INTRODUCTION
Thomas Poutas International Associates Ltd (hereinafter the “Company”, or “we”, “us”, “our” and respective expressions), attaches great importance to your privacy. This document (hereinafter the “Privacy Policy”) describes how we collect and process your Personal Data through thomaspoutas.com (hereinafter the “Website”) and/or when you contact and/or purchase products or services from us and/or when you otherwise interact with us. The Privacy Policy also aims to inform you about your rights regarding the processing of your Personal Data by us.
Please read carefully. By visiting the Website and/or subscribing and/or contacting us, you agree with the Privacy Policy terms.
1. DEFINITIONS
“Personal Data” ” means any data relating directly or indirectly to a person, by which the person may be identified. Personal Data does not include any data that is anonymized, aggregated, de-identified or compiled on a generic basis and which does not name or identify a specific individual directly or indirectly;
“Consent” means freely given, specific, informed and unambiguous consent given by the Data Subject, by which we are authorized to process the Personal Data that may come in our control, during an interaction of the Data Subject with the Website and/or the Company;
“Data Subject” means the person who can be identified by the Personal Data processed by us;
“Personal Data Breach” means a breach of security, leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to Personal Data transmitted, stored or otherwise processed;
“Controller” means the natural or legal person, public authority, agency or other body, which, alone or jointly with others, determines the purposes and/or the means of the processing of Personal Data;
“Processor” means the natural or legal person, public authority, agency or other body which processes Personal Data on behalf of the Controller.
“Processing of Personal Data” means the collecting, recording, using, storing, amending, adapting, disclosing, transferring, transmitting, structuring, using, combining, deleting, destroying of any Personal Data that come in the control of the Company, in the course of your interaction with the Company;
“Third Party” means the person or legal entity, public authority, agency or body other than the Data Subject, controller, processor and persons authorised by the processor or the controller;
“Profiling” means any form of automated processing of Personal Data, regarding the evaluation of certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, interests, reliability, behaviour, location or movements;
“Pseudonymisation” means the processing of Personal Data in such a manner that the Personal Data can no longer be attributed to a specific Data Subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the Personal Data are not attributed to an identifiable person;
“Website” means the website www.thomaspoutas.com
2. THE CONTROLLER’S PERSONAL INFORMATION
Thomas Poutas International Associates Ltd “, Dinokratous 2, Aaral 25, Office 302, 1070 Nicosia, Cyprus, Telephone: +357 22422000, Email: info@thomaspoutas.com. is the Controller of Personal Data processed by the Company.
3. GENERAL PRINCIPLES
- Each Party shall comply with the Data Protection Laws in respect to the processing of the Personal Data of any Data Subject.
- You warrant to us that you have the legal right and/or you are duly authorized by the Data Subject (in case you disclose to us Personal Data of another person), to disclose all Personal Data that you in fact disclose to us.
- Any Personal Data you disclose and are processed by us, must be necessary for the achievement of the purpose for which they are collected.
- We process your Personal Data or the Personal Data of any Data Subject you disclose to us, only for a period necessary to achieve the purpose of the processing or as far this is allowed by the European Legislation to which the we are subject to.
- If you instruct us to process Personal Data in a way that infringes the Personal Data laws, we will inform you promptly and decline to follow your instructions.
- You hereby authorize us to assign the processing of the Personal Data you disclose to us, to third parties, acting as sub-processors on behalf of the Company. We are obliged to disclose to you the necessary information to identify such assignees.
- We shall assign the processing of Personal Data only to authorized persons, who have committed themselves to confidentiality or are under appropriate obligation of confidentiality.
- When we employ independent contractors, vendors, suppliers (hereinafter the “Independent Contractors”), we are obliged to:
(a) Protect the Personal Data we process pursuant the Privacy Policy;
(b) Not use or disclose Personal Data, which we process for any other purpose other than the purchase of products or services for which we have contracted with the Independent Contractors;
(c) We shall ensure that the Independent Contractors operate in compliance with GDPR. - We shall each take all reasonable measures to ensure that, for the processing of Personal Data, we use standard, industry-wide, commercially reasonable security practices, for protecting the Personal Data we process.
- We shall make available to you or any other Data Subject (the Personal Data of whom you have disclosed to us), all information necessary to demonstrate our compliance with our obligations under the Data Protection Laws.
- We will block and/or erase routinely any Personal Data for which the purpose of processing is not applicable and/or the processing period has expired.
- We are obliged, where possible, to apply Pseudonymisation of Personal Data we process.
- We shall not process any Personal Data provided by you in the course of payment, except as far as it is necessary for the purposes for which such Personal Data are collected and processed and we shall ensure that such Personal Data are erased as soon as we are obliged to do so, according to the provisions of the Privacy Policy and the legislation.
- We shall not rent or sell your Personal Data to Third Parties.
- We shall not disclose to any Third Part any Personal Data you disclose to us, unless required to do so by law or subpoena or if we believe that such action is necessary to comply with the law, comply with legal processes served on us or affiliates or to investigate, prevent or take action regarding illegal activities, or in order to enforce any agreement or to take precautions against liability, to investigate and defend the Company against Third-Party claims or allegations, to assist government enforcement agencies, or to protect the security or integrity of the Website, to exercise and protect the rights, property or personal safety of the Company, the visitors of the Website, the customers who purchase a Product/Service and/or persons to whom the Product/Service is delivered.
- In case of Personal Data Breach, because of security breach, we shall promptly notify you and the Data Subject to whom the compromised Personal Data belong (if you have disclosed to us Personal Data of another person), as required by law.
- Since the content of the Website and the Products/Services we provide, are not directed towards children, if we discover that we collected Personal Data from a child under the age of 16, without parental consent, we shall delete the Personal Data of the child, within and not later than 30 days from the date on which we have been informed of such occurrence.
4. PROCESSING OF PERSONAL DATA
(A) COLLECTING PERSONAL DATA
We collect Personal Data in the following occasions:
- When you contact us directly or indirectly, i.e. via email, or through partners, or social media.
- When you enter into an agreement with us for the purchase of a product/ service from us and/or when we deliver to you a product/service and/or when you engage directly or indirectly with us as an associate or employee.
- When you consent to receive updates from us about projects of interest to you and/or advertising material.
- When your Personal Data are disclosed to us by business associates or customers who enter into an agreement with us and/or in the course of performance of such agreement.
- When you contact us to apply for a job and you send us your CV.
In addition, please note that we may process your Personal Data as Processors on behalf of Third Parties, usually Legal Entities, who disclose your Personal Data to us. In such case, we advise you that the privacy policy of such Third Parties apply to the processing of your Personal Data.
(B) TYPE OF PERSONAL DATA PROCESSED
We may process Personal Data that fall within the following categories, where such processing serves one or more purposes, mentioned below :
- Contact information about you or a person you nominate (name, address, telephone or fax number, e-mail).
- Professional status information (occupation or employment).
- Identification data such as identity card or passport number.
- Personal Information disclosed in your CV, such as studies, previous experience and skills.
- Your position and capacity in which you participate in projects we are implementing as a Project Managers, the duration of your participation in such project and any travel expenses associated with your participation in such projects.
- Payment information (IBAN or account number, tax identification number, desired method of payment, payment terms, depositor details, etc.), when necessary for the completion of a transaction and/ or the performance of an agreement and/or to meet our legal obligations.
- Customer history (satisfaction, transactions, complaints, conditions) and information on assessment of persons and situations.
We do not collect or process special category Personal Data.
(C) PURPOSES FOR THE PROCESSING OF YOUR PERSONAL DATA
We process Personal Data to operate and improve the Website and to deliver its content, as well as to provide and improve our products/ services and to enforce and/or perform our agreements. These purposes include:
- To communicate with you when you contact us and/or enter into an agreement with us whether as customer, associate or employee and/or otherwise engage with us..
- To deliver a product/ service you have purchased and/or to enforce and/or perform a respective agreement and/or process payments.
- To prevent fraud and credit risk in order to protect you as a customer, associate and/or employee and the Company.
- To comply with our obligations imposed on the Company by the applicable law, such as invoicing, money-laundering prevention, taxation, social insurance e.t.c.
- Recommendation and Advertising Purposes: We use your Personal Data to recommend features, products, services that might be of interest to you, to identify your needs and preferences and to inform you about new product/ services that become available after the initial purchase, provided that you explicitly consent to the processing of your Personal Data for such purpose.
- To enforce our legal rights and/or to investigate and defend the Company against Third-Party claims or allegations.
(D) DURATION OF PROCESSING
We only process the Personal Data you disclose to us for as long as it is necessary for the purpose for which your Personal Data have been disclosed. In any case we process your Personal Data not more than 90 days after the purpose of the processing is terminated and/or after you withdraw your consent and/or after the legal ground for the processing ceased to exist.
5. YOUR RIGHTS AS A DATA SUBJECT AND HOW YOU CAN EXERCISE THEM
(A) RIGHT OF CONFIRMATION
As a Data Subject you have the right to obtain from the Controller a confirmation as to whether your Personal Data are being processed by the Controller.
(B) RIGHT OF ACCESS
As a Data Subject you have the right to know which Personal Data are processed by the Controller and to be informed in writing by the Controller.
Additionally, you may request to be informed about:
- The purpose of the processing;
- The categories of Personal Data that are being processed;
- The recipients or categories of recipients to whom the Personal Data have been or will be disclosed;
- The envisaged period for which the Personal Data will be processed and if the period cannot be determined, the Controller shall inform you as to the criteria applied to determine the period;
- The existence of the right to request from the Controller rectification or erasure or restriction of processing of your Personal Data;
- The right to lodge a complain with a supervisory authority;
- Where your Personal Data we process are not collected from you, we shall provide you with any available information as to their source;
- The existence of automated decision-making, such as profiling and at least in those cases, meaningful information about the logic involved, as well as the significance and envisaged consequences for you.
Where Personal Data are transferred to a third country or to an international organisation, you have the right to be informed about the appropriate safeguards in relation to the transfer.
The Controller shall provide a copy of your Personal Data undergoing processing. For any further copy, the Controller may request reasonable fee based on administrative cost. Where your request is submitted electronically, the information shall be provided in commonly used electronic form.
(C) RIGHT TO RECTIFICATION
As a Data Subject you may request the rectification of any of your Personal Data, if they are inaccurate, incomplete, or false.
(D) RIGHT TO BE FORGOTTEN
As a Data Subject you may request and obtain by the Controller the erasure of any of your Personal Data and the Controller shall erase such Personal Data when one of the following grounds applies and as long as the processing is no longer necessary:
- The Personal Data is no longer necessary for the purposes or activities for which it was collected or otherwise processed;
- You withdraw your consent under the provisions of GDPR and where there is no other legal ground for the processing;
- You object to the processing pursuant to the provisions of GDPR and there are no overriding legitimate grounds for the processing;
- Your Personal Data has been unlawfully processed;
- The Personal Data must be erased for compliance with a legal obligation of the Controller to which the latter is subject.
(E) RIGHT OF RESTRICTION OF PROCESSING
A Data Subject you may obtain from the Controller restriction of processing of your Personal Data, where one of the following apply:
- When you contest the accuracy of the Personal Data processed, for a period enabling the Controller to verify the accuracy of the Personal Data;
- The processing is unlawful, and you oppose to the erasure of your Personal Data and request the restriction of their use instead;
- The Controller no longer needs the Personal Data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims;
- You have objected to the processing pursuant to Article 21(1) of the GDPR and the verification whether the legitimate grounds of the Controller override your grounds is pending.
(F) RIGHT TO DATA PORTABILITY
As a Data Subject you have the right to receive your Personal Data we process, in a structured, commonly used and machine-readable format. You have the right to transmit those data to another controller without hindrance from us, provided that the processing is based on consent or a contract and the processing is carried out by automated means, as long as the processing is not necessary for the performance of a task carried out in the public interest or in exercise of official authority vested in us, as the Controller.
Furthermore, you have the right to have your Personal Data transmitted from one controller to another, where technically feasible and doing so does not affect adversely the rights and freedoms of others.
(G) RIGHT TO OBJECT
As a Data Subject you have the right to object, to the processing of your Personal Data and/ or Profiling on grounds relating to your situation, at any time.
In the event of an objection, we shall no longer process your Personal Data, unless we can demonstrate compelling legitimate grounds for the processing, which override your interests, rights, and freedoms or for the establishment, exercise, or defence of legal claims.
If we process your Personal Data for direct marketing purposes, you have the right to object at any time to the processing of your Personal Data for such marketing. This includes profiling to the extent that it is related to such direct marketing. If you exercise this right , we will no longer process your Personal Data for such purposes.
In addition, you have the right to object to the processing of your Personal Data , when such processing relates to scientific or historical research purposes or statistical purposes, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
(H) AUTOMATED INDIVIDUAL DECISION-MAKING, INCLUDING PROFILING
As a Data Subject you have the right not to be subjected to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly affects you, as long as :
- The decision is not necessary for entering into, or the performance of an agreement between you and the Company;
- The decision is not authorised by the European Union or Member State law to which the Company is subject, and which also lays down suitable measures to safeguard a Data Subjects’ rights and freedoms and legitimate interests;
- The decision is not based on your explicit consent.
If the decision is necessary for entering into, or for the performance of an agreement between the Company and you or it is based on your explicit consent, we shall implement suitable measures to safeguard your rights, freedoms and legitimate interests and at least the right to obtain human intervention on the part of the Company, to express your point of view and contest the decision.
(I) RIGHT TO WITHDRAW DATA PROCESSING CONSENT
As a Data Subject you have the right to withdraw your consent to the processing of your Personal Data at any time.
We reserve the right to refuse to satisfy the above right for as long as necessary, if the processing of your Personal Data is necessary to comply with a legal or contractual obligations of the Company, for reasons of public interest, or for the establishment, exercise or defence of legal claims (Article 17 §3).
All of the above applies where we act as a Controller. In cases where we act as Processors, the person responsible for informing you and handling your requests is the relevant Data Controller.
In the event that you submit any relevant request in writing, we will examine your request and will respond to you within one month of receipt, either to satisfy it, or to inform you of the objective reasons preventing its satisfaction, or, taking into account any complexity of the request and the number of requests at the time and any similar inhibiting factors, to request an extension of up to two additional months for a response (Article 12(3)).
The exercise of the above rights is carried out at no cost to you, by sending a request, or a letter, or an email to the Controller. Abusive exercise of the above rights (Article 12 §5) may result in the payment of a reasonable fee.
In case that you are not satisfied with the manner we handle your Personal Data, or with our response to the exercise of the above rights by you, you are entitled to lodge a complaint with the Data Protection Authority.
6. GENERAL DATA
(A) COOKIES
The internet pages use so-called cookies. Cookies do not harm your computer and do not contain viruses. Cookies serve to make our offer more user friendly, effective and secure. Cookies are small text files that are stored on your computer and stored by your browser.
Most of the cookies we use are so-called “session cookies”. They are automatically deleted after your visit on the Website. Other Cookies remain stored on your device until you delete them. These cookies allow us to recognize your browser the next time you visit our Website.
You can set your browser so that you are informed about the setting of cookies and allow cookies only in individual cases, the acceptance of cookies for certain cases or generally exclude and activate the automatic deletion of cookies when closing yout browser. Disabling cookies may limit the functionality of the Website.
(B) LOG- FILES
A log- file is created as part of an automatic report of the processing computer system. This means that information regarding your used terminal is recorded as log-files on a server.
The websites provider records:
- Access to the page : page, date, time, frequency.
- How to go to the page (previous page, hyperlink e.t.c.)
- Amount of data sent
- Which browser and which version of it you are using
- Your IP address.
We may only store, post or retrieve server log-files for longer if permitted by law (for example, in cases of suspected illegal activity.
7. LINKS TO OTHER WEBSITES
Our Website may contain links to other websites that are not operated or controlled by us. If you click on such link, you will be directed to that third party’s website. We recommend that you check the privacy policy for each website you visit. We have assume no responsibility for the processing of your Personal Data by such Websites.
8. CONTACT DETAILS OF THE DATA PROTECTION OFFICER
If you wish to contact us for any issue relating to the processing of your Personal Data, or to exercise any of your rights, you can contact our company via email: info@thomaspoutas.com .
9. UPDATE POLICY
This policy was reviewed on 3 March 2022 and may be reviewed again if there is a significant change. This revision will be available on our website, with a note of the effective date.
10. CONTACT DETAILS FOR THE PERSONAL DATA PROTECTION AUTHORITY CYPRUS:
DATA PROTECTION AUTHORITY, Iasonos 1, 1082 Nicosia, 1082 Nicosia, telephone +357.22818456, e-mail: commissioner@dataprotection.gov.cy