Appointment of a Data Protection Officer
The Company appointed a Data Protection Officer who oversees compliance with data protection law and acts as a point of contact for clients, associates and the Cyprus Data Protection Commissioner’s Office.
If you have any questions or concerns about this policy, please contact the Data Protection Officer.
The Data Protection Officer for Shiahini Ltd can be contacted at email@example.com or +357 22394720.
1. Collection, Storage and Erasure of Personal Data as well as Type and Purpose and their use:
a) Visiting our website: When you visit our Website www.shiahini.com.cy, the browser you are using on your terminal device automatically sends information to the server of our website. This information will be temporarily stored in a so-called log file. The following information will be recorded without your intervention and stored until automated deletion.
- IP address of the requesting computer,
- date and time of access,
- name and URL of the file accessed,
- website from which access has been made (Referrer-URL),
- the browser used and, if applicable, your computer’s operating system, and your access provider’s name.
We will be processing the above-mentioned data for the following purposes:
- ensuring a smooth connection of the website,
- ensuring comfortable use of our website,
- evaluation of system security and stability,
- for other administrative purposes.
The legal basis for data processing is GDPR sec. 6 para 1 lit. f. Our legitimate interest follows from the purposes listed above for data collection. In no case we will be using the collected data for the purpose of drawing conclusions about you.
b) When using our contact form: For questions of any kind, we offer you the opportunity to contact us via a form provided on our website. Your name, a valid email address, and your request (“message”) are required so that we know who sent the request and that we will be able to process it. Other information may be given voluntarily. Data processing for the purpose of contacting us is made pursuant to GDPR art. 6 para. 1 sentence 1 lit. a on basis of your voluntarily given consent. Personal data collected for using our contact form will be erased after completion of your request.
2. Disclosure of Data to Third Parties:
Your personal data will not be transmitted to third parties for purposes other than those listed below. We only pass on your personal data to third parties:
- if you explicitly have consented pursuant GDPR sec. 6 para. 1 sentence 1 lit. a,
- if passing on your personal data pursuant GDPR sec. 6 para. 1 sentence 1 lit. f is necessary for assertion, exercise or defence of legal claims, and there is no reason to believe that you have an overriding interest worthy of protection in non-disclosure of your data,
- in the event of a legal obligation existing for their transfer pursuant to GDPR sec. 6 para. 1 sentence 1 lit. c, and
- this is permitted by law and it is necessary for carrying out our contractual relationships with you pursuant to GDPR sec. 6 para. 1 sentence 1 lit. b.
In the cookie information is stored, each resulting in connection with the specific terminal used. However, this does not mean that we are immediately aware of your identity.
4. Rights of Data Subjects
You have the right:
- to obtain access to your personal data processed by us in accordance with GDPR sec. 15. In particular, you may obtain access to the purposes of the processing, the category of personal data, the categories of recipients to whom your data have been or will be disclosed, the envisaged storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the source of your data, if these have not been collected by us, and the existence of automated decision-making including profiling and, if applicable, meaningful information on their details;
- to immediately request the rectification of inaccurate or completion of incomplete personal data stored by us in accordance with GDPR sec. 16;
- to request the erasure of your personal data stored by us pursuant to GDPR sec. 17, unless the processing for the exercise of the right to freedom of expression and information, for the fulfilment of a legal obligation, for reasons of public interest or for assertion, exercise or defence of legal rights is required; to demand the restriction of the processing of your personal data pursuant to GDPR sec. 18, as far as the accuracy of the data is contested by you, the processing is unlawful, but you reject its erasure and we no longer need the data, but you require this, for the exercise or defence of legal claims or you objected to processing pursuant to GDPR sec. 21;
- to receive your personal data, which you have provided to us, in a structured, commonly used and machine-readable format in accordance with GDPR sec. 20. or to demand transmission to another controller;
- to object to your consent given pursuant to GDPR sec. 7 para 3 at any time. As a result, we are no longer allowed to continue processing data based on this consent in the future and
- to lodge a complaint with a supervisory authority pursuant to GDPR sec. 77. As a rule, you can contact the supervisory authority of your habitual residence or place of work or place of business.
5. Right to object:
If your personal data are processed based on legitimate interests pursuant to GDPR sec. 6 para. 1 sentence 1 lit. f, you have the right to object to the processing of your personal data pursuant to GDPR sec. 21, provided that there are reasons on grounds relating to your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right of objection, which we will implement without specifying a particular situation. If you would like to make use of your right of revocation or objection, simply send an e-mail to firstname.lastname@example.org
6. Duration of Data Storage
We will only retain your personal data for as long as necessary, to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements unless a longer retention period is required or permitted by certain laws.
The criteria used to determine our retention periods include:
• After the completion of our business relationship with you or another relevant person, we may retain your data for up to 12 (twelve) years unless there is a legal obligation or other pending matter.
• Whether there is a legal obligation to which we are subject (for example, certain laws require us to keep records of data for a certain period of time before we can delete them e.g. national labour law, tax law, money-laundering legislation).
• Whether retention is advisable considering our legal position (such as, litigation or regulatory investigations).
7. Data security:
We use the most common SSL (Secure Socket Layer) method in connection with the highest level of encryption supported by your browser. Usually this is a 256 bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. Whether a single page of our website is transmitted in encrypted form can be seen from the closed display of the key or lock symbol in the status bar of your browser. We make use of the rest of the adequate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.
This data protection declaration is currently valid and has the status as of April 2020. Due to further development of our website and offers or due to changed legal or official requirements, it may become necessary to change this data protection declaration. You can access and print out the current data protection declaration at any time on the website at https://www.shiahini.com.cy