Privacy Policy
- Introduction
I.D.E.A. INNOVATE DEVELOP EXCEL ACCOMPLISH (referred to as “IDEA” , “we”, “our”, “us”) is committed to protect your personal data and to respect your privacy ensuring that your personal data is processed and stored in a secure manner. IDEA collects and further processes personal data pursuant to the provisions of the General Data Protection Regulation EU 2016/679 (“GDPR”) and the Law providing for the Protection of Natural Persons with regard to the Processing of Personal Data and for the Free Movement of such Data of 2018 (L.125(I)/2018).
This Privacy Policy outlines how IDEA collects, process, and ensures protection of all your personal data provided, how this information is used, shared, disclosed and stored when you visit our website (“Website”), use our services or otherwise interact with IDEA and what rights you have with respect to your personal data. This policy should be read alongside our Terms and Conditions.
Please also note that this Privacy Policy is directed only to natural persons.
The processing of your personal data is governed by the following terms, by the relevant provisions of the GDPR on personal data, or any other applicable law, as well as by the relevant decisions, instructions and regulatory acts of the relevant supervisory authority.
- Who are we and how to contact us
IDEA is a private limited company under registration number HE 372775 having its registered office at Lykourgou 36, 1011 Nicosia, Cyprus.
If you have any questions about this Privacy Policy or want to exercise your rights set out in this Privacy Policy, please contact us:
Address: 36 Lykourgou Street, Nicosia 1011, Cyprus
Tel: + 357 22 128144 / + 357 22 128260 / + 357 22 128261 / + 357 22 127405
Email: info@ideacy.net
You may also contact our Data Protection Officer:
Email: dpo@chryslaw.com
Address:12 Themistokles Dervis Avenue, Palais D’ Ivoire House, 1st floor, 1066 Nicosia
Tel: +357 22 267777
- Definitions
For the purposes of this Privacy Policy and according to the interpretation of the GDPR:
‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
‘controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
‘processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
‘recipient’ means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;
‘third party’ means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;
- Data protection principles
IDEA complies with the GDPR and national legislation which means that IDEA shall be responsible for ensuring that any personal data is:
- processed lawfully, fairly and in a transparent manner;
- collected only for specific, explicit and legitimate purposes and not further processed in any manner that is incompatible with such purposes;
- adequate, relevant and limited only to what is necessary in relation to the purposes for which it is processed;
- accurate and, where necessary, kept up to date, while every reasonable step must be taken to ensure that personal data that is inaccurate, having regard to the purposes for which it is processed, is erased or rectified without delay;
- kept in a form which permits identification of the data subject only for as long as it is necessary for the purposes for which the personal data is processed; and
- is processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing, accidental loss, destruction or damage.
- Purposes of Processing your personal data
Your personal data is collected and processed for the purpose of the implementation and operation of the IDEA Program, in accordance with Section 6 (Collection and Use of personal data) of this Privacy Policy.
IDEA will only process and use personal data in accordance with the GDPR, the national data protection law and any other relevant laws and regulations.
IDEA will not in any way, directly or indirectly, transfer any of this information to any third party, except as described in Section 13 (Recipients of Your Personal Data). Any information provided will be confidential and will be handled in accordance with the applicable laws and regulations. IDEA may also collect and process personal data from publicly available sources which they lawfully obtain and are permitted to process.
IDEA can only provide you with the IDEA Newsletter if you have given your prior explicit consent by subscribing to it.
IDEA may also provide you with updates about the IDEA program, upcoming events, and other relevant information, only if we have your prior explicit consent to do so or, in certain cases, where we rely on our legitimate interest to do so.
You may revoke your consent or opt out of receiving such communications at any time by contacting us at info@ideacy.net or by using the unsubscribe link provided in IDEA Newsletter and in our communications, where applicable.
For more information about your rights and how we handle personal data, please refer to the other sections of this Privacy Policy or contact us directly.
- Collection and Use of personal data
6.1. IDEA collects and processes different types of personal data that you provide directly or indirectly through a person authorised by you, or via alternative channels of communication such as our Website, in a number of ways which include the following:
- To subscribe to the IDEA Newsletter, your email address will be requested. Your personal data is provided by filling in and submitting the relevant online form.
- For your registration on the Website, the subsequent application for participation in the IDEA program, and the implementation of the IDEA Program - To register on the Website and apply for the IDEA Program or any other necessary form for the implementation of the IDEA program, you will be asked to provide personal data, including your full name, e-mail address, telephone number, address, date of birth and ID number. Additionally, you may be required to provide information such as your country of residence, student status, names of founders or team members, and your business plan, as part of the application process. This data is provided through the registration process on the Website and by completing and submitting the online application form
- Personal data is collected automatically from the Website
When you visit and interact with the Website, certain information may be collected automatically, such as:
- The Internet Protocol (IP) address of your computer.
- The type of browser and operating system.
- Information collected through HTML cookies.
- When you contact IDEA by phone or email we will collect your full name, e-mail address, telephone number, company/ organisation and position, to respond to your inquiries, provide support and maintain communication.
- When you register to become a mentor or trainer with the IDEA Program, we will collect your full name, email address, telephone number, LinkedIn profile, company name, industry sector, profile photo, and CV, in order to verify your identity and qualifications and to facilitate your participation in the IDEA Program as a mentor or trainer.
- To register for seminars and webinars we will collect your full name, e-mail address, telephone number, company/ organisation and position, to manage your registration and participation.
- To attend meetings, training sessions, mentoring or consultancy sessions or other events IDEA hosts, we will collect your full name, e-mail address, telephone number, company/ organisation and position, to track attendance, manage logistics and send relevant event material.
- For corresponding with and/or contacting you and/or fulfilling your requests such as to deliver information and documents.
- For compliance with our legal and/or regulatory obligations.
6.2. IDEA also collects and processes personal data which we lawfully obtain from other third parties.
From publicly accessible sources such as public/commercial registers, the internet, the Press/ Media, the Registrar of Companies, the Bankruptcy Archive.
From social and professional networking sites – If you register or login to our website using social media (e.g. Facebook, Instagram, X, LinkedIn). Such information may include your full name and email address and any additional details about you depending on your privacy settings.
6.3. IDEA collects and processes personal data solely for the purposes mentioned above and only to the extent strictly necessary to effectively serve those purposes.
- The legal basis for our processing of personal data
The legal basis on which we process your personal data is as follows:
- Υou have given your consent to the processing of your personal data for one or more purposes
- Otherwise, we will process your personal data where the processing is necessary:
- for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into such a contract;
- for compliance with a legal obligation to which we are subject; or
- for the purposes of the legitimate interests pursued by us or another person, provided that this will only be in circumstances in which those legitimate interests are not overridden by your interests or fundamental rights and freedoms which require protection of personal data.
- Failure to collect personal data
If you fail to provide certain information when requested, IDEA may not be able to assess and/or process your application or request. In such cases, IDEA may decide not to proceed with establishing a relationship with you.
- Change of purpose
IDEA will only use personal data for the purposes for which it collected it, unless it reasonably considers that it needs to use it for another reason and that reason is compatible with the original purpose. If IDEA needs to use personal data for an unrelated purpose, it shall notify you in advance and explain the legal basis which allows it to do so.
IDEA may process personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
- Where we process your personal data
We normally process personal data only in Cyprus or elsewhere in the EU.
- Data Retention
Personal data is stored securely on IDEA’s servers, with access limited to authorized personnel Such data shall only be processed and retained for the time necessary to achieve the purposes for which it was originally collected, including internal audit requirements, after which it will be deleted in a secure manner, except to the extent that it is necessary for us to continue to process it for the purpose of compliance with legal obligations to which we are subject or for another legitimate and lawful purpose in accordance with the GDPR and other applicable laws.
Data collected from teams that have participated in the Idea program may be retained as part of our Alumni network. This data may be used to share relevant information and invitations about alumni events, networking opportunities, IDEA program updates and other related initiatives. You may opt out of receiving such communication at any time contacting us as outlined in Section 2 or by using the opt-out links provided in the relevant communication.
In case of rejected or withdrawn applications for participation in the IDEA program, personal data will be retained for a period of six (6) months from the date of notification of rejection and/or withdrawal, after which it will be securely deleted, unless continued retention is necessary for legal or regulatory reasons, in accordance with the relevant legislative provisions.
- Security of personal data
The personal data processing process by IDEA is conducted in a way that ensures its confidentiality, integrity and availability. IDEA in accordance with GDPR implements appropriate technical and organizational security measures, follows rules and other procedures to protect your personal data against unauthorized or unlawful processing, against accidental or unlawful loss, alteration, destruction or damage and unauthorized disclosure of, or access to personal data transmitted, stored or otherwise processed.
It is, however, your responsibility to ensure that your computer is sufficiently secure and protected from malicious software. You should be aware that without sufficient security measures there is a risk that the data and codes you use to protect access to your data, leak to unauthorized third parties.
All of our employees and data processor, who have access to, and are associated with the processing of personal data, are obliged to respect the confidentiality of your personal data.
IDEA undertakes to deal with any suspected data security breach and will notify you and the Date Protection Commissioner of a suspected breach where it is legally required to do so.
- Recipients of your personal data
The recipients of your personal data are IDEA, Bank of Cyprus, as well as other companies within the Bank of Cyprus Group, trainers, mentors, associates, evaluators, consultants, partner companies in the implementation and promotion of the IDEA program and the relevant applications, as well as service providers who perform services on our behalf (e.g. hosting, analytics, marketing), our auditors and accountants, legal advisors and other professional advisors. IDEA requires third parties to respect the security of the personal data and to treat it in accordance with GDPR.
IDEA reserves the right to disclose information concerning you if the legislation introduces a corresponding obligation or if such notification is required by governmental / state bodies or other administrative / regulatory authorities.
- Personal Data Sharing
IDEA may have to share personal data with third parties, including third-party service providers and other entities. In such case, IDEA requires third parties to respect the security of the personal data and to treat it in accordance with the GDPR.
In accordance with the GDPR, IDEA shall only transfer personal data outside the European Economic Area (EEA), if one of the following conditions are applicable:
- if an Adequacy Decision is in place for that third country or territory, or
- if appropriate safeguards are in place either through the medium of binding corporate rules, standard contractual clauses, or through the adherence to a code of conduct or certification mechanism.
- In case of absence of the above, IDEA may transfer personal data to countries outside the EEA if this is necessary for the performance of the agreement between the data subject and IDEA or the data subject has consented to the proposed transfer, after having been informed of the possible risks associated with such transfer due to the absence of an adequacy decision and appropriate safeguards, or the transfer is necessary for important reasons of public interest or for the establishment, exercise or defence of legal claims, or to protect the vital interests of the data subject or of other persons, where the data subject is physically or legally incapable of giving consent.
- Automated decision-making and profiling
IDEA does not engage in any automated decision-making, including profiling.
- Your data protection rights
Under certain circumstances and pursuant to the GDPR, you have certain rights in relation to the personal data we hold about you:
These include your right to:
Access - be informed whether or not your personal data are or has been processed. If this is the case, you are entitled to access the personal data being processed and request a copy of your personal data that we hold about you.
Correction - correct and update any personal data we hold about you if you believe it contains incorrect or incomplete information about you.
Erasure (“right to be forgotten”) - request erasure of personal data we hold about you in some circumstances such as where your personal data is no longer necessary in relation to the specific purpose for which it was originally collected, where your consent is withdrawn, if such consent was used as a legal basis, where you object to the processing or where deletion is required by law, and there is no overriding legitimate interest for continuing the processing.
Right to withdraw consent - withdraw your consent at any time, where we are processing personal data relating to you based on your prior consent to that processing.
Right to object - object to the processing of personal information we hold about you, when we are relying on a legitimate interest ground to process your personal data except if we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms.
Right to Object to Direct Marketing - You also have the right to object to our use of your personal data for direct marketing purposes.
Restriction –request the restriction of processing of your personal data in certain circumstances such as where you contest the accuracy of that personal data or when the processing is unlawful, but you do not want your personal data to be erased, you object to its processing, provided that such request may not be overridden on legitimate grounds
Data Portability - to request to receive a copy of your personal data we hold about you in a structured and commonly used format and transmit that personal data directly to other organizations if it is technically feasible.
- Collection and use of minors’ personal data
IDEA understands the importance of protecting the privacy of minors. The ability to subscribe to the IDEA Newsletter and the IDEA program is only for people over the age of 18. We do not knowingly collect personal data from minors under the age of 18.
If it is found that any personal information collected from a minor under 18 without a verifiable parental consent has been collected, this information will be deleted as soon as possible. If you believe information may have been collected from a minor under the age of 18, please inform us at info@ideacy.net; and we will endeavour to delete that information from our databases.
- Cookies
IDEA, in order to ensure the proper functioning of the Website, uses cookies. A notification is being shown when you visit the Website. By accepting cookies, you consent to the collection of your information with purpose of improving your browsing experiences with our Website.
For more information on using cookies by IDEA, see Cookies policy.
- Linking to third-party sites
This Privacy Policy does not cover the links within this Website linking to other websites. Those links are not governed by this Privacy Policy and IDEA has not reviewed these third-party websites and does not control and is not responsible for any of these websites or their content or their privacy policy.
If you decide to access any of the third-party websites linked to this Website, you should be informed about the protection of your data on these websites.
- Complaints
If you have any questions or complaints about this Privacy Policy or believe that your personal data has been processed in a way that does not meet the GDPR, you may contact us at:
Address: 36 Lykourgou Street, Nicosia 1011, Cyprus
Tel: + 357 22 128144 / + 357 22 128260 / + 357 22 128261 / + 357 22 127405
Email: info@ideacy.net
You have also a right to file a complaint with the Data Protection Commissioner (the relevant supervisory authority in Cyprus)
Office of the Commissioner for Personal Data Protection
Address: Iasonos 1, 1082 Nicosia
Tel: +357 22818456
Fax: +357 22304565
You may find out on their website how to submit a complaint. (http://www.dataprotection.gov.cy)
- Amendments or Updates to the Privacy Policy
IDEA reserves the right to amend and/or update this Privacy Policy from time to time by posting on its Website an updated version of this policy. The revised version will be effective as of the time it is posted.
This policy was last revised on 6th October 2025