PRIVACY POLICY FOR CLIENTS AND/OR PROSPECTIVE CLIENTS AND/OR PARTNERS OF NETINFO PLC 01/05/2019 ver. 1.0
1. INTRODUCTION
1.1. The following Privacy Policy (the “Policy”) governs the protection and processing of your personal data, which are collected, stored and processed by the company NETINFO PLC (“we”, “us”, or “our”) in relation to a person who is a client or potential client who: i) has contacted or will contact us in the future, either directly or through their representative or employer, for the purpose of receiving information or an offer regarding our services; or ii) has previously received or is currently receiving our services, either directly or through their representative or employer (“you”, “client”, “prospective client”, or “data subject”).
1.2. NETINFO PLC is a limited liability company registered in Cyprus with its registered office at 23 Aglantzia Avenue, NETINFO BUILDING, 2108, Nicosia, Cyprus.
1.3. Please read this Policy carefully. By contacting us, requesting a quotation for services, accepting the provision of our services, or signing any relevant documents referring to this Policy, you are considered to have read, understood and consented to this Policy. Any information, including personal data, submitted to us by you or by your representative or employer acting on your behalf or under your instructions will be treated and processed by us accordingly.
1.4. DATA PROTECTION PRINCIPLES
We will comply with the laws relating to the protection of personal data. This means that the personal data we hold about you will be:
- Used lawfully, fairly and in a transparent manner.
- Collected only for valid purposes that we have clearly explained to you and not used in any way incompatible with those purposes.
- Relevant to the purposes we have informed you about and limited only to what is necessary.
- Accurate and kept up to date.
- Retained only for as long as necessary for the purposes we have informed you about.
- Kept securely.
2. THE PERSONAL DATA WE COLLECT
We will process your personal data only to the extent permitted by the law relating to the protection of personal data and only in the following cases:
- During the performance of a contract that we intend to enter into or have entered into with you.
- Where it is necessary for our legitimate interests (or those of a third party) and where your interests and fundamental rights do not override those interests.
- Where we must comply with a legal obligation.
Below we provide, in table format, a description of the ways in which we process your personal data depending on the type of services you require or have received from us (website creation for users and/or members and/or e-shop members and/or e-shop visitors, creation of email accounts, preparation and sending of reports) and the legal basis on which we rely in order to do so. We have also identified our legitimate interests where applicable.
Please note that we may process your personal data based on more than one legal basis depending on the purpose for which we are processing your data. Please contact us if you need details about the specific legal basis we rely on for the processing of your personal data where more than one legal basis is indicated in the table.
We collect your personal data in the following ways:
- Directly from you
- From a representative acting on your behalf or under your instructions
- From your employer acting on your behalf or under your instructions
We will retain your personal data only for as long as necessary for the purposes for which we collected it, including for the purpose of complying with any legal, regulatory, tax or accounting requirements. We may retain your personal data for a longer period in the event of a complaint or where we reasonably believe that there is a possibility of legal proceedings or investigations relating to our relationship with you.
When determining the retention period for personal data, we take into account the volume and nature of the data, the potential risk of harm from unauthorized use, disclosure or other processing, the purposes for which the data will be processed, whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax and accounting requirements.
3.1. SENDING / RECEIVING CONSENT
3.1.1. If you have provided us with your details in order for us to inform you about the services we offer.
| TYPES OF DATA | DATA SUBJECT | LEGAL BASIS FOR PROCESSING | RETENTION PERIOD |
| Name | Prospective client or existing client who requests information | i) Based on the consent of the data subject. | We retain the data for a period of:
i) 3 months after the client requests not to receive the newsletter. or ii) In case consent is not given, 1 year after the email has been sent. |
| Surname | |||
| Telephone | |||
| Email address | |||
3.2. SENDING INFORMATIONAL EMAILS/SMS
3.2.1. If you are a prospective client and/or client and you have requested that we send you informational emails/SMS regarding the services we offer.
| TYPES OF DATA | DATA SUBJECT | LEGAL BASIS FOR PROCESSING | RETENTION PERIOD |
| Name | Prospective client or existing client who requests information | i) Based on the consent of the data subject. | We retain the data for a period of:
i) 3 months after the client requests not to receive the newsletter. |
| Surname | |||
| Telephone | |||
| Email address | |||
3.3. WEBSITE / EMAIL CREATION
3.3.1. If you request a quotation from us (directly or through a representative) for the provision of website creation services, we will collect and retain the following data in order to respond to your request.
| TYPES OF DATA | DATA SUBJECT | LEGAL BASIS FOR PROCESSING | RETENTION PERIOD |
| Name | Prospective client requesting a quotation | i) To take steps at the request of the data subject prior to entering into a contract for website services.
and ii) For the purposes of the legitimate interests we pursue in responding to the data subject’s request for a quotation. |
We retain the data for a period of:
i) 18 months from the date the quotation is sent, if the data subject does not accept it. or ii) 7 years from the full settlement of payment for our services, if the data subject accepts the quotation. |
| Surname | |||
| Telephone | |||
| Email address | |||
3.3.2. If you accept the quotation and proceed with the services for website creation and/or email services, we will collect (via DVD, USB, EMAIL, WEBSITE, HARDCOPY) and retain some or all of the following data in order to provide the services.
| TYPES OF DATA | DATA SUBJECT | LEGAL BASIS FOR PROCESSING | RETENTION PERIOD |
| Name | Client | i) For the performance of the service agreement for data entry services
ii) For the purposes of the legitimate interests we pursue in providing data entry services and iii) For compliance with our legal obligations
|
We retain the data for a period of:
i) 1 year from the date of termination of the cooperation or following the client’s instructions or ii) 7 years from the date of termination of the cooperation or from the last transaction, unless retention is required by legal obligation or court order, or for use in pending or threatened legal or other disputes between the company and the client or iii) Where emails are stored on a POP server they are retained for 30 days and where they are stored on IMAP they are deleted only upon the client’s instructions |
| Surname | |||
| Address | |||
| Email address | |||
| Received emails | |||
| Photos | |||
| Existing email | |||
| Email to be created | |||
| Existing email |
3.4. COMMUNICATION BY TELEPHONE
3.4.1. If you contact us (through our website or by telephone), we will collect and retain some or all of the following data in order to provide our services.
| TYPES OF DATA | DATA SUBJECT | LEGAL BASIS FOR PROCESSING | RETENTION PERIOD |
| Name | Prospective client or client who contacted us | i) To take steps at the request of the data subject prior to entering into a contract for website services
and ii) For the purposes of the legitimate interests we pursue in responding to the data subject’s request for a quotation |
We retain the data for a period of:
i) 6 months from the date of registration |
| Surname | |||
| Telephone | |||
| Company Name | |||
| Email address | |||
3.5. RECEIPT AND PAYMENT OF INVOICE
3.5.1. If you send us an invoice (by post, by hand, or by email) or if we pay an invoice, we will collect and retain some or all of the following data in order to provide the services.
| TYPES OF DATA | DATA SUBJECT | LEGAL BASIS FOR PROCESSING | RETENTION PERIOD |
| Name | Clients | i) To take steps at the request of the data subject prior to entering into a contract for website services
and ii) For the purposes of the legitimate interests we pursue in responding to the data subject’s request for a quotation |
We retain the data for a period of:
i) 7 years from the date of termination of the cooperation or from the last transaction, unless their retention is required due to a legal obligation or court order, or for the purpose of using them in pending or threatened legal or other disputes between the company and the client |
| Surname | |||
| Telephone | |||
| Fax | |||
| Company Name | |||
| Amount | |||
| Signature | |||
| Date | |||
| Email address | |||
CLOSED-CIRCUIT VIDEO SURVEILLANCE (CCTV)
Our premises operate a closed-circuit video surveillance system for the purpose of monitoring, preventing criminal activity and assisting law enforcement authorities in identifying persons involved in criminal activities.
The legal basis for these processing activities is that the processing of data is necessary for the purposes of the legitimate interests we pursue in protecting our property, our staff and our clients from criminal activity.
Recordings from the system are stored for a period of 15 days, unless they need to be retained for a longer period due to a legal obligation, court order, or for the purpose of being used in police investigations or criminal/disciplinary proceedings or for the purposes of the legitimate interests of our company in relation to criminal activity.
ADVERTISING – PROMOTION OF SERVICES / PRODUCTS
We do not intend to use your data for marketing or advertising purposes.
CHANGE OF PURPOSE
We will use your personal data only for the purposes for which we collected it, unless we reasonably believe that we need to use it for another purpose and that this purpose is compatible with the original purpose. If you wish for us to explain how the processing for the new purpose is compatible with the original purpose, please contact us.
If we need to use your personal data for an unrelated purpose, we will notify you and explain the legal basis that allows us to do so.
It is noted that we may process your personal data without your knowledge or consent, in accordance with the above rules, when required or permitted by law.
SPECIAL CATEGORIES OF PERSONAL DATA
We do not collect special categories of personal data.
NOTIFICATION OF PERSONAL DATA
We may share your personal data with our external service providers in relation to information systems, software, and CRM. Contact us if you want more information about third parties involved in the collection and use of your data.
INTERNATIONAL TRANSFERS
We do not transfer your personal data outside the European Economic Area (EEA). In the event that we transfer your data outside the EEA, we ensure that a similar level of protection is provided, as we use specific contracts approved by the European Commission, which offer your personal data the same protection it has in Europe.
Contact us if you want more information about the specific mechanism we use when transferring your personal data outside the EEA.
DATA SECURITY
We have implemented appropriate security measures to prevent any loss, alteration, disclosure, use, or access to your personal data in an unauthorised manner. Additionally, we restrict access to your personal data to those employees, representatives, contractors, and other third parties who need to know it. They will process your personal data only in accordance with our instructions and will be subject to a duty of confidentiality.
We have implemented procedures to address any potential breach of your personal data and will notify you as well as the Data Protection Commissioner of any breach where we are legally required to do so.
CHANGES TO THE POLICY
We reserve the right, at our sole discretion, to make changes to any part of this Policy. In the event of any modification to this Policy, we will publish details regarding the changes on our Website.
SEVERABILITY
If this Policy or any part of it is deemed illegal, invalid, or otherwise unenforceable under the laws of any country where this Policy applies, then to the extent it is deemed illegal, invalid, or unenforceable, it will be considered that in that country the part which is illegal has been severed and deleted, and the remaining terms of this Policy will remain in full force and effect and will continue to be binding and enforceable in that country.
EVENTS BEYOND OUR CONTROL
We are not responsible for any breach of this Policy caused by circumstances beyond our reasonable control.
YOUR RIGHTS
If you will submit or have submitted personal data about yourself, then you have the following rights according to this Policy and the relevant data protection legislation.
- You can withdraw your consent for us to process your personal data at any time.
- You can send us any of the following requests at any time:
- Request to permanently delete all or some of your personal data from our records.
- Request for access to your personal data that we hold in our records and to ask us to provide you with a copy of your personal data, in digital or printed form.
- Request for updating or correcting your personal data that we have on file.
- Request to send a copy of all or some of your personal data held in our records to another person of your choice.
- Request to restrict the processing of your personal data or to cease all processing of your personal data.
If you wish to exercise any of the above rights, you will be able to do so by contacting us at any of the following:
Address: 23, Aglantzias Avenue, NETINFO BUILDING, 2108, Nicosia, Cyprus
Tel: +357 22753636
Fax: +357 22765680
Email: [email protected]
You have the right to file a complaint with the supervisory authority, the Office of the Commissioner for Personal Data Protection; however, we would appreciate the opportunity to address any of your concerns before you file a complaint with the supervisory authority.
At any time after you give your consent, you will have the right to withdraw it by visiting any of our stores or by contacting us electronically or in writing using the above contact details.
CONTACT WITH OUR DPO OR THE COMMISSIONER’S OFFICE
The Data Protection Officer is D. Hatzinestoros & Co. Ltd. with whom you can contact at the following:
Address: 16, Kyriakou Matsi, Eagle House, 8th Floor, Agioi Omologites, 1082, Nicosia, Cyprus
Tel: +357 22510165
Fax: +357 22318214
Email: [email protected]
The supervisory authority in Cyprus for the implementation of data protection legislation is:
Office of the Commissioner for Personal Data Protection
Address: 1, Iasonos, 1082 Nicosia, Cyprus or P.O. Box 23378, 1682 Nicosia, Cyprus
Tel: +357 22818456
Fax: +357 22304565
Email: [email protected]
NETINFO PLC