Data Processing

DiFens Privacy Policy

What type of data is processed on the platform?

On the DiFens platform we collect and process only data strictly necessary to use the available services. This data is username, e-mail, password, IP address and log files.

Is it mandatory to provide personal data?

Some categories of personal data – e-mail, username, password, are to be provided, so you can register and use the platform. The processing of IP address and log files is also necessary in order for you to use the services available on the platform. However, all fields in your profile that are not marked with * note that the entering of personal data there is not mandatory but up to your own decision.

What is the purpose of data processing on the platform?

All personal data on the DiFens platform is processed for the purpose of supporting potential young entrepreneurs and young entrepreneurs in the challenging task of sustaining and expanding their business ventures by providing useful information and mentoring on the DiFens platform.

Personal data might be processed in an event where a legal dispute occurs.

What is the legal basis for data processing on the platform?

The legal basis for all data processing operations on the platform is performance of a contract. Essentially the DiFens platform offers services in mentoring and provision of guidance on the topics of Digital Security and Social Entrepreneurship. In order to access them by registering the user concludes an electronic contract with the DiFens consortium regulated by the Terms of Use.

The personal data input by the user for registration is processed on the same basis being a part of thesteps at the request of the userbefore concluding the contract – in the DiFens case finalising the registration.

In the event of a legal dispute, the personal data is processed forthe purposes of the legitimate interests of the University of Cyprus.

Who is the data controller?

The data controller of the DiFens platform is University of Cyprus. The data controller can be contacted on the following address:


University House “Anastasios G. Leventis”

1 Panepistimiou Avenue

2109 Aglantzia, Nicosia

P.O. Box 20537, 1678 Nicosia, Cyprus
Tel.: (+357) 22894000

Who can access the data?

The data processed on the DiFens platform is accessed solely by the Admins. When the users initiate and participate the mentoring process, personal data is processed by the other user participating in this process – either as a mentee or mentor.

If you are a mentor on the platform, your personal data is being processed also by any visitor on the platform, as the mentors profiles are public.

There are no transfers of personal data to third countries or international organisations in view of the personal data collected, processed and stored on the DiFens platform.

As the platform is developed under an Erasmus+ project, only anonymised data (statistics) will be provided to the Cypriot National Agency.

Are there any third parties that are involved in the data processing activities on the DiFens platform?

No, only Admins and other Users on the DiFens platform are engaged in data processing.

What is the period for personal data storage on the platform?

The personal data is stored on the DiFens platform as long as the user is registered. After the user account is deleted, all personal data is immediately erased.

For reporting purposes statistical data is kept for 5 years after the project end. The statistical data will not render any of the DiFens platform users identifiable.

Where is the personal data stored?

All personal data processed on the DiFens platform is physically stored on a server located at the University of Cyprus.

What are the rights of the platform users as data subjects?

The DiFens platform user is entitled to the following rights:

  • the right to information – whether personal data about him-/ herself is being processed on the platform.
  • the right to access to his/her personal data processed on the platform;
  • the right to correct and update his/her personal data processed on the platform;
  • the right to request deletion – this right could be exercised in cases where the personal data is no longer necessary, the personal data processing in unlawful, the personal data is collected and processed on the basis of a parental consent;
  • the right to request restriction of the processing of his/her personal data – this right could be exercised where the user has contested the accuracy of the personal data process, where the processing is unlawful, the data is no longer necessary for the purposes of processing by the user requires its storage for the establishment, exercise or defense of legal claims;
  • the right to data portability – essentially to receive the personal data, which he/ she has provided to the University of Cyprus, in a structured, commonly used and machine-readable format and to transmit those data to another controller without hindrance from the University of Cyprus.

How the user can exercise his/ her rights as a data subject?

In order to exercise any of the rights listed above, the user has to send a message to the following e-mail address:

Besides that, any user has the right to submit a complaint to its national data protection authority, if he/ she deems that their data is processed in unlawful way.