Privacy Policy
This version was last updated on: 9th June 2020
G.N. AUTO ODYKY EXPRESS ROAD SERVICE LIMITED-HE 28976 (collectively referred to as “Odyky, “we”, “us” or “our” in this privacy policy respects your privacy and is committed to protecting your personal data. This privacy policy explains as to how we collect and process your personal data and informs you about your privacy rights under the Processing of Personal Data (Protection of individuals) under the Processing of Personal Data (Protection of individuals) Law 125 (I)/2018) as amended from time to time and the EU General Data Protection Regulation (“GDPR”) 2016/679 (the “Law”).
- This Privacy Policy is directed to natural persons who are either current or potential clients of Odyky.
- It is also directed to natural persons who had such a contractual or other legal relationship with Odyky in the past.
- It also contains information about sharing your personal data with other third parties, such us other service providers or suppliers.
It is important that you read this privacy policy together with any other privacy policy or fair processing notice we may provide on specific occasions when we are collecting or processing your personal data so that you are fully aware of how and why your data is being used. This privacy policy supplements the other policies and it is not intended to override them.
- WHO WE ARE AND IMPORTANT INFORMATION
PURPOSE OF THIS PRIVACY POLICY
G.N AUTO ODYKY EXPRESS ROAD SERVICES LTD is a company registered in Cyprus under the registration number HE 28976 having its head office at, Democratia 10 Limassol, 3012, Cyprus.
This Privacy Policy aims to provide you with information on how we collect and process your personal data through your use of this website, including any data you may provide through this website when signing up to our newsletter/when you select a plan and/or during our contractual relationship.
This website is not intended for children and we do not knowingly collect data relating to children.
We have appointed a Data Protection Officer (DPO) who is responsible for overseeing questions in relation to privacy issues. If you have, any questions about this privacy policy, including any requests to exercise your legal rights, please contact the DPO using the details set out below:
Email address: dpo@odyky.com
Postal address: Democratias 10 Limassol, Agios Ioannis, 3012, Cyprus
YOUR DUTY TO INFORM US OF CHANGES
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
- THE DATA WE COLLECT ABOUT YOU
Personal data, or personal information, means any information about an individual from which that person can be identified.
We may collect, use, store different kinds of personal data about you as follows:
- Name, Surname
- Location/Address
- Contact Number
- E-mail address
- We may collect details about payments to and from you and other details of services you have purchased from us.
- From our website we may collect internet protocol (IP) address, Cookies and if the client requested our services we may collect emails, Name, Surname, Telephone, Address Country, JCC Direct and Card Details.
- In the event that the client requested our services we may collect, passenger’s data, witness data, third parties involved data, car plate/s and/or vehicle registration plate/s, driving licence from the client, vehicle registration certificate, insurance policy document and vehicle MOT. We may also collect Special Categories of Personal Data (this includes details about ethnicity and information about your health data) about you during an accident or via phone or e-mail for the purpose of providing our services.
CHILDREN’S DATA
We understand the importance of protecting children’s privacy. We may collect personal data in relation to children, only provided that we have first obtained their parents’ or legal guardian’s consent or unless otherwise permitted under the law. For the purposes of the data protection policy, “children” are considered persons under the age of eighteen (18) years.
IF YOU FAIL TO PROVIDE PERSONAL DATA
Where we need to collect personal data by law, or under the terms of a contract we have with you or to provide a service and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with our services). In this case, we may have to cancel the service you have with us but we will notify you if this is the case at the time.
- HOW IS YOUR PERSONAL DATA COLLECTED?
We use different methods to collect data from and about you providing you forms in cases that you request our services or by corresponding with us by post, phone, e-mail or otherwise. This includes personal data you provide when you:
- request our services;
- Select a plan on our website;
- subscribe to our service;
- request marketing to be sent to you;
- third parties: We may receive personal data about you from other third parties and public sources as set out below:
- Insurance Companies: Prime Insurance, Ydrogeios Insurance, Cosmos Insurance, Commercial Insurance, Ethniki Insurance, Progressive Insurance, Simila (Cyprus) Rentals, Odycar Rentals, Anytime Insurance.
- PURPOSE OF DATA PROCESSING AND LEGAL BASIS
We will use your personal data in accordance with the Law for one or more of the following reasons:
- Where we need to perform the contract we are about to enter into or have entered into with you.
- We process personal data so as to safeguard the legitimate interests pursued by us or by a third party. A legitimate interest is when we have a business or commercial reason to use your information. But even then, it must not unfairly go against what is right and best for you. Examples of such processing activities include:
- Initiating legal claims and preparing our defence in litigation procedures.
- Means and processes we undertake to provide for Odyky network security, preventing potential crime, asset security, admittance controls and anti-trespassing measures and generally for running securely our business.
- Setting up CCTV systems, for the prevention of crime or fraud.
- To recover debts and/or invoices due to us.
- Measures to manage business and for further developing services.
- Where we need to comply with a legal or regulatory obligation; there are a number of legal obligations emanating from the relevant laws to which we are subject as well as statutory requirements, e.g. Tax Laws.
- You have provided your consent; Provided that you have given us your specific consent for processing (other than for the reasons set out above) then the lawfulness of such processing is based on that consent. You have the right to revoke consent at any time. However, any processing of personal data prior to the receipt of your revocation will not be affected.
CHANGE OF PURPOSE
We will only use your personal data for the purposes for which we have collected it. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis, which allows us to do so.
MARKETING
We may process your personal data to inform you about our services that may be of interest to you or your business.
You may “opt out” of receiving such email updates, newsletters and/or other emails by clicking the “unsubscribe” link in any email communication that we send you. You will then be removed from our mailing list. You have also the right to object at any time to the processing of your personal data for marketing purposes, by contacting us at any time in writing.
- DISCLOSURES OF YOUR PERSONAL DATA
We may have to share your personal data with the parties set out below for the purposes set out in paragraph 4 above. Your personal data may be provided to different departments within Odyky and/or third party/ies for the purposes and/or in the context of the provision of our services. Consequently, third parties may also receive your personal data so that we may perform our services and/or legal obligations. Such third partiers enter into contractual agreements with us by which they observe confidentiality and data protection according to the data protection law and GDPR.
It must be noted that we may disclose data about you for any of the reasons set out hereinabove, or if we are legally required to do so, or if we are authorised under our contractual and statutory obligations or if you have given your consent. We require all third parties to respect the security of your personal data and to treat it in accordance with the Law. We strictly prohibit our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions. We only provide the necessary information they need to perform their specific services.
Under the circumstances referred to above, recipients of personal data may be, for example: income tax authorities, police, vendors and/or associates and/or insurance companies and so on. Specific third parties are: Prime Insurance, Ydrogeios Insurance, Cosmos Insurance, Commercial Insurance, Ethniki Insurance, Progressive Insurance, Simila (Cyprus) Rentals, Odycar Rentals, Anytime Insurance.
- INTERNATIONAL TRANSFERS
We do not transfer your personal data outside the European Economic Area (EEA).
- DATA SECURITY
Appropriate security measures have been put in place, in order to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to employees, agents, contractors and other third parties.
Procedures have been put in place, to deal with any suspected personal data breach and we shall notify you and any applicable regulator of a breach where we are legally required to do so.
- DATA RETENTION
HOW LONG WILL YOU USE MY PERSONAL DATA FOR?
We will only retain your personal data for as long as necessary, to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements unless a longer retention period is required or permitted by certain laws.
The criteria used to determine our retention periods include:
- After the completion of our business relationship with you or another relevant person, we may retain your data for up to 5 (five) years unless there is a legal obligation or other pending matter.
- Whether there is a legal obligation to which we are subject (for example, certain laws require us to keep records of data for a certain period of time before we can delete them e.g. national labour law, tax law, money-laundering legislation).
- Whether retention is advisable considering our legal position (such as, litigation or regulatory investigations).
9. YOUR LEGAL RIGHTS
You have the following rights in terms of your personal data we hold about you:
- Request access to your personal data: You may request a confirmation as to whether or not personal information is being processed by us and to obtain a copy of that information.
- Request correction of your personal data: You may request rectification if your personal information is inaccurate.
- Request erasure of your personal data: You may request that your personal information is erased in certain situations.
- Object to processing of your personal data: You may object to the processing of your personal data in certain situations e.g. for use of your data for ad targeting.
- Request restriction of processing your personal data: You may request restrictions of the processing of your personal data in certain situations e.g. if your personal information is inaccurate or unlawfully processed.
- Request transfer of your personal data: You may request to obtain and reuse your personal data for your own purposes across different services.
- Right to withdraw consent that you gave us with regard to the processing of your personal data at any time. Note that any withdrawal of consent shall not affect the lawfulness of processing based on consent before it was withdrawn or revoked by you.
- RIGHT TO LODGE A COMPLAINT
You have the right to make a complaint at any time to Office of the Commissioner for Personal Data (the “Commissioner”), the Cyprus supervisory authority for data protection issues (http://www.dataprotection.gov.cy/dataprotection/dataprotection.nsf/home_el/home_el?opendocument). We would, however, appreciate the chance to deal with your concerns before you approach the Commissioner so please contact us in the first instance.
We would, however, appreciate the chance to address your queries, so you may contact us at: dpo@odyky.com
- CHANGES TO THE PRIVACY POLICY AND YOUR DUTY TO INFORM US OF CHANGES
This version was last updated on 09/06/2020. This Privacy Policy may be amended from time to time. We do however encourage you to review this statement periodically so as to be always informed about how we are processing and protecting your personal information.