Introduction
MS IRIDA360 LIMITED values your personal and confidential information. We are committed to protecting this information with adequate protection and use it only for the purposes stipulated in this Privacy Policy. This Privacy Policy will help you understand what personal data is collected and processed, how its protected, how we use it and what rights are made available to you regarding your personal data.
This Privacy Policy (‘Policy’) explains how MS IRIDA360 LIMITED (collectively, with its subsidiaries and affiliates, ‘we’, ‘us’, ‘our’) a Company incorporated under the laws of the Republic of Cyprus with registration number HE358291, being a Data Controller, collects and processes your personal information, i.e. information collected online and offline, in accordance with the General Data Protection Regulation (2016/679) and the applicable Data Protection Laws of the Republic of Cyprus (‘the Law’).
Definitions of terms used in Policy:
‘Data Controller’ means the person or organization which determines when, why and how to process Personal Data and implements appropriate technical and organizational measures to comply with the Law;
‘Data Protection Officer’ means the person who is formally appointed with the purpose of ensuring that we are aware of and comply with our data protection responsibilities and obligations according to the Law;
‘Data Subject’ means a living, identified or identifiable natural person about whom we hold Personal Data;
‘European Economic Area’ (EEA): means the EU countries and also Iceland, Liechtenstein and Norway;
‘Personal data’ means data about the Data Subject who can be identified:
- from that data; or
- from that data and other information to which we have or are likely to have access;
‘Processing’ means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaption or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure or destruction;
‘Special Categories of Personal Data’ means the information revealing racial or ethnic origin, political opinions, religious or similar beliefs, trade union membership, physical or mental health conditions, sexual life, sexual orientation, biometric or genetic data;
For the purposes of this Policy, Personal Data includes Special Categories of Personal Data.
‘Third Party’ means the recipient of your Personal Data as defined below.
The kind of information we collect about you:
The purpose of the Processing of your Personal Data is largely based on each of our services that you have requested, used or intend to use:
- Information provided when submitting to ‘BOOK A STRATEGY SESSION’ or contacting us through our website e.g. Name, Email Address
- Information gathered from your use of our website or through Google Analytics, by using cookies e.g. IP Address, Mobile Device Id, Referral Source, Page Views
- Information gathered from transactions and agreements between us for providing our services and implementing our services e.g. VAT number, Name, Address, ID, Biography
We do not collect or process Personal Data of children without prior consent from their parents or legal guardian.
On what legal basis do we process your Personal Data:
As Data Controllers we may collect and process your Personal Data for any or all of the following purposes:
- Legal obligations: Obligations that apply for activities that require us to process Personal Data, e.g. obligation to keep accounting records according to the Cypriot Tax Authorities;
- Consent: You have been given consent to the processing of your Personal Data for a specific purpose e.g. request made on our website, respond to your queries made, send email notifications and commercial information requested.
Consent may be withdrawn at any time by contacting our Data Protection Officer at the contact details provided below or informing us directly;
- Legitimate Interests: Personal Data may be necessary for the purposes of our legitimate interests or a third party’s to execute, promote, assess and advance our services (e.g. legal claims), except where these interests are overridden by your interests or fundamental rights and freedoms, especially in cases where the Data Subject is a child;
Send company newsletter and updates that we deem would be of interest, send general commercial communication that are not deemed as advertising, Handle complaints and enquiries made by you or about you, Improving your browser experience;
- Contractual Obligations: For the commencement and continuation of services, between us and you as a client or as a service provider, we require some personal data from you in order to deliver this service e.g.
- Who Receives your Personal Data:
Your Personal Data may sometimes be shared or made accessible to the following Third Parties in order for us to perform our services to the highest standard possible:
- Employees or affiliates or partners that need access to fulfill the purposes set out above;
- Service providers, including but not limited to IT service providers that support our services;
- Payment Service Providers.
In case of an absence of your consent, your Personal Data will not be disclosed to any Third Party, other than the above-mentioned, unless the disclosure is required and/or mandatory under the provisions of any legislation, regulation or upon governmental, supervisory, competent authority request.
Our employees have signed a Confidentiality and Non – Disclosure Agreement.
When we enter into agreement with a Third Party that requires your Personal Data to be processed by that Third Party, we enter into a processing agreement with that party in order to ensure that they process the Personal Data strictly according to our instructions and to implement the appropriate administrative, physical and technical measures to protect the Personal Data from unauthorized or accidental use, collection, access, damage, loss or disclosure.
Transferring your Personal Data outside European Union (‘EU’) and European Economic Area (‘EEA’):
We generally do not transfer your Personal Data to countries outside of EU and EEA (‘Third Countries’), except where required by the purposes set out in this Policy. If we need to transfer any Personal Data to Third Countries, we always ensure that the transfer meets the relevant requirements of the Law and we take all steps required to ensure that your Personal Data continues to receive our standards of protection.
When can Personal Data be transferred outside of the EU and the EEA:
- If the European Commission has made a finding that the third country, territory or sectors within the third country ensures an adequate level of privacy protection (Adequacy Decision);
- The Third Party has signed the standard data protection clauses (i.e. contract) adopted by the European Commission and agreed to apply the privacy standards of protection of the European Union;
- The Data Subject has provided consent to the transfer.
Retention of Personal Data:
We will cease to retain your Personal Data or remove the means by which the Personal Data can be associated with you, after seven years (7) where your relationship with us has been terminated and/or as soon as it is reasonable to assume that such retention no longer serves the purposes for which the Personal Data were collected and are no longer necessary for legal or business purposes (except where retention is permitted or required by the Law and/or other applicable laws).
Protection of Personal Data:
To safeguard your Personal Data from unauthorized access, collection, use, damage, loss, disclosure, copying or similar risks, we have introduced appropriate administrative, physical and technical measures such as up to date antivirus protection, encryption and the use of privacy filters to secure all storage and transmission of Personal Data to Third Parties. We also allow access to Personal Data only to those employees who need to know such data and they will only process your Personal Data on our instructions.
However, no method of transmission over the internet or method of electronic storage is completely secure. While security cannot be guarantee, we try to protect the security of the Data Subject’s Personal Data and we constantly review and enhance our information security measures.
Effect of Policy and Changes to Policy:
We keep this Policy under review, and we may modify it from time to time without any prior notice. You should review our Policy on our website periodically to ensure that you are aware of any such modifications/updates.
