PURPOSE OF THIS PRIVACY POLICY
This privacy policy aims to give information on how A. Soulis Enterprises Ltd collects and processes the personal data of its data subjects. Furthermore, to protect individuals' fundamental rights and freedoms, particularly their right to protect their personal data. Based on that principle, A. Soulis Enterprises Ltd is committed to implement all appropriate technical and organizational measures to protect them and abide by all the requirements of the General Data Protection Regulation (GDPR).
SOME USEFUL DEFINITIONS
“Personal data” means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
“Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
“Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
‘’Data subject’’ means the person whose personal data is being processed.
“GDPR” means the General Data Protection Regulation (European Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data).
CONTROLLER DETAILS
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
COLLECTION AND PROCESSING OF PERSONAL DATA
We collect personal information when our data subjects provide us directly with this information taking into account GDPR’s basic principles:
The categories of the data subjects, the purpose of the processing, the legal basis of the processing, the types of personal data processed and the recipients of the personal data are briefly explained in the table below.
Failure to provide us personal data required by a statutory or contractual requirement, or a requirement necessary to enter into a contract, we will be unable to proceed with cooperation.
Data subjects | Purpose of the processing | Legal basis | Type of personal data | Recipients |
Company personnel | Human resource management, execution of works (competency of personnel), employment, union subscriptions, payroll, allowances and funds, insurance coverage, medical condition, security and health and safety (CCTV), IT support | • Consent • Employment • Contracting • Legal obligation. • Legitimate interest |
Identification (e.g. i.d.), competency (e.g. trainings, licenses), medical condition, contact details, bank account details, social insurance details, projects’ photographs, CCTV images and videos | Company management, social insurance services and other governmental departments, insurance companies, clients, access by IT in case of support |
Employment candidates | Employment, competency of personnel, IT support | • Consent • Contracting • Legitimate interest |
Academic and professional qualifications, identification and contact details | Company management, access by IT in case of support |
Customers | Preparation of proposals for service provision, IT support, security and health and safety (CCTV) | • Contracting • Legitimate interest |
Name, contact details, CCTV images and videos | Company management, access by IT in case of support |
Suppliers of products | Purchasing of goods, IT support, security and health and safety (CCTV) | • Contracting • Legitimate interest |
Name, contact details, bank account details, CCTV images and videos | Company management, access by IT in case of support |
Suppliers of services (subcontractors) | Execution of works (competency of personnel), maintenance of machinery and equipment, waste management, IT support, security and health and safety (CCTV) | • Contracting • Legitimate interest |
Identification (e.g. i.d.), competency (e.g. trainings, licenses), contact details, bank account details, CCTV images and videos | Company management, access by IT in case of support |
PROCESSING OF DATA BASED ON CONSENT
Generally, we do not rely on consent as a legal basis for processing your personal data other than specific circumstances according to company’s policies and procedures. You have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal, by contacting our company representative, Andri Souli on admin@souliscranes.com.
DATA SECURITY
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your personal data to those employees and third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
TRANSFERRING OF PERSONAL DATA TO A THIRD COUNTRY
We may transfer personal data to a client located or based at a third country within the frame of our cooperation and during the provision of our services. In this case, we ensure that our client processes the provided personal data according to the “European Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data” and also declares that fully complies to Article 5 of the above Regulation for the principles relating to processing of personal data, among others, are only collected within the frame of our cooperation and they are not further processed in a manner that is incompatible with this purpose, kept for no longer than is necessary for the purpose are collected and are processed in a manner that ensures their appropriate security.
STORAGE PERIOD OF PERSONAL DATA
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for. To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means and the applicable legal requirements.
COOKIES
When you visit our website, you can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies.
RIGHTS OF DATA SUBJECTS
According to the “European Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data”, data subjects can exercise the rights presented below:
If you wish to exercise any of the rights set out above, please contact our company representative Andri Souli on admin@souliscranes.com.
RIGHT TO LODGE A COMPLAINT WITH THE SUPERVISORY AUTHORITY
You have the right to make a complaint at any time to the Commissioner for the Protection of Personal Data in Cyprus. We would, however, appreciate the chance to deal with your concerns before you approach the Commissioner so please contact our company representative Andri Souli on admin@souliscranes.com in the first instance.