Privacy policy

C People (the “Company”) is committed to protecting privacy and making sure that any personal data it collects are processed in accordance with the EU General Data Protection Regulation (the “GDPR”) and applicable Cyprus laws and regulations.

This Privacy Policy describes how the Company may collect, use, store and/or otherwise process personal data of clients.

References in this policy to "we", "us" and "our" are references to the Company. References to "you" and "your" are to the individual/s who is/are providing personal data to us.

We may amend or update this Privacy Policy from time to time. All amendments or updates will be communicated to you via email and/or in any other appropriate communication or document exchanged between us.

When we Collect Personal Data

Personal data may be collected by the Company in a number of circumstances, including:

• when you contact us to seek services from us;

• when we provide services to you

• when you make an enquiry by email;

• when you offer to provide or provide goods or services to us;

If you choose to withhold any personal data requested by us on any of the above-mentioned circumstances, it may not be possible for us to respond to your query, or offer the services requested.

Types of Personal Data We Collect

We may collect the following categories of personal data:

• Identification data: name, date of birth, contact details, ID/ Passport numbers, tax and social insurance numbers

• Employment data: contracts, work permits and visa information (where applicable), CVs, qualifications, academic records, training records and certifications, employment status (i.e. full-time, part time, contractor), job titles, payroll records, performance review and appraisal records, leave and absence,  benefits information (i.e. pension, health insurance, vehicle allowance), overtime and shift records, disciplinary and grievance history (where relevant), emergency contact details  

• Financial data: salary, allowances, bonuses, commissions, benefits, pensions and related data

• Health and diversity data (only where legally permitted and necessary): medical records, ethnicity, gender, disability status, trade union memberships

• Data necessarily processed in a project or client contractual relationship with the Company or voluntarily provided by you, such as instructions given and/or requests that you address to us.

• Visits. Details of your visits to our premises.

Purposes and Legal Bases for the Processing of Personal Data

The Company processes personal data only where there is a lawful basis under the GDPR. The main purposes and legal bases are as follows:

• Performance of a contract (Art. 6(1)(b) GDPR): providing HR advisory services, responding to requests, or taking steps at your request before entering into a contract.

• Compliance with legal obligations (Art. 6(1)(c) GDPR): payroll, tax, social security, and other legal and regulatory obligations.

• Legitimate interests (Art. 6(1)(f) GDPR): internal administration, IT and network security, prevention of fraud, and exercise or defence of legal claims. These interests are not overridden by your rights and freedoms.

• Consent (Art. 6(1)(a) GDPR): where you have opted in to receive newsletters, briefings, or marketing. You may withdraw consent at any time.

Processing of Special Categories of Personal Data

In certain circumstances, the Company may process special categories of data (Art. 9 GDPR), such as health data, trade union membership, or diversity information. Such processing will only take place where:

• necessary to carry out obligations and exercise rights in the field of employment, social security and social protection law;

• necessary for the establishment, exercise or defence of legal claims;

• your explicit consent has been provided for specific purposes.

• We apply enhanced safeguards to protect such data, including limiting access, confidentiality obligations, and, where appropriate, pseudonymisation.

Sharing Your Personal Data

We will not disclose your personal data, except:

• to third parties who provide services on our behalf, e.g. third parties providing survey platforms, HRMIS Systems or quantitative/ qualitative analysis professionals and/or document management services;

• to our sub-contractors, which may include:

o IT and Infrastructure Providers – such as website hosting, cloud storage, data backup, and technical support.

o Communication and Productivity Tool Providers – including email, video conferencing, and e-signature platforms.

o Recruitment and Talent Platforms – such as applicant tracking systems, online job boards, candidate databases, and assessment or psychometric tool providers.

o HR and Payroll Service Providers – where we provide outsourcing support, this may include payroll processors and HR information system vendors.

o Professional Advisors – including legal, accounting, and auditing professionals engaged under confidentiality obligations.

o Marketing and Branding Support Providers – such as website developers, analytics, and communication platforms used to manage our online presence.

• where we are required to do so by law or where it is necessary for the purpose of, or in connection with, legal proceedings or in order to exercise or defend legal rights;

• upon your instructions or your expressed consent.

We may also share your personal data with any third party to whom we assign or novate any of our business, rights or obligations. In such case, we will contractually require such third party to process your data in accordance with this privacy policy and applicable data protection legislation.

Personal data about other individuals which you provide to us

If you provide us with personal data about another individual (i.e. Your employees), you must ensure that you are entitled to share that data to us. You must also ensure that you have provided the relevant individuals of all mandatory data privacy notifications and information under the GDPR and applicable legislation and regulations, to include a notification as to their legal rights as data subjects.  By providing such data, you confirm that you have informed the individuals of the contents of the present Privacy Policy, as it relates to them.

International Transfers of Personal Data

Your personal data is processed within the European Economic Area (EEA).

Retention of Personal Data

The Company will generally retain personal data for the period necessary to fulfil the purposes for which it was originally collected and thereafter as required or permitted by law or as is necessary in order for the Company to be able to defend, respond to or conduct prospective or actual legal claims or proceedings.

For example:

• Client data shall generally be retained for the duration of their business relationship with the Company and thereafter for a further period of (6) six years.

• Personal data in the context of other contractual relations or dealings with you shall be retained for the duration of our contractual relationship or dealings and thereafter for a further period of (6) six years.  

• Payroll and tax data: retained as required by law

• Health and safety records: retained as required by law,

Security and Confidentiality of your Personal Data

We maintain appropriate technical and organisation security measures to protect your personal data against unauthorised or unlawful processing and against accidental loss, destruction or damage.

Whenever any third-party service provider handles or processes your data on our behalf, we require them to do the same.

Automated Decision-Making

We do not use your personal data for automated decision-making, including profiling, that produces legal or significant effects.

Your Rights

You may find below a list of your legal rights insofar as your personal data are concerned. Please note that some of these rights may not be applicable to your situation.

• You have the right to gain access to the personal data that we hold about you or about your employees.

• You have the right of rectification, that is, to request the correction, without undue delay, of any personal data that we hold about you or your employees and are either inaccurate or incomplete.

• You have the right to obtain the erasure of your or your employees’ personal data, without undue delay, provided, amongst others, the personal data in question are no longer necessary in relation to the purposes for which they were collected.

• You have the right to restrict our processing activities or to object to the processing of your or your employees’ personal data.

• You have the right to data portability, that is, to request from us that we send your or your employees’ personal data in a structured, commonly used and machine-readable format, and to transmit those data to another controller.

• If we rely on your consent as our legal basis for the processing of your or your employees’ personal data, you have the right to withdraw that consent at any time.

If you wish to exercise any of your above-mentioned rights or have any questions or comments with regard to this Privacy Policy, you may contact our Data Protection Officer either by email at [email protected] or by post at C People, 1 Lampousas Street, 1095 Nicosia, Cyprus for the attention of the DPO.

In addition to the above, you also have the right to lodge a complaint to the Office of the Commissioner for Personal Data Protection in Cyprus, at the following postal and email address:

15 Kypranoros, Nicosia, 1061

Tel: +357 22818456

Fax: +357 22304565

Email: [email protected]

Why Choose Us
Deep expertise, human-centered methods, measurable outcomes.
Get in Touch
Privacy policy
Quick links
About us
Our services
Careers
Contact us
22779920
9 Lampousas street 1095 Nicosia
[email protected]