Privacy Policy

PROOViD Ltd (hereby the “Company”) is committed to protecting customers’ privacy. This Privacy Policy describes how the Company collect, handle, store and protect personal information about you in the context of our services. It also provides information about your rights and about how you can contact us if you have questions about how we handle your information.

The Company has overall responsibility for ensuring compliance with the Data Protection legislation.

The following data are collected both for Legal and Natural Persons:

• For Legal Persons:
• Company Name;
• Registration number;
• Country;
• Full address;
• Company Email;
• Phone/Fax Numbers;
• Type of Industry;
• Certificate of non-bankruptcy; and
• Any other information may require setting up the accounts.

• For Natural Persons:
• Full Name;
• National Identification (ID) Number/ Passport Number;
• Resident Address;
• Personal e-mail;
• Phone/Fax Numbers;
• Geolocation coordinates;
• IP address;
• Biometric Facial Identification; and 
• Any other information may require setting up the accounts.

Children’s Privacy. Our Services are not directed to children under the age of eighteen (18), and we will never knowingly collect personal or other information from anyone we know is under such age. We record an express declaration from anyone using our verification service that they are above such age at the time we acquire their personal information.

The data are stored and processed by the Company throughout the validity period of the contract/ relationship, in order to provide the requested services, handle requests and/or enquiries.

The data that the Company process shall not be kept for longer period than is necessary. Data processed for the purposes of legitimate interest (e.g. an action against a customer), is not erased and are maintained until the legitimate purpose is completed.

 

Transfers Outside the EU (European Union) and/or the EEA (European Economic Area)
Customers are informed that the Company’s associates are based within the EU and/or the EEA. Certain associates are based outside EU and/or the EEA. All partners are contractually committed to the Company to provide appropriate security safeguards etc. and are subject to the obligations of the GDPR (Articles 44 and 45). 

How we use the data
The Company may process the data set out above for any of the following purposes:

• Perform a contract and/or agreement;
• For purposes of legitimate interests of the Company, such as legal actions against the customer, the detection and prevention of fraud and IT purposes (e.g. cyber-security, data loss prevention); and
• Reveal information in response to criminal or civil legal process as requested by the competent courts of the relevant jurisdiction and as permitted under Cyprus Laws.

The Company takes all necessary steps to safeguard the Confidentiality, Integrity and Availability of its systems and services, e.g. to protect against cybersecurity threats, fraud, etc.

How we share personal information
The Company may share personal information with our business partners and third-party service providers. Our third-party service providers are not permitted to share or use personal information we make available to them for any purpose other than to provide services to us.

The Company share your information collected in connection with the Services as detailed below:

1. We share the personal information that we collect with you and to such other parties as instructed and agreed with you;
2. We also use third-party service providers to help us deliver, manage, and constantly improve our Services. These service providers may collect and/or use your personal information to assist us in achieving the purposes stated;
3. We may also share your personal information with other third parties when necessary, to fulfil your requests for services; to complete a transaction that you initiate, to meet the terms of any agreement that you have with us or our partners, etc.
4. We partner with certain other third parties to collect information and engage in analysis, auditing, research, and reporting; and
5. We may also use or share your personal information with third parties when we have reason to believe that doing so is necessary; to comply with applicable law or a court order, subpoena, or other legal process; to investigate, prevent, or take action regarding illegal activities; suspected fraud, violations of our terms and conditions, or situations involving threats to our property or the property or physical safety of any person or third party; to establish, protect, or exercise our legal rights or defend against legal claims; or to facilitate the financing, securitization, insuring, sale, assignment, bankruptcy, or other disposal of all or part of our business or assets.

 

Information Security Measures
The Company maintains solid information security measures and procedures to safeguard customers’ data, in line with the Company’s obligations towards the Law of Protection of Natural Persons regarding the Processing of Personal Data and for the Free Movement of such data of 2018.

Additionally, observing the GDPR regulations, secure auditory practices are carried out to ensure standardized operations and encryption practices. New techniques are continually implemented in order to keep our data security ahead of the curve.

A comprehensive approach is considered for information security to effectively ensure the Confidentiality, Integrity and Availability of customers’ data. The Company endeavors to implement a holistic Information Security Management System to effectively safeguard the Confidentiality, Integrity and Availability of our customers data.  

How long we keep personal information
The Company retain your information in accordance with the following criteria:

• when you cease to use our Services;
• the length of time it is reasonable to keep records to demonstrate that we have fulfilled our duties and obligations;
• any limitation periods within which claims might be made;
• any retention periods prescribed by law or recommended by regulators, professional bodies or associations; and
• the existence of any relevant proceedings.

 

Our Clients Rights

The Company employees may collect, store or process personal data in the course of their employment with the organization. Every employee has responsibilities under legislation to protect the rights of the individuals whose personal data the Company obtains, stores or processes (“data subjects”). All employees of the Company who collect and/or control the contents and use of personal data are also responsible for compliance with the Data Protection legislation.
Data Subjects for whom the Company obtains personal data have the following rights:

• to have their personal data obtained and processed fairly;
• to have personal data kept securely and not illegitimately disclosed to others;
• to be informed of the identity of the Data Controller and of the purpose for which the information is held;
• to get a copy of their personal data;
• to have their personal data corrected or deleted; and
• to prevent their personal data from being used for certain purposes, etc.

• Right of Access

Customers may be informed in more detail about the Personal Data processes of the Company, by completing and submitting the relevant application form in Appendix1. The right of access is subject to the provisions of the Law of Protection of Natural Persons regarding the Processing of Personal Data and for the Free Movement of such data of 2018 (the “GDPR Law”).

• Request for rectification of personal data held by the Company

Under Article 16 of the GDPR data subjects have a right to the rectification of any inaccurate or incomplete personal data which is held by the Company.  The data subject has the right to have inaccurate personal data corrected. Customers may request rectification of their data by completing and submitting the relevant application form in Appendix 2.

The rectification of inaccurate or incomplete personal data held by the Company must be completed within 30 days of receipt of the request.

• Right to Erasure (“Right to be Forgotten”)

Customers may request the erasure of any of their Personal Data by completing and submitting the relevant application form in Appendix 3. The right to erasure is subject to the provisions of the GDPR Law.

• Right to Data Portability

Customers may exercise the right to data portability by completing and submitting the relevant application form in Appendix 4. Data portability is subject to GDPR Law.

Information the data subject is entitled to in response to a Subject Access Request
The data subject is entitled to receive confirmation within 30 days of the receipt of the request as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information:

• the purposes of the processing;
• the categories of personal data concerned;
• the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations;
• where possible, the retention period for the personal data;
• the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
• the right to lodge a complaint;
• where the personal data are not collected from the data subject, any available information as to their source; and
• the existence of automated decision-making (if applicable), including profiling, and meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

Employees must bring all Subject Access Requests to the attention of the Data Protection Officer immediately. Failure to do so may result in disciplinary action.

Company’s contact information/complaints

Customers can contact the Company for any information on its Privacy Policy by phone at +357 22 255221, or by post at Ifigeneias 70, 1st Floor, Office 101, 2003, Nicosia, Cyprus, or by email at info@proovid.com. The same contact details may be used for any inquiry or complaint.

Procedures and Guidelines
This Policy supports the provision of a structure to assist in Company’s compliance with the Data Protection legislation, including the provision of best practice guidelines and procedures in relation to all aspects of Data Protection.

This Policy will be reviewed annually by the DPO, subject for approval by the BoD, in light of any legislative or other relevant developments including guidance from Data Protection Commissioner, or the EU Commission. It shall be the responsibility of the DPO to keep this policy updated.

Appendix 1
When requesting information, it is important to give any details that will help the person to identify you and find your data – for example a staff number, any previous address or your date of birth; and be clear about which details you are looking for if you only want certain information. This will help the Company to respond more efficiently.
No fee will apply to any application for information under the Data Protection Act 2018.

<Name/ ID No.>
<address>

Dear DPO,

Request for copies of personal data held by the Company
Under the Data Protection Act 2018 and Article 15 of the EU General Data Protection Regulation, I wish to make an access request for a copy of any information you keep about me, on computer or in manual form.
[Insert relevant information to assist the Company to identify you and find your data]

Appendix 2
When requesting information, it is important to give any details that will help the person to identify you and find your data – for example a staff number, any previous address or your date of birth; and be clear about which details you are looking for if you only want certain information. This will help the Company to respond more efficiently.
<Name/ ID No.>
<address>

Dear DPO,

Request for rectification of personal data held by the Company
Under the Data Protection Act 2018 and Article 16 of the EU General Data Protection Regulation, I wish to make a request for the rectification of inaccurate/incomplete personal information you keep about me, on computer or in manual form.
[Insert relevant information to assist the Company to identify you and find your data. Provide full details of the inaccurate or incomplete nature of the data and provide the correct information that you wish to update and rectify]

 

Appendix 3
When requesting information, it is important to give any details that will help the person to identify you and find your data – for example a name, any previous address or your date of birth; and be clear about which details you are looking for if you only want certain information. This will help the Company to respond more efficiently.
<Name/ ID No.>
<address>

Dear DPO,
Request for erasure of personal data held by the Company (right to be forgotten)
Under the Data Protection Act 2018 and Article 17 of the EU General Data Protection Regulation, I wish to make a request for the erasure of personal information you keep about me, on computer or in manual form.
[Insert relevant information to assist the Company to identify you and find your data. Provide full details of the data you seek to have erased. It is important to clarify whether you wish for some or all of your information to be erased]

Yours sincerely,
[Name]

Appendix 4

<Name/ ID No.>
<address>

Dear DPO,
Request for Data Portability
Under the Data Protection Act 2018 and Article 20 of the EU General Data Protection regulation, [Please select appropriately]

• I wish to receive the personal data that are maintained by the Company; or
• I wish to transmit those data to ……………………..(please insert the name of the other controller.

[Insert relevant information to assist Company to identify you and find your data. Provide full details of the data you seek to have erased. It is important to clarify whether you wish for some or all of your information to be erased]
Yours sincerely,
[Name]