18 June 2024
TABLE OF CONTENTS
- PURPOSE OF THIS NOTICE
- CONTACT DETAILS
- CONTROLLER
- PRIVACY NOTICE
- THE DATA WE COLLECT
- FAILURE TO PROVIDE PERSONAL DATA
- HOW IS YOUR PERSONAL DATA COLLECTED
- PURPOSES FOR WICH WE WILL USE YOUR PERSONAL DATA
- DATA SHARING
- RETENTION PERIOD
- YOUR LEGAL RIGHTS
- SAFETY MEASURES
1. PURPOSE OF THIS NOTICE
1.1. ASBISC ENTERPRISES PLC is committed to protecting your personal data. This Privacy Notice outlines how we collect, process, and use your personal data when you complete our New Customer Application Form and provide the necessary documentation (the “Application Form”). It also explains the choices available to you regarding the use of your personal data (the Privacy Notice).
1.2. This Privacy Notice is designed to help you understand our privacy practices, including what personal data we collect, why we collect it, what we do with it and how we protect it, as well as your individual rights. It also describes how you may contact us to learn more about our data practices or to exercise your rights.
1.3. It is important that any data we collect, and store is accurate. Therefore, if anything changes regarding your personal data during your relationship with us, please keep us informed.
1.4. We may change this Privacy Notice from time to time, to reflect how we are processing your data. If we proceed with such changes, we will notify you by revising the effective date at the top of this Privacy Notice. If we make significant changes to this Privacy Notice, that materially affect your privacy rights, we will provide you with an advanced notice and make that clear on our website, or by some other means of contact such as email, so that you are able to review the changes.
1.5. If you have any questions about this Privacy Notice, including any requests to exercise your legal rights, please contact our Data Protection Officer using the details set out below.
2. CONTACT DETAILS
1 Iapetou, Agios Athanasios, 4101, Limassol, Cyprus
E-mail: dpo@asbis.com
Phone: 25 857 097/ 25 857 098
3. CONTROLLER
3.1. ASBISC ENTERPRISES PLC, a company registered under the legislation of the Republic of Cyprus, with registered number HE 75069, registered address: 1 Iapetou Street, Agios Athanasios, 4101 Limassol, Cyprus, (the “Company”, “ASBIS”, “We”, “Us”), and its affiliated companies are the Data Controllers and responsible for your personal data. For the purposes of this policy an affiliated company means an entity which, directly or indirectly, owns or controls, is owned or is controlled by or is under common ownership or control with another entity. As used herein, “control” means the power to direct the management or affairs of an entity, and “ownership” means the beneficial ownership of fifty percent (50%) or more of the voting equity securities or other equivalent voting interests of the entity.
4. PRIVACY NOTICE
4.1 In order to be able to proceed with your registration as our customer, we act reasonably and believe that:
(a) you have all necessary rights to fill in and sign our Application Form.
(b) you are at least 18 years of age or older.
(c) provide true information to the extent necessary to fill in and sign our Application Form.
(d) you understand and accept the provisions of this Privacy Notice.
4.2. This Privacy Notice applies to EU citizens only.
5. THE DATA WE COLLECT
5.1 When using the term “Personal Data” in our Privacy Notice, we mean information that relates to you and allows us to identify you, either directly or in combination with other data that we may hold. We collect, use, store and transfer different kinds of personal data grouped together as follows:
|
1. Identity Data |
Includes: first name, middle name, last name, or similar identifiers of company’s directors, major shareholders’, purchasing contact authorized to place orders on behalf of the company, accounts payable contact and chief financial officer, Passport or ID if applicable, Power of Attorney or similar document if applicable rental or similar agreements and signatures. |
|
2. Contact Data |
Includes: telephone number and email address of purchasing contact authorized to place orders on behalf of the company, accounts payable contact and chief financial officer. |
|
3. Special Category Data |
Includes: details about your race or ethnicity mentioned on your ID or Passport, criminal records and offenses. |
|
4. Bank - Tax - Certificates Data |
Includes: bankers name and addresses when you apply for credit, trade references of major suppliers when you apply for credit, V.A.T. certificate, Director(s) and Shareholder(s) certificates. |
6. FAILURE TO PROVIDE PERSONAL DATA
6.1. Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us, but we will notify you in this case.
7. HOW IS YOUR PERSONAL DATA COLLECTED
7.1. We collect your data through:
|
1. Direct interactions |
You provide us with your Identity, Contact, Bank - Tax – Certificates Data and Special Category Data by filling in our Application Form and providing us with the required documentation for background screening. |
|
2. Publicly available sources |
We receive your personal data through public sources such as the Registrar of Companies, Public Authorities and Public Databases. |
8. PURPOSES FOR WHICH WE WILL USE YOUR PERSONAL DATA
8.1. We collect your personal data when you fill in our Application Form and provide us with the required documentation. Through compliance with this Privacy Notice we commit to respecting your privacy rights.
8.2. Pursuant to the EU General Data Protection Regulation (“GDPR"), for residents of the European Union, “personal data” is any information that relates to an identified or identifiable individual.
8.3. Personal data does not include data that has been effectively, irreversibly anonymized or aggregated so that it can no longer enable us or others, whether in combination with other information or otherwise, to identify you.
8.4. We process personal data to comply with laws and/or to prevent and detect fraud and abuse in order to protect the safety of our Company and others.
8.5. We describe in more detail and in addition to the aforementioned purposes the information we collect when you fill in the Application Form, why we collect and process it and the relevant legal bases.
|
Purpose/ Activity |
Type of data |
Legal basis for processing |
|
1.We use this data when you fill in the Application Form. |
(a)Identity Data (b) Contact Data (c) Sensitive Data (d) Bank -Tax – Certificates Data |
(a) Legal Obligation – to comply with Sanctions Laws and Regulations, Anti Money Laundering Regulations, as well as prevention of fraud. (b)Performance of a Contract – to enter into a contract with you and perform our payment obligations under this contract. Rental or similar agreements with warehouses are processed in order to be able to verify the delivery destination in case that differs from your registered address. |
8.6. Your personal data may also be processed if required by law enforcement or a regulatory authority, body, or agency or for the defence or exercise of legal claims. We will not delete personal data if it is related to an investigation or dispute. They will continue to be stored until these issues are fully resolved and/or during the period required and/or permitted under applicable/relevant law.
8.7. If we intend to further process your data for any purpose other than those set out in this Privacy Notice, we will provide you with details of that purpose before we start processing.
9. DATA SHARING
9.1. We may share your personal data with our affiliated entities, our insurers and auditors. If your personal data is shared with our insurers, they will contact your company directly to discuss matters related to credibility and evaluation. In this case, we ensure that all appropriate security measures are in place in compliance with all relevant laws and regulations.
10. RETENTION PERIOD
10.1. We will retain your personal data for as long as necessary to carry out the purposes for which the data was collected depending on the legal basis for which that data was obtained and/or if additional legal/regulatory obligations require us to retain your personal data during the period required and/or permitted under applicable/relevant legislation.
11. YOUR LEGAL RIGHTS
11.1. Under certain circumstances, you have rights under data protection laws in relation to your personal data.
11.2. Access. Request access to your personal data (commonly known as “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
11.3. Rectification, Portability, and Deletion of your Personal Data. You have the right to correct or update your personal data, object to the processing of your personal data, ask us to restrict processing of your personal data, or request the portability of your personal data. To protect the privacy and the security of your personal data, we may request data from you to enable us to confirm your identity and your right to access such data, as well as to search for and provide you with the personal data we maintain upon your request. There are instances where applicable laws or regulatory requirements allow or require refusing to provide or delete some or all the personal data that we maintain.
11.4. Request erasure of your personal data. This enables you to request the deletion or removal of your personal data when there is no good reason for us to continue processing it. You also have the right to request for deletion or removal of your personal data when you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request for erasure for specific legal reasons which will be communicated to you, if applicable, at the time of your request.
11.5. Object to processing of your personal data when we are relying on a legitimate interest (or those of a third party) and there is something about your situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which overrides your rights and freedoms.
11.6. Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to the use of your data but we need to verify whether we have overriding legitimate grounds to use it.
11.7. Request the transfer of your personal data to you or to a third party. We will provide you, or to a third party of your choice, with your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
11.8. Lodging Complaints. If you believe we have infringed or violated your privacy rights, please contact us so that we may attempt to resolve any issues to your satisfaction. Notwithstanding the approaches of exercising your rights stated above, this is without prejudice to your right to lodge a claim or complaint to your data protection authority (more details on data protection authorities and their contact info can be found at https://ec.europa.eu/info/law/law-topic/data-protection/reform/what-are-data-protection-authorities-dpas_en).
11.9. If you wish to exercise any of the rights set out above, please Contact us. We will aim to respond to you within 30 days of receipt of the request. We will need to verify your identity before we are able to disclose any personal data to you.
12. SAFETY MEASURES
12.1. We take technical, organizational, and legal measures to ensure that your personal data is protected from unauthorized or accidental access, deletion, modification, blocking, copying and dissemination.