The General Data Protection (GDPR) Policy
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
Processing personal data is generally prohibited, unless it is expressly allowed by law, or the data subject has consented to the processing. Consent must be freely given, which means that individuals are given a choice how such data is being used.
How is Data collected?
Data may be collected in several different ways:
Why is this Data processed?
- Data, such as contact details, may be provided by customers when they request a specific service;
- Browsing data, such as IP addresses, pages visited within the website, amount of time spent on the website, and click stream analysis may be collected when Users visit our websites. While we do not collect this information in order to link it to specific users, it is still possible to identify those users either directly via that information or by using other information collected);
We will process the Data collected to provide the User with the service they have requested. We will also perform surveys on customer satisfaction related to the quality of our goods and services, provided that it is in our legitimate interests to do so. If a User consents to us doing so, we will send them relevant marketing information and carry out market research about our products and services so that they don’t miss out on current offers. If Users tell us that they want to receive communication that is specific to them, then we will analyse their personal preferences, interests or behaviors so that we can send them customized communication that we think they might like. If Users tell us that they are interested in receiving relevant offers from others companies that might interest them, then we will share their Data with companies in our group and selected partners in the automotive, financial, insurance and telecommunication sectors with whom we work closely. As we are always looking to make the User’s experience better, we also use the Data to improve our websites. We normally process the Data by automated or electronic means through our websites and mobile apps. We also process data through electronic means, including e-mails and by phone (e.g. SMS, MMS and fax).
Who processes the data?
The Data may be processed by natural persons and/or legal entities (“processors”), acting on our behalf under our specific instruction or contractual obligations. We may send the Data to third parties to comply with legal obligations, or for security purposes.
What about Links to Third Party websites?
Our websites often contain links to third party websites. Those websites are the responsibility of the relevant third party and we cannot accept responsibility for any information or Data inputted into those websites.
Who is the data controller?
The data controller is CiC Automasters Ltd, with registered office at 65/67 Kantaras Avenue, 1027 Kaimakli, Nicosia.
Who is the DPO?
The DPO is Dr Adrian Ioannou, CDPO at email address: firstname.lastname@example.org
Where will my data be processed?
Processors are usually based in EU Member States but we may transfer the Data in countries outside of the European Economic Area (EEA), for example, to store them in databases managed by entities acting on our behalf. These processors of the Data are bound by the instructions we give them to process the Data and must do so in accordance with applicable data protection laws. In the event the Data is transferred outside of the EEA, we will use appropriate measures to guarantee adequate protection of the Data, usually in the form of standard contractual clauses approved by the EU Commission for the transfer of personal data outside of the EEA.
How long will my data be kept?
In providing services requested, we may store your Data for as long as is necessary to protect our interests relating to potential liability related to that service. We will only keep the Data for as long as is deemed strictly necessary to fulfill the purpose for which it was collected. Consent to marketing and other activities unrelated to the performance of the specific service requested may be withdrawn at any time, following which the Data will no longer be used for that purpose. Although the User will not be contacted for that purpose any longer, we may still store it to protect our interests.
What rights do Users have?
Users have the right to:
- Know if any Data is being processed by us and, where applicable, have access to it;
- Rectify any inaccurate information we have or to have it erased when the request is legitimate;
- Restrict the processing of the Data when the request is legitimate;
- Portability, where applicable so that the Data can be obtained in a structured,, ordinarily used and readable format, as well as the right to transfer the Data to other controllers;
- Object to the processing of the Data when the request is legitimate; and
- Lodge a complaint with a supervisory authority in case of unlawful processing of Data.
You can exercise these rights by writing to the data controller at the above address or you can write to the email address: email@example.com
The relevant supervisory authority in Cyprus is the Office of the Commissioner for Data Protection. You can contact the Commissioner’s office via their website: www.dataprotection.gov.cy