Privacy Policy

Introduction

Eratosthenes Centre of Excellence (‘ECoE’, ‘We’, ‘us’) is a limited liability company by guarantee without share capital, incorporated in Cyprus under company number HE407515 and is located at 82 Franklin Roosevelt street, Ayios Ioannis, Limassol 3012 Cyprus. ECoE is strongly committed to privacy and confidentiality issues entrusted to it.

This Privacy Policy describes how we collect and use your personal data, and it applies to personal data provided to us, directly by you or by others. We may use your personal data provided to us only for the purposes described in this Privacy Policy.

This Privacy Policy applies to individuals who are current or prospective applicants, you acknowledge and agree that we will process it in accordance with the terms set out in this Policy. The term “processing” refers to any action performed on your personal data, including but not limited to collection, registration, organization, structuring, storage, adaptation, modification, retrieval, consultation, use, transmission, dissemination, disposal, alignment, combination, restriction, erasure, or destruction. ECoE processes your personal data for numerous purposes, and the means of collection, lawful basis of processing, use, disclosure, and retention periods for each purpose may differ.

When collecting and using your personal data, our policy is to be transparent about why and how we process personal data. If you require further details on how we process your personal data, you may contact our Data Protection Officer via email at theofilos.antoniou@eratosthenes.org.cy.

Collection and processing of personal data

During the execution and/or performance of our scope to handle and/or manage the incubation for the business incubation of start-ups on behalf of the Deputy Ministry of Research, Innovation and Digital Policy (hereinafter “our Scope” and/or “our Services”), we collect and process personal data from various sources, so as to be able to provide our Services and to comply with laws and regulations applicable to us. We may collect personal data either directly from you or from other sources. Direct collection occurs, for example, when you apply for our Services, submit a curriculum vitae (CV), submit a business plan, make an inquiry, request, or complaint, or interact with us through our website or electronic forms. It also includes instances where you complete personal details submission forms or engage with us through personal communication. Additionally, we may obtain personal data from third parties or other external sources, particularly in the context of examining your applications. These sources may include your intermediaries, agents and/or representatives, public sources i.e. social media, world compliance, websites, publicly accessible databases, government departments, regulatory authorities, credit institutions, media outlets, press publications etc. We may also receive information from former employers listed in your CV or reference letters, clients, business partners, or other entities that introduce you to us. Furthermore, data may be collected through cookies and similar technologies, participation in events organized by ECoE, as well as through correspondence by phone, fax, email, website interactions, or photographic evidence.

In order to fulfill our Scope, we may receive information from legal entities. The information of such entities is not personal data. However, whilst we are processing information of a legal entity, we may collect personal data of individuals who are connected with this entity such as personnel, representatives, officials, associates, beneficial owners, signatories, proxies, counterparties, customers or perspective customers and others which in any way are related to this entity. In this respect, we collect various categories of personal data depending on the specific service we’ve been engaged in providing. In any case we collect personal data which is adequate, relevant and limited to what is necessary for the purposes for which they are processed.

We also may collect your personal data during your visit to our website, the Internet Protocol (IP) address, browser type and version, device type, time zone setting, browser plug-in types and versions, operating system and platform. To learn more about our use of cookies or similar technology please check our cookies policy here.

We collect and process a wide range of personal data due to the diverse nature of our Scope and the variety of applications we receive. This includes core identification and contact information such as full name, date of birth, nationality, ID or passport number, home address, email, phone number, occupation, CVs, social insurance number and country of residence. In the context of examining the applications, we also collect case-specific data and other information you voluntarily provide to us, either directly or through electronic means including but not limited to business plan, incubation proposal, cover letter and requirements checklist, space connection self-assessment, De minimis Aid Declaration, letters of support or MoUs, supporting documents set, excel file for the swot, risk assessment, profit & loss, incubation time plan, funding tasks and/or any other documents related to incubation/ application/ evaluation/ operation of our Scope. Additionally, we may process publicly available information obtained through media, registries, or public authorities, as necessary to fulfill our obligations and responsibilities.

In the course of our operations, we may also collect data relating to your employment, academic, and professional background. This includes academic degrees, training certificates, seminar participation records, CV contents, and performance evaluations.

In cases where required by law or the nature of the position, we may also process sensitive information such as health data or a criminal record, ensuring all data is handled in accordance with legal obligations and best practices.

Use of personal data

We will only collect and use your personal data to achieve the purposes outlined in this Privacy Policy and only when permitted by law.

Most commonly, we will collect, use, and process your personal data in the following circumstances:

  • when you or your organization submit an application to us;
  • when a third-party entity engages us and you hold an office in, have an interest in, or a relationship with that entity;
  • when you or your organization provide services to us; and when we are required to
  • comply with legal obligations, including obligations arising from anti-money laundering and terrorist financing legislation.

Your personal data may also be processed internally by our employees and associates to ensure effective service delivery.

We may use your data to communicate with you, enhance our services and products, and, subject to your consent where required, for promotional, marketing, and advertising purposes tailored to your preferences.

Furthermore, we may process your data to comply with applicable national and EU laws, directives, court rulings, and regulatory guidelines; for the detection, investigation, and prevention of crimes including fraud and money laundering; for the assessment and management of legal or commercial risks; to protect our business operations, legal rights, property, or safety—and that of our clients, associates, and third parties; and to enforce our terms, pursue recovery actions, and mitigate potential damages.

Personal data we receive from you about other people

Where you provide us with the personal data of other people, such as your employees, directors of your companies, or other persons you may have dealings with, you must ensure that you are entitled to do so and furthermore that, without being required to take further steps, we can collect, use and disclose that data in the manner described in this Policy. More specifically, you must ensure that the individual whose personal data you are sharing with us is aware of the matters discussed in this Privacy Policy, as these are relevant to that individual, including our identity, how to get in touch with us, the purposes for which we collect data, our disclosure practices, and the rights of the individual in relation to our holding of the data.

Data retention

We maintain and store your personal data processed by us, for as long as it is considered necessary for the purpose for which it was collected as required by applicable law or regulation.

  • For applications which have been unsuccessful, data will be kept for a further period of two (2) years
  • For applications which have been successful, data will be kept for a further period of five (5) years, following the full completion of the incubation.

Security

We have implemented generally accepted standards of technology and operational security in order to protect personally identifiable data and information from loss, misuse, alteration or destruction. Only specifically authorized personnel of ECoE are provided access to personally identifiable information and these employees have expressly agreed to ensure confidentiality of this information.

When and how we disclosure your personal data?

We only disclose your personal data when necessary and in accordance with this Privacy Policy. The employees and/or associates of ECoE responsible for the performance and/or evaluation of the Scope will access the necessary data, and where required, your personal data may be shared with third parties in order to fulfill the requested service.

Such third parties may include:

  • Collaborators and/or mentors and/or associates that are responsible for the examination and/or evaluation of the application on behalf of ECoE.
  • Government and/or regulatory bodies and/or local authorities, including but not limited to the Deputy Ministry of Research, Innovation and Digital Policy, Ministry of Finance, Registrar of Companies and Official Receiver, Social Insurance Department, Tax Department, Human Resources Development Authority.
  • Any other professionals and/or experts that are necessary for the performance of our Scope, following the successful examination of your application and the necessity for the following funding of the start-up.

We may also disclose personal data:

  • Where required by law or in connection with legal proceedings, or in order to exercise or defend our legal rights;
  • Upon your explicit consent or following your instructions;
  • To third parties involved in a business transfer, such as a merger, acquisition, reorganization, or sale of assets. In such cases, we will notify you before your data is transferred and becomes subject to a different privacy policy;
  • To any third party to whom we assign or novate our rights or obligations.

In each case of data transmission, we ensure that only the minimum necessary information is shared, and only for lawful and legitimate purposes. All third parties are contractually bound to adhere to the provisions of the General Data Protection Regulation (GDPR).

Where your personal data needs to be transferred outside the European Union to jurisdictions that do not provide adequate levels of data protection, we commit to implementing appropriate safeguards, including standard contractual clauses, to ensure your data remains protected.

Your Rights under the General Data Protection Regulation (GDPR)

Under the General Data Protection Regulation, you have specific rights regarding the processing of your personal data. Our Firm has developed a mechanism to ensure that requests relating to your personal data are handled effectively. Please note that some of the rights listed below may not apply in all circumstances.

  • Right of Access: You have the right to request access to the personal data we hold about you. Upon request, and provided we maintain your data in electronic format, you may receive a copy of your personal data.
  • Right to Rectification: You have the right to request the correction or completion of inaccurate or incomplete personal data we hold about you. Supporting documentation may be required in such cases.
  • Right to Erasure (“Right to be Forgotten”): You may request the deletion of your personal data without undue delay, especially where the data is no longer necessary for the purposes for which it was collected. Please note that data will be deleted in accordance with our data erasure policy and applicable legal obligations.
  • Right to Restriction of Processing: You can request the restriction of processing of your personal data if its accuracy is contested, if processing is unlawful, or if the data is no longer needed by us but you require it for legal claims.
  • Right to Object: You may object at any time to the processing of your personal data. In such a case, we will cease processing unless there are compelling legitimate grounds or the data is needed for the establishment, exercise, or defense of legal claims.
  • Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to request the transfer of such data to another controller.
  • Right to Withdraw Consent: If the processing of your data is based on your consent, you have the right to withdraw that consent at any time. This will not affect the lawfulness of any processing carried out before the withdrawal. However, withdrawing your consent may affect the services we are able to provide.
  • Right to Lodge a Complaint: If you believe your rights have been violated or are dissatisfied with the outcome of a request, you may lodge a complaint with the Commissioner for the Protection of Personal Data in Cyprus by using the following details:

Office of the Commissioner for the Protection of Personal Data
1 Iasonos Street, 2nd Floor, 1082 Nicosia
P.O. Box 23378, 1682 Nicosia
Tel.: +357 22818456
Email: commissioner@dataprotection.gov.cy

To exercise any of the rights listed above, or if you have any questions or require further clarification about your rights, please contact our Data Protection Officer:

Email: theofilos.antoniou@eratosthenes.org.cy
Tel: +357 25002908
Postal Address: 82 Franklin Roosevelt street, Ayios Ioannis, Limassol 3012 Cyprus, Attn: Data Protection Officer.

Changes to this privacy statement

Our ongoing responsibility to transparency requires us to keep this privacy notice updated through regular review.

This privacy notice was last updated on 07th day of July 2025.

Contact

info@spacebic.cy
+35725002908
82 Franklin Roosevelt, 3012, Lemesos, Cyprus

Social Media

Apply Now

ERATOSTHENES Centre of Excellence is supported and funded from the Cyprus Deputy Ministry of Research, Innovation and Digital Policy (DMRID).

Copyright © 2025 Space BIC | Cookie Policy | Privacy Policy | Web design by Socialway