Privacy Statement of G.D.L. Trading Ltd
G.D.L. TRADING LIMITED (The “Company”) is committed to protecting your personal data. The Company will collect, process and use your personal data in compliance with the applicable local legislation as amended and/or replaced from time to time on the provisions of Regulation (EU) 2016/679 (hereinafter referred to as the “General Data Protection Regulation” or “GDPR”), effective as of 25 May 2018, and any other legal and/or regulatory requirements. The Company is committed to protecting your privacy and handling your personal data in an open and transparent manner.
For the purposes of this statement, personal data means any information about you that identifies you or can lead to identify you, for example your name, address, or identity number.
- Who we are
G.D.L. TRADING LIMITED was incorporated in Cyprus as a private limited liability company with registration number HE 8954 and headquarters at Jean Sibelius 9, 3017 Limassol.
If you have any questions or request more details about how we use your personal information, you can contact the Company’s Data Protection Officer at Jean Sibelius 9, 3017 Limassol, email: dpo(at)gdltrading.com
- Purpose of this Privacy Statement
This statement aims to provide information on how we process your personal data within and/or in view of any transactional relationship you may enter with any of the products of the Company. In addition, it aims to inform you about your protection rights regarding your personal data provided by the current legislative and regulatory framework.
- Other entities of the Group
G.D.L. is a member of the Lordos Group. Each entity of the Group has its own separate privacy statement. These entities retain their own websites, which may be linked to ours. If you are interested in learning how these entities are processing your personal data, please refer to their privacy statements, which you can find on their specific web pages.
- Who is responsible for processing the data and with whom you cancontact
The company responsible for your data processing is:
G.D.L. TRADING LIMITED
Jean Sibelius 9
The contact details of the Data Protection Officer at G.D.L. Trading Ltd are:
G.D.L. TRADING LIMITED
Jean Sibelius 9
E-mail address: dpo(at)gdltrading.com
If you have any questions or need more details about how we use your personal data, you may contact us in the contact details shown above.
- Whichpersonal data we process and where we collect them
We process personal data that we receive from you as part of our business relationship. We process also, to the extent necessary, personal data obtained from sources available to the public, such as the Department of Registrar of Companies and Official Receiver, the Land Registry, the media and press, trade registers, and the Internet which, we legally acquire and are allowed to process, and by third parties with whom we work (e.g. insurers, professional intermediaries, consultants, law firms, trace service companies, debt collecting companies, credit rating agencies, etc.). Personal data or personal information means any information about a person from which that person can be identified. Sometimes we may refer collectively to e.g. collection, recording, retrieval, use, disclosure, transmission, deleting of any data or data set as “processing” of personal data. Personal data could include:
(a) Identification data, such as surname, Christian name, identity/passport number, tax ID number, date and place of birth, nationality, and other demographics.
(b) Communication data, such as postal and e-mail address, land, and mobile phone line.
(c) Economic data, property, and family status data, such as an indication of a profession, earnings, dependents, other tax, and income information.
(d) Data of financial default, such as checks not honoured, inability to meet loan and credit agreements, bankruptcies, information regarding court proceedings procedures, debt relief orders and personal repayment plans.
(e) Credit data, such as debts to credit and/or financial institutions stemming from loans and/or credits.
(f) Credit scoring data (credit profiling – credit scoring).
(g) Transactional behavior data, including, where applicable, data browsing on the Internet (cookies).
(h) Data from the operation of your agreement/contract with G.D.L. TRADING LIMITED.
(i) Data from payment transactions and payment services.
(j) Data relating to your Identity, provided from devices or applications you use, such as an Internet Protocol address or other data provided through the devices you use as data position identification which, alone or in combination with unique identifiers identity, can be used to identify you.
Please note that we do not process your personal data without your explicit consent revealing for example racial or ethnic origin, political views, religious or philosophical beliefs, participation in trade unions, genetic data, data on health or data about a person’s sexual life or sexual orientation, which are referred to as special category of personal data in the GDPR, however, we cannot exclude the possibility that such information may be communicated to us by you.
- Whether you are required to provide us with your personal data
In order to be able to engage in a business relationship with you, you must provide us with your personal data that is necessary for the required start and execution of a business relationship and the fulfillment of our contractual obligations. It is necessary to verify your identity before entering a contract or business relationship with you or with the legal entity of which you are the authorized representative/agent or beneficial owner. You must, therefore, provide at least your identity/passport, your full name, place of birth (city and country) and your residential address so that we comply with our statutory obligation as outlined above.
Please note that if you do not provide us with the required information, we will not be allowed to start or continue our business relationship with you as an individual or with you as an authorised representative/agent or real beneficiary of a legal entity.
- To what extent do we use automateddecision-making and profiling
The Company does not make decisions solely based on automated processing. However, we would like to inform you that some of your data may be automatically processed in the context of personal aspects assessment (profiling), indicatively for the following purposes:
(a) Credit rating.
(b) Promotion of new products and/or companies of the Group or third parties cooperating with the company and/or companies, if your consent has been given for this purpose.
- To whom do we reveal your personal data
Nothing related to your personal data will be disclosed to anyone other than cases which are defined or deriving from the current legislative and regulatory framework. These are:
(a) When we (or any third party acting on our behalf) are forced by law to disclose information.
(b) When our legitimate interest requires disclosure of information (e.g. to protect ourselves from or recover any damage we have suffered).
(c) When the disclosure occurs upon your request or your approval, or to fulfill our contractual obligations to you.
Your personal data may be given to our affiliated companies (i.e. our parent company and its subsidiaries) for credit assessment purposes, collaborative risk assessment and uniform treatment (where applicable).
Your personal data may also be given to organisations and agencies, among them whose:
(a) Natural or legal persons to whom you have requested to share your data.
(b) Banks and other financial institutions and payment service providers which are based in Cyprus or abroad which have been licensed and operate legally for the purpose of performing transactions to and from your accounts.
(c) If you use any type of credit or debit card to purchase goods from our stores, we will share transaction details with companies that help us provide this service (such as JCC Payment Systems Ltd , Visa, Mastercard, etc.).
(d) External legal counsel.
(e) Financial and business advisers.
(f) Auditors and accountants.
(g) Companies that help us effectively deliver our services to you by offering know-how, solutions, and support as well as payment facilities.
(h) Suppliers and purchasing companies, web site creation and support companies and advertising agencies.
- Why do we process your data (purpose of processing) and on what legal basis
We process the above-mentioned personal data in accordance with the provisions of GDPR, applicable current local law as amended and/or replaced from time to time as well any other relevant legislation, rules and/or regulations.
We will use your personal data only for the purposes for which we collected it, unless we reasonably believe that we should use it for another reason and provided that this reason is consistent with the original purpose.
We process your personal data for one or more of the following reasons:
(a) Compliance with legal obligations.
(b) Meeting contractual obligations.
(c) Protection of legitimate interests.
Where necessary, we process your data to safeguard our legitimate interests. Examples of such instances of processing include but are not limited to the following:
- Receive and/or exchange data with credit rating agencies for identifying credit or default risks.
- Asserting legal claims and preparing for defense in court proceedings.
iii. Actions to manage our operations.
- Ensuring the security of our IT systems.
- Measures for the safety of our workspace.
- Risk management.
(d) Based on your consent.
Any such consent may be revoked at any time by contacting us. This also applies to the withdrawal of consent statements regarding marketing that was given to us before the entry into force of GDPR, i.e. before 25 May 2018. However, any processing of personal data made before the receipt of your recall is not affected.
(e) Means and procedures that we undertake to ensure the security of the Department of Information Technology.
(f) Installation of surveillance systems (closed circuit CCTV), e.g. in our stores, to prevent criminal acts or fraud.
- How long do we keep your personal information?
We will retain your personal information for as long as you are a customer of the Group and/or if you maintain any kind of relationship with the Company.
After your relationship with the Company comes to an end, we may retain your personal information for a period of up to 10 (ten) years in accordance with the Directive of the Personal Data Protection Commissioner (http: //www.dataprotection.gov.cy). We may keep your data for a longer time if we cannot delete it for legal and/or regulatory and/or technical reasons. If we do so, we will ensure that your data is protected and that it is used only for the purposes mentioned above. In case you provide us with personal data as part of the startup process of our business relationship but for whatever reason you do not become a partner and/or our customer, we will keep your personal information for a period of up to 6 (six) months from the date of the disclosure of the rejection of your application for service and/or credit facilities; or from the date of withdrawal of your application, in accordance with the instructions issued by the Office Commissioner for Personal Data Protection of Cyprus.
- Data transmitted to a country outside the European Union or an international organization
The Company may transmit your personal data to countries outside the European Union (third countries) in the following cases:
(a) Where the Commission has adopted an act on adequate personal data protection in the country or international organisation in question.
(b) If you have been specifically advised and provided your explicit consent to this Company and the other conditions of the legislative framework are met.
(c) Where transmission is necessary for the establishment, exercise or support legal claims or defends the Company’s rights.
(d) Where there is an obligation under a legal provision or a transnational or international convention.
To meet these obligations, the Company may transmit your personal data to competent national authorities of third countries.
- What data protection rights do you have?
The following are the rights you have under the provisions of GDPR and any other relevant legislation on the protection of personal data:
(a) Right to access your personal data.
(b) Right to correct your personal information. In case you will find that the data we hold for you is incomplete or inaccurate, you are entitled to request a correction. In such a case, we may need to verify the accuracy of the new data you will be communicating to us.
(c) Right to delete your personal information. You have the right to ask to delete or remove your personal data where there is no valid reason to continue processing it. Note, however, that we may not always be able to satisfy your request for deletion, for specific legal reasons which will be notified to you.
(d) You have the right to oppose to the processing your personal data at any time and for reasons related to your particular situation where the legal basis on which the processing activity is based on our legitimate interests. In the event where you exercise this right, we will no longer process your personal data, unless we can prove compelling legitimate grounds, which override your interests, rights, and freedoms.
(e) Right to request restriction of processing of your personal data (i) if it is not accurate, (ii) where processing may be illegal, however, you do not wish we delete the data but rather to restrict it, (iii) where you need us to keep the data even if we do not need it any more, or (iv) where you may have opposed to our use of your data but we must verify if we have legitimate reasons to use it.
If you exercise the above right, such data, other than being stored, will be processed only with your consent or for the establishment, exercise or support of legal claims, or for the protection of the rights of another natural or legal person; or for important public interest reasons in the European Union or Member State.
(f) Right to obtain a copy of your personal data or to forward your personal information data to third parties.
(g) If your personal data is processed with consent, you may withdraw your consent at any time where we rely on your consent to the processing of your personal data.
However, this will not affect the legitimacy of any processing performed prior to the withdrawal of your consent.
The exercise of the above rights is free of charge. However, please note that the Company may charge you with an operating fee in cases where requests are unfounded or excessive, especially because of their recurring nature.
- To what extent do we use automated decision-making and profiling
The Company does not make decisions solely based on automated processing.
However, we inform you that some of your data may be automatically processed in the context of evaluating personal aspects (profiling) indicatively for the following purposes:
(a) Credit rating.
(b) Promotion of new products of the Company and/or companies of the Group or of third parties cooperating with the company and/or companies, if your consent has been given for this purpose.
- How do we handle your personal data for marketing activities and whether profiling is used for such activities
We may process your personal data to inform you of products and offers that may be of interest to you or your business.
The personal data we process for this purpose consists of information you provided us and data we collect and/or conclude when using our services, such as information about your transactions. We study all this information to form a view of what we think you may need or what you may be interested in. In some cases, profiling is used, i.e. we process your data automatically for the purpose of evaluating certain personal information to provide you with targeted product-specific marketing information.
We may use your personal data to promote our products to you only if we have your explicit consent for this or if in some cases, we believe we have a legitimate interest in doing so.
You have the right to oppose at any time the processing of your personal data for Marketing purposes, including profiling, by contacting the Company at any time either in person or in writing.
Please let us know if you are not satisfied with the way we used your personal information. You may contact us by using the information listed in paragraph 4 (four) above. You also have the right to complain to the Office of Personal Data Protection Commissioner.
When you visit our site, our system automatically collects information about your visit, such as your browser type, IP address, and referring site. You can set your browser not to store cookies on this site, and you can also delete cookies automatically or manually. However, please note that in this way you may not be able to fully use all the features provided on our site.
- Changes to the Privacy Statement
We may modify this Privacy Statement from time to time. In case of changes, we will duly notify you and modify the date of the Privacy Statement. The revised version of the Privacy Statement will be available on our website www.gdltrading.com and it is our suggestion you refer to it periodically so that you are always up to date on how we protect and process your personal data.