The Limassol District Local Government Organisation (the "Organisation", "we", "us") processes personal data in the frame of performing its duties, responsibilities, and powers, ensuring its lawful operation, and cooperating with citizens and public or private sector companies/organisations, as required by legislation, regulations, decrees, orders, and/or decisions of public authorities and/or the Court, for the following services:
This Website Privacy Policy (the "Policy") has been established to fulfil the Organisation’s obligation, in its capacity and role as Data Controller, under Article 13 of the General Data Protection Regulation 2016/679 (the "Regulation", widely known as the General Data Protection Regulation – "GDPR"), to provide information on how the Organisation collects, uses, and processes personal data when users visit the Organisation’s website https://eoalemesos.org.cy/ (the "Website") or other electronic platforms.
According to the interpretation of the Regulation:
"Personal data" means any information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, psychological, economic, cultural, or social identity of that natural person.
"Processing" means any operation or set of operations performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction of personal data.
"Data Controller" means any natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
"Data Processor" means any natural or legal person, public authority, agency, or other body which processes personal data on behalf of the data controller.
"Data Subject" means the natural person to whom the data relates and whose identity is known or can be determined, directly or indirectly, based on an identification number or specific characteristics defining their physical, biological, psychological, economic, cultural, political, or social identity.
"Recipient" means a natural or legal person, public authority, agency, or another body to whom personal data is disclosed, whether a third party or not. However, public authorities that may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be considered recipients; the processing of such data by those public authorities shall comply with applicable data protection rules according to the purposes of the processing.
"Third party" means any natural or legal person, public authority, agency, or body other than the data subject, the data controller, the data processor, and persons who, under the direct authority of the data controller or data processor, are authorised to process personal data.
The Organisation processes personal data in accordance with the principles of the Regulation. The key principles of the Regulation include:
Personal data we collect
By using this Website, the user agrees to this Privacy Policy. Visiting our Website and/or using our online services will be recorded. Specifically, the following data will be logged: the IP address used by your device, the date and time of the visit, the type of browser and operating system of your device, as well as the pages you browse. These data are collected for the purpose of optimising and improving our Website and electronic services.
For visitors/users accessing our Organisation’s Website, we do not collect any information. However, the provision of personal data may be necessary to achieve the intended purposes or may be optional. If you refuse to provide any requested information through our Website, we may be unable to provide the relevant services to you.
To use your personal data, we must have a legal basis for doing so. There are various legal bases on which we may rely, depending on the personal information we process and the reason for its processing.
Legal Basis
The legal bases on which we may rely include:
The personal information we collect includes cookies (referred to as “Cookies”). For more information regarding cookies, please refer to our Cookie Policy [insert link directing to the Website's Cookie Policy]. Additionally, we collect the following personal information depending on the specific activity carried out through our Website, as outlined below:
The table below provides a detailed list of the types of personal data we collect through our Website, based on the specific activity performed:
|
Type of personal data |
Purpose of data collection |
Legal basis |
|
Cookies |
-To ensure the smooth operation of our Website in general and provide you with continuous, uninterrupted, and error-free access to our Website. -To monitor the effectiveness and popularity of our Website, improving it by tailoring it to our visitors' interests and needs. |
Consent (Article 6(1)(a). Legitimate interest (Article 6(1)(f)): unless there is a compelling reason to protect your personal information that overrides our legitimate interests, such as ensuring the security of the Website and its users, improving user experience, user interface design, and the overall performance of our Website—i.e., strictly necessary cookies—or, where necessary, for the establishment, exercise, or defence of legal claims, disputes, and judicial investigations. |
|
Website visit and browsing IP address |
For the security and protection of the website from malicious attacks. For statistical analysis of website traffic. For compliance with regulations, such as data retention to prevent criminal activities or to cooperate with law enforcement authorities. |
Legitimate interest (Article 6(1)(f). Consent (Article 6(1)(a). Compliance with legal obligation (Article 6(1)(c). |
|
Contact form Full name, email address, contact telephone, purpose of communication, identity (in cases of communication regarding account-related matters). |
-To enable us to respond to your request or question. |
Consent (Article 6(1)(a). |
|
Registration in the system for electronic bill delivery Email address |
- To enable us to send you water/sewerage bills electronically. |
Execution of our contractual obligations (Article 6(1)(b). |
|
Bill/Fees Payment Full name, account details (username/login credentials), email address, telephone number |
- To process your transactions through our Website. |
Execution of our contractual obligations (Article 6(1)(b). |
|
Submission of an Application Related to Water Supply and Sewerage Issues Applicant’s full name, property address, mailing address, landline and mobile phone number, consumer number, property address, telephone number, email address, identity card number. |
- Consumer applications related to account/bill matters or relevant changes. - To enable us to respond to your request. |
Performance of contract (article 6(1)(b). |
|
Water supply and sewerage applications Applicant’s full name, property address, mailing address, landline and mobile phone number, consumer number, property address, phone number, email address, identity card number, various property information, document attachments, etc. |
- To enable us to respond to your request. |
Performance of contract (article 6(1)(b). |
Our Website is not intended for children, and we do not collect personal data from data subjects under the age of 16 without parental consent.
We do not use automated decision-making methods or profiling in the processing of your personal data.
Your personal data is processed at the Organisation’s offices in Limassol, where it is stored and safeguarded.
To ensure the security and protection of your personal data, the Organisation takes all necessary technical and organisational measures to ensure that processing is carried out in compliance with the applicable legislation and the Regulation.
Within the Organisation, access to your personal data is granted only to those who need it, under a duty of confidentiality, and solely for the purposes outlined in Section 3.
Outside the Organisation, recipients of your personal data may include third parties that provide services to the Organisation in the frame of its operations, such as call centre service providers, technical service providers, IT service providers, secretarial support companies, and software provision and maintenance companies.
The selection of partners is conducted with great care, following the necessary checks and obtaining sufficient assurances that appropriate technical and organisational measures are in place to ensure that processing is carried out in compliance with the Regulation and relevant legislation, thereby safeguarding the protection of your rights.
Transfers of your personal data to other recipients, entities, or third parties that are based in or process personal data in a country outside the European Community or the European Economic Area are not carried out, except where we are legally required to do so.
Before any potential transfer of personal data, we ensure that an adequate level of data protection is in place through one of the following: a European Commission adequacy decision; an agreement based on the Standard Contractual Clauses between our Organisation and the recipient; and your explicit consent, where necessary.
We can provide you with a list of recipients in third countries and a copy of the agreed regulations ensuring an adequate level of protection for your personal data. To obtain this information, please contact our Data Protection Officer at dpo@eoalemesos.org.cy.
In accordance with the Organisation’s policy, your personal data is retained only for as long as necessary to fulfil the purposes outlined in Section 3 of this Privacy Policy or, in cases where collection and processing are based on your consent, until you withdraw your consent.
Additionally, we retain your personal data for as long as necessary to comply with our legal obligations, exercise our legal rights, and generally safeguard our legitimate interests.
After this period, your personal data will be permanently destroyed. Any data retained for informational purposes will be kept until you notify us that you no longer wish to receive such information.
If you believe that any of your personal data held by us is incorrect or inaccurate, you have the right to request access, correction, or deletion of your data by contacting us at dpo@eoalemesos.org.cy.
If you wish to file a complaint regarding the way we handle your personal data, you may also contact us at the above email address. We will investigate your complaint and work with you to resolve the issue.
If you still believe that we have not handled your personal data in accordance with the law, you may submit your complaint to the Office of the Commissioner for Personal Data Protection, 15 Kypranoros Street, 1061 Nicosia, or via email at commissioner@dataprotection.gov.cy.
This Policy may be amended at any time. For this reason, we consider it advisable to regularly review this Policy. This Policy came into effect on 1 July 2024.
In the event of any amendments, the modification date will be indicated. The applicable version is always the Privacy Policy, as shaped by the most recent amendment.