Data Privacy Statement

Introduction

Uniteam Group of Companies (“UGOC” or “we/us/our”) respects your privacy and is committed to protecting your personal data (“personal data” or “data”) in accordance with the requirements set out by the current laws on the protection of personal data (the “Data Protection Laws”), namely (i) Regulation (EU) 2016/679 (General Data Protection Regulation – GDPR), (ii) the Protection of Natural Persons with Regard to the Processing of Personal Data and the Free Movement of such Data Law of 2018 (Cyprus Law 125(I)/2018), (iii) applicable EEA Member States’ GDPR implementing and supplementing laws and (iv) any other applicable data protection national laws and regulations to which the members of UGOC are subject.

1. About us and this notice

UGOC, represented by Uniteam Corporation Limited, established at 284-286 Makarios III Avenue, 3105 Limassol, Cyprus, is the controller of your data, i.e. the party responsible for the processing of your personal data either collected automatically through your use of this website or provided by you through the communication features embedded in this website.

This notice is to inform you what personal data relating to you we do or may collect while you are using this website, on which legal basis we intend to process the data, for which purpose(s) and give the details on how the processing is carried out.
This website is not addressed to children, and we do not intend to or knowingly collect personal data relating to persons below 14 years of age.

UGOC is made up of several organisations, brief details of which can be found on this website. Each of these organisations has its own website, which can be easily accessed through the link accompanying the organisation’s introduction or simply by clicking on the respective organisation’s logo. For the details of processing of personal data by each member organisation, please refer to the individual Privacy Notices available on their websites.

It is important that you read this Privacy Notice together with any other privacy policy or notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This Privacy Notice supplements other notices and privacy policies and is not intended to override them.

2. The data we collect about you, purposes and legal bases for processing your data

Personal data means any information relating to an individual natural person from which that person can be identified, either directly or indirectly.

UGOC does not collect and further process any personal data, apart from a very limited scope of your data intrinsically related to your use of our website, which is processed for the following purposes and on the below indicated legal bases:

 

Purposes Personal Data
Delivery of the website content to the visitors 3 IP address, browser type, version & certain settings, device type
Effective response to a Privacy Request you may submit 2 Your relationship with UGOC, name, title, e-mail address, postal address, country of residence, details of your enquiry
Monitoring and improvement of the website performance 1,3 IP address, browser type & version, device type, operating system, website usage data (access, visit time, pages visited, links followed, etc.)

 

Legal bases for our collection and further processing of your personal data, as applicable to the specific purposes listed in the table above:

1 – your consent, for example when you consent to the placing of cookies on your browser

2 – compliance with our legal obligations – the EU General Data Protection Regulation in this case

3 – necessity for our (or a third party’s) legitimate interest

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.

3. How is your personal data collected?

The aforementioned information is collected automatically whenever you visit and interact in any way with our website. This process is carried out using cookies and/or similar tracking technologies. For more information on cookies, their categorisation, specific characteristics and functions as well as the way of managing your consent for our use of certain categories of cookies, please refer to our Cookie Notice (also accessible from the website cookie banner and the cookie preference screen).

Your personal data will also be collected when you decide to file a Privacy Request and submit the completed request form.

4. Disclosures of your personal data

The personal information UGOC collects from you is stored on secure servers and facilities in the European Union. All the data acquired by UGOC is handled and stored in compliance with the applicable and legal requirements of the EU.

We do not disclose your personal data to third parties for their independent use unless:
(i) you request or authorise it;
(ii) the information is required to comply with applicable laws (for example, to comply with a search warrant, subpoena or court order, KYC, anti-money laundry regulations or tax and employment duties), enforce an agreement we have with you, or to protect our rights, property or safety, or the rights, property or safety of our employees or others;
(iii) the information is provided to our agents, vendors, service providers, companies of UGOC, that perform functions on our behalf;
(iv) it is necessary to address emergencies or acts of God; or
(v) it is necessary to address disputes, claims, or to persons demonstrating legal authority to act on your behalf.
(vi) to comply with our contractual or legal obligations
(vii) it is necessary for the performance of mergers and acquisitions
(viii) it is necessary to establish, exercise or defend legal claims or for our legitimate interests

5. International transfers

UGOC would transfer your personal data outside the EU only if:
(i) you gave your consent;
(ii) necessary to perform a contract with you; or
(iii) necessary to fulfil a compelling legitimate interest of UGOC in a manner that does not outweigh your rights and freedoms. UGOC endeavours to apply suitable safeguards to protect the privacy and security of your personal data and to use it only consistently with your relationship with the UGOC and the practices described in this Privacy Policy.
(iv) If UGOC is involved in a merger, acquisition or asset sale, your personal data may be transferred.

6. Data security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

7. Data retention

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

Information collected from your device constitutes personal data (identifiable through your IP address) only for a very short period (please refer to our Cookie Notice for the exact retention periods). This data is then aggregated into periodical statistics further used for the purpose of analysing the website performance and visitors’ interactions with it. The aggregated data does not contain unique identifiers and is considered anonymous. The process is irreversible and, consequently, such anonymised information is not considered personal data anymore.

Submitted Privacy Requests, together with any information collected or exchanged in the course of their processing, are retained for 24 months. However, any files that may be attached to a request are automatically deleted 30 days after closing of the request.

8. Automated decision-making

We are not using your personal data for an automated creation of your behaviour or preferences profile. Your personal data are not used to generate any automated decision that may have an impact on your personal situation.

9. Your legal rights

Whenever we collect your personal data, we will fully respect all your statutory rights prescribed by the Data Protection Laws. Subject to certain legal conditions you may have the right:

  • to access to your personal data, i.e. to verify what personal data we currently hold on you and how we process it (commonly known as a ‘data subject access request’). You may also request a copy of your personal data that is undergoing processing.
  • to correction of your personal, in case it turns out in any way that the information we hold is incomplete, inaccurate or outdated, though we may need to verify the accuracy of the new data you provide to us.
  • to erasure (deletion) of your personal data when:
    • there is no valid purpose for us to continue processing your data, or
    • you withdraw your consent for specific processing and there is no other legal basis for such processing, or
    • you effectively objected to the processing, as explained below, or
    • the processing of your data is unlawful, or
    • the law, to which we are subject, requires such deletion.
  • to restrict the processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios:
    • if you want us to establish the data’s accuracy.
    • where our use of the data is unlawful but you do not want us to erase it.
    • where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims.
    • you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
  • to object to processing of your personal data when:
    • we are processing your personal data for the purpose of our (or a third party’s) legitimate interest AND – due to your particular situation – you have ground to believe that such processing has or may have a negative impact on your fundamental rights and freedoms. We will stop the processing in such a case unless we can prove having evident compelling legitimate grounds for the processing, which may override your legitimate interests, right and freedoms. The objection may also be ineffective if the processing is necessary for our establishment, exercise or defence of a legal claim.
      OR
    • your personal data is used for our direct marketing purposes. No conditions apply to such objection and the processing in question will be terminated.
  • to request the transfer of your personal data to you or to a third party.
  • to withdraw your consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

In case there are legal grounds for our refusal to comply with your request, or if – for justified reasons – we are unable to effectively respond to the request within the prescribed timeframe, we will promptly notify you about such circumstances.

10. Contact

In case you have any enquiry, suggestion or complaint concerning our processing of your personal data, or a request for the execution of any of your statutory rights, please complete and submit the Privacy Request web form. A link to this form is permanently available in the footer section of this website.

Although, for the purpose of consistent recording and efficient processing of requests, we strongly recommend using the said online form, you may alternatively contact our Data Protection Officer (DPO) for any matters relating to the processing of your personal data, through:

e-mail:              dpo@uniteamcompanies.com, or
telephone:      +357 25 846 111

We shall effectively respond to any enquiries you may have, and endeavour to resolve any issues within the 30-day time frame prescribed by the Data Protection Laws.

We will not charge any fee for responding to the enquiries, including the requests for execution of the statutory rights. However, in case requests are clearly unfounded, repetitive or excessive, a reasonable administrative fee may be charged, or we may, alternatively, refuse processing of such requests.

While processing your enquiry, we may request additional information to prove your identity and thus ensure that your personal data is not disclosed to any other, unauthorised person.

You have the right at any time to file a complaint with the Cyprus Data Protection Authority (DPA), i.e. the Office of the Commissioner for Personal Data Protection:

15 Kypranoros Street,                      telephone:      +357 22 818 456
1061 Nicosia,                                     fax:                     +357 22 304 565
Cyprus                                                e-mail:              commissioner@dataprotection.gov.cy

If you are resident in an EEA country other than Cyprus, you may file such a complaint with the DPA competent for the place of your usual residence. Contact details of all EEA DPAs can be found in the website of the European Data Protection Board.

We would, however, appreciate the chance to deal with your concerns before you approach a DPA, so please contact us in the first instance.

11. Changes to the privacy notice

This notice is subject to regular review and will be updated whenever any change in the scope and/or the methods of processing your personal data occurs.