Recruitment Privacy Notice

Recruitment Privacy Notice


CYENS Centre of Excellence (“CYENS”, “us,” or “we”) are committed to respecting your privacy and protecting your personal data. We define personal data broadly as information that directly identifies an individual or that makes an individual identifiable when combined with other information. 

This Recruiting Retention Privacy Notice (“Privacy Notice”) describes how we handle and protect your personal data in connection with CYENS’s recruiting processes and programs. In case of a conflict between this Privacy Notice and applicable law, applicable law will govern. 

This Privacy Notice only applies to the personal data of those who participate in our recruiting programs and events. This personal data is submitted directly to CYENS through the online application process and follow-up communications.  

This Privacy Notice does not apply to the personal data of our employees, partners, clients, vendors or any other person from whom CYENS collects personal data for other purposes. 

At CYENS we take your privacy seriously and are committed to ensuring that your personal data is protected in accordance with the EU General Data Protection Regulation (GDPR) and other local data protection laws and used in line with your expectations. 

By submitting your personal data to us, you acknowledge that: 

  • You have read and understood this Privacy Notice and agree to the use of your personal data as set out herein. 

  • This Privacy Notice does not form part of any contract of employment offered to candidates hired by CYENS. 


We collect different types of Personal Data in different ways: 

  • Some of the information is given by you directly to us; 

  • Some of the Personal Data gathered is automatic (through technologies which give us information about you, for example from publicly accessible sources, such as Linkedin, etc., where we collect your full name, email, work history, and other data included on your profile)  

Personal Data is collected and processed solely for the purposes and in the contexts described in this Recruiting Privacy Notice. Any processing of Personal Data by us will have a lawful basis (such as consent, the performance of a contract or legal obligation, or the pursuit of a legitimate interest) as required under the GDPR or any other applicable legislation.  

In order to ensure that we are meeting our responsibilities and duties as your employer, we collect, process, and maintain different types of Personal Data in regard to those individuals who seek to be considered for employment by us, including, but not limited to:  

  • Identification date:  

  • Name  

  • Gender  

  • Languages  

  • Contact details:  

  • Telephone  

  • Email addresses  

  • Employment details:  

  • Job title  

  • Position  

  • Hire dates (start date, end date)  

  • Educational and professional background data:  

  • Academic and professional qualifications  

  • Other personal details you voluntarily provide to us  

We may also collect certain demographic data that qualifies as sensitive personal data, such as race, ethnicity, sexual orientation, and disability to help us understand the diversity of our workforce. When collected, this sensitive personal data is generally done so on a voluntary consensual basis.  

Most often, the personal data we collect from potential recruits is collected from them directly. In some cases, we may collect personal data about potential recruits from third parties. In most circumstances, we will get your permission before we collect personal data about you from a third party.  

If we ask you to provide any other personal data not described above, then the personal data we will ask you to provide, and the reasons why we ask you to provide it, will be made clear to you at the point we collect it. If we ask you to provide personal data that we consider to be mandatory for us to perform the purpose for which the data was originally collected, we will inform you of such at the time of collection. In addition, we will also inform you of the consequences for not providing us with the mandatory personal data.  


We collect and use your personal data for legitimate human resources and business management reasons, including: 

  • Assess candidates’ skills, qualifications, and suitability for the role; 

  • Communicate with candidates about the recruitment process; 

  • identifying and evaluating candidates for potential employment, as well as for future roles that may become available; 

  • maintaining records in relation to recruiting and hiring; 

  • fostering our diversity and inclusion programs and practices; 

  • protecting our legal rights to the extent authorized or permitted by law 

We may also use your personal data for CYENS analytics purposes, including in aggregated/pseudonymized form, to improve our recruitment and hiring process and augment our ability to attract successful candidates. 


Our processing of your personal data for the purposes mentioned above is based: 

  • in part, on our legitimate business interests in evaluating your qualifications to manage our relationship with you, to ensure that we pursue appropriate candidates, and to evaluate and maintain the efficacy of our recruiting process more generally;  

  • in part, on our performing contractual and precontractual measures relating to our potential employment relationship with you; 

  • in part, on your consent, if we offer you the opportunity to participate in our optional recruiting programs or if we collect sensitive personal data for legally permitted purposes other than compliance with our legal obligations regarding public health and workplace safety. 

We only process your Personal Data where we are permitted by law or required to do so, including where we must process Personal Data for your employment with us, where we have a legal obligation to do so as your employer, for legitimate business purposes, to protect your vital interests, or if we have your consent to do so. 


Except to the extent necessary to accomplish the CYENS uses and purposes described in this Privacy Notice, we do not disclose your personal data to third parties. We do not otherwise share or sell your personal data to third parties. 


CYENS retains personal data, as necessary, for the duration of the relevant business relationship. 

We may also retain personal data for longer than the duration of the business relationship should we need to retain it to protect ourselves against legal claims, use it for analysis or historical record-keeping, or comply with our information management policies and schedules. If you request that we delete your personal data, CYENS will make reasonable attempts to delete all instances of the information in their entirety. For requests for access, corrections, or deletion, please refer to the “Your Rights” section of this Privacy Policy. 


We employ organizational and technical security measures to protect your Personal Data, such as limiting access to your Personal Data, secured networks, and encryption. We ensure that your Personal Data is protected against unauthorized access, disclosure, or destruction by utilizing practices that are consistent with standards in the industry to protect your privacy.   

Please note, however, that no system involving the transmission of information via the Internet or the electronic storage of data is completely secure, no matter what reasonable security measures are taken. Although we take the protection and storage of your Personal Data very seriously, and we take all reasonable steps to protect your Personal Data, we cannot be responsible for data breaches that occur outside of our reasonable control. We will, however, follow all applicable laws in the event a data breach occurs, including taking reasonable measures to mitigate any harm as well as notifying you of such breaches as soon as possible.  


As data subjects, are entitled to exercise the rights set out in the GDPR and domestic data protection legislation. The GDPR provides that data subjects have, subject to certain conditions and limits:  

  • a right of access, to rectify and erase their Personal Data collected by us;  

  • be informed about your personal data;  

  • the right to data portability;  

  • to request its restriction or to object to the Processing of their Personal Data.   

  • In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your Personal Data for a specific purpose, you have the right to withdraw your consent for that specific Processing at any time.  

  • obtain and reuse your personal data;  

  • object to the processing of your personal data;  

  • object to how your personal data is used in automated decision making, if applicable;  

  • lodge a complaint with a supervisory authority; and  

  • obtain a copy of Standard Contractual Clauses (if applicable).  

These rights may be limited, for example, if fulfilling your request would reveal personal data about another individual, or if you ask us to delete personal data which we are required by law to keep or which we need to defend claims against us.  

If we process your personal data in reliance upon your consent, you can contact us at any time to withdraw your consent.  

To exercise any of these rights, please contact us by using the contact details under the “Contact Information” heading below.  

We will respond to such requests in accordance with the requirements GDPR and privacy laws. Please note that in order to fulfil your request, we may need you to provide certain personal data to verify your identity. Depending upon GDPR and privacy law, individuals may also designate an authorized agent to exercise these rights on their behalf.  

The data subjects are entitled to file a complaint with a Supervisory Authority.  


We reserve the right to modify, revise, or otherwise amend the Privacy Policy at any time and in any manner. If we do so, however, we will notify you and obtain your consent to the change in processing. Unless we specifically obtain your consent, any changes to the Privacy Policy will only impact the information collected on or after the date of the change.  


The Data Protection Officer we have appointed for you to contact in the event of questions or complaints regarding this Privacy Policy as follows: Anthoula Fotsiou Psoma at dpo@cyens.org.cy  


The Data Protection Officer we have appointed for you to contact in the event of questions or complaints regarding this Privacy Policy is Anthoula Fotsiou Psoma, dpo@cyens.org.cy   


To ask questions or comment about this Employee Privacy Notice and our privacy practices or if you need to update, change, or remove your personal data or exercise any other rights,  
Via Email: dpo@cyens.org.cy  
Via Mail:  CYENS Cenre of Excellence, Dimarchias Square 23, 1016 Nicosia, Cyprus  
Via phone: +357 757474