SP TRIADA PRIVATE SCHOOL LIMITED (with a trademark TRINITY PRIVATE SCHOOL) is dedicated to protecting the confidentiality and privacy of information entrusted to it and complies with Personal Data Privacy legislation (GDPR) 169/2016 as currently in force and Cyprus Republic Law 125/2018. For the purposes of this document, “TRINITY” will be used to refer to SP TRIADA PRIVATE SCHOOL LIMITED. TRINITY processes personal data of its prospective, current, and former students and their parents or representatives as part of its educational services. Trinity acknowledges its obligations under data protection legislation and is committed to fulfilling these obligations for both staff and students. The school adheres to the requirements of the General Data Protection Regulation (GDPR), applicable in the European Union. As the controller of personal data, TRINITY determines the purposes and means of processing the data. For the purposes of this privacy policy, “processing” refers to any operation performed on personal data, including collection, recording, storage, adaptation, alteration, consultation, use, disclosure, erasure, or destruction.
(2) Data Protection Officer (DPO)
The appointed Data Protection Officer (DPO) ensures the highest standards of data security and confidentiality during data processing and handling within the school premises.
The DPO responsibilities include:
coordinating and monitoring data management training;
fostering a positive data culture and best practices;
providing advice on data-related matters;
assessing the severity of data breaches;
implementing data protection policies issued by TRINITY;
ensuring secure and confidential systems within the school;
providing information to authorized entities as required.
We invite you to carefully read this Privacy Notice, which explains the context in which personal data is processed, your rights, and our obligations. To exercise any rights under this policy or to seek clarification regarding the processing of personal data, please contact TRINITY through its Data Protection Officer at dpo@trinity.cy. The Data Protection Officer is responsible for ensuring adherence to all GDPR requirements.
(3) Information and Personal Data Collection
TRINITY collects and processes personal data relating to:
prospective, current, and former students;
parents or guardians;
staff;
suppliers, contractors, friends, supporters, and visitors.
The types of personal data collected may include: Identification information
name, first name, last name;
ID card or passport numbers;
email address;
postal address;
fixed and/or mobile phone numbers.
Family details
parents’ names;
telephone numbers;
passport numbers;
addresses.
Financial information
bank account details.
Electronic identification data
login credentials;
access rights and passwords;
employee numbers;
IP addresses;
online identifiers/cookies;
logs and access/connection times.
Educational records
admissions, academic, disciplinary records;
special educational needs;
references;
examination scripts and marks.
Additional data
behavioral data and student preferences/interests;
education and employment data;
images, audio and video recordings;
details of courses, meetings, or events attended.
Health data
medical history;
allergies;
immunization records;
disorders;
medical examination results and other medical data.
(4) Receiving, Handling, and Sharing Confidential or Personal Information
TRINITY primarily collects personal data directly from individuals or from parents/guardians. In some cases, data may be obtained from:
referees;
previous schools;
professionals;
authorities;
publicly available sources.
Personal data is processed only by designated staff for its intended purpose. Appropriate technical and organizational measures are in place to protect personal data. Personal data is not transferred outside the European Union unless equivalent protection is ensured. Personal data may be shared with:
examination boards;
professional advisors;
relevant authorities (Ministry of Education, Department of Statistics, Immigration Office, Tax Department, Social Insurance Services).
Some systems and services are provided by third-party providers (hosted databases, website, calendar, email, platforms, applications). These providers operate under contractual assurances ensuring data security and compliance. TRINITY does not sell or disclose personal data for third-party marketing purposes.
(5) Legal Basis for Processing Personal
DataPersonal data is processed based on the following legal grounds: Consent
use of photos and videos;
school publications, website, social media;
direct marketing and fundraising communications.
Performance of Enrolment Contract
provision of educational services;
mandatory data clearly indicated in application and enrolment forms.
Legal Obligation
compliance with legal requirements (e.g. video surveillance).
Task Carried out in the Public Interest
issuing and storing academic records;
evaluating student performance.
Legitimate Interest
providing educational services;
monitoring virtual learning environments;
fundraising;
legal claims;
security;
alumni relations;
collaboration with other educational institutions.
Special Categories of Personal DataProcessing is based on:
necessity for medical purposes;
substantial public interest;
explicit consent (e.g. disclosure of allergy information).
(6) Purpose of Personal Data Usage
Personal data is processed for: Educational services
applications and enrollment;
class administration;
examinations;
university applications;
academic records.
Ancillary services
pastoral care;
counseling;
library services;
extracurricular activities;
school trips;
virtual learning environment and intranet access.
Campus security
access monitoring;
video surveillance.
Medical care
medical support and counseling.
School administration
records management;
fees and accounts;
audits and reporting;
policy implementation;
research and statistics.
Communications
school-related messages via various channels.
Fundraising and events
concerts, performances, talent shows;
fundraising communications.
Operational management
invoicing, safety, planning, archives.
Staff administration
recruitment;
payroll and HR records;
appraisals and disciplinary procedures;
references.
Promotion
website, prospectus, publications, social media.
Dispute resolution and litigation
(7) Personal Processing at Trinity Private School
Personal data is processed based on:
performance of a contract;
legal obligations;
legitimate interests;
vital interests;
public interest;
explicit consent.
Consent may be withdrawn at any time by contacting TRINITY.
(8) Access and Transfer of Personal Data
Personal data is shared only when necessary and lawful. Third parties may include:
IT providers and hosting services;
meal service providers;
educational partners;
photographers and video crews;
courier services;
utilities providers;
public authorities;
legal, tax, and accounting consultants.
Access within TRINITY is limited to authorized staff only.
(9) Data Retention at Trinity Private School
Personal data is retained:
during the contract period;
for an additional 3 years thereafter;
academic records are retained indefinitely where legally required.
Students may request educational records:
within 15 school days for educational records;
within 1 month for other data.
Staff-created student data is governed by TRINITY data protection policies.
Processing of student data generally relies on parental consent unless student consent is more appropriate. Disclosure to parents is normally permitted unless confidentiality is requested by the student and legally justified. Students with sufficient maturity may submit their own data access requests.
(12) Updating Personal Details
Please notify any changes to personal details by emailing dpo@trinity.cy.
(13) Privacy Policy
This Privacy Policy should be read alongside other school policies. Updates will be published on the website and communicated where practicable. Complaints may be submitted to: Office of the Commissioner for Personal Data Protection Website: www.dataprotection.gov.cy Call Center: 22 818 456 Fax: 22 30 45 65 Email: commissioner@dataprotection.gov.cy