Private Grammar & Modern Schools Limassol Ltd (the “School”) is a private limited liability company incorporated under the laws of the Republic of Cyprus, with offices in Limassol, Cyprus. References in this notice to “we”, “us” or “our” refer to the School.
This Privacy Notice explains how we collect, use and protect Personal Information (PI) relating to prospective, current and past students (including Summer School attendees) and their parents or legal guardians (“Guardians”). We are committed to handling personal data responsibly and in accordance with applicable data protection law.
1. Categories of Personal Information We Collect
a) Student information
Personal details: full name, ID or passport number, unique pupil registration number, address, email, and telephone.
Demographic details: language, nationality, city of birth.
Attendance records: sessions attended, absences, and reasons.
Academic and assessment information: grades, progress and interim reports, disciplinary records, curricular achievements, past schools and enrolment/departure dates.
Media: photographs, video and audio recordings from school activities and CCTV footage where applicable.
Medical information: medical history and conditions relevant to the child’s wellbeing.
b) Guardian information
Name and contact details (email, phone, address).
Bank and financial details when required for payments.
Marital status and languages spoken.
Next-of-kin and after-school carer information.
We may also process special categories of data (for example health information or data revealing religious beliefs) where lawful and necessary.
2. Why We Collect and Use Personal Information
We process personal information for purposes including:
Admissions and enrolment of new students.
Provision of education and extracurricular activities, monitoring progress, and managing disciplinary matters.
Operational management, including maintaining records, ensuring safety and security, managing fees and invoices.
Communication with Guardians about academic progress, attendance, emergencies or other school matters.
Legal and regulatory compliance.
Promotion and public information such as publications, prospectuses, yearbooks, website and social media (where consent or lawful basis exists).
Providing references to other educational institutions or potential employers of past students.
3. Legal Bases for Processing
We rely on one or more of the following legal bases when processing personal data:
Legal obligations: to comply with laws and official guidance.
Contractual necessity: to perform obligations under the enrolment agreement.
Legitimate interests: for example, operating and improving the School, maintaining security, protecting property, and communicating with Guardians.
Consent: for specific activities requiring explicit permission (e.g. publication of photos).
Public interest: when processing is necessary to provide education.
Vital interests: to protect someone’s life or prevent serious harm.
4. Special Categories of Data
We only process sensitive data when we have a lawful basis, such as:
Explicit consent from the relevant person (or Guardian).
Preventive or occupational medicine (e.g. our First Aid station and qualified nurse).
Protection of vital interests in emergencies.
Establishment, exercise, or defence of legal claims.
5. Sharing of Personal Information
We may share personal data with third parties, including:
Professional advisors (lawyers, accountants).
Regulators, government or law enforcement authorities.
Courts, tribunals or disciplinary bodies.
Insurance companies.
Trusted third-party service providers (e.g. IT and website providers, social media platforms, or outsourced services).
Medical professionals or hospitals in emergencies.
All third parties who process data on our behalf are contractually required to ensure data security and confidentiality.
6. Data Retention
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected and to meet legal, regulatory, accounting, and operational requirements.
When determining retention periods, we consider:
The nature and sensitivity of the data.
Legal obligations.
Operational needs and potential risks of unauthorised disclosure.
7. Security of Personal Information
We apply appropriate security measures to protect personal data from unauthorised access, loss, misuse, alteration, or disclosure. Access is restricted to authorised staff members who require the information to perform their duties.
8. Your Rights
Under applicable data protection law, individuals may have the right to:
Request access to their personal data.
Request correction of inaccurate or incomplete data.
Request erasure of data (in specific circumstances).
Object to or restrict processing.
Request data portability (where applicable).
Lodge a complaint with the Data Protection Commissioner of Cyprus.
To exercise your rights or discuss a data protection concern, please contact our Data Protection Officer at [email protected].
Students aged 18 or over and Guardians may make a written request to access, rectify or erase personal data in accordance with applicable law.
Last updated: 24 October 2025
