Medousis 2, Pantelis Court
+357 24 642430

Legal

Home
Legal
Privacy Policy

Privacy Policy

PURPOSE OF THIS PRIVACY POLICY

This privacy policy aims to give information on how A. Soulis Enterprises Ltd collects and processes the personal data of its data subjects. Furthermore, to protect individuals' fundamental rights and freedoms, particularly their right to protect their personal data. Based on that principle, A. Soulis Enterprises Ltd is committed to implement all appropriate technical and organizational measures to protect them and abide by all the requirements of the General Data Protection Regulation (GDPR).

SOME USEFUL DEFINITIONS

“Personal data” means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

“Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

“Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

‘’Data subject’’ means the person whose personal data is being processed.

“GDPR” means the General Data Protection Regulation (European Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data).

CONTROLLER DETAILS

  • Name: A. Soulis Enterprises Ltd (referred to as the “COMPANY”, “company”, “us” or “our”).
  • Address: Medousis 2, Pantelis Court, Block B, F301, 6059 Larnaca, Cyprus.
  • Mailing address: P.O.Box 40693, 6306, Larnaca, Cyprus.
  • Telephone / Fax: +35724642430 / +35724642442
  • Website: https://www.soulis-cranes.com.cy
  • Email address: asoulis@spidernet.com.cy
  • Representative contact details: Andri Souli / admin@souliscranes.com

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

COLLECTION AND PROCESSING OF PERSONAL DATA

We collect personal information when our data subjects provide us directly with this information taking into account GDPR’s basic principles:

  • Lawfulness, fairness, and transparency: We commit to comply with the law; only process personal data in a way that people would reasonably expect; always be open about our data protection practices.
  • Purpose limitation: We will only process personal data for the specific reason we collect it and nothing else.
  • Data minimization: We will not process any more data than we need.
  • Accuracy: We will make sure that any personal data we hold is correct and accurate.
  • Storage limitation: We will not store personal data for longer period than we need to.
  • Integrity and confidentiality: We will always process personal data securely.

The categories of the data subjects, the purpose of the processing, the legal basis of the processing, the types of personal data processed and the recipients of the personal data are briefly explained in the table below.

Failure to provide us personal data required by a statutory or contractual requirement, or a requirement necessary to enter into a contract, we will be unable to proceed with cooperation.

 

Data subjects Purpose of the processing Legal basis Type of personal data Recipients
Company personnel Human resource management, execution of works (competency of personnel), employment, union subscriptions, payroll, allowances and funds, insurance coverage, medical condition, security and health and safety (CCTV), IT support • Consent
• Employment
• Contracting
• Legal obligation.
• Legitimate interest		 Identification (e.g. i.d.), competency (e.g. trainings, licenses), medical condition, contact details, bank account details, social insurance details, projects’ photographs, CCTV images and videos Company management, social insurance services and other governmental departments, insurance companies, clients, access by IT in case of support
Employment candidates Employment, competency of personnel, IT support • Consent
• Contracting
• Legitimate interest		 Academic and professional qualifications, identification and contact details Company management, access by IT in case of support
Customers Preparation of proposals for service provision, IT support, security and health and safety (CCTV) • Contracting
• Legitimate interest		 Name, contact details, CCTV images and videos Company management, access by IT in case of support
Suppliers of products Purchasing of goods, IT support, security and health and safety (CCTV) • Contracting
• Legitimate interest		 Name, contact details, bank account details, CCTV images and videos Company management, access by IT in case of support
Suppliers of services (subcontractors) Execution of works (competency of personnel), maintenance of machinery and equipment, waste management, IT support, security and health and safety (CCTV) • Contracting
• Legitimate interest		 Identification (e.g. i.d.), competency (e.g. trainings, licenses), contact details, bank account details, CCTV images and videos Company management, access by IT in case of support

 

PROCESSING OF DATA BASED ON CONSENT

Generally, we do not rely on consent as a legal basis for processing your personal data other than specific circumstances according to company’s policies and procedures. You have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal, by contacting our company representative, Andri Souli on admin@souliscranes.com.

DATA SECURITY

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your personal data to those employees and third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

TRANSFERRING OF PERSONAL DATA TO A THIRD COUNTRY

We may transfer personal data to a client located or based at a third country within the frame of our cooperation and during the provision of our services. In this case, we ensure that our client processes the provided personal data according to the “European Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data” and also declares that fully complies to Article 5 of the above Regulation for the principles relating to processing of personal data, among others, are only collected within the frame of our cooperation and they are not further processed in a manner that is incompatible with this purpose, kept for no longer than is necessary for the purpose are collected and are processed in a manner that ensures their appropriate security.

STORAGE PERIOD OF PERSONAL DATA

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for. To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means and the applicable legal requirements.

COOKIES

When you visit our website, you can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies.

RIGHTS OF DATA SUBJECTS

According to the “European Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data”, data subjects can exercise the rights presented below:

  • The right of access: to request free access to your personal data (GDPR Article 15).
  • The right to rectification: to request correction of inaccurate personal data (GDPR Article 16).
  • The right to erasure or right to be forgotten: to request the erasure of your personal data, under certain circumstances, when, among others, personal data are no longer needed, you recall the consent, personal data are illegally processed etc. (GDPR Article 17).
  • The right to restriction of processing: to request the limitation of the processing of your personal data, among others, when their accuracy is disputed, there is an illegal processing, are no longer needed by the controller etc. (GDPR Article 18).
  • The right to be informed: to know, through clear information in laypersons language, who processes your personal data, the types of personal data being processed and the purpose of processing (GDPR Article 19).
  • The right to data portability: To transfer your personal data to another controller (GDPR Article 20).
  • The right to object: To object the processing of your personal data within specific conditions (GDPR Article 21).
  • The right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her (GDPR Article 22).

If you wish to exercise any of the rights set out above, please contact our company representative Andri Souli on admin@souliscranes.com.

RIGHT TO LODGE A COMPLAINT WITH THE SUPERVISORY AUTHORITY

You have the right to make a complaint at any time to the Commissioner for the Protection of Personal Data in Cyprus. We would, however, appreciate the chance to deal with your concerns before you approach the Commissioner so please contact our company representative Andri Souli on admin@souliscranes.com in the first instance.