Untitled Page
1. Introduction
1.1 ZEBRA Consultants Ltd, a limited liability Company incorporated
and registered under the Laws of the Republic of Cyprus, with registration number
HE140633, having its registered address at 131, Athalassas Avenue, Office 202, 2024
Strovolos, Nicosia, Cyprus (hereinafter referred to as the "Company", "we", "our"
or "us").
1.2 This Privacy Notice Policy (hereinafter referred to as the
"Privacy Notice") is issued pursuant to and reflects compliance with the requirements
and/or obligations and/or duties introduced by the EU General Data Protection Regulation
2016/679 (hereinafter referred to as the "GDPR") and the implementing legislation
L.125(1)/2018, of the Republic of Cyprus as amended and replaced from time to time.
2. Scope and Objective of the Privacy Notice
2.1 The Company respects individuals' rights to privacy and the
protection of Personal Data and the Company complies with the laws and regulations
protecting the Personal Data. The scope of this Privacy Notice is to explain and
elaborate on how we collect, use, process, share and store your Personal Data in
the course of our business.
2.2 "Personal Data" or "Data" means any information relating to
an identified or identifiable natural person ('data subject'); an identifiable natural
person is one who can be identified, directly or indirectly, in particular by reference
to an identifier such as a name, an identification number, location data, an online
identifier or to one or more factors specific to the physical, physiological, genetic,
mental, economic, cultural or social identity of that natural person.
2.3 The Company may update the Privacy Notice from time to time.
When we make any updates, such updates will be communicated to you by publishing
the updated Privacy Notice on our website www.zebrac.com .
2.4 We would encourage you to visit our website regularly to stay
informed about the purposes of processing of your Personal Data and your rights
to control how we collect, use or process your Personal Data.
3. The Personal Data we process
3.1 We collect, use and process various categories of Personal
Data at the start of, and for the duration of, your business relationship with us
as well as after the termination of our business relationship. The Company will
limit the collection and processing of Personal Data to the necessary Data to meet
the purpose and legal basis as described in the Section 5 of this Privacy Notice.
3.2 Personal Data may inter alia, include:
Name, profession, address, telephone number, fax number, e-mail address, Passport/ID
number, VAT number etc.
3.3 The Company may also process certain special categories of
Personal Data for specific and limited purposes and only on the basis of an explicit
consent granted by you or on any other legal basis, as described in the Section
5 of this Privacy Notice.
3.4 These special categories of Personal Data include:
a. Physical or psychological health details or medical conditions;
b. Information about racial or ethnic origin;
c. Religious or philosophical beliefs;
d. Biometric information, relating to the physical or physiological characteristics.
3.5 Subject to the applicable law, the Company may process Personal
Data about criminal convictions or offences and/or alleged offences for specific
and limited activities and purposes including but not limited to perform checks
to prevent and detect crime and comply with the Anti-Money Laundering Framework.
It may involve investigating and gathering intelligence on suspected financial crimes,
fraud and threats and sharing Data with financial organisations, competent or other
authorities including non-governmental authorities in any jurisdiction within or
outside the European Economic Area (hereinafter referred to as the "EEA"). Where
we are required to do so under the Anti-Money Laundering Framework to which we are
subject, your Personal Data will be reported to the money laundering combat unit
in Cyprus (MOKAS).
4. How Personal Data are collected
4.1 Your Personal Data are collected from you. We may also be provided
with information about you by a third party reporting an adverse event that affected
you. Such third parties may include associates, lawyers, relatives or other members
of the public.
4.2 It is your duty and responsibility to provide us with updates
as to the Personal Data provided in order for such Data to remain current, accurate
and correct and you acknowledge that we rely on the Personal Data provided to us
in carrying out our obligations, under the law and our business relationship with
you.
4.3 Where you are a corporate entity providing to us Personal Data
of any individual or where you are an individual providing us with Personal Data
of any individual other than yourself, you hereby undertake and represent that such
individual, whose Personal Data is collected, used, processed and stored in accordance
with this Privacy Notice, has been fully informed of and clearly consented in writing
to such collection, use, processing and store of his/her Personal Data under this
Privacy Notice and that he/she has been informed of his/her rights in relation to
the Personal Data which is collected, used, processed and stored, under this Privacy
Notice.
4.4 The Company may collect Personal Data of children or underage
individuals (under the age of 18 years) from their parents or guardians directly,
and with that individuals' explicit consent where such individuals are capable of
giving such consent.
5. Purpose of Processing and legal basis of processing of your Personal Data
5.1 We would like to ensure that you fully understand the purpose
and the legal basis of collecting, using, processing and storing of your Personal
Data. Thus, in this Section we will describe the purposes for which your Personal
Data may be used as well as the legal basis of processing of your Personal Data.
5.A Purpose of processing
5.A.1 We will only collect, use, process, store, share or transfer
your Personal Data where it is necessary for us to carry out our business activities
and provide our services in compliance with any and all applicable legal and/or
regulatory obligations. We will process your Personal Data for the purpose of or
in connection with the provision of professional services to you, for performance
of our security, quality and risk management activities, and for compliance with
our legal and regulatory obligations.
We set out below in further detail the legal bases on which your Personal Data is
being processed.
5.B Legal Basis of processing of your Personal Data
We have described the legal basis for which your Personal Data may be used in detail
below:
5.B.1 Performance of a Contract/Contractual
necessity
5.B.1.1 We may process your Personal Data where it is necessary
to enter into a contract with you for the provision of our services or to perform
our obligations or duties under such contract.
5.B.1.2 On the basis of contractual necessity we may collect, use,
process and store Data such as name of the customer, date of birth and ID and/or
Passport Number.
5.B.1.3 Please note that if you don't agree to provide us with
the Data required on the basis of contractual necessity we may have to suspend or
terminate the services provided to you.
5.B.2 Legal and Regulatory Obligations
5.B.2.1 When you establish a business relationship with us in order
to provide you with our services, throughout your relationship with us and after
the termination of your business relationship with us, we are required by the law
to collect, use, process and store certain Personal Data about you.
This may include Personal Data necessary:
a. To comply with any and all legal and/or regulatory obligations
whatsoever under the laws and regulations, in any jurisdiction within or outside
the EEA;
b. To be used in the courts, law enforcement agencies, regulatory
agencies, and other public or competent or tax authorities or other authorities,
governmental or not, in any jurisdiction within or outside the EEA;
c. To carry out checks in relation to anti-money laundering and
terrorist financing, bribery, fraud, and/or sanctions whatsoever as required by
the laws and regulations;
d. To protect our rights, privacy, safety or property whatsoever;
e. To be used for the prevention, detection or investigation of
crimes whatsoever.
5.B.2.2 The Company may collect, use, process and store Personal
Data such as, name of the customer including the names of the directors, shareholders
and ultimate beneficial owners (in case of a corporate customer) to comply with
the legal and/or regulatory obligations.
5.B.2.3 Please note that if you don't agree to provide us with
the Data required to meet our legal and/or regulatory obligations we may have to
suspend or terminate the services provided to you.
5.B.3 Legitimate interests of the Company
5.B.3.1 We may collect, process, use, and store your Personal Data
where it is in our legitimate interests and without prejudicing your interests or
fundamental rights and freedoms.
5.B.3.2 We may process your Personal Data to manage our business,
financial affairs as well as to protect our employees, customers and property. It
is in our interests to ensure that our processes and systems operate effectively
and that we can continue operating as a business.
5.B.3.3 This may include processing of your Data to:
a. Monitor, maintain and improve internal business processes, information
and data, technology and communications solutions and services;
b. Ensure business continuity and disaster recovery responding
to information technology and business emergencies;
c. Ensure network and information security, including but not limited
to monitoring authorised users' access to our information technology for the purpose
of preventing cyber-attacks, unauthorised use of our telecommunications, trading
or other systems and websites, prevention or detection of crime and protection of
your Personal Data;
d. Provide assurance on the management of the Company's material
risks;
e. Perform general, financial and regulatory accounting and reporting;
f. Protect our legal rights and interests.
5.B.3.4 It is in the Company's interest to ensure that it provides
you with the most appropriate services.
5.B.3.5 This may require processing of your Data to enable us to:
a. Understand your actions, behaviour, preferences, expectations,
feedback and financial history in order to improve our services, develop new business
opportunities and services, and to improve the relevance of the services offered;
b. Monitor and improve the performance and effectiveness of services.
5.B.3.6 On the basis of legitimate interest we may collect, use,
process and store Data such as phone number and e-mail address.
5.B.3.7 Please note that if you don't agree to provide us with
the Data collected, used, processed and stored on the basis of the legitimate interest
we may have to suspend or terminate the services provided to you.
5.B.4 Consent
5.B.4.1 For special category of data in the absence of any legal
basis as well as for research, statistical or marketing purposes we may only collect,
use, process and store Personal Data where an explicit consent has been granted.
6. Your rights
6.1 The Company takes all the appropriate measures to make sure
that you are fully informed about your rights in regards with all Personal Data
we collect, process, use and store.
6.2 As a result, all rights and the circumstances under which such
rights may be exercised are described in the table below. In the event you wish
to exercise any of the rights described below or if you have any queries about
how we collect, use, process or store your Personal Data that are not answered in
this Privacy Notice or if you wish to complain to our Data Protection Officer, please
contact us at dpo@zebrac.com or at +357 22028128 (phone) or at +357
22028129 (fax) or at ZEBRA Consultants Ltd, 131, Athalassas Avenue, Office 202,
2024 Strovolos, P.O. Box 23857, Nicosia, Cyprus.
Rights
|
Explanation
|
Access – You have the right to access to your Personal Data including
the records of any and all email and/or text message correspondence, between you
and the Company, held by the Company.
|
Specifically, you have the right to enquire as to whether we process any Personal
Data of yours as well as which Personal Data is processed and the manner of such
processing. You have the right to receive a copy of your Personal Data without any
charge. If you would like a copy of your Personal Data held by the Company, please
contact us at dpo@zebrac.com or at +357 22028128 (phone) or at +357 22028129 (fax)
or at ZEBRA Consultants Ltd, 131, Athalassas Avenue, Office 202, 2024 Strovolos,
P.O. Box 23857, Nicosia, Cyprus.
|
Rectification – You have a right to rectification of inaccurate
Personal Data and to update incomplete Personal Data.
|
In case you believe that any of the Personal Data held by the Company is inaccurate,
you are entitled to request to restrict the processing of that Personal Data and
rectify the inaccuracies.
|
Erasure – You have a right to request that your Personal Data be
deleted.
|
You may request to delete your Personal Data in case you believe that:
- the Company no longer needs to process your Personal Data for the purposes for which
it was provided;
- the processing is based on your consent which you withdraw;
- the processing of your Personal Data is unlawful;
- your Personal Data must be raised for reasons of compliance with legal obligations;
- your Personal Data is being processed pursuant to a legitimate interest of the Company
or a third party and you object to such processing and we (or the third party as
the case may be) do not have an overriding legitimate interest.
You may exercise this right by contacting us at dpo@zebrac.com or at +357 22028128
(phone) or at +357 22028129 (fax) or at ZEBRA Consultants Ltd, 131, Athalassas Avenue,
Office 202, 2024 Strovolos, P.O. Box 23857, Nicosia, Cyprus.
|
Restriction – You have a right to request that we restrict the
processing of your Personal Data.
|
You may request us to restrict processing your Personal Data where:
- we are investigating whether any of your Personal Data held by the Company is inaccurate;
- the Company no longer needs to process your Personal Data for the purposes for which
it was provided, but you require such Data to establish, exercise or defend legal
proceedings;
- your Personal Data is processed in an unlawful manner and you chose to exercise
the right to restrict processing instead of your right to deletion as set out above;
- for a period enabling us to verify whether any legitimate interest on which we are
relying for the processing of your Personal Data overrides your interest.
You may exercise this right by contacting us at dpo@zebrac.com or at +357 22028128
(phone) or at +357 22028129 (fax) or at ZEBRA Consultants Ltd, 131, Athalassas Avenue,
Office 202, 2024 Strovolos, P.O. Box 23857, Nicosia, Cyprus.
|
Portability – You have a right to data portability.
|
You have the right to receive your Personal Data or to request that we transmit
such Personal Data to another third party (where this is technically feasible) in
a structured, commonly used machine-readable format where the processing is based
on your consent or pursuant to our contract with you or where processing is carried
out by automated means. Where you request that we provide such Data directly to
third parties, the Company shall not be responsible for any such third parties'
use of your Personal Data, which will be governed by their agreement with you and
any privacy statement they provide to you.
You may exercise this right by contacting us at dpo@zebrac.com or at +357 22028128
(phone) or at +357 22028129 (fax) or at ZEBRA Consultants Ltd, 131, Athalassas Avenue,
Office 202, 2024 Strovolos, P.O. Box 23857, Nicosia, Cyprus.
|
Objection – You have a right to object to the processing of your
Personal Data.
|
You have a right to object to us processing your Personal Data for marketing purposes
or on the basis of the legitimate interest as described in the Section 5 of this
Privacy Notice– unless we can demonstrate compelling and legitimate grounds for
the processing, which may override your own interests, or for the establishment,
exercise or defence of legal claims.
The Company may need to restrict or cease processing your Personal Data altogether
or, where requested, delete your information.
Please note that if you chose to exercise this right, we may have to suspend or
terminate the services provided to you.
|
|
|
Withdraw consent – You have a right to withdraw your consent.
|
In case in which the Company relies on your consent to process your Personal Data
(including Personal Data falling under the special categories), you have a right
to withdraw your consent at any time by sending a written request at dpo@zebrac.com
or at +357 22028128 (phone) or at +357 22028129 (fax) or at ZEBRA Consultants Ltd,
131, Athalassas Avenue, Office 202, 2024 Strovolos, P.O. Box 23857, Nicosia, Cyprus.
|
Raise a complaint – You have a right to raise a complaint with
the Data Protection Commissioner's Office.
|
If you wish to make a complaint, you can contact our Data Protection Officer who
will investigate the matter.
We expect to be fully able to address any concerns you may have directly in the
first instance; however, we would like to inform you of your right to address any
complaint to the Data Protection Commissioner's Office at any time should you so
wish. For more information, visit http://www.dataprotection.gov.cy.
You also have the right to lodge a complaint with the relevant supervisory authority
in your country of residence, or your place of work or the place where the alleged
infringement has taken place where this is within the EU.
|
Not be subject to automated decision-making processing (including
profiling) – You have the right not to be subject to automated decision making.
|
You have the right not to be subject to a decision, based solely on automated processing
of Personal Data. At this point, the Company does not have in place any automated-decision
making in respect of your Personal Data.
|
7. Changes to the way we use your Personal Data
7.1 The Company reserves the right to change the way and/or the
purpose of processing and use of your Personal Data. As a result, where the Company
decides to process or use your Personal Data for purpose other than the purpose
for which such Personal Data were initially collected, processed and used and stored,
it shall provide you with all relevant information of such change including the
new purpose under which such Personal Data will be used and/or processed as well
as all of your rights as described in the Section 6 of this Privacy Notice.
8. Communications about your Personal Data
8.1 We may directly contact you to provide you with information
in regards with the status, operation and maintenance of your Personal Data including
updated information about how we collect, use, process and store your Personal Data
by email.
9. How we use and share Personal Data
9.1 We will only use and share your Personal Data where it is necessary
for us to carry out our business activities and/or provide our services in compliance
with any and all applicable legal and/or regulatory obligations. Your Personal Data
may be shared with and used, processed and stored by the Company's subsidiaries/subcontractors,
business partners, competent authorities and Third Parties for legitimate business
reasons or as otherwise allowed or required by legislation. In this case, we will
require the subsidiary/subcontractor, business partner and/or Third Party to treat
that Personal Data in accordance with the applicable data protection legislation.
9.2 As part of meeting our product safety monitoring legal and
regulatory obligations and to ensure high standards of quality and safety of our
products, we may use and share your Personal Data to:
- investigate the adverse event and/or quality complaint;
- contact you for further information about the adverse event and/or quality complaint
you reported;
- collate the information about the adverse event and/or quality complaint with information
about other adverse events/quality complaint received by our Company to analyse
the safety and/or the quality of a batch, Company's product or active ingredient
as a whole; and
- provide mandatory reports to national and/or regional authorities so that they can
analyse the safety and/or the quality of a batch, Company's product, generic or
active ingredient as a whole alongside reports from other sources.
10. Sharing with Third Parties
10.1 We may share your Personal Data with the following recipients
and categories of recipients:
-our business partners (the multinational companies we represent in Cyprus)
-the competent authorities
-the Company's subsidiaries/subcontractors
-the Company's professional advisors
-other service providers.
10.2 We may share your Personal Data with Third Parties in the
following cases:
a. Where we have your explicit and written consent; or
b. It is required for your service; or
c. Where it is requested by any Competent or any other authority
having control or jurisdiction over the Company or you or your associates whatsoever
or in whose territory the Company has customers; or
d. Where it is requested by the Company's business partners in
order to meet their legal and/or ethical obligations provided that the Company's
contractual agreements with these business partners include their commitment to
protect adequately the Personal Data in accordance with this Policy and the applicable
legislation; or
e. With the competent authorities to investigate or prevent fraud,
money laundering or other illegal activity; or
f. With any of the Company's professional advisors provided that
in each case the relevant professional shall be informed about the confidential
nature of such Data and commit to the confidentiality obligations herein as well;
or
g. With other service providers who create, maintain or process
databases (whether electronic or not), offer record keeping services, email transmission
services, messaging services or similar services which aim to assist the Company
collect, storage, process and use your Personal Data or get in touch with you; or
h. With successors or assignees or transferees or buyers, with
five (5) Business Days prior written notice to you; or
i. With such Third Parties as we see fit to assist us in enforcing
our legal or contractual rights against you including but not limited to debt collection
agencies and legal advisors. You acknowledge that any of the persons listed in the
previous sentence may be either within or outside the EEA; or
j. It is required by the law and by law enforcement agencies, judicial
bodies, the financial ombudsman, government entities, tax authorities or regulatory
bodies and/or other competent authorities, governmental or not, whatsoever, established
or located within or outside the EEA;or
k. With software, platform support or cloud hosting companies.
10.3 Our Third Parties to which we share and/or transfer your Personal
Data are not allowed to use or disclose or share whatsoever for any other purpose
other than the purpose to provide services, as agreed, to us.
10.4 We will not disclose to any third party your Personal Data
for its own marketing purposes without your consent.
10.5 Please note that your Personal Data is collected, processed
and stored by the Company in Cyprus. In cases that your Personal Data are shared
with Third Parties your Personal Data may be transferred across country borders
in other EU countries or in non-EU countries.
10.6 If you would like a copy of your Personal Data held by the
Third Parties or if you want to receive more details on how your Personal Data is
collected, used, processed or stored by the Third Parties please contact us at dpo@zebrac.com
or at +357 22028128 (phone) or at +357 22028129 (fax) or at 131, Athalassas Avenue,
Office 202, 2024 Strovolos, P.O. Box 23857, Nicosia, Cyprus.
11. Transferring Information
11.1 We may share or transfer your Personal Data with recipients
in non-EU countries where:
a. the European Commission has decided that the country or the
organisation we are sharing your Personal Data with will protect your Data adequately;
b. the transfer has been authorised by the relevant data protection
authority;
c. we have entered into a contract with the organisation with which
we are sharing your Personal Data (on terms approved by the European Commission
or the Data Protection Commissioner of the Republic of Cyprus) to ensure your Personal
Data is adequately protected.
12. Notifications
12.1 We may provide you with any notifications or updates in regards
with corporate or tax matters or notifications about deadlines of submissions of
documentation or other information to Companies House or tax authorities as part
of the services which we provide to you. You have the right to request that we do
not make such communications by written at dpo@zebrac.com or at +357 22028128 (phone)
or at +357 22028129 (fax) or at 131, Athalassas Avenue, Office 202, 2024 Strovolos,
P.O.Box 23857, Nicosia, Cyprus.
13. How long we store your Data
13.1 We retain the Personal Data processed by us for as long as
we consider necessary for the purpose for which it was collected, as required and/or
as required under any legal provision to which we are subject and/or for such other
periods as can be lawfully justified in each case.
13.2 Personal data may be held for longer periods where extended
retention periods are required by the Law or regulations and/or in order to establish,
exercise or defend our legal rights before a Court or tribunal or Arbitral tribunal
whatsoever.
14. Security information
14.1 We are committed to ensuring that your Personal Data is secure.
For more information about the steps we are taking to protect your Personal Data
please contact us at dpo@zebrac.com or at +357 22028128 (phone) or at +357 22028129
(fax) or at 131, Athalassas Avenue, Office 202, 2024 Strovolos, P.O. Box 23857,
Nicosia, Cyprus.
14.2 In the event of any loss or destruction or other form of personal
data breach in respect of your Personal Data which is likely to result in a high
risk to your rights and freedoms, we will contact you on your email provided during
the establishment of the relationship unless you provide us with other contact details
in respect of such notifications. Any such contact details should be communicated
to the Data Protection Officer.
15. Data Controller and Contact Information
15.1 The Company is generally a controller for processing of the
Personal Data, however, we may provide some services as processors. If you have
any queries about how we collect, use, process or store your Personal Data that
are not answered in this Privacy Notice, or if you wish to complain to our Data
Protection Officer, please contact us at dpo@zebrac.com or at +357 22028128 (phone)
or at +357 22028129 (fax) or at 131, Athalassas Avenue, Office 202, 2024 Strovolos,
P.O.Box 23857, Nicosia, Cyprus.
COPYRIGHT NOTICE
© 2020 ZEBRA Consultants Ltd. All rights reserved.