Privacy Policy
Last Updated: September 2025
Canvas Arts is committed to protecting your privacy and personal data. This policy explains how we collect, use, and safeguard your information when you visit our website or enroll in our graphic design courses.
We respect your privacy rights and comply with applicable data protection laws including the General Data Protection Regulation (GDPR) and Cyprus national privacy legislation. This policy covers all personal data processing activities related to our educational services and website operations.
If you have questions about this privacy policy or our data practices, please contact our privacy team at privacy@domain.com.
Information We Collect
Personal Information You Provide
Contact Information
- Full name and preferred name
- Email address
- Phone number
- Mailing address
- Emergency contact details
Course Enrollment Data
- Course preferences and selections
- Educational background and experience
- Professional goals and interests
- Portfolio submissions and creative work
- Payment and billing information
Communication Records
- Messages sent through contact forms
- Email correspondence with staff
- Phone call records and notes
- Course feedback and evaluations
- Support tickets and inquiries
Information Collected Automatically
Usage Data
- IP address and geographic location
- Browser type and version
- Operating system and device information
- Pages visited and time spent on site
- Referral sources and exit pages
- Search terms and navigation patterns
Technical Information
- Cookies and tracking technologies
- Session identifiers and authentication tokens
- Error logs and performance metrics
- Security monitoring data
- Website interaction analytics
Legal Basis for Data Processing
We process your personal data based on the following legal grounds under GDPR:
Consent
- Marketing communications and newsletters
- Optional cookies and tracking
- Photography and promotional materials
- Alumni network participation
Contract Performance
- Course delivery and administration
- Payment processing and billing
- Student support and guidance
- Certificate issuance
Legitimate Interest
- Website security and fraud prevention
- Business analytics and improvements
- Customer service optimization
- Quality assurance monitoring
Legal Obligation
- Tax and financial record keeping
- Educational compliance reporting
- Health and safety requirements
- Anti-money laundering checks
How We Use Your Information
We use your personal data for the following purposes:
Educational Services
- Processing course applications and enrollment
- Delivering graphic design education and training
- Providing student support and academic guidance
- Issuing certificates and credentials
- Managing student portfolios and project work
- Facilitating peer collaboration and networking
Communication and Support
- Responding to inquiries and support requests
- Sending course updates and announcements
- Providing technical assistance and troubleshooting
- Conducting satisfaction surveys and feedback collection
- Sharing relevant industry news and opportunities
Business Operations
- Processing payments and managing billing
- Maintaining accurate student records
- Improving our courses and teaching methods
- Conducting market research and analysis
- Ensuring website security and preventing fraud
- Complying with legal and regulatory requirements
Marketing and Outreach (With Consent)
- Sending promotional materials about new courses
- Sharing success stories and student achievements
- Inviting participation in events and workshops
- Building alumni community and networks
- Personalizing website content and recommendations
Data Retention Periods
We retain your personal data only as long as necessary for the purposes outlined in this policy:
| Data Type | Retention Period | Reason |
|---|---|---|
| Contact form submissions | 3 years | Customer service and follow-up |
| Student enrollment records | 7 years | Educational compliance and certification |
| Course completion certificates | Permanently | Professional credential verification |
| Financial and payment records | 7 years | Tax and accounting requirements |
| Marketing consent records | Until consent withdrawn | GDPR compliance demonstration |
| Website analytics data | 24 months | Business analysis and improvement |
| Alumni network data | Until opt-out requested | Ongoing professional development |
When retention periods expire, we securely delete or anonymize your personal data unless legal obligations require longer retention.
Data Protection and Security
We implement comprehensive security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction:
Technical Safeguards
- SSL/TLS encryption for data transmission
- Encrypted database storage systems
- Regular security audits and penetration testing
- Firewall protection and intrusion detection
- Secure backup and disaster recovery systems
- Multi-factor authentication for staff access
- Regular software updates and security patches
Administrative Controls
- Access controls based on job requirements
- Staff training on data protection procedures
- Confidentiality agreements for all personnel
- Incident response and breach notification protocols
- Regular review of data handling practices
- Third-party vendor security assessments
- Privacy impact assessments for new systems
Data Breach Notification
In the unlikely event of a data breach that may pose risks to your privacy, we will notify you and relevant authorities within 72 hours as required by law.
Your Privacy Rights
Under GDPR and Cyprus data protection law, you have the following rights regarding your personal data:
Right to Access
Request a copy of all personal data we hold about you, including details about how it's processed.
Right to Rectification
Request correction of inaccurate or incomplete personal data in our records.
Right to Erasure
Request deletion of your personal data when no longer necessary for original purposes.
Right to Restrict Processing
Limit how we use your data while disputes about accuracy or legitimacy are resolved.
Right to Data Portability
Receive your data in machine-readable format or transfer it to another organization.
Right to Object
Object to processing based on legitimate interests or for direct marketing purposes.
Right to Withdraw Consent
Withdraw previously given consent for data processing at any time.
Right to Lodge Complaints
File complaints with data protection authorities if you believe your rights have been violated.
How to Exercise Your Rights
To exercise any of these rights, contact our privacy team at privacy@domain.com or call +357 24 829461. We will respond to your request within 30 days.
International Data Transfers
Some of our service providers may be located outside the European Economic Area (EEA). When we transfer your data internationally, we ensure appropriate safeguards are in place:
Transfer Mechanisms
- Adequacy decisions by the European Commission
- Standard Contractual Clauses (SCCs)
- Binding Corporate Rules for multinational companies
- Certification schemes and codes of conduct
- Explicit consent for specific transfers
Third-Party Services
- Google Analytics (USA - adequacy framework)
- Adobe Creative Cloud (USA - adequacy framework)
- Payment processors (various - SCCs in place)
- Email service providers (EU-based servers)
- Cloud storage services (EU-based data centers)
We regularly review our international transfer arrangements to ensure continued compliance with data protection requirements.
Contact Us About Privacy
If you have questions about this privacy policy, wish to exercise your data protection rights, or need assistance with privacy matters, please contact us:
Privacy Team
6017 Larnaca, Cyprus
Supervisory Authority
If you believe we have not addressed your privacy concerns adequately, you may lodge a complaint with:
Commissioner for Personal Data Protection
Republic of Cyprus
Email: commissioner@dataprotection.gov.cy
Phone: +357 22 818 456