Joint Rescue Coordination Center

Γραφείο Επιτρόπου Προστασίας Δεδομένων Προσωπικού Χαρακτήρα

JOINT RESCUE COORDINATION CENTER

Privacy and Personal Data Protection Policy in accordance with the legislative framework for the protection of personal data of natural persons and for the free movement of such data [Regulation (EU) 2016/679 and Law 125(I)/2018]

1. Introduction:

This Personal Data Protection Policy of the Joint Rescue Coordination Centre (JRCC) concerns the processing of Personal Data by the Centre. The JRCC, as a Personal Data Processor, processes the personal data of individuals in accordance with the provisions of Regulation (EU) 2016/679 and Council Regulation (EU) 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data.

This Privacy Policy states the manner and methods of processing personal data to ensure the protection of such data, as well as the rights that can be exercised by the data subjects (natural person whose personal data are processed).

2. Processing of personal data and who it concerns:

The JRCC processes personal data of individuals, such as persons in distress or informants about persons in distress, applicants for radio frequency registration, partners and employees of companies contracted with the Centre, persons referred/referred to the JRCC, applicants, prospective and current staff, staff of Cyprus and foreign agencies and delegations. The processing of personal data under this Policy does not apply to companies, organisations, associations, foundations, government agencies and other legal entities. Aggregate data of a statistical nature, from which the data subjects cannot be identified, shall not be considered as personal data.

3. What does the personal data processed relate to:

The personal data that are processed are personal data (any information relating to an identified or identifiable individual), which are included in a relevant application/objection/appeal and/or obtained through personal interviews by competent officials of the JRCC, and/or through any other correspondence/information deemed necessary and obtained in the context of fulfilling the mission of the JRCC and related to the examination, verification, provision of services and assistance to the natural person concerned.

The personal data mainly concern:

i. Identity and contact details: Where applicable, this includes full name, address, telephone number, date of birth, marital status, passport number, employment history, educational, academic and professional data.

ii. Electronic profiles and user data of electronic information and search, including passwords, IP addresses, technical data regarding the type of browser and device used for access, search platform, etc., which are collected when visiting the website of the JRCC.

iii. Sensitive personal data which may be requested and processed for the purposes of the operations and the proper functioning of the services of the JRCC, such as, for example, name, identity, telephone number, email address (during operations, examination of radio beacon registration or data verification for the purpose of authorizing entry to the Centre.

Personal data are collected and further processed only to the extent necessary to process the request and/or to provide the necessary services.

4. Purposes and reasons for processing personal data:

The JRCC processes personal data for specified, explicit and legitimate purposes and no further processing is carried out in a manner incompatible with those purposes. The personal data processed are appropriate, relevant and limited to what is necessary for the purposes for which they are processed. The JRCC shall take the necessary steps to ensure that the data are accurate and, where necessary, updated.

Processing shall be carried out for the following purposes:

i. To comply with the obligations and mission of the JRCC; or

For the fulfilment of the obligations and duties of the Agency and the fulfilment of its obligations and tasks; ii. for the performance of a task carried out in the public interest.

to safeguard the vital interests of the data subject or another natural person; or

ii. For the performance of a contract to which the data subject is a party or to take measures at the request of the data subject prior to the conclusion of a contract.

iii. For the performance of a contract to which the data subject is a party or in order to take measures at the request of the data subject prior to the conclusion of the contract.

5. To whom does the JRCC disclose Personal Data and when:

Personal Data is processed only by and only at the direction of the staff of the JRCC. The JRCC may, however, disclose personal data in the following cases:

i. To a natural or legal person, public authority, agency or other body if required by any legislation or court decision or decision of a competent authority.

ii. to a natural or legal person, public authority, agency or other body to which the JRCC has entrusted the performance of the processing of personal data on its behalf.

Except in the above cases, the JRCC shall not communicate or disclose personal data to a third country or an international organisation without informing the data subject and, if necessary, obtaining his or her prior consent. Except in cases where the individual is at risk and his/her personal data must be communicated to the JRCC services of another country.

6. Data retention period:

The JRCC keeps the personal data that it collects under the State Archives Act of 1991 (Law 208/1991). The electronic records are encrypted and only authorised officials of the JRCC have access to them.

7. Security of data retention:

The JRCC shall take the necessary and appropriate organizational, technical and physical security measures to ensure the protection of personal data that are processed, in accordance with the legal framework in force from time to time governing the proper functioning of the public service and the security of personal data.

Personal data collected and stored in electronic form shall be further protected through the use of appropriate access control and other security measures issued and provided from time to time by the Department of Information Technology Services of the Deputy Ministry of Research, Innovation and Digital Policy.

8. Rights of data subjects:

Data subjects, subject to the limitations provided for by the applicable legal framework for the protection of personal data, have the right to information and access to their personal data, the right to rectification of data concerning them, as well as the right to request their erasure, subject to the provisions of Articles 17(1) and 21(1) of the GDPR. It is noted that under Article 20(3) and recital 68 of the GDPR, it is stipulated that data portability does not apply when the processing of data is a

If you wish to exercise your legal rights or have any queries regarding the processing of your personal data, you can contact the JRCC. Contact details can be found below. In addition, you reserve the right to complain to the Data Protection Commissioner.

9. Contact the Data Protection Officer:

The Search and Rescue Coordination Centre is located at 2, Major General Tasou Markou 2, 6029, Larnaca, Cyprus. A Data Protection Officer has been appointed, who is responsible for data protection issues and this statement.

For any relevant matter, you may contact him by e-mail (dpo@jrcc.org.cy) or by written transmission to the postal address of the JRCC.

10. Corrections and Changes to the Privacy and Data Protection Policy: The JRCC reserves the right to revise this Privacy Policy when necessary. Therefore, we encourage you to visit the website periodically. The latest version of this Policy is always posted on the Centre's website. This Privacy and Data Protection Policy was updated on 23/08/2024.