1. PURPOSE
At Harco Trading Ltd, we value our customers and take pride in providing you our products and services in the paper converting industry.
The Company obtains certain personally identifiable information about you, to facilitate our relationship and offer you the best possible service.
The purpose of this Privacy Policy is to explain our practices and policies for collecting, using and sharing information and Cookies collected from or about you. We have adopted additional policies and procedures that are part of our ongoing product and service support.
This Privacy Policy applies regardless of whether you are accessing the website via a personal computer, a mobile device or any other technology or devices, or on records we maintain as part of our ongoing business. If you have any questions, you can contact our DPO (Data protection Officer) gnosis@cy.net.
2. TYPES AND USAGE OF INFORMATION WE COLLECT
No | Purposes of processing your data | Personal data involved | Possible consequences of failure to provide the personal data | Legal basis for processing your data |
---|---|---|---|---|
1 | Your Customer Registration | Personal Identifiers, Contact Details, Tax Identifiers, Social Security Identifiers, Financial Information, Connection Information, Location Information | Failed registration | Contract Performance |
2 | Identity and Contact Details Verification | Personal Identifiers, Criminal Activity, Financial Information, Social Security Information, Connection Information, Localization Information | Account suspension/ closure, Unavailability to login, Withdrawal request unavailable | Regulatory/ Legal Obligation |
3 | Transactions Management | Personal identifiers, Financial Information | Account suspension/ closure, Withdrawal request freezing and/ or cancellation | Regulatory/ Legal Obligation |
4 | Monitoring & Assessing purchasing Behaviour for Crime Prevention | Personal Identifiers, Contact Details, Criminal Activity, Tax Identifiers, Social Security Identifiers, Financial Information | Account suspension/ closure, Unavailability to login, Withdrawal request unavailable | Regulatory/ Legal Obligation |
5 | Monitoring & Assessing Credit Behaviour for Business Development | Personal Identifiers, Criminal Activity, Financial Information, Social Security Information, Connection Information, Localisation Information | N/A | Legitimate Interest (Internal Reporting & Business Development) |
6 | Monitoring & Assessing spending Behaviour for Personalised Offers, Bonuses and User Interface | Personal Identifiers, Criminal Activity, Financial Information, Social Security Information, Connection Information, Localisation Information | Unavailability of receiving offers and bonuses. Not customized spending experience. | Consent |
7 | Informative Communications, Newsletters and Campaigns | Personal Identifiers, Contact Details | Unavailability of receiving newsletters and general marketing campaigns. | Consent |
8 | Inquiries, Complaints & Troubleshooting | Personal Identifiers, Contact Details, Occupational Activity, Connection Information, Localisation Information, Financial Information | N/A | Legitimate Interest (Optimal experience for our customers and troubleshooting of issues) |
9 | Reporting to Regulatory/ Law enforcement Authorities | Personal Identifiers, Criminal Activity, Financial Information, Social Security Information, Connection Information, Localisation Information, Tax Identifiers | Account suspension/ closure, Unavailability to login, | Regulatory/ Legal Obligation |
10 | Promotions and offers | Personal Identifiers, Contact Details | Unavailability of the relevant promotion, offer, etc. | Consent |
11 | Credit worthiness and solvency checks, compare information for accuracy, and verify it with third parties | Personal Identifiers, Criminal Activity, Financial Information, Social Security Information, Connection Information, Localization Information | Potential restrictions web site usage in cases of detection of malpractices | Legitimate Interest (Assurance of accuracy and legal nature of information provided) |
12 | Quality Assurance and Customer Services Training Through Call Recording | Personal Identifiers, Contact Details, Occupational Activity | Unavailability of Call-back/ Phone Customer Service | Legitimate Interest (Optimal experience for our customers and quality assurance of our customer service) |
“Additional Provisions Applicable to Processing of Personal Information of EEA Residents.” This includes detailed information provided pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of natural persons with regard to the processing of Personal Information and on the free movement of such data, commonly referred to as the “General Data Protection Regulation” (GDPR).
Your rightsExercising your rights. You may exercise any of your rights in relation to your personal data by written notice gnosis@cy.net to us in addition to the other methods specified above
You may instruct us to provide you with any personal information we hold about you; provision of such information will be subject to:
(a) your request not being found to be unfounded or excessive, in which case a charge may apply;
(b) the supply of appropriate evidence of your identity (for this purpose, we will usually accept a photocopy of your passport certified by a solicitor or bank plus an original copy of a utility bill showing your current address).
We may withhold personal information that you request to the extent permitted by law.
You may instruct us at any time not to process your personal information for marketing purposes.
In practice, you will usually either expressly agree in advance to our use of your personal information for marketing purposes, or we will provide you with an opportunity to opt out of the use of your personal information for marketing purposes.
The rights you have under data protection law are:
(a) The right to access;
Your right to access your data. You have the right to ask us to confirm whether or not we process your personal data and, to have access to the personal data, and any additional information. That additional information includes the purposes for which we process your data, the categories of personal data we hold and the recipients of that personal data. You may request a copy of your personal data.
The first copy will be provided free of charge, but we may charge a reasonable fee for additional copies
(b) The right to rectification;
Your right to rectification. If we hold any inaccurate personal data about you, you have the right to have these inaccuracies rectified. Where necessary for the purposes of the processing, you also have the right to have any incomplete personal data about you completed.
(c) The right to erasure;
Your right to erasure. In certain circumstances you have the right to have personal data that we hold about you erased. This will be done without undue delay. These circumstances include the following: it is no longer necessary for us to hold those personal data in relation to the purposes for which they were originally collected or otherwise processed; you withdraw your consent to any processing which requires consent; the processing is for direct marketing purposes; and the personal data have been unlawfully processed.
However, we will only process it for other reasons: with your consent; in relation to a legal claim; for the protection of the rights of another natural or legal person; or for reasons of important public interest.
(d) The right to restrict processing;
Your right to restrict processing. In certain circumstances you have the right for the processing of your personal data to be restricted. This is the case where: you do not think that the personal data we hold about you is accurate; your data is being processed unlawfully, but you do not want your data to be erased; it is no longer necessary for us to hold your personal data for the purposes of our processing, but you still require that personal data in relation to a legal claim; and you have objected to processing, and are waiting for that objection to be verified. Where processing has been restricted for one of these reasons, we may continue to store your personal data.
However, we will only process it for other reasons: with your consent; in relation to a legal claim; for the protection of the rights of another natural or legal person; or for reasons of important public interest.
(e) The right to object to processing;
Your right to object to processing. You can object to us processing your personal data on grounds relating to your particular situation, but only as far as our legal basis for the processing is that it is necessary for: the performance of a task carried out in the public interest, or in the exercise of any official authority vested in us; or the purposes of our legitimate interests or those of a third party. If you make an objection, we will stop processing your personal information unless we are able to: demonstrate compelling legitimate grounds for the processing, and that these legitimate grounds override your interests, rights and freedoms; or the processing is in relation to a legal claim.
(f) The right to data portability;
Your right to object to direct marketing. You can object to us processing your personal data for direct marketing purposes. If you make an objection, we will stop processing your personal data for this purpose
Automated data processing. To the extent that the legal basis we are relying on for processing your personal data is consent, and where the processing is automated, you are entitled to receive your personal data from us in a structured, commonly used and machine-readable format. However, you may not have this right if it would adversely affect the rights and freedoms of others.
(g) The right to complain to a supervisory authority;
Complaining to a supervisory authority. If you think that our processing of your personal data infringes data protection laws, you can lodge a complaint with a supervisory authority responsible for data protection. You may do this in the EU member state of your habitual residence, your place of work or the place of the alleged infringement.
(h) The right to withdraw consent;
Right to withdraw consent. To the extent that the legal basis we are relying on for processing your personal data is consent, you are entitled to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.
The personal data we hold for Staff
Personal data that we may collect, use, store and share (when appropriate) about staff includes, but is not restricted to:
Why we use this Staff data
The purpose of processing this data is to help us run the business, including to:
Enable you to be paid
Facilitate safe recruitment, as part of our safeguarding obligations towards pupils
We only collect and use personal information about you when the law allows us to. Most commonly, we use it where we need to:
Less commonly, we may also use personal information about you where:
Some of the reasons listed above for collecting and using personal information about you overlap, and there may be several grounds which justify the business’s use of your data.
Collecting this Staff informationWhile the majority of information we collect from you is mandatory, there is some information that you can choose whether or not to provide to us.
Whenever we seek to collect information from you, we make it clear whether you must provide this information (and if so, what the possible consequences are of not complying), or whether you have a choice.
How we store this Staff dataWe create and maintain an employment file for each staff member. The information contained in this file is kept secure and is only used for purposes directly relevant to your employment. The staff files are kept within a locked cupboard in the Director’s office. You are able to have access to your file at any time to ensure that all information about you is up to date.
Once your employment with us has ended, we will retain this file and delete the information in it in accordance with our retention policy which currently states that we will keep it for two years for reasons such as: fulfilling a reference request.
What we store | How/Where it is stored |
---|---|
Personnel files | Hard copies are kept securely within the Director’s office in a locked cupboard. You can request to see your personnel files at any time through the head or deputy. |
Performance management documentation | Electronically on the server and data system. Hard copies are kept within the Director’s office. You can request to see your performance management at any time through the head or deputy. |
Attendance information | Electronically on the server and data system. It is sent to backup link via a secure link Hard copies are kept within the Director’s office. You can request to see your attendance information at any time through the Director. |
We do not share information about you with any third party without your consent unless the law and our policies allow us to do so.
Where it is legally required or necessary (and it complies with data protection law) we may share personal information about you with:
We will not sell, disclose, or rent your personal information to any third party/entities in ways different from what is disclosed in this privacy notice. However, we may disclose your personal information to third parties:
3.1 In the event that we sell or buy any business, assets or shares, we may disclose your personal data to the prospective seller or buyer of such business, assets or shares.
3.2 If we are under a duty to disclose or share your personal data in order to comply with any legal or regulatory obligation, in order to enforce or apply our terms and conditions, or to protect our rights, property, or safety, or those of our customers or others.
3.3 In order to cooperate with law enforcement agencies to enforce laws, as well as investigate and prosecute unlawful activities such as frauds and scams. We maintain the right to disclose any information about you to law enforcement and other government officials as we, in our sole discretion, believe necessary or appropriate, in connection with any investigation of fraud, scam or other activity that is illegal. In particular, these authorities are:
This includes exchanging information with other companies and organizations (e.g. banks, credit institutions) within or outside EU for the purposes of fraud protection and credit risk reduction. These entities may then use your personal information to investigate and act on any such breaches in accordance with their procedures.
3.4 Finally, we may disclose certain personal information to unaffiliated third-party service providers, agents or independent contractors who help us maintain our website and provide other administrative services to us (including, but not limited to, order processing and fulfillment, providing customer service, maintaining and analyzing data, sending customer communications on our behalf, and entry collection, winner selection and prize fulfillment for contests, and other promotions). We seek to ensure that these unaffiliated third parties will not use the personal information for any other purpose than to provide the administrative services for which they are responsible. We also enter into contracts with these third parties that compel them to meet the privacy standards required by law in handling your personal information, and use the information only for the purposes for which it was conveyed to them.
Aiming to achieve the purposes described under section 2 of the current policy, the following third parties, located in the European Union, may receive your data:
3.5 We will not disclose your personal information with any third parties outside of the European Union in countries where there is no adequate data protection regime. However, in the event that such a data transfer occurs, we will take all reasonable steps possible to ensure that your data is treated as securely as it is within the EU/EEA and in accordance with this Privacy Policy and the applicable legislation. Additionally, we willupdate the current Privacy Policy in order to reflect the cross-border data transfer and the relevant safeguards for your privacy.
4. HOW LONG WE KEEP YOUR DATA4.1 It is our policy to only retain client information for as long as is necessary for the purpose for which it was originally obtained, in alignment with the Data Minimization and Storage Limitation principles. For all purposes below, your data will be retained for a seven years period, after the termination of the customer relationship. Additionally, we align the retention of your information with potential differentiations arising from the exercising of your data privacy rights (please refer to section 6). However, in some cases some personal information may be retained beyond that time period due to potential legal obligations, legitimate interest purposes, etc. Such reasons would be issues related to:
5.1 At any point while we are maintaining or processing your data, you have the following rights and can submit a relevant request via your personal account:
5.2 We will assess your request and reply to you regarding the progress and outcome of the request (granting of request, partial granting of request, rejection of request), as soon as possible and in any case in no longer than one month of the request’s submission.
In the event that Harco Trading Ltd refuses your request regarding the aforementioned Data Privacy Rights, we will provide you with a reason as to why. You have the right to lodge a complaint directly with the Regulatory authority and the DPO (via the means described in paragraph 13 of the current policy).
5.3 We reserve the right to reject requests that are unreasonably repetitive, require disproportionate technical efforts or have disproportionate technical consequences, risk the privacy of others, or would be extremely impractical.
6. UPDATING YOUR PERSONAL INFORMATION6.1 Except for exceptional circumstances, you may review, update or delete certain personal information by, if you are a registered user of the website, logging on and using the tools provided to edit such information. However, certain data that are necessary to check eligibility, such as date of birth or age, cannot be deleted.
6.2 You can obtain a copy of your personal information through your personal account. For your protection, you will be required to provide proof of your identity to obtain such copies. You should include adequate information to identify yourself and such other relevant information that will reasonably assist us in fulfilling your request. If you would like to close your account, you can also contact customer services. If you would like to close your account, this could be done through your personal account. We will comply with such requests unless we have a legitimate ground to not delete the data.
7. SECURITY7.1 Protecting your data is of utmost importance for Harco Trading Ltd and in this regard, we constantly strive to provide all possible means of assuring your personal data’s safekeeping, the restriction of unauthorized access and / or potential alterations. Such means include information security measures consistent with current best practices to protect our customers’ privacy. These measures include technical, procedural, monitoring and tracking steps intended to safeguard data from misuse, unauthorized access or disclosure, loss, alteration or destruction
8. PROFILING
8.1 We collect your personal data including transactional behavior, Purchasing activity and practices, cookies and geolocation information, amongst others, in order to provide you with customized and tailored to your preferences views and services. The profiling activity allows us to present you with a personalized view and experience on our website.
8.2 The profiling activity also allows us to detect and report potential fraudulent behavior and violation of our Terms and Conditions potential money laundering practices and responsible spending behavior, in line with our regulatory/ legal obligations of reporting such incidents to the relevant authorities.
To summarize the aforementioned, the profiling activity is deemed necessary for the following purposes:
9.1 Additionally, and in order to provide to you personalized offers, promotions and marketing material, we collect your personal data, including transactional behavior, spending activity and practices, cookies and geolocation information, amongst others. Usage of such services is on the sole discretion of you and the consent provided upon your registration. You can provide your consent at a later time or revoke an existing consisting consent for such services, through our dedicated consent management portal integrated in your personal account.
10. INTERNET PROTOCOL (IP) ADDRESSWhen you visit the Website, we register your device`s IP address and browser settings. Your IP address is a unique address that devices use in order to identify and communicate with each other on a computer network. Browser settings can include the type of browser you use, browser language, and time zone. We collect this information so that we can personalize your experience and trace your device in cases of misuse or unlawful actions in connection with visits to or use of the service. Furthermore, we may use the IP address to approximate your location (at city level).
11. COOKIES11.1 A 'cookie' is a small text file that is downloaded onto your access device when you visit a website and that enables the website to obtain certain information from your browser, such as your preferences. This website use cookies and similar technologies to manage login sessions, provide personalized web pages and to tailor advertising and other content to reflect your specific needs and interests.
11.2 You may configure your browser to block all cookies, including cookies associated with our services, or to indicate when a cookie is being set by us. However, it is important to remember that many of our services may not function properly if cookies are disabled. For example, we may not remember your language preferences. Please refer to your browser’s or mobile device’s technical documentation for instructions on how to delete and/or disable cookies.
11.3 For further information on cookies, how they are used and how they apply to the use of your personal data, please visit www.aboutcookies.org or www.allaboutcookies.org.
12. CHANGES TO OUR PRIVACY POLICY12.1 We strive to constantly review and update our privacy policy in order to address potential legislative and regulatory requirements, while providing optimal protection of your privacy. Any update will be communicated to you via the current web page.
13. CONTACT US13.1 If at any time you believe that we have not adhered to the provisions set out within this Privacy Policy or for any other Data Privacy related matter, please contact us through email at gnosis@cy.net. Kindly be informed that our Data Protection Officer is Dr Chrysanthos Mardapittas.
Address
8 Karakoumi Str.,
2540 Dali,
Nicosia, Cyprus
Τ.Θ 12550
2250
Latsia, Cyprus
Working Hours
Monday - Thursday
7:30-16:00
Friday
7:30-14:30