At H.M.K. Eyescan Limited (hereinafter “we”, “us” or “our”) we are committed to protect our clients’ privacy and handling their personal data in an open and transparent manner.
2. Who we are
H.M.K. Eyescan Limited (‘’the Company’’) is a Cyprus based company that is engaged in the design, trading, installation, integration, and maintenance of security systems.
4. Identity and contact details of the Data Controller and Data Protection Officer.
(a) Data Controller
H.M.K. Eyescan Limited, a Cyprus private limited liability company, having registration number HE 143773, is the "Data Controller” pursuant to the GDPR, and related Cyprus Law, and determines how your personal data is kept and processed.
The main establishment and the central administration of the Data Controller is situated at 65 Michael Zavou street, Agios Athanasios, 4107, Limassol, Cyprus.
(b) Data Processor
In certain cases, H.M.K. Eyescan Limited is the "Data Processor” pursuant to the GDPR, and related Cyprus Law and deals with personal data as instructed by data controller for specific purposes and services offered to the controller that involve personal data processing.
(c) Data Protection Officer (DPO)
The DPO may be contacted directly with regards to all matters concerning this policy and the processing of your personal data including the enforcement of all applicable and available rights.
Official requests may be made by post at 65 Michael Zavou street, Agios Athanasios, 4107, Limassol, Cyprus, Cyprus or electronically at email@example.com.
5. What is personal data?
Personal data means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
6. What are special categories of personal data?
Special categories of data include information about an individual’s racial or ethnic origin, political opinions, religious or similar beliefs, trade union membership, physical or mental health or condition, criminal offences, or related proceedings, and genetic and biometric information —any use of special categories of personal data should be strictly controlled in accordance with this Policy.
7. What are the Data Protection Principles?
We will comply with applicable data protection law. This says that the personal data we hold about you must be:
used lawfully, fairly and in a transparent way;
collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes;
relevant to the purposes we have told you about and limited only to those purposes;
accurate and to the extent appropriate, kept up to date;
kept only as long as necessary for the purposes we have told you about; and
8. How do we collect your Personal Data?
We collect personal data directly from you in order to provide you with our products and or services, to market our products and or services and to improve our website. Our clients are mainly individuals, but they may also be legal persons. When clients are individuals, they provide their personal data directly themselves. When customers are legal persons they have representatives, employees and customers whose personal data are provided to us after they have confirmed that they are authorised to do so and allow us to use them accordance with this Policy.
We collect personal data by corresponding with us by telephone directly or through our 24-hour Alarm Receiving Centre, e-mail or otherwise. We ask you to disclose only as much data as is necessary to provide you with our services or to submit a question/suggestion/comment in relation to our products or our services. We also collect personal data from you through filling in forms and through your acceptance of sales orders and sales invoices.
In addition to the information you provide us directly, we may collect personal data from other sources including images from your CCTV system when we are asked to do so by you. Images are NOT recorded by us.
We collect and process certain Personal data from cookies, which are pieces of data stored directly on the computer or mobile device that you are using. Cookies allow us to collect data such as browser type, time spent on the website, pages visited, referring URL, and other aggregated traffic data. We use the data for security purposes, to facilitate navigation, to display data more effectively and to collect statistical data. At this time, we do not respond to browser “Do-Not-Track” signals.
10.What categories of Personal Data we collect and process?
We collect the following Personal Data from our clients which can include, but is not limited to, your name and surname, address, telephone number, email, signature, financial information such as bank account number or credit card details, IP Address and in certain cases after your consent has been obtained your photographs and personal testimonials that are used for marketing in our website and social media accounts.
Should there be a need to further process the personal data for a purpose other than that for which they were initially collected, you will be informed in advance about the additional purpose and the relevant details in respect to the further processing.
With your explicit consent we may collect special categories of personal data. Pursuant to the definition given by the GDPR, these data may include racial or ethnic origin, political opinions, religious or philosophical beliefs, health data, trade union membership, the processing of genetic data, biometric data, data concerning health, sex life or sexual orientation and criminal records.
If you do not provide us the necessary information we may not be able to enter into an agreement with you, or the legal person you represent, for the requested services and or products and/or we may be unable to fulfil its obligations on the basis of our agreement.
11.What lawful reasons do we have for processing personal data?
In order to proceed with a business relationship our clients must provide their personal data to us which are necessary to operate our business and provide our services.
In accordance with GDPR we may rely on the following lawful reasons when we collect and use personal data to operate our business and provide our products and services:
· Compliance with legal obligations– We may collect and process personal data in order to meet legal and other regulatory obligations.
· Contract – We may process personal data in order to perform our contractual obligations towards you
· Consent - We may rely on your freely given consent to keep and process your personal data. You have the right to withdraw consent at any time.
· Legitimate interests – We may rely on legitimate interests based on our evaluation that the processing is fair, reasonable and balanced. A legitimate interest is when we have a legal, business or commercial reason to use our clients’ information. Instances of such processing activities can include, but not limited to initiating legal claims, preparing our defense in litigation procedures, etc.
12. How do we use your Personal Data
H.M.K. Eyescan Limited undertakes to ensure that all processing of personal data is lawful, fair and transparent. Data will only be collected for a specific, explicit and legitimate purpose and collecting and processing will not go beyond what is necessary for the purpose of the processing. The processing shall always be adequate, relevant and limited to what is necessary for the purpose for which they are processed. We use your Personal Data for the following purposes:
· To communicate with you including responding to your queries or requests in relation to our products and services.
· To set up you as a client in our systems.
· Process sales orders and invoices and payments from you.
· To market our products and services through our website and social media accounts.
· Administer or otherwise carry out our obligations in relation to any agreement you have with us such as monitoring and maintenance of your systems.
· Anticipate and resolve problems with any services and or products supplied to you.
13.Do we share personal data with third parties?
In the course of our business relationship our clients’ personal data may be provided to various departments within our Company including our Alarm Receiving Centre. In addition, the following third parties may also be the recipients of the personal data under the certain circumstances:
· Public authorities, whereby a statutory obligation exists that we are subject to or where we are required to do so as part of any legal investigation or proceedings.
· Police forces and Fire & Rescue services where these are offered as points of contact for your installed systems.
· Financial institutions in the context of receiving and making payments.
· Any other service providers or professionals that we engage in the normal course of our business, such as service providers, auditors, lawyers, business consultants etc.
Third parties to whom we may disclose Personal Data may have their own privacy policies which describe how they use and protect Personal Data. If you want to learn more about their privacy practices, we encourage you to visit the websites of those third parties.
14.Do we transfer your personal data outside the European Economic Area?
We store personal data on servers located in the European Economic Area (EEA). We may transfer personal data to reputable third party organisations situated inside or outside the EEA when we have a business reason to engage these organisations or where it is needed to fulfil our services such as reservations with airlines, hotels etc in accordance with your instructions. Each organisation is required to safeguard personal data in accordance with our contractual obligations and data protection legislation.
15.Personal data security.
We have put in place appropriate technical and organisational measures including physical, electronic and procedural measures to protect personal data from loss, misuse, alteration or destruction. We restrict access to information at our offices so that only officers and/or employees who need to know the information have access to it. Those individuals who have access to the data are required to maintain the confidentiality of such information. In addition, we have trained our employees on how to handle, manage and process personal data, applied upgraded technical measures and transformed our policies and procedures in a way that will comply with the GDPR.
Please be aware that the transmission of data via the Internet is not completely secure. Users should also take care with how they handle and disclose their personal data and should avoid sending personal data through insecure email.
16.Retention of personal data.
We will keep our clients’ personal data for as long as we have a business relationship.
Once our business relationship has ended, we will hold your personal data on our systems for the longest of the following periods:
a) any retention period that is required by law or regulations;
b) the end of the period in which litigation or investigations might arise in respect of the services or
c) as directed by our own internal retention policies or practices, the length of which may vary depending on the nature of the information that is held.
The personal data processed for the purposes of sending newsletters shall be kept with us until you notify us that you no longer wish your personal data to be used for this purpose.
18.What are your data protection rights?
Subject to the provisions of the GDPR, you have certain rights regarding the Personal Data we collect, process or disclose and that is related to you, including the right:
· To receive access to your personal data (right to access).
· To rectify inaccurate personal data concerning you (right to data rectification);
· To request deletion/ erasure of your personal data (right to erasure/deletion, “right to be forgotten”);
· to receive the Personal Data provided by you in a structured, commonly used and machine-readable format and to transmit those Personal Data to another data controller (right to data portability);
· to object to the use of your personal data where such use is based on our legitimate interests or on public interests (right to object);
· in some cases to request the restriction of processing of your personal data (right to restriction of processing);
· To withdraw the consent given to us with regard to the processing of your personal data at any time. Note that any withdrawal of consent will not affect the lawfulness of processing based on consent before it was withdrawn.
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information or to exercise any of your other rights. This helps us to ensure that personal data is not disclosed to any person who has no right to receive it. No fee is required to make a request unless your request is clearly unfounded or excessive. Depending on the circumstances, we may be unable
to comply with your request based on other lawful grounds, We will try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
19.How to raise a complaint
To exercise any of the above rights, or for any questions or complaints about our use of your personal data, please contact our Data Protection Officer, either by post at 65 Michael Zavou street, Agios Athanasios, 4107, Limassol, Cyprus, Cyprus or electronically at firstname.lastname@example.org.
Complaints may also be lodged to the supervisory authority in Cyprus (Office of the Commissioner for Personal Data Protection, by post at 1 Iasonos Str. 1082, Nicosia, Republic of Cyprus. More information can be found at http://www.dataprotection.gov.cy.