This privacy notice online statement describes how AG Advocates process personal data.
In this Privacy Notice Online Statement policy, your data is sometimes called “personal data” or “personal information”. We may also sometimes collectively refer to handling, collecting, protecting and storing your personal data or any such action as “processing” such personal data. Personal data shall mean any information relating to you which identifies or may identify you and which includes, for example, your name, address, identification number.
The Company is committed to safeguarding your privacy and handling your personal data in in a lawful, fair and transparent manner which respects the privacy of any user that accesses our site(s). Our Privacy Notice Online Statement policy is intended to explain how we protect the privacy of your personal information.
This document will help you understand the following:
- what personal data we collect and process about you as a customer and as a user of our website;
- why we collect and process your data;
- how the Company collects and processes your personal data;
- where we obtain the data from;
- your rights under the local data protection law and the EU General Data Protection Regulation (‘GDPR’);
- how and when we share your personal data with other third parties (for example, our service providers or suppliers).
This Privacy Notice is separate and in addition to client confidentiality obligations that we may have. This privacy notice online statement aims to give you information on how we collect and process your personal data through the use of this website, including any data you may provide us through when you sign up to our newsletter, purchasing a product or service or provide us your details in our contact form.
TYPES OF PERSONAL DATA WE PROCESS
We collect and process different types of personal data which we receive during the use of our websites, in the context of our business relationship and interact with us.
Information on the customer/supplier: Identity data- such as, first and last name
Contact details: such as email address, telephone number
Order processing: billing and payment
Transaction data – details of the payments for the goods or services purchased from us
Marketing and communication data
We do not collect any special categories of personal data (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data).
THE LEGAL BASIS OF OUR DATA PROCESSING
We will only process your personal data where we have a legal basis to do so. This legal basis may vary according to the reasons for which we need to use your personal data. We may process your personal data if the processing is founded on one or more of the following legal bases:
a) The processing is necessary for compliance with a legal obligation to which we are subject.
b) The processing is necessary for the performance of the contract.
c) You have specifically consented to your personal data being used by us for a specific purpose.
Generally, we do not rely on consent as a legal basis for processing your personal data other than in relation to sending marketing communications to you via email. You have the right to withdraw your consent at any time by using the unsubscribe button or email us.
d) The processing is necessary for the purposes of our legitimate interests.
Personal data are processed for as long as is necessary to provide our services, fulfill our contractual obligations and to comply with applicable laws, regulations and professional obligations that we are subject to. Once the retention period has elapsed, personal data shall be securely erased or anonymized unless further processing is required for compliance with retention periods as imposed by commercial and tax laws.
If you decide to unsubscribe from our newsletter, you can easily do so by clicking unsubscribe button over the email you have receiver or by contacting us at [email protected].
For more information about the data retention period and the criteria determining you may request in writing at the DPO email.
MEANS OF COLLECTION OF DATA
The majority of the data shall be acquired directly from you, either via the forms available on our website or via email or via other means of communication you chose to use, and we choose to accept.
However, we may also collect and process personal data which we lawfully obtain from other entities such as information aggregation agencies, public authorities, entities that introduce you to us, companies that process your card payments, your Bank(s) and intermediary/correspondent institutions.
WHO – SHARING YOUR INFORMATION
If deemed necessary, your personal data may be shared between departments within the Company who have a legitimate reason to process it.
The Company may transmit your data to third party entities such as outsourced service providers, only if necessary and if a valid legal basis, as described in this document, exists to support the necessity.
Such service providers shall have contractual relationships with the Company and are contractually bound to observe the same confidentiality and data protection rules that the Company has to follow.
Your personal data may be, for example, transmitted to the following entities:
- Supervisory, regulatory and public authorities, including courts of justice, law enforcement authorities and other governmental bodies.
- Legal counsel and consultants
- Auditors and accounting consultants
- Administrative service providers
- Marketing and customer support service providers
We do not share, sell or transfer any personal information to a third party without your permission or unless required to do so under rules and regulations, and when we believe that disclosure is necessary to protect our rights and/or to comply with a judicial proceeding, court order, or legal process served.
We may also disclose information if we have good faith to believe that disclosure of such information is helpful or reasonably necessary to: (i) comply with any applicable law, regulation, legal process or governmental request; (ii) enforce our policies (including our
Customer Agreement), including investigations of potential violations thereof; (iii) investigate, detect, prevent, or take action regarding illegal activities or other wrongdoing; (iv) to establish or exercise our rights to defend against legal claims; (v) prevent harm to the rights, property or safety of us, our users, yourself or any third party; or (vi) for the purpose of collaborating with law enforcement agencies and/or in case we find it necessary in order to enforce intellectual property or other legal rights or the prosecution of criminal offenses.
When you submit a credit card payment request through our website, you shall direct to submit the information necessary to complete the transaction to out credit card processing vendor. Beyond the information required for the transaction, we will collect no personal information about you by visiting our website unless you provide us such information.
CHANGE OF PURPOSE
We only use the personal data for the purposes of which the original collected, unless there is a reason compatible with the original purposes to use them.
LINKS TO OTHER WEBSITES
We will not be liable for misuse or loss of personal information resulting from cookies on the site(s) that we do not have access to or control over. Where we provide links to websites of other organisations, this privacy notice online statement policy does not cover how that organisation processes personal information. We encourage you to read the privacy notices on the other websites you visit. We are not liable for unlawful or unauthorized use of your personal information due to the negligent or malicious misuse or misplacement of your passwords.
Automated decision-making and profiling
In general, your data is not processed automatically, and no decision is taken based on automated processes.
We have in place appropriate organizational and security measures to prevent your personal data from being accidentally lost, used or unauthorized accessed, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and
other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
Data protection rights
- Right to information – You may request to know whether we hold any of your personal data, and, if so, information what type of data we process and why/how we are processing it.
- Right of access – You have the right to receive a copy of your personal data.
- Right to rectification – You have the right to request rectification of incorrect or incomplete data.
- Right to erasure (‘right to be forgotten’) – You may request that your personal data is deleted, provided that you meet the legal criteria for this request.
- Right to object. Object to processing of your personal information – If we are processing your data based on our (or a third party’s) legitimate interest and you are in a particular situation which gives you reason to object to the processing, you may submit this request. You may also object if we are processing your data for direct marketing purposes. If you lodge an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms.
- Object to automated decision-making including profiling – You may object to any automated decisions or profiling taken and performed by us based on your personal data.
- Right to restriction – You may request the restriction of the processing of your data under some circumstances.
- Right to data portability – This right only applies to information that you have given to us. You have the right to ask that we transfer the information you gave us from one organization to another or give it to you.
Where you have consented to the collection, processing and transfer of your personal data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Once your consent is withdrawn, the processing of your data will be halted, unless said processing is found on another legitimate basis, for example due to a legal obligation to keep your data.
Please contact the Company’s Data Protection Officer at [email protected] if you wish to exercise your rights. We may apply identification verification measures to you in order to ensure that no personal data is disclosed to unauthorised persons.
Unless your requests are manifestly unreasonable or excessively burdensome, you shall not be charged a fee by the Company.
If you have any complaints about the processing of your data, you may contact the Company’s Data Protection Officer at [email protected].
If you have received a response to your complaint by the Company which you deem to be unsatisfactory, you may also complaint to the Office of the Commissioner for Personal Data Protection in Cyprus, (http://www.dataprotection.gov.cy).
DPO CONTACT DETAILS
- DPO Company Name: Anna Grigorieva & Co. LLC
- DPO Name: Panayiotis Ioannou
- Email: [email protected]
- Telephone: +357-25-057000
- Fax: +357-25-057001
Minors are not allowed to receive the Company’s services.
If you have any reason to believe that a child has shared any information with us, please contact the Company’s Data Protection Officer at [email protected].
Changes to this policy
We keep our Privacy Notice Online Statement policy under regular review to make sure it is up to date and accurate.
The GDPR Committee is the owner of this document and is responsible for ensuring that this procedure is reviewed in line with the review requirements of the GDPR.
A current version of this document is available to all members of staff on the website and is published here.
This procedure was approved by the Chief Executive Officer (CEO) on October 24, 2022 and is issued on a version-controlled basis under his/her signature.