CHR. CALOGIROU LTD PRIVACY POLICY
This Privacy Statement describes how CHR. CALOGIROU LTD (hereinafter refers to as The Company), collects, uses, and discloses certain personal information obtained through our public website http://www.bestcyprusproperties.com/, or directly from you and/or through third parties.
We are committed to keep your personal data secure and respect your privacy as we base our relationship with you on mutual trust. It is our intention to keep an open channel of communication with you through this Privacy policy, which we will keep updated as and when necessary to keep it relevant and compliant with the governing legal framework – the General Data Protection Regulation (EU) 2016/679 in this case.
This privacy policy details how we collect and use your personal data. It describes what sort of data we collect, what we do (or what we may do) from the moment you ask for a service from us, when we may use your information, who do we share your data with and how we protect your data. It applies to the services we provide to you and our website. It also applies to our subscribers and sole traders but doesn’t apply to our employees and to the information we hold about companies or organizations. It applies even if you’re not one of our clients and you interact with us, such as by generally enquiring about our services.
We take our responsibilities under the General Data Protection Regulation (EU) 2016/679 very seriously and as such we are committed to:
- Process personal data openly, fairly and in accordance with applicable laws
- Inform (either directly or in our policies) about how we will use your personal data
- Only collect personal data from when we need it for legitimate purposes or legal reasons
- Ensure that all personal data are adequate, relevant and not excessive for the purpose for which we collect them
- Avoid keeping personal data for longer than we need to
- Keep personal data secure, and limit the people who can access it
- Ensure that you know how to access your personal data and exercise your rights in relation to it, including being able to keep it accurate and up-to-date; and
- Ensure that any third parties we share personal data by taking appropriate steps to protect it.
Who we are?
CHR. CALOGIROU LTD (hereinafter refers to as Company) is a company which was formed in 1945 as a general trading company, incorporated under the Companies Law of the Republic of Cyprus, Cap. 113, with a registration number HE 00000214, having as main activities in the aspects of Real Estate industry.
Our number as Registered Estate Agents is 000041 Our VAT number is 10000214i.
Our Office Address is: Suite 6e and 6f, 6th floor, Roussos Centre Point, Pentadromos, Limassol, Cyprus. Our Postal address is P.O. Box 50077, Limassol 3600, Cyprus.
Our services:
Our Company aims to provide services mainly in the fields of:
- Property Promotion, advertising and Sales
- Property Promotion, advertising and Rentals
- Property Management
How we collect/obtain your information?
- Directly from you and/or
- Through third parties and/or
- Through this website
Information Collection and Use:
In general, you can visit us through our Web Site maintaining your anonymity. However, occasionally Company may ask you to provide personally identifiable information, such as your name, company, e-mail address, phone number and address (“Personal Information”). The purpose of requesting such information/data may involve, corresponding with and/or contacting you, responding to your requests, or informing you about an optional subscription to a newsletter or publication, or notifying you about events. Where applicable, we will differentiate between personal data fields that are optional and those that are mandatory in order for you to obtain the requested information.
You will be receiving advertising material from the Company, only if you have provided your explicit consent. In case you feel that you need to revoke this consent, you will be provided with an automated way to opt-out (unsubscribe) from all marketing e-mails sent by the Company. Please follow the instructions from the e-mail you received to do so. In the unlikely case you receive unwanted e-mail from
our Company, please forward a copy of that e-mail to chris@bestcyprusproperties.com.
Categories of Personal Information we collect:
- information you provide to the company by filling in the forms we initially requested from you (i.e., contact details and other information which confirm your identity and your communications with us including your name, home phone, mobile phone, home address, ID or passport number, email address, passwords, your payment and financial information,
- information you provide to the company when you submit your consent or when you report a problem through the Website,
- information provided by you in case you contact us (i.e., your communications with us, including emails, and phone calls. We’ll also keep records of any settings or communication preferences you choose.
Purpose of the prosses and/or use of your Personal Information:
- to provide you with our services – in order to provide you with a service requested by you, we might need to use your personal information,
- for customer management purposes – to provide you with the customer support including any notice, for example changes about any product and/ or service we offer, advertising - in case you have provided us with your consent, we may communicate with you in order to inform you about services and/or products offered by us or other third parties for which you might be interested,
- security purposes – in order to detect and/or prevent actual or potential fraud, illegal activities, or any intellectual property infringement,
- compliance- in order to comply with our legal obligations,
Data Sharing:
We may share Personal Information with our affiliates for the purpose of responding to your requests or otherwise as necessary for the purposes described above.
In some circumstances we may share your Personal Information with governmental authorities or others, as/if/in case this may be required in order to protect the interests of the Company or others, as necessary in connection with the sale or transfer of all or a portion of the business. It may be required by the applicable law or court order.
Your consent will be requested upon establishing the business relationship, where applicable. Our policy is that we will only transfer your personal data to a third-party processor who complies with the Company’s security and data protection procedures and policies or if they put in place equivalent measures themselves, which we deem to be acceptable and are at minimum in compliance with the General Data Protection
Regulation (EU) 2016/679. Furthermore, we will provide only the information they need to perform their specific services, they may only use your data for the exact purposes we specify in our contract with them and if we stop using their services, any of your data held by them will be disposed.
By consenting to provide the Company with personally identifiable data, such as your name, address, email address and telephone number, Company will not, in any way, directly or indirectly, sell or transfer any of this information to any third party. Any information provided will be confidential and will be handled in accordance with the applicable laws and regulation.
Please note that if you reply to one of Company advertising emails or in case you contact us in another way, your communication will not create a company-client relationship with us. Do not send us any information that you or anyone else considers to be confidential or a secret unless we have first agreed to be your service providers about that matter. Any information you send us before we agree to be your service providers cannot be protected from disclosure as a means of company-client confidentiality.
List of recipients we might disclose information
- Affiliate companies – service providers (Law and Accounting Firms for legal, book-keeping and audit purposes, Banks).
- Third parties such as authorities, agents and administrative personnel in various countries (Tax Authorities, Bank Institutions etc.)
- Legal Successors- we might disclose personal information to a buyer or a successor in the event of a merger, divestiture, restructuring, reorganization, dissolution or sale or transfer of some or all of our assets
- Transfer of data in countries out of the European Economic Area such as Russian Federation, Belize, British Virgin Islands, Hong Kong.
Unless the individual has specifically consented for the transfer, we will only transfer personal data outside the European Economic Area (EEA) where:
- we transfer the data to a country or international organisation which the EU Commission has decided to ensure an adequate level of protection for your personal data;
- the transfer of your personal data is subject to adequate safeguards, which may include binding corporate rules or standard data protection clauses adopted by the EU Commission; or
- one of the derogations in the GDPR to transfer personal data outside the EEA applies.
Provisions for Individuals that are outside the EU.
Russia
The Company always seeks to comply with the privacy provisions and procedures as these are set out, pursuant to the Russia’s 2006 privacy law – Federal Law No. 152-FZ of 27 July 2006 “On Personal Data” (Personal Data Law), managing and maintaining personal information in the course of its Russian business.
Belize
The Company always seeks to comply with the privacy provisions and procedures as these are set out, pursuant to the Chapter 4 of the Laws of Belize, managing and maintaining personal information in the course of its Belize business.
British Virgin Islands
There is currently no formal legislation regulating data protection in the British Virgin Islands (BVI) however, the BVI Government has pledged the promulgation of suitable data protection legislation, based on internationally recognised standards, to be enacted in the near future.
English Common law is persuasive (although not binding) in the BVI and accordingly, a BVI Court will recognise and subscribe to the Common law duties of confidentiality and privacy. In essence, a person's details will need to be kept confidential unless an appropriate and satisfactory exception applies. Moreover, the duty of confidentiality has been statutorily codified in various aspects of BVI legislation, in particular the Banks and Trust Companies Act, 1990 (as amended) which regulates all banking and trust/ fiduciary related activities in the BVI.
In terms of specific exceptions, limitations on the duty of confidentiality and privacy would arise in terms of appropriate anti-money laundering legislation (primarily regulated by the BVI Proceeds of Criminal Conduct Act, 1997 and the Anti Money Laundering Regulations, 2008).
The Company always seeks to comply with the privacy provisions and procedures managing and maintaining personal information in the course of its BVI business.
Hong Kong
In Hong Kong, the main legislation on data protection is the Personal Data (Privacy) Ordinance (Cap. 486 of the Laws of Hong Kong) (Ordinance). The Ordinance regulates the collection, use and handling of personal data and is based around a set of data protection principles. The Ordinance was enacted in 1996 in response to Directive 95/46/EC (Data Protection Directive). The Ordinance covers much of the same ground as the Data Protection Directive, although with some significant
limitations. The Ordinance underwent major reform in 2012, primarily to add specific provisions and restrictions against the use and provision of personal data in direct marketing.
The Company always seeks to comply with the privacy provisions and procedures managing and maintaining personal information in the course of its Hong Kong business.
China
in China, the main legislation on data protection is PRC Cybersecurity Law, the first national-level law to address cybersecurity and data privacy protection. Following this, there has been an abundance of implementing regulations and guidelines (herein referred to as Guidelines) proposed, issued or revised to flesh out the essentials and concepts introduced under the PRC Cybersecurity Law. These include, non-exhaustively:
National Standard of Information Security Technology – Personal Information Security Specification (PIS Specification), effective from May 1, 2018 (a revised draft is currently circulated for consultation);
Guidelines on Internet Personal Information Security Protection, effective from April 19, 2019; and
Draft National Standard of Information Security Technology – Guidelines on Personal Information Security Impact Assessment, released on June 11, 2018.
In addition to the PRC Cybersecurity Law, the following form the backbone of general data protection rules currently in the PRC:
The Decision on Strengthening Online Information Protection, effective from December 28, 2012 (Decision) and
National Standard of Information Security Technology – Guideline for u Personal Information Protection within Information System for Public and Commercial Services, effective from February 1, 2013
India
in India, the main legislation on data protection is The Personal Data Protection Bill, which was enacted in 2019, in order to provide for protection of the privacy of individuals relating to their personal data, specify the flow and usage of personal data, create a relationship of trust between persons and entities processing the personal data, protect the rights of individuals whose personal data are processed, to create a framework for organisational and technical measures in processing of data, laying down norms for social media intermediary, cross-border transfer, accountability of entities processing personal data, remedies for unauthorised and harmful processing, and to establish a Data Protection Authority of India for the said purposes and for matters connected therewith.
Legal bases for the Collection, process, disclosure and use of Personal Information
The disclosure and transfer of personal data must meet the below conditions which are used in order to establish our legal basis:
✓ to perform a contract between the individual and the Company;
✓ verifying your identity to comply with legal obligations
✓ to establish, exercise or defend legal claims; or
✓ if none of the conditions listed above apply, the individual has explicitly consented to the overseas transfer (In specific situations, we can collect and process your data with your consent. For example, when you tick a box to receive by email marketing materials).
How long do we store information about you for?
In order to comply with the AML regulation, the Company, is obliged to keep the data up to 5 years after the ceasing of the business relationship. Upon termination/completion of the 5 years period, the Company will destruct the data since the legal basis will not be valid anymore.
Furthermore, the Company is obliged by the Tax Authorities to keep the data up to 7 years after the ceasing of the business relationship. Although, there are cases in which when the relationship with the client arises, a gap of a long timeframe intrudes. These circumstances require that the company stores the data for as long as it is needed to. The Company wishes to make clear that if a relationship does not arise and/or it arose only once, and for a long time it never had been assigned tasks from the client, then the Company will store these data for 7 years (as the obligation by the Tax Law requires, independently of the fact that the relationship was not ceased written or verbally). Upon termination of the period of 7 years, the Company will destruct the data as our legal obligation will not be valid anymore.
Retention Policy
We follow a data retention policy, depending on the activity for which the data have been collected. The retention policy determines the retention time of each data and when to destroy information that is no longer needed for legal, regulatory or commercial reasons.
However, this may be longer in some instances, for example when dealing with a claim we may need to hold the information for a period of time relevant to the one the claim is being handled.
For other jurisdictions we will be subject to the requirements of the relevant jurisdiction in question and this may not always reflect those of the Republic of Cyprus.
Overall, the criteria used to establish the period for which personal data will be stored is determined by regulatory or legal requirements. This is also supported by our Data Protection Policy that such information must not be kept for any longer than necessary to fulfil the purposes for which it was collected.
Security of Personal Information:
The Company takes appropriate security measures to ensure the protection of the Personal Information from any unauthorised access or disclosure. In addition, all employees had been trained on how to use, handle and process personal data, according to the provisions of Personal Data Law. Furthermore, the Company has upgraded technical measures and has transformed the policies and procedures in order to comply with the General Data Protection Regulation.
Moreover, we consider your privacy and the safeguard of your personal data by default and by design. This means that we implement those technical and organizational measures that only your personal data that are necessary for the purposes explained in this privacy policy will be processed. We restrict and keep your data accessible only to those the Company people or third parties that require to access your data to deliver our service at optimum levels. We will not retain personal data that we will not need to fulfil a lawful purpose or we are required to keep for legal obligation. We continuously balance the risks for your rights and freedoms posed by any processing through our established risk management framework and control environment.
Access and Correction
If you wish to access or update the Personal Information you submitted at the Company’s website, or to make any inquiries about the processing of your information, please contact us. We provide individuals with access to their Personal Information as required by applicable data protection and privacy laws.
Individual’s Rights
The Individuals have the following rights:
- Right of access - request access to any personal data we hold about them;
- Right of rectification -have any personal data which we hold about them which is inaccurate or incomplete rectified;
- Right to be forgotten - have personal data erased;
- Right to restriction of processing - have the processing of individual’s personal data restricted;
- Right of portability – To be provided with the personal data that the individual has supplied to us in a portable format that can be transmitted to another organisation without hindrance;
- Right to object - object to certain types of processing, including processing based on legitimate interests, automated processing (which includes profiling) and processing for direct marketing purposes; and
- Right to object to automated processing, including profiling -not be subject to a decision that is based solely on automated processing which produces a legal effect or which has a similar significant effect for the individual.
If the individual wishes to exercise any of the rights set out above, he/she must make the request in writing to the Data Protection Officer, at chris@bestcyprusproperties.com. Please note some of these rights are restricted in some circumstances.
If the individual has provided his/her consent to any of the processing of his/her personal data, he/she has the right to withdraw his/her consent to that processing at any time, where relevant. He/she must contact the Data Protection Officer if he/she wishes to do so.
If he/she objects to processing based on legitimate interests, we must no longer process that personal data unless we can demonstrate compelling legitimate grounds for the processing which override his/her interests, rights and freedoms or that the processing is required for the establishment, exercise or defence of legal claims.
Revisions to this Privacy Policy
The Company reserves the right to change this Privacy Policy from time to time. Please check the Privacy Policy frequently and particularly before you submit additional personal information via the Website. All revisions of this Privacy Policy will be posted on the web site via a link from the homepage. We also display the effective date of the Privacy Statement on the top of this page.
Cookies policy
A cookie is a small file which asks permission to be placed on your computer’s hard drive. For full details of our cookie policy please refer to our main internet site or click here.
How you can petition for complaints
It is very important the principles of privacy to be followed and we should take all the appropriate measures to avoid any breach or loss of these data.
We ensure that the personal data you disclosed to us, are saved in a platform which is protected with additional security factors.
Any breach of the GDPR and/or other relevant Data Protection Acts will be taken seriously and if you consider that the data protection principles have not been followed in respect of personal data about yourself or others you have the right to lodge a complaint with the relevant data protection supervisory authority.
Our Protection Supervisory Authority is the Personal Data Protection Bureau (Independent Supervisory Authority for the Protection of Individuals). If you have any issues with our processing of your personal data and would like to make a complaint, you may contact the Personal Data Protection Bureau on (+357) 22 818 456 or at 1 Iasonos, 1082 Nicosia, Cyprus.
Contact
If you require this Privacy Policy to be provided to you in paper form and/ or you need any further clarification, please contact us at chris@bestcyprusproperties.com