The Ministry of Finance is the Data Controller that processes personal data for specified, explicit and legal purposes and no further processing is carried out in a manner incompatible with these purposes. The personal data processed are appropriate, relevant and limited to what is necessary for the purposes for which they are processed. The Ministry of Finance takes the necessary actions so that the data is accurate and, where deemed necessary, updated.
Processing is done for the following purposes:
i. Compliance with the legal obligation of the Ministry of Finance, or
ii. The fulfillment of a duty performed for the public interest or for the exercise of public authority assigned to the Data Controller (which is the Ministry of Finance), or
iii. To safeguard the vital interest of the data subject or other natural person.
The Directorates/Units of the Ministry of Finance process personal data in the context of the execution of their responsibilities and in the context of the above purposes, which include among others (a) the examination of applications submitted for recognition, based on Decisions of the Council of Ministers, by companies, institutions, associations as charities for the purposes of Article 9(1)(f) of Τhe Income Tax Laws of 2002 to 2022 where the personal details of the members of the Board of Directors of the applicant institutions are submitted, (b) the donations in favour of natural persons pursuant to the Accounting and Financial Management and Financial Control of the Republic of Laws of 2014 to 2019, (c) the examination of complaints concerning credit facilities (ESTIA Plan, Government Schemes of the Financial Sector) pursuant to relevant Decisions of the Council of Ministers, (d) the purchase/early repayment of six-year registered government bonds for natural persons, based on the Public Debt Management Laws of 2012 to 2016, (e) the provision of compensation in accordance with the Overturning of Imprisonment Sentences (Compensation) Law of 2001 and the receipt and evaluation of named complaints of internal reports in relation to violations and the collection of information regarding the freezing of assets in the Republic within the framework of the Financial Sanctions Advisory Committee based on European Regulations.
The Website users/applicants who do not wish to provide the Ministry of Finance with their personal data will have, as a consequence the non-examination of their request.
The Cyprus Stock Exchange is a data recipient, which acts on behalf of the Ministry of Finance in case of paragraph (d) above based on relevant approvals from the Office of the Commissioner for Personal Data Protection.
The responsibilities of the Ministry of Finance do not include the transmission of personal data to third countries or international organisations.
The Ministry of Finance documents containing personal data are kept in electronic form in the electronic filing system (eoasis) and are sometimes kept in paper form. Criteria for determining the data retention time for each file are based on the provisions of National or European Legislation. e.g. The State Archives Law of 1991 (Law 208/1991).
The subject of personal data has the right under specific conditions to demand from the Data Controller, without undue delay, the correction of inaccurate personal data that concern him, the deletion of data that concern him and the restriction of data processing. The rights are exercised by submitting a relevant written request to the Data Protection Officer.
The Data Controller shall notify any correction or deletion of personal data or limitation of data processing carried out to each recipient to whom the personal data was disclosed. The Data Controller informs, if requested, the subject of data about the recipients.
The data subject has the right to withdraw his consent at any time. The withdrawal of consent does not affect the lawfulness of processing that was based prior to its withdrawal. Prior the withdrawal the data subject is informed accordingly.
Each data subject (the natural person to whom the data refers) has the right if he believes that any of his rights have been violated, or if he believes that the processing of his personal data violates the General Data Protection Regulation (GDPR) to submit a complaint to the competent Supervisory Authority (Commissioner for the Personal Data Protection). Relevant contact details are available on the website www.dataprotection.gov.cy.
The Ministry of Finance, in accordance with Regulation (EU) 2016/679, has appointed a Data Protection Officer (DPO), and data subjects can contact her, for issues related to the processing of their personal data and the exercise of their rights, according to Regulation (EU) 2016/679.
Ministry of Finance Personal Data Officer:
Maria Hadjisoteriou, Economic Officer A, email: mhadjisoteriou@mof.gov.cy
Telephone: 22601235.
