Privacy Notice

GRAHAMSTOWN LIMITED

Background

GRAHAMSTOWN LIMITED understands that your privacy is important to you and that you care about how your personal data is used. We respect and value the privacy of everyone and will only collect and use personal data in ways that are described in this Notice, and in a way that is consistent with our obligations and your rights under the law.

Who we are

We (“GRAHAMSTOWN LIMITED”, “we”, “the Company”, “Controller”, “our” and “us”) are: GRAHAMSTOWN LIMITED, Agias Fylaxeos, 1, KPMG CENTER, Ground Floor, 3025 Limassol, Cyprus.

Contacts

For any questions you can contact our DPO: [email protected].

You can also complain to the Cyprus Data Protection Authority if you are unhappy with how we have used your data.

Office of the Commissioner for personal data Protection
Office address: Iasonos 1, 1082 Nicosia, Cyprus
Postal address: P.O.Box 23378, 1682 Nicosia, Cyprus
Tel: +357 22818456
Fax: +357 22304565
Email: commissioner
dataprotection.gov.cy
Website: https://www.dataprotection.gov.cy/

Your personal data

Please note! Automated decision-making is not used. If you send us an email, we may collect your name, email address, and any other information you decide to provide us.

Types of personal data

In course of business relations we process the following personal data of our business contacts:
A. Basic identifiers, such as your name, email address, physical address, telephone number, business contact information.
B. Professional information, such as job title, organization, or other professional information.
C. Sensory data, if applicable, such as security camera footage.

And we process the following personal data of our employees:
A. Basic identifiers, such as your name, email address, physical address, telephone number, tax identification number, insurance number, etc.
B. Financial information, such as salary and wage information and history, details of employees’ bank account.
C. Career information, such as professional licenses, credentials, specialty, professional affiliations, resume or curriculum vita information, certifications and qualifications, employment history, job preferences, documentation required under immigration and employment laws, or other professional information.
D. Education information, such as education history, professional qualifications, academic certificates and licenses, and other relevant skills.
E. Sensitive personal Information, such as health information.
F. Sensory data, such as security camera footage.

And the following personal data of our candidates:
A. Basic identifiers, such as your name, email address, physical address, telephone number, etc.
B. Career information, such as professional licenses, credentials, specialty, professional affiliations, resume or curriculum vita information, certifications and qualifications, employment history, job preferences, documentation required under immigration and employment laws, or other professional information.
C. Education information, such as education history, professional qualifications, academic certificates and licenses, and other relevant skills.

Sources of personal data

A. Directly from you. We may collect personal data you provide to us directly, such as when you communicate with us, place or customize orders, or sign up for services; when you complete a paper or online application, communicate with us in connection with your application, provide references, or participate in an interview or any aptitude test or assessment (including online).
B. From third parties. We may collect personal data from third parties, such as companies or individuals who direct or refer you to us (including third-party staffing or recruiting firms or individuals who suggest or identify you, as well as from publicly available sources and third-party professional social networking websites).

How we use personal data

Business contacts:

A.To provide you or your company with products and services, such as providing you the goods and services you or company requests; providing customer service; processing or fulfilling orders and transactions, processing payments; communicating with you about your product, service; responding to requests, complaints, and inquiries; and providing similar services or otherwise facilitating your relationship with us. Lawful basis: contract.
B. For our internal business purposes, maintaining internal business records. Lawful basis: legitimate interest.
C. For legal, safety or security reasons, such as complying with legal and reporting requirements; investigating and responding to claims against the Company and its clients; detecting, preventing, and responding to security incidents; and protecting against malicious, deceptive, fraudulent, or illegal activity. Lawful basis: law, legitimate interest.
D. In connection with a corporate transaction, such as if we acquire, or some or all of our assets are acquired by, another entity, including through a sale in connection with bankruptcy and other forms of corporate change. Lawful basis: legitimate interest.
E. For marketing, communication, and for market research, such as marketing our products or services or those of our affiliates, business partners, or other third parties. Lawful basis: legitimate interest, consent.
F. In a de-identified or aggregated format, we may also use or disclose your information in a de-identified manner for any purpose.

Employees:

A. In connection with the job, such as personnel and record keeping, issuing work email, etc. Lawful basis: contract.
B. For our internal business purposes, such as enforcing our policies and rules. Lawful basis: legitimate interest.
C. For legal, safety or security reasons, such as complying with legal requirements; complying with reporting and similar requirements; investigating and responding to claims against the Company; completing due diligence (such as in connection with a corporate transaction); protecting our, your, our customers’, and other third parties’ safety, property or rights; detecting, preventing, and responding to security incidents; and protecting against malicious, deceptive, fraudulent, or illegal activity. Lawful basis: law, legitimate interest.
D. In connection with a corporate transaction, such as if we acquire, or some or all of our assets are acquired by, another entity, including through a sale in connection with bankruptcy and other forms of corporate change, etc. Lawful basis: legitimate interest.

Candidates:

A. In connection with your application, such as assessing your application, interview, and test results for suitability for the position for which you have applied or other open positions; communicating with you concerning job openings or your application; conducting pre-employment verification and screening; and dealing with any inquiry or request for feedback received in relation to our recruitment and hiring decisions. Lawful basis: contract, legitimate interest.
B. For the creation of a talent pool – processing your data for this purpose is based on your consent, which you can withdraw at any time. Lawful basis: consent.

Sharing your personal data

We do not rent, sell, or share your personal data with third parties except as described in this Privacy Notice.

Candidates:

A. Intra-group companies and affiliates.
B. Third-party service providers that work on our behalf to provide products and services, such as IT support providers, software service providers, etc.
C. For legal, security, or safety purposes, we may disclose your personal data to third parties, law enforcement or other government agencies to comply with law or legal requirements.
D. In connection with a corporate transaction, such as if we, or some or all of our assets, are acquired by another entity, including through a sale in connection with bankruptcy or other forms of corporate change.

Employees:

A. Intra-group companies and affiliates.
B. Third-party service providers that work on our behalf to provide products and services, such as IT support providers, software service providers, etc.
C. Professional consultants, such as accountants, lawyers, and financial advisors.
D. For legal, security, or safety purposes, we may disclose your personal data to third parties, law enforcement or other government agencies to comply with law or legal requirements; to enforce or apply our policies and other agreements; and to protect our rights and the property or safety of our users or third parties.
E. In connection with a corporate transaction, such as if we, or some or all of our assets, are acquired by another entity, including through a sale in connection with bankruptcy or other forms of corporate change.

Business contacts:

A. Intra-group companies and affiliates.
B. Third-party service providers that work on our behalf to provide products and services, such as IT support providers, software service providers, etc.
C. Professional consultants, such as accountants, lawyers, and financial advisors.
D. For legal, security, or safety purposes, we may disclose your personal data to third parties, law enforcement or other government agencies to comply with law or legal requirements; to enforce or apply our policies and other agreements; and to protect our rights and the property or safety of our users or third parties.
E. In connection with a corporate transaction, such as if we, or some or all of our assets, are acquired by another entity, including through a sale in connection with bankruptcy or other forms of corporate change.

All:

We may disclose personal data, or any information you provide us we have a good faith belief that disclosure of such information is helpful or reasonability necessary to:
A. Comply with any applicable law, regulation, legal process, or governmental department s request;
B. Enforce our policies (including our agreement), including investigations of potential violations thereof;
C. When we consider disclosure to be necessary or appropriate to prevent physical harm or financial loss or in connection with an investigation of suspected or actual illegal purpose;
D. For the prevention, detection, investigate or take action regarding of any fraud or illegal activities or other criminal activity;
E. To establish or exercise our rights to defend against legal claims;
F. Prevent harm to the rights, property or safety of us, our users, yourself or any third party; or
G. For the purpose of collaborating with law enforcement agencies and/or in case we find it necessary in order to enforce intellectual property or other legal rights.

Cross-border transfers of your personal data

Where we transfer your personal data outside of the EU, we will ensure that it is protected and transferred in a manner consistent with legal requirements applicable to the information and where required, with your consent.

We may put in place appropriate safeguards (such as contractual commitments) in accordance with applicable data protections laws to ensure that your personal data is adequately protected. You can request further details about the safeguards that we have in place in respect of transfers of personal data outside the EU.

Retention of your personal data

Your personal data will be retained as long as necessary to fulfill the purposes we have outlined above. However we may be obliged to store some personal data for a longer time, taking into account factors including:

legal obligation(s) under applicable law to retain records for a certain period of time;
maintain business records for analysis and/or audit purposes;
defend or bring any existing or potential legal claims;
deal with any complaints regarding the services; and
guidelines issued by relevant data protection authorities.

Once you or your company have terminated your relationship with us, we may retain your data in our systems and records in order to ensure adequate fulfillment of surviving provisions in terminated contracts, or for other legitimate business purposes, such as to demonstrate our business practices and contractual obligations or provide you with data about our products and services in case of interest.

Protection of your personal data

We take the security of our physical premises, our servers seriously and we take all appropriate technical measures using recognized security procedures and tools in accordance with good industry practice to protect your personal data.

We use technical and organizational security measures in order to protect the personal data we have under our control against accidental or intentional manipulation, loss, destruction and against access by unauthorized persons.

Your rights

A. Right to Access: You have the right to request a confirmation from us as to whether or not we process your personal data, and, where that is the case, access to the personal data. Please note that there may be circumstances in which we have the right to refuse a request for access to copies of personal information. In particular, information that is subject to professional legal privilege.
B. Right to Rectification: You have the right to have your incomplete personal data completed.
C. Right to Erasure: This provides for the right to have your data erased in case the processing of your personal data is not justified. Please note that there may be circumstances where you ask us to erase your personal information, but we are legally entitled/obliged to retain it.
D. Right to Restrict: You have the right to restrict the processing of your personal data.
E. Right to Object: In some cases, required by law, you may ask us to stop processing your Personal Data.
F. Right of Portability: You have the right to receive the Personal Data concerning you in a structured, commonly used, and machine-readable format and/or transmit those Personal Data to another data controller.
G. Withdrawal of consent: You have the right to withdraw your consent at any point in time, although in certain circumstances it may be lawful for us to continue processing without your consent if we have another legitimate reason (other than consent) for doing so. Withdrawal will not affect the lawfulness of processing before the withdrawal.
H. Right to Compliant: You have the right to lodge a complaint regarding the processing of your personal data by us.

If you want to exercise your rights or you are unhappy with the way in which your personal data has been processed or should you have any questions regarding the processing of your personal data, you may refer in the first instance to the Data Protection Officer, who is available, at the following email address: [email protected] or you can write to the address below: 1, Agias Fylaxeos, KPMG CENTER, 1st floor, 3025, Limassol, Cyprus.

Your requests can be sent to us in a free form (in the body of a letter, scan, etc.) to [email protected] with your full name and contact information for a quicker processing of your request. In case of doubt of your identity, we may ask you to justify it by enclosing a copy of any identity document. If we are not satisfied you are who you claim to be, we reserve the right to refuse to grant your requests.

Changes to this Privacy Notice

You may request a copy of this Privacy Notice from us using the contact details set out above. If we change this Notice, the updated version will be posted on our website in a timely manner.