GuardAI Privacy Policy
of www.kios.ucy.ac.cy/guardai
(hereinafter: “Policy”)
Last updated: July 3, 2025
UNIVERSITY OF CYPRUS (PIC 999835843), having its registered office at AVENUE PANEPISTIMIOU 2109 AGLANTZIA, NICOSIA 1678, Cyprus, is the Data Controller (hereinafter: “us”, “we”, “our”) operating the website www.kios.ucy.ac.cy/guardai (hereinafter: “Website”).
This GuardAI Privacy Policy of the Website (hereinafter “Policy”) is a legal statement that specifies what, how and for which purposes we process Personal Data (as defined below) collected from individuals using this Website (hereinafter “you”, “your”). In this Policy we provide information about who we are, the nature, scope and purposes of the collection and processing of your Personal Data.
By using the Website (including filling out and submitting the “Contact us” form), you acknowledge the collection, processing, and potential disclosure of your Personal Data in accordance with this Policy.
1. Personal Data Collected, Purpose, Legal Basis and Retention Period
“Personal Data” is defined as any information that directly, indirectly, or in connection with other information (including a personal identification number) allows for the identification or identifiability of a natural person in accordance with the GDPR.
The following table outlines the types of data, including Personal Data, that may be collected, the corresponding processing activities, purposes, legal bases, and retention periods:
| Processing Activity | (Personal) Data Category | Purpose | Legal basis | Retention period | Data Controller |
|---|---|---|---|---|---|
| Functioning and security of the Website | IP Address | Monitor for malicious activity and report when necessary | Legitimate Interest Article 6(1)(f) GDPR | One month as of the date of collection | University Of Cyprus |
| Contact form | Name, email, name of the organization | Communication with you | Legitimate Interest Article 6(1)(f) GDPR | Until project end (October 2027, unless extended) | University Of Cyprus |
| Website analytics (Jetpack Stats plugin) | IP address (temporarily), user agent, browser language, referrer URL, visiting URL, country code, timestamp; cookies used for analytics. | Generate anonymized visitor analytics, improve performance and usability of the Website | Legitimate Interest Article 6(1)(f) GDPR; Consent required under the ePrivacy Directive and Article 6(1)(a) GDPR for the use of non-essential cookies | Data is anonymized/aggregated. Stats logs — which may include IP addresses and WordPress.com usernames (if available) — are retained for 28 days solely to power the Jetpack Stats feature. Cookies duration varies—see Automattic’s Cookie Policy. | Aut O’Mattic A8C Ireland Ltd. |
Without prejudice to any provision of this Policy, including your rights as a data subject (as outlined in Section 4 below), Personal Data may be further retained and processed by us solely to the extent necessary to comply with applicable laws and regulations.
2. Personal Data Sharing
We do not share any Personal Data with third parties, except as described in the paragraphs below.
We use Jetpack Stats (“Jetpack”), a third-party website analytics tool provided by Aut O’Mattic A8C Ireland Ltd., headquartered in Dublin, Ireland. For users located in the EU/EEA, including visitors to this Website, Aut O’Mattic A8C Ireland Ltd. acts as the data controller. Certain processing activities may also be carried out by its U.S.-based affiliate, Automattic Inc., which is certified under the EU-U.S. Data Privacy Framework (see here – https://www.dataprivacyframework.gov/list). This certification ensures an adequate level of protection for personal data transferred to the United States in accordance with Article 45 GDPR.
Jetpack Stats collects your information as described in Section 1 above. This may include elements such as IP address, user agent, browser language, referring and visited URLs, and timestamp. Jetpack also tracks page performance metrics, including load times and resource usage, to help optimize plugin functionality. This data is processed exclusively to generate aggregated and anonymized site statistics, and we do not have access to any information in an individually identifiable form.
Jetpack has been configured to honor browser “Do Not Track” (DNT) settings, in accordance with the implementation guidance provided by Jetpack (available here – https://jetpack.com/support/jetpack-stats/jetpack-stats-honor-do-not-track-dnt/). This means that if you have DNT enabled in your browser, your activity (e.g., post and page views) will not be tracked by Jetpack Stats.
If you wish to limit online tracking, you are encouraged to enable the DNT setting in your browser’s privacy preferences. Please note that the effectiveness of DNT depends on your browser’s support and whether the setting is properly configured.
For more information, please refer to Automattic’s Privacy Policy – https://automattic.com/privacy/.
Cookies
This Website uses cookies as part of the Jetpack Stats plugin provided by Aut O’Mattic A8C Ireland Ltd. These cookies are used for analytics purposes, such as measuring website performance and usage patterns. Some cookies listed in Automattic’s Cookie Policy are not applicable to our Website (e.g., those related to commenting functionality, which is not enabled).
In compliance with the GDPR and ePrivacy Directive, a cookie banner has been implemented to inform you about the use of such cookies and to obtain your consent where required.
The cookie banner allows you to accept or reject non-essential cookies and to manage preferences by cookie category. Cookies used by Jetpack Stats are only activated after consent is provided. For more information, please refer to Automattic’s Cookie Policy – https://automattic.com/cookies/.
3. Security of the Personal Data
We securely store your Personal Data at the servers located at our premises in Cyprus. We take appropriate security measures to prevent unauthorized access, disclosure, modification, or unauthorized destruction of the Personal Data. The Personal Data processing is carried out using computers and/or IT enabled tools, following organizational procedures and modes strictly related to the purposes indicated in Section 1 above.
Organisational measures
- Data Quality: We exercise due diligence to correct or delete inaccurate, incomplete, irrelevant, or prohibited Personal Data, and also to keep your Personal Data up to date.
- Confidentiality: We ensure that only authorised and specially trained persons have access to and can process the Personal Data that you have provided. In addition to us, our authorized employees, including IT system administrators responsible for the operation and maintenance of this Website and researchers with the necessary expertise to respond to your inquiries, may have access to Personal Data. Such access is granted only as necessary and is subject to confidentiality obligations and compliance with applicable data protection regulations.
- Security: For the security of your Personal Data, we have put in place appropriate technical and organisational measures against the accidental or unauthorised destruction, loss, modification, access, and any other unauthorised processing of the information collected through the Website. These measures align with the University of Cyprus’ internal security policies. While we cannot publicly disclose specific technical details for security reasons, we confirm that the safeguards in place meet the requirements of Article 32 of the GDPR.
4. Your rights
You may exercise certain rights regarding your Personal Data processed by us in accordance with the GDPR.
In particular, you have the right to do the following:
- Right to withdraw (Article 7(3) GDPR): You have the right to withdraw consent at any time where you have previously given your consent to the processing of your Personal Data.
- Right to object (Article 21 GDPR): You have the right to object to the processing of your Personal Data if the processing is carried out on a legal basis other than consent.
- Right to access (Article 15 GDPR): You have the right to learn if your Personal Data is being processed by us, obtain disclosure regarding certain aspects of the processing and obtain a copy of the Personal Data undergoing processing.
- Right to rectification (Article 16 GDPR): You have the right to verify the accuracy of your Personal Data and ask for it to be updated or corrected.
- Right to restrict the processing (Article 18 GDPR): You have the right, under certain circumstances, to restrict the processing of your Personal Data. In this case, we will not process your Personal Data for any purpose other than storing it.
- Right to erasure (Article 17 GDPR): You have the right, under certain circumstances, to obtain the erasure (delete or remove) your Personal Data from us.
- Right to lodge a complaint: You have the right to bring a claim before the competent data protection authority at the Office of the Commissioner for Personal Data Protection in Cyprus:
Address: Iasonos 1, 1082 Nicosia Cyprus or P.O. Box 23378, 1682 Nicosia Cyprus
Telephone: +357 22818456
Fax: +357 22304565
Email: commissioner[at]dataprotection.gov.cy
5. How to exercise these rights
Any requests to exercise your rights can be directed to us by mail or email through the following contact details:
Address: 1 Panepistimiou Avenue, 2109 Aglantzia, Nicosia
Email: kios[at]ucy.ac.cy
DPO of the University of Cyprus: Ms. Chrysso Agapiou, Accountant 1st
DPO email: dpo[at]ucy.ac.cy
Personal email: agapiou.chrysso[at]ucy.ac.cy
Tel.: +357 22894361 | Fax: +357 22894469
6. Legal information, Policy Updates, and Links to other sites
This Policy has been prepared in accordance with various legal provisions, including Articles 13 and 14 of Regulation (EU) 2016/679 (General Data Protection Regulation) and relates solely to this Website, unless otherwise stated in this document.
The Website uses Jetpack Stats, a service provided by Aut O’Mattic A8C Ireland Ltd., based in Dublin, Ireland. Certain processing may also be carried out by its U.S.-based affiliate, Automattic Inc., which is certified under the EU-U.S. Data Privacy Framework. For more information, see Automattic’s Privacy Policy.
6.1 Policy Updates
We reserve the right to make changes to this Policy at any time by giving notice to you on this page and, where appropriate, within the Website. It is strongly recommended to check this page regularly, and to refer to the date of the last modification listed at the top of this Policy.
Links to Other Sites
Our Website may contain links to third-party websites that are not operated by us. If you click on a third-party link, you will be directed to that party’s site. We strongly encourage you to review the privacy policy of every site you visit. Please note that we have no control over, and assume no responsibility for, the content, privacy policies, or practices of any third-party websites or services.
7. Contact Us
If you have any questions about this Policy or identify any misuse of your Personal Data and/or any violation in respect of your Personal Data provided to us, please contact our DPO (as listed above) and/or reach out to us directly at:
Address: 1 Panepistimiou Avenue, 2109 Aglantzia, Nicosia
Phone number: +357 22 893 450
Fax number: +357 22 893 455
Email: kios[at]ucy.ac.cy