Privacy Policy

Privacy Policy

PURPOSE OF THIS PRIVACY POLICY

This privacy policy aims to give information on how A. Papaetis Services Ltd collects and processes the personal data of its data subjects. Furthermore, to protect individuals’ fundamental rights and freedoms, particularly their right to protect their personal data. Based on that principle, A. Papaetis Services Ltd is committed to implement all appropriate technical and organizational measures to protect them and abide by all the requirements of the General Data Protection Regulation (GDPR).

SOME USEFUL DEFINITIONS

Personal data” means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

 

Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

 

Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

 

Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

 

’Data subject’’ means the person whose personal data is being processed.

 

GDPR” means the General Data Protection Regulation (European Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data).

CONTROLLER DETAILS
  • Name: A. Papaetis Services Ltd (referred to as the “COMPANY”, “company”, “us” or “our”).
  • Address: 75 Athalassa Avenue Chapo Tower, Office 301, 2012 Nicosia, Cyprus.
  • Telephone / Fax: +35722204600 / +35722499318
  • Website: https://pservices.com.cy
  • Email address: reception@papaetis.com
  • Representative contact details: Elena Gavriel – Quality Officer / elenag@papaetis.com

 

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

COLLECTION AND PROCESSING OF PERSONAL DATA
  • We collect personal information when our data subjects provide us directly with this information taking into account GDPR’s basic principles:

     

    • Lawfulness, fairness, and transparency: We commit to comply with the law; only process personal data in a way that people would reasonably expect; always be open about our data protection practices.
    • Purpose limitation: We will only process personal data for the specific reason we collect it and nothing else.
    • Data minimization: We will not process any more data than we need.
    • Accuracy: We will make sure that any personal data we hold is correct and accurate.
    • Storage limitation: We will not store personal data for longer period than we need to.
    • Integrity and confidentiality: We will always process personal data securely.

     

    The categories of the data subjects, the purpose of the processing, the legal basis of the processing, the types of personal data processed and the recipients of the personal data are briefly explained in the table below.

     

    Failure to provide us personal data required by a statutory or contractual requirement, or a requirement necessary to enter into a contract, we will be unable to proceed with cooperation.

Data subjects

Purpose of the processing

Legal basis

Type of personal data

Recipients

Company personnel

Preparation of quotations and tenders, payroll, human resource management, employment, competency of personnel, allowances and funds, medical insurance coverage

·        Consent

·        Employment

·        Legal obligation

·        Legitimate interest

Identification (e.g. I.D. number, social insurance number), professional and academic qualifications and competency (e.g. trainings, licenses), contact details, bank account details, medical records (claims)

Accounts personnel, Quality officer, Tenders’ personnel, Medical insurance company, Governmental tendering authorities and departments / services, Company management, Auditing company, access by IT in case of support

Employment candidates

Evaluation of candidates for employment purposes

·        Consent

·        Employment

·        Legitimate interest

Academic and professional qualifications, contact details

Company management, Reception, access by IT in case of support

Customers

Sales of products, technical support, invoicing and payments, preparation of proposals and quotations for service/product provision

·        Contracting

·        Legitimate interest

Name, contact details, bank account details

Accounts personnel, Sales personnel, Technical personnel, Tenders’ personnel, access by IT in case of support

Customer’s patients

Sales of products, invoicing and payments, technical support

·        Contracting

·        Legitimate interest

Identification (ID number, sex, date of birth, medical records (anonymized)

Accounts personnel, Sales personnel, Technical personnel, Manufacturers of products (anonymized patients’ medical records), access by IT in case of support

Suppliers of products

Purchasing of goods, invoicing and payments

·        Contracting

·        Legitimate interest

Name, contact details, bank account details

Company management, Sales personnel, Warehouse personnel, Tenders’ personnel, Accounts personnel, Auditing company, access by IT in case of support

Suppliers of services (subcontractors)

Preparation of governmental tenders / Execution of works (competency of personnel), invoicing and payments, maintenance of machinery and equipment, waste management

·        Contracting

·        Legitimate interest

Identification (e.g. ID number, social insurance number, professional qualifications and competency (e.g. trainings, licenses), contact details, bank account details, tax number (premises owner)

Tenders’ personnel, Accounting personnel, Governmental tendering authorities, Auditing company, access by IT in case of support

Personnel dependent persons

Allowances and funds, medical insurance coverage

·        Consent

·        Legitimate interest

Identification (e.g. I.D. number), contact details, medical records (claims)

Accounts personnel, Quality officer, Medical insurance company, Governmental departments / services, access by IT in case of support

PROCESSING OF DATA BASED ON CONSENT

Generally we do not rely on consent as a legal basis for processing your personal data other than specific circumstances according to company’s policies and procedures. You have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal, by contacting our company representative, Elena Gavriel on elenag@papaetis.com.

DATA SECURITY

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees and third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

 

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

TRANSFERRING OF PERSONAL DATA TO A THIRD COUNTRY

We may transfer personal data to a supplier located or based at a third country within the frame of our cooperation and during the provision of our services. In this case, we ensure that our supplier processes the provided personal data according to the “European Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data” and also declares that fully complies to Article 5 of the above Regulation for the principles relating to processing of personal data, among others, are only collected within the frame of our cooperation and they are not further processed in a manner that is incompatible with this purpose, kept for no longer than is necessary for the purpose are collected and are processed in a manner that ensures their appropriate security.

STORAGE PERIOD OF PERSONAL DATA

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for. To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means and the applicable legal requirements. All details are given in our procedure “SOP 1.2 – Control of records” and in our “Record of processing activities”.

COOKIES

When you visit our website, you can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies.

 

RIGHTS OF DATA SUBJECTS

According to the “European Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data”, data subjects can exercise the rights presented below:

 

  • The right of access: to request free access to your personal data (GDPR Article 15).
  • The right to rectification: to request correction of inaccurate personal data (GDPR Article 16).
  • The right to erasure or right to be forgotten: to request the erasure of your personal data, under certain circumstances, when, among others, personal data are no longer needed, you recall the consent, personal data are illegally processed etc. (GDPR Article 17).
  • The right to restriction of processing: to request the limitation of the processing of your personal data, among others, when their accuracy is disputed, there is an illegal processing, are no longer needed by the controller etc. (GDPR Article 18).
  • The right to be informed: to know, through clear information in laypersons language, who processes your personal data, the types of personal data being processed and the purpose of processing (GDPR Article 19).
  • The right to data portability: To transfer your personal data to another controller (GDPR Article 20).
  • The right to object: To object the processing of your personal data within specific conditions (GDPR Article 21).
  • The right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her (GDPR Article 22).

 

If you wish to exercise any of the rights set out above, please contact our company representative Elena Gavriel on elenag@papaetis.com.

RIGHT TO LODGE A COMPLAINT WITH THE SUPERVISORY AUTHORITY

You have the right to make a complaint at any time to the Commissioner for the Protection of Personal Data in Cyprus. We would, however, appreciate the chance to deal with your concerns before you approach the Commissioner so please contact our company representative Elena Gavriel on elenag@papaetis.com in the first instance.