General
This Privacy Policy sets out how ZT ONE IMAGE CO. LIMITED(hereinafter referred to as“ ZT ONE IMAGE CO. LIMITED” and/or “the Company” and/or “Us” and/or “We”) processes data, whether on individuals (including personal data in respect of individuals who are clients of the Company, intermediaries or other third parties that ZT ONE IMAGE CO. LIMITED interacts with, or any individual who is connected to those parties) (hereinafter referred to as “Students” or “You” during the engagement to our Company as a client and/or members. Where the data held are on individuals, this document also sets out the rights of those individuals in respect of that personal data.
This Privacy Policy has been prepared in accordance with the provisions of the EU General Data Protection Regulation (“GDPR”).
Any questions relating to this Privacy Policy
or requests in respect of personal data should be directed to our email at customerservice@aldocyprus.com
Who We Are
Our main offices are located at 7B Zinas Kanther, 3035, Limassol, Cyprus.
We strive to protect personal data and apply high standards of conduct when it comes to privacy issues. We ensure that our employees are provided with the appropriate training in order to handle personal data promptly and in accordance with the laws. Furthermore, We endeavor to ensure that any parties with whom We co-operate apply the same high standards when it comes to data protection and privacy as We do.
What data do We hold?
We process data in the context of providing our services to our clients. The categories of data We may collect and process, according to each case, include:
1. Full name
2. Date of birth
3. I.D. Card number or Passport number
4. Contact Details, including the address of residence in Cyprus (if applicable), telephone number and email address
5. any other information You may
provide to Us.
Important notice on Special Category Data
In certain instances, the personal data that Weprocess may include "Special Category Data" (which includes information on a person's race, ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic or biometric data processed for the purpose of uniquely identifying a natural person, health data, data on a person's sex life or sexual orientation or data relating to a person's criminal record or alleged criminal activity). In such instances, legal bases for processing that data may include explicit consent (where the Special Category Data has been provided to Us by the data subject for any of the above-listed purposes) or the processing is being necessary for compliance with a legal obligation.
Why do We need them?
We ensure that the data collected and processed is relevant to one or more processing activities and that we do not collect or process more or less data than what is reasonably required for achieving the purpose of each processing activity. Furthermore, for each purpose of processing, there is always at least one lawful basis to secure that the rights of individuals are safeguarded by all means.
We collect personal data so that we can provide our services and generally for the following purposes:
a) Performance of our contractual obligations
b) Compliance with legal obligations to which we are subject
c) Pursuing a legitimate interest
We do not collect, and we do not use any personal data other than that specifically mentioned above without your explicit consent unless You ask Us to do so.
We don’t use
automated decision-making processes or profiling while processing personal
data.
Sources and Recipients of Data
The sources of
data may include clients, intermediaries, data subjects directly, connected, third
parties connected to the data subject (for example, their employer or another
service provider who provides services to the data subject) or open-source
material.
Reasonable
endeavours are made to ensure that data is only accessible by those with a need
for access to fulfil the purposes set out above. Requests for access to be
restricted in any particular manner should be made to customerservice@aldocyprus.com email and will be considered and, where
possible with reference to legal and regulatory obligations, actioned.
The following is
a list of potential recipients of data (in each case including respective
employees, directors and officers):
·
different departments within the Companyfor
the purpose of managing registrations and admissions, handling any claims, and
creating client’s profiles;
·
employees of the Companywho
are acquainted with the GDPR and have signed a Confidentiality Agreement with Us;
·
third parties with whom the
Company engages for the hosting of events or other marketing initiatives;
·
regulators or other
governmental or supervisory bodies with a legal right to the material or a
legitimate interest in any material.
·
third parties with whom the Companyengages
for the provision of information systems and portals, including maintenance and
IT support;
Unless expressly
declared in this Privacy Policy or with the prior consent of the individual,
personal data collected from an individual will not be disclosed to any third
party other than the above-named parties.
Where the Companyis
entering into an engagement with a third party pursuant to which data may be
processed by that third party, We will seek to enter into an agreement with
that third party setting out the respective obligations of each party and itwill seek
to be reasonably satisfied that the third party has measures in place equal to
those of the Companyto protect data against unauthorised or accidental use, access,
disclosure, damage, loss or destruction.
In
the event that any such third party is outside of the European Union and where
the data being transferred would include personal data which would be protected
under applicable Data Protection regulation,Wewill
ensure that Wemeet the relevant requirements of that Data Protection regulation
prior to carrying out any such transfer. This may include only transferring the
data where We are satisfied that:·
the non-European Union country
has Data Protection laws similar to the laws in the European Union;
·
the recipient has agreed
through contract to protect the information in the same Data Protection
standards as the European Union;
·
We have obtained consent from
relevant data subjects to the transfer;
·
if transferred to the United
States of America, the transfer will be to organizations that are part of the
Privacy Shield.
Rights of Data subjects
Data subjects in
the European Union (or any jurisdiction with equivalent legislation to the
European Union General Data Protection Regulation) have certain rights in
respect of their personal data (including the right to withdraw any consent to
processing previously given; the right of access to data; or to have data
corrected, updated, rectified or erased; or for access to data to be restricted
or provided to any third party; or to object to any particular processing; or
to lodge a complaint with the relevant supervisory authority; or the right of
data portability).
In any case in
which a data subject chooses not to provide any personal data, or where any of
the rights set out above are exercised to limit the processing of personal data,
We may be unable to provide relevant services, or there may be restrictions on
the services which can be provided.
Should You believe that any personal information We hold on You is
incorrect or incomplete, You have the ability to request to see this
information, rectify it or have it deleted by contacting Us at the email
address customerservice@aldocyprus.com , or by calling Us at +357 25 829160
In the event that You wish to complain about how we have handled
your personal data, You may contact Us at the above email address and telephone
number. We will then investigate Your complaint and work with You to resolve
the matter.
If You still feel that Your personal data has not been handled
appropriately according to the law, You can submit your complaint with the
Office of the Commissioner for Personal Data Protection, at 1 Iasonos Street, 2nd
Floor, 1082 Nicosia, tel. +357 22 818456, email address commissioner@dataprotection.gov.cy
Retention of data
The Company retains
personal data in accordance with the Data Retention Policy. Any personal data
provided to Us is retained to fulfil the purposes for which the data was
collected. After the fulfilment of the purposes for which the personal data was
collected, such data will be destroyed, and a Destruction Certificate will be
retained in our records, unless destruction is prohibited for legal, regulatory
or technical reasons.
Any requests for
further information in relation to the continued processing of specific data and
requests for destruction of data should be made to customerservice@aldocyprus.com
For further
information on the retention
and destruction processes of the Institute, please request the Institute’sData Retention
Policy at customerservice@aldocyprus.com
Use of Personal Data in Legal
Proceedings
If it becomes necessary that the Company has to
take action against You for any reason whatsoever, including but not limited to
recovering from You any money You owe to Us, You expressly agree that the
personal data provided by You can be relied upon in identifying and taking
legal action against You.
Changes to this Privacy Policy
The Companykeeps this
Privacy Policy under review in order to ensure that it is in line with any
changes to the laws relating to privacy and personal data. This Privacy Policy
was last updated on 25 May 2018.
Customer service
About us
© ZT ONE Image Ltd. | 7B Zinas Kanther Str. P.O. Box 50478 - 3605 - Limassol | Vat Number: CY10106791S