Privacy Policy of GP Global Management Ltd

This Privacy Policy Notice (hereinafter the “Privacy Notice”) explains how GP Global Management Ltd (hereinafter "we", "our", "us" "Company") handles your personal data as part of the provision of GP Global Management Ltd services to you as a Client.

This Privacy Notice describes how we collect, use, process and store your personal data, and how, in doing so, we comply with our legal obligations to you. Your privacy is of the utmost importance to us and we are committed to comply with the EU Regulation (EU) 2016/679 to protecting and safeguarding your data privacy rights.

This Privacy Notice is based on our Data Protection Policy.

This Privacy Notice is available through the GP Global Ltd website and does not apply to the collection of Personal Data through this website or through cookies with respect to which Personal data the GP Global Management Ltd can be considered Controller. Please refer to GP Global Ltd separate website Privacy Notice and Cookies Policy for more information in regards the Privacy Notice of this website. 

1. POLICY STATEMENT

GP Global Management Ltd intends to fully comply with all requirements of the REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter the “Regulation”) and of the Law 125(I) of 2018 Providing for the protection of natural persons with regard to the processing of personal data and for the free movement of such data (hereinafter the “Law"), in so far as they affect its activities.

GP Global Management Ltd is located at 7, Alkaios Str., Alkaios Court, Flat 103, 3090 Limassol – Cyprus. You can reach the Company through Telephone at: 00357-25755911, Fax at: 00357-25755660 and email at gpinfo@cytanet.com.cy.

2. INTRODUCTION

GP Global Management Ltd needs to collect and use the personal data about its employees, potential clients, active clients and other individuals who are requesting for the provision of our services and come into contact with the Company. GP Global Management Ltd is the data controller of your personal information.

In collecting and using personal data, the Company is committed to protecting an individual’s right to privacy with regard to the processing of personal data, therefore this Privacy Notice is hereby adopted in compliance with the Regulation and with the Law to support this commitment.

The Privacy Notice ensures that GP Global Management Ltd:

• Complies with the REGULATION (EU) 2016/679

• Complies with the Law 125(I) of 2018

• Protects the rights of individuals related to the Company

• Is open about how the Company collects, use, storage, access, discloses, transfers and destructs individual’s data

• Protects the Company from the risks of a data breach

The Company respects and values your data privacy rights, and makes sure that all personal data collected from you are processed in adherence to the general principles of data protection as set out in the Regulation EU 2016/679. In accordance these principles, the personal data shall be:

• processed lawfully, fairly and in a transparent manner;

• collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;

• adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;

• accurate and, where necessary, kept up to date;

• kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed;

• processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage.

The Policy Notice applies to all personal data that the Company holds relating to identifiable individuals.

3. PROCESSING OF PERSONAL DATA

3.1 Collection

The lawfulness of collection and processing of personal data by the Company is based on:

• the data subject has given consent to the processing of his or her personal data for one or more specific purposes;

• the necessity to comply with its legal obligations;

• for the performance of a contract to which is a party or in order to take steps at the request of a prospect client prior to entering into a contract;

• for the Company's legitimate interests, such as providing consulting services and managing our business;

3.1.1 Collection of personal data of clients and other individuals

In order to receive more information for your specific request or for any other business relationship, you are requested to complete the “Contact Form” on www.gpglobalcy.com or to send us an email to gpinfo@cytanet.com.cy. By completing the “Contact Form” or contact us through an email providing your personal information, you enable the Company to evaluate your request. The same information will be used by the Company to contact you regarding the offered services.

The Company collects sufficient information of potential clients and other individuals for the evaluation of their specific request for our services.

The Company collects sufficient information from active clients for the evaluation of the continuation of the business relationship, as well as, to comply with its legal obligations.

In order to provide our services that you have requested and for the whole duration of your business relationship with us, we need to process certain information about you. We only ask for personal information that we are obliged to collect from you under our legal obligations and are relevant to your specific requests for the provision of our services.
These information include among others your personal contact details, documents to verify your identify and residential address, tax identification documents, data and documents for your financial situation, employment and education, information to understand the reason of requesting the provisions of our services, information to assess whether you may represent a politically exposed person.

The Company, where appropriate, may seek more information about you from other sources generally by way of due diligence or other market intelligence including: Business partners, Third parties, Your agents, advisers, intermediaries, Publicly available sources, Credit reference agencies.

If you would like a more detailed description of the personal data that we collect about you, please contact us at gpinfo@cytanet.com.cy.

The Company may ask to collect additional personal data for its clients, update the personal data that processes and collect other additional personal data under any new legal requirement the Company is subject, as well as, personal data information not obtained from the data subject.

The Company will retain the information for no longer than it is necessary for the purposes for which it was collected or for which is to be further processed. In some cases there are legal requirements to keep data for a minimum period.

Our services are not intended for or targeted at children under 14 years old. GP Global Management Ltd does not knowingly solicit or collect personal data from children below the age of 14. However, if we collect and use information about children below the age of 14 years, we will comply with applicable Regulation (EU) 2016/679.

3.2 Use

The Company applies security measures for the protection of the personal data in use. The Security measures include technical and organisational procedures.

The Company restrict access to personal information to employees who need to know the specific information in order to operate, develop or improve our services. These individuals are bound by confidentiality and will be subject to penalties if they fail to meet these obligations.

3.2.1 Use of personal data of clients and other individuals

Personal data collected shall be used by the Company for providing its services requested by the client.

The personal data collected by other individuals is in use by the Company for a specific purpose, such for example the use of personal data for providing more information following a request for a business relationship, for employment purposes.

The Company may use your personal information for one or more of the following purposes:

• to provide the services you have requested;

• to inform you of products and/or services that may be of interest to you;

• to keep you updated on the issues that are relevant to your business relationship with us;

• to analyse statistical data to enable us to provide you with better products and/or services;

• to enhance the security controls of the Company’s networks and systems;

• to identify, assess, mitigate, prevent and investigate fraudulent activity of any kind that is forbidden by the relevant legislation;

• to defend possible legal claims;

3.3 Storage of personal data

The Company applies relevant measures to protect the personal data that processes against any accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access as well as against any other unlawful processing.

The Company keeps personal data physically/on paper and electronically.

3.4 Disclosure

Personal data under the custody of the company shall be disclosed only pursuant to a lawful purpose and to authorised recipients of such data. Autorised recipients may include third parties with whom the Company has a contractual agreement for the provision of a service and shall refer as partners of the Company. The Company’s partners maintain the privacy of your information to the same extent the Company does in accordance with the Privacy Notice, Regulation and Law.

Where the Company use the services of third parties that assist the Company in providing services to you and they are not partners as defined in the above paragraph, these third parties are required to maintain the confidentiality of such information and to use your personal information only in the course of providing such services for the purposes that the Company dictates and within the ambit of the Regulation and Law.

Authorised recipients of Personal Data may be for example:

• technological experts that appointed by the Company to support the smooth operation of Company’s systems;

• companies providing accounting services;

• companies providing legal services;

• external consultant’s;

• Data Protection Officer in case the Company decides to be outsourced;

• governmental authorities and regulatory bodies.

3.5 Transfer

Where the Company will transfer personal data to a third country or international organization, the Company will ensure that:

• there is a decision by the Commission that the third country, the territory or one or more specified sectors within that third country, or the international organization in question ensures an adequate level of protection; or

• appropriate safeguards in accordance the Regulation are in place and on condition that enforceable data subject rights and effective legal remedies for data subjects are available; or

• when there is an absence of a decision by the Commission as described above and appropriate safeguards are not in place, the transfer shall take place in accordance the relevant provisions of the Regulation

Where the Company cannot ensure that the transfer is based on any of the provisions under point a) and b) above and none of the specific conditions referred under point c) above is applicable, the Company may transfer personal data to a third country or to an international organisation only if the transfer complies with the provisions of relevant article of the Regulation.

3.6 Impact Assessment

The Company shall conduct a Privacy Impact Assessment (PIA) relative to all activities, projects and systems involving the processing of personal data prior to a type of processing that in particular using new technologies, and taking into account the nature, scope, context and purposes of the processing, is likely to result in a high risk to the rights and freedoms of data subjects.

3.7 Destruction

After the storage period, as defined below under the paragraph “4. For how long the Company keeps your personal data", is ended, the Company will destroy hard copies of personal data and personal data that are kept electronically.

4. FOR HOW LONG THE COMPANY KEEPS YOUR PERSONAL DATA

The Company will retain the information for no longer than it is necessary for the purposes for which it was collected or for which is to be further processed. The Company will keep personal data of clients during the time of business relationship.

Following the termination of the business relationship, the Company will keep the personal data of clients for at least 5 years from the date of business relationship termination, in order to comply with its regulatory obligations.

The Company will also keep the personal data of clients for the minimum period as to comply with its relevant tax obligations.

5. PROCESSING FOR OTHER REASON

The Company will ask to receive data subject’s consent in any case will process data subject’s personal data for a purpose other than that for which personal data have been collected.

6. DATA SUBJECTS RIGHTS

All individuals who are the data subject of personal data held by the Company are entitled to the below rights as these are defined in Regulation and in the Law, unless these rights are subject to a restriction under the same Regulation and Law:

• Right of access. You have the right to request a copy of your personal data which the Company holds about you. The Company will provide a copy of your personal data that is undergoing processing. For any further copies requested by you, the Company may charge a reasonable fee based on administrative costs.

• You can send an email to gpinfo@cytanet.com.cy asking for a copy of your personal data that is undergoing processing.

• Right to rectification. You have the right to request from the Company to rectify any inaccurate personal data concerning you.

• Right to erasure. You have the right, under certain circumstances as these are defined in the Regulation, to obtain from the Company the erasure of your personal data.

• Right to restriction of processing. Where there is a dispute in relation to the accuracy or processing of your personal data, you have the right to request a restriction on further processing, in accordance the Regulation.

• Right to data portability. Where the processing is based on consent or on a contract and the processing is carried out by automated means, you have the right to receive the personal data and have the right to transmit those data to another controller.

• Right to object. Where applicable under the Regulation, you have the right to object to the processing of your personal data.

• Right not to be subject to a decision based solely on automated processing, including profiling.

• The Company does not use automated decision-making, including profiling.

• Right to withdraw your consent. Where the processing is based on your consent, you have the right to withdraw your consent at any time.

• To withdraw your consent, send an email to gpinfo@cytanet.com.cy. asking to withdraw your consent.

• Right to lodge a complaint with a competent authority.

• In such case, the company asks the data subject in the first instance to contact the Company at the email gpinfo@cytanet.com.cy

• The data subject can exercise any of the above rights by contacting the Company through email at gpinfo@cytanet.com.cy

The requested information will be provided free of charge. The company reserves the right to charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the action requested; or refuse to act on the request, if in case your request is manifestly unfounded or excessive.

7. BREACH AND SECURITY INCIDENTS

Breach of security leads to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed. The Company is responsible for ensuring immediate action in the event of a security incident or personal data breach.

The Company has in place procedures to deal with any suspected personal data breach and will notify you and the relevant competent regulator (http://www.dataprotection.gov.cy) of a breach where the Company is legally required to do so. If you require further information on how the Company deals with a Data Breach, please contact us at gpinfo@cytanet.com.cy

8. MARKETING INFORMATION

GP Global Management Ltd may periodically send promotional emails about new services, special offers, newsletters or other information which we think you may find interesting. From time to time, we may also use your information to contact you for market research purposes, although you do not have to respond to them. We may contact you by email, phone, fax or mail when available.

In this respect, when we send you any marketing email, you will be given automatically the opportunity to object, free of charge and in an easy manner, to such use of your electronic contact details when they are collected and on the occasion of each message and you may automatically opt out of further promotional offers.

9. SECURITY AND CONFIDENTIALITY

We recognize the importance of guarding the security of your personal information and on-line communications. We have measures in place to protect against accidental loss and destruction. We restrict access to personal data that is collected about you to only those who have a need to know that information in connection with the purposes for which it is collected and used. We employ individuals, who are suitably qualified, possess the necessary technical knowledge and personal integrity for maintaining confidentiality. Additionally, we maintain physical and electronic safeguards to guard your personal data.

The transmission of information via the Internet or email is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data as it is transmitted and stored.

10. INQUIRIES AND COMPLAINTS

For any inquire relevant to the processing of personal data, the data subject may contact the Company at:

Tel: +357 25755911
Fax: +357 25755660

In case of a complaint, the company asks the data subject in the first instance to contact GP Global Management Ltd at the email gpinfo@cytanet.com.cy

For any type of inquiry or complaint, the Company may request the provision of additional information necessary to confirm the identity of the data subject who makes the request or complaint.

11. VALIDITY

This Privacy Notice is effective this 25 day of May, 2018, until revoked or amended by the Company.

The Company reserves the right to change or amend the Privacy Notice without further notice to you, provided that the changes do not significantly reduce your rights under the Privacy Notice. If the Company makes material changes to the Privacy Notice, the Company will notify you by email or by means of a notice on our home page or by changing the version of the document including the date of the update which will be visible to the first page of this document. The latest and prevailing version of the Privacy Notice will at all times be available at www.gpglobalcy.com. Any revised Privacy Notice will be effective immediately upon posting on www.gpglobalcy.com

12. LEGAL DISCLAIMER

The Company reserves the right to disclose your personal data as required the Regulation and the Law and when the Company believes that disclosure is necessary to protect our rights and/or to comply with a judicial proceeding, court order, or legal process served. The Company will not be liable for misuse or loss of personal data resulting from cookies on the Company’s site(s) that the Company does not have access to or control over. The Company will not be liable for unlawful or unauthorized use of your personal data due to misuse or misplacement of your passwords, negligent or malicious.

13. APPLICABLE LAW

This Privacy Policy is subject to the REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 and Laws of Cyprus.

This policy was last updated on 25/05/2018