Organisation does not control such websites nor the resources made available through them. Please exercise caution with regard to the terms and conditions and/or the data protection policy of such websites before using them. The Organisation does not endorse and is not responsible for the accuracy of any content, advertising material, services, products or information provided by such linked websites.

9. COOKIES POLICY

Cookies are small sets of data that are stored on your device when you visit the Organisation’s website. The Organisation’s website (https://www.eoalemesos.org.cy) uses the following categories of cookies:

Name / Category	Purpose	Type	Expiry
Necessary	Ensure the basic functionality and security of the website (e.g.CookieYes, Cloudflare WAF)	Functionality/Security	Session to 12 months
Analytical	Help understand how the website is used (e.g. Google Analytics)	Analytics	Up to 24 months
Advertising	Provide relevant advertisements (e.g. Facebook Pixel, Google Tag Manager)	Advertising	Varies

You can manage your preferences through the “Cookie Settings” option on the Organisation’s website. Please note that rejecting certain cookies may prevent you from accessing specific features of the website.

10. YOUR RIGHTS

You have the following rights in relation to the Personal Data we hold about you:

• To access your personal data. This allows you, for instance, to obtain a copy of the personal data we hold about you.
• To request the correction of any incomplete or inaccurate data.
• To request the erasure of your personal information (known as the “right to be forgotten”).
• To request the restriction of the processing of your personal data.
• To request the portability of your data in a structured format.
• To withdraw your consent at any time.

To exercise any of your rights, or if you have any other questions regarding our use of your Personal Data, you may contact the Organisation’s Data Protection Officer, Mr Christos Pericleous (PERICLEOUS MICHAIL LLC Law Firm, https://psml.law), via email (dpo@eoalemesos.org.cy), or by telephone at +357 25000070.

If you still feel that your concerns have not been satisfactorily addressed, you have the right to lodge a complaint with the Office of the Commissioner for Personal Data Protection (http://www.dataprotection.gov.cy).

11. CHANGES TO THIS POLICY

The Organisation may amend this Policy from time to time.

We recommend that you periodically check the Organisation’s official website (https://www.eoalemesos.org.cy) to stay informed about how the Organisation processes and protects Personal Data.

 

	Updated
v.1.0	April 2026