Privacy & Data Protection Policy

In our company, Mind The Gap Ltd – (hereinafter called “we or us’’), we pay great attention to the protection of your personal data. We assure you that this Privacy and Personal Data Protection Policy (“Policy”) respects and fully complies with the European Regulation on the Protection of Personal Data EU 679/2016 (the “Regulation”) and the relevant Law 125 / I / 2018 of the Republic of Cyprus.

  • Who is responsible for Personal Data Processing? 

Responsible for processing the personal data is Mind The Gap Ltd, 95A Vasileos Konstantinou, 3080 Limassol, Cyprus, tel. +357 25251435, fax +357 25251436, e-mail:

  • The principles on which we rely

Our company is committed to the following principles of Personal Data processing, in accordance with Article 5 of the Regulation:

  • Legality, objectivity and transparency – Personal data are processed fairly, in a transparent manner.
  • Limitation of purpose – Personal data are collected for specified, explicit and legal purposes and are not subject to further processing in a manner incompatible with those purposes.
  • Data minimisation – Personal data is adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed.
  • Accuracy and quality of data – Personal data is accurate and up-to-date as soon as it comes to the knowledge of the company.
  • Limitation of the storage period – Personal data is kept not more than necessary or required by the law.
  • Integrity and confidentiality – Mind The Gap Ltd has taken reasonable technical and organisational measures and follows international standards and practices to be able to assure the security of your data and in particular to protect it from unauthorised disclosure, illegal processing, accidental destruction, or damage.
  • Accountability Principle – With this Policy, which is communicated to any interested party, our company demonstrates that it complies with the Accountability principle.
  • From whom do we collect Personal Data (Data Subjects) and why?

The processing of personal data we carry out is based on one of the “legal bases” as referred in the Article 6 § 1 of the Regulation (or Article 9 on specific categories of data). The legal base on which your data is based, is listed below for each category of subject (i.e., physical person). We collect and process Personal Data from:

  • People interested in information: We collect your personal data with your consent, in order to inform you immediately or in a later date about issues of  interest to you (for example, participation in educational or co-funded programs, consultancy services, job search and/or any type of cooperation with our company).
  • Trainers, employees and / or unemployed people who aim to participate in training programs or advisory services: We collect your personal data with your consent (when you are a trainer, or you participate in a multi-business training program) or because of the contract we have signed with your employer, for the organisation of an in-house business training program or the provision of consulting services.
  • Partners, other interested parties and participants: when submitting and implementing European programs, with your consent or for the execution of the contract that we have signed.
  • Customers interested in finding employees for the contract and from interested parties to cover the offered positions with your consent.
  • Suppliers and partners: to perform our contracts or obligations and to protect our legitimate interests.
  • Employees of Mind the Gap for the following reasons: Responding to our legal obligations and responsibilities in the field of labour law, provision of continuing education, and / or protecting of our legitimate interests.
  • Those that want to work with us for the reason of employment.
  • Those who visit our website or our social network accounts: with your consent or to protect our interests (eg to ensure that the content on our site is presented in the most effective way to you and your computer, for the purpose of improving the services we offer through it and / or for other business purposes).
  • Personal Data of Under aged people

Our services are exclusively addressed to adults and we do not intentionally collect any information for people under the age of 16. Since it is technically not feasible to effectively verify your age in all cases, we are committed to delete immediately all relevant information, in case it is reported and verified that they are related to under aged people. This deletion will be applied, with concern to our need to maintain the data, in the event of foundation, exercise or support of our legal claims, or the provision of verifiable parental consent (according to the requirements of Article 8 of the Regulation).

In any case, if we find out that we have collected any personal information from a person under the age of 16, without a verifiable parental consent, we delete the information from our database directly. If you believe that we may have collected information from an under aged person, without knowing their age, please contact us in the contact details mentioned in paragraph I above.

  • What personal data do we collect and for how long are they stored?

The personal data we collect is the least possible to achieve the above-mentioned purposes per category of subjects.

  • When you are interested in our services and communicate with us in any way, we collect the contact details you will provide us and the details concerning the reason for contacting us, which you will also voluntarily provide us. These data can be kept for up to three years from receipt, as certain categories of services (eg European or co-financed) have a broad horizon, unless if another relationship (eg customer) is created and therefore the data will be maintained as the other relationship defines.
  • When you participate in Training, Consulting, or European and co-funded programs, we receive the data required by the relevant authorities (HRDA, funding providers) and the announcements. These vary by case and may include:
  • full contact details, Identity & Social Insurance Number, gender, certificate of unemployment with all the included data, Trainer Certification Number, Employee Payroll Data, Contracts, Photographs as Proof of Implementation, Fees, CV’s, and Copies of Certificates and Degrees. The data are maintained, for the purpose of implementation controlling, for 5 years, which is required by the relevant established framework, except from the financial data, which are kept as required by the Law. The data required for the submission of co-funded projects, in the event of non-approval of the project are kept for 3 years from its submission.
  • When you want to work for us or for our clients, we collect full contact information, salary information / employment terms, CVs and interview notes. Data are kept for up to 2 years, unless earlier deletion is requested under the precautions of Case VIII c.
  • If you are a trainer, we provide all the required information about the way we manage the collected data, in our signed contract for the mentioned period. If you are a trainer that wants to work with us, we collect the information you send us, which we keep for 2 years from receipt.
  • In case you communicate with us through our social media accounts, your name or nickname, photos, comments, remarks or preferences may be appeared in that site. Photo files are kept for a maximum of two months. Uploaded data will be deleted whenever is requested.
  • From our suppliers and partners, we collect contact details, pricing details and any details of their employees, in case they are required for communication. This data shall be retained as provided by law.
  • From our employees, we collect all the data required by the labour law, as well as those required for the effective operation of the company, for which you are completely informed through the employment agreement, as well as the manuals we provide. For the record keeping time, you are informed in the same ways.
  • How do we ensure the Security of Personal Data?

We have taken reasonable organisational and technical measures to protect the information and any other special categories of personal data we collect. Our company follows international standards and practices to ensure the security of our networks. We ensure that your personal data are safely and lawfully processed, by complying with the policies for the development and implementation of our procedures. For example, the following security measures are used to protect personal data against unauthorised use or any other form of unauthorised processing:

  • Our facilities are safe from unauthorised access, with visitor and third-party control, by taking reasonable measures to a possible extent.
  • Access to personal data for the specific purposes is limited to a specific number of authorised employees, based on secure passwords. The necessary data transfer is made according to secure procedures.
  • Our staff are committed to our confidentiality rules, with limited access only to the necessary data.
  • Special categories of data are accessible by a minimum number of authorised people. The hard copy data are locked in cabinets which are accessed only by authorised persons.
  • We select reliable partners, who are also committed, in accordance with Article 28 of the Regulation, with the same obligations regarding the protection of personal data. We retain the right to control them according to the Article 28 (3) (η).
  • In computer systems used to process personal data, all technical measures are taken as far as possible to prevent unauthorised access or other processing.
  • In addition, access to these IT systems is monitored on a permanent basis in order to detect and prevent illegal use at an early stage. Although data traffic via the Internet or a website cannot be protected from cyberattacks, we work to maintain physical, electronic and procedural security measures to protect your data.
  • To whom can the data  be communicated?

Mind The Gap Ltd, takes all the necessary precautions so that the recipients of personal data are as few as possible. The personal data we collect are communicated to third parties, only when the reason of this communication is fully justified. Specific personal data, from what we legally collect, may be accessed (or disclosed), as appropriate by:

  • Any supervisory authority within its supervisory role.
  • Any public or judicial authority, if required by law or by court request.
  • The company’s accountant and auditor, for as much data as are required (financial data, personnel, contracts, and other controlled data) on a confidential basis.
  • IT and website administrators, under a strict confidentiality clause.
  • The customers (companies), when recruiting employees for them.
  • The lawyer of the company, for what data is required in legal cases (eg contracts, accidents, etc.), under confidentiality.
  • Partners in European and co-funded projects, under confidentiality agreement.
  • The co-operating insurance company (for insurance or accident insurance), which is required to meet the information security requirements.
  • The co-operating banks (company’s, employees, or partners and suppliers) only for data relating to payment issues.
  • The trainer and the HRDA for training issues and only for the necessary information and data.
  • Outsourced technicians that maintain processing equipment of personal data, with confidentiality clauses.

The personal data we collect is not transmitted to third countries or international organisations.

  • Your rights as a Data Subject and how you can use them

You have the right to request access to your personal data, correction, deleting- if it can be done as described below, limitation of processing. You also have the right to oppose processing and / or exercise your right to data portability.

If the processing of your personal data is based on your consent, you may revoke it at any time you wish, in accordance with the following.

More specifically, you have the right:

  1. Access: You have the right to know what data we have about you about the processing made on this data, as well as the right to access your data.
  2. Correction: You have the right to request correction or completion of your data if it is inaccurate or incomplete.
  3. Delete: You have the right to request the deletion of your data. This right can be satisfied if:
  • Data is no longer necessary for the purposes for which it was collected.
  • If there is no other legal basis for processing beyond the consent.
  • If you exercise the right of objection (see below).
  • If the data were processed, against to the applicable legal provisions.
  • If the data must be deleted to comply with a legal obligation.

We have the right to deny the above right, if the processing of the data is necessary to meet our legal obligation or to the public interest or to establish, enforce or support our legal claims (Article 17 § 3).

  1. Restriction of processing: You have the right to mark all or part of the data we process, in order to limit their processing. For example, when you dispute the accuracy of your personal data, for the period that it will be required for verification.
  2. Portability: You have the right to receive your data in a structured, commonly used and machine-readable form, as well as to request its transfer to you and to another person who will process it.
  3. Counterfeiting: You have the right to object at any time the processing of your data, including your profile development, and when the reason for the processing concerns direct marketing.

Mind The Gap Ltd, in the event that you submit in writing any of the above requests, will examine your request and respond within one month of receiving it, either for its satisfaction or to provide the objective reasons that this request cannot be satisfied, or to request an extension of up to two additional months, because of the complexity and the number of requests at that moment (Article 12 (3)).

The exercise of your rights is implemented with no cost, by sending a request or letter or email to the company. Abusive exercise of these rights (Article 12 §5) may impose a reasonable fee.

In case you are not satisfied with the way we use your data, or by our response to your requests for exercising your rights, you are entitled to submit a complaint to the Authority for Personal Data Protection. Prior to this, you may want to contact us to provide you with complete information and support. You can exercise these rights in the contact details listed below.

  • Personal data violation

In the event of a violation of the security and integrity of your data that is at our disposal, our company will take the following measures (according to Articles 33 and 34 of the Regulation):

  • Will review and evaluate the procedures needed to limit the violation
  • Will assess the risk and its impact on your rights and liberties.
  • Will try to reduce as much as possible the damage that has been or may be caused.
  • Will notify the Personal Data Protection Authority, if required, within 72 hours by the time of being aware of the violation.
  • Will assess the impact on privacy and will take appropriate measures to avoid repetition of the violation.
  • Links to other Websites

Our Website may contain links to other websites that are not operated or controlled by us. If you click on a third-party link, you will be led to this third-party site. We encourage you to review the Privacy Policy for each web site you visit. We have no control and we do not take any responsibility for the content, privacy policies, or practices of any third-party websites or services.

  • Cookies

Cookies are files with small amount of data that is commonly used an anonymous unique identifier. These are sent to your browser from the website that you visit and are stored on your computer’s or other portable devices’ hard drive.

  • What types of cookies do we use?

Our website uses persistent and session cookies.

Session Cookies: are erased after the end of your browsing on our website and/or after the closing of your web browser.

Persistent Cookies: remain in your computer or your device, either until the time you decide to erase them or for the defined time of 2 years.

these “cookies” to collect information and to improve our Service. You have the option to either accept or refuse these cookies and know when a cookie is being sent to your computer. If you choose to refuse our cookies, you may not be able to use some portions of our Service.

Furthermore, when you use our website, our associates (Google), set third-party cookies on our behalf, to collect information while you are interacting with our website. This information may be used by our associates in order to draw statistic conclusions, as well as to improve users experience.

  • Which cookies does our website use and which information do cookies collect?

Our website uses cookies for various purposes, depending on their function:

Strictly necessary – Basic Cookies: these cookies are essential for the proper website function. They allow you to browse and use website’s functions and they ensure an effective use of our website. These cookies cannot identify you. Without using these cookies, we cannot offer effective functionality of our website.

Usage Statistics: In order to improve our website, we use cookies to collect information about the time and the way that visitors interact with our website, as well as for the services it offers. For example, these cookies may monitor how many times a visitor saw a particular product or service and whether (s)he chose to share it on a social networking platform.

  • How do you control cookies?

Cookies are stored on your computer or device after you become aware of the privacy policy. If you do not accept the cookies, some functions of our website may not be available. Either way, you will not be blocked from using our website. It is at your choice to withdraw your consent or oppose to the use of cookies on your computer or device whenever you like, to check or/and delete cookies.

You may delete cookies from the computer or the device you are using anytime you decide. In this way, you withdraw your consent to the use of cookies at your computer or device.

You may also set your browser in such a way, that it either will alert you for the use of cookies in specific services of our website, or it will not permit the use of cookies at all.

  • Contact details of the Personal Data Protection Authority

Personal Data Protection Authority of Cyprus, 1 Iasonos, 1082 Nicosia, telephone 22818456, e-mail:

  • Contact details of Mind the Gap Ltd for personal data issues

For any matter relating to the processing of your personal data and the exercise of the above-mentioned rights, you may contact our company: Mind The Gap Ltd, 95Α Vasileos Constantinou,  3080 Limassol, Cyprus, telephone +357 25251435, fax +357 25251436, e-mail:

Additional information and terminology for the Rules can be found on the website

  • Updating of the policy

This policy is valid from May 25, 2018 and is revised when there is a significant change. This review will be available on our website, with a revision date. Printed form of this policy, you can find at our offices, or it can be sent to you at your request.