Velmont Group (Cyprus) Ltd with registered office at 20, Homer Av., Off. 101, 1097 Nicosia Cyprus (hereinafter 'Controller'), in the capacity of Controller of your personal data, and in accordance with Regulation (EU) 2016/679 (hereinafter 'GDPR'), hereby informs you that said regulation provides for the protection of data subjects with regard to the processing of their personal data, and that said processing must be carried out according to principles based on fairness, lawfulness, transparency and the protection of your privacy and your rights, in accordance with the provisions of article 5 GDPR.
Within the meaning of article 13 GDPR, therefore, we wish to inform you of the following:
1. Subject matter of data processing
The Controller processes the personal data that identify you (such as name, surname, phone number, Tax ID no, e-mail address, user ID and password etc.), which you have provided or has been obtained from other sources (when using and browsing our portal, certain personal data may be collected automatically by means of so-called 'cookies', for example the user's IP address as well as other information relating to the visit to our website or to any preferences expressed by the user in the choice of services offered by the website). This information and data are collected directly and automatically by the website, also to optimise the efficiency of the website itself. For further details on how the website works, please see our Information on cookies.).
2. Purposes of data processing and legal basis
Your personal data are processed:
A) for the following purposes connected with the fulfilment of legal, contractual obligations or a legitimate interest:
- to provide reserved functions, in procedures for accessing and registering for the website and to allow you to take advantage of the services reserved to registered users, which might also include the possibility to make online purchases;
- for contractual management and use of any services requested;
- for drafting estimates - (legitimate interest);
- for managing and providing assistance to customers;
- to allow the Controller to exercise its rights (such as the right of defence before the courts or credit recovery) - (legitimate interest);
- to reply to requests, comments and anything reported by you
- to determine the level of customer satisfaction;
- to fulfil any obligations prescribed by law, by a regulation, by the Community legislation or by a decree issued by the Data Protection Supervisory Authority (for example, with regard to taxation or accounting, concerning anti-money laundering etc.);
- to guarantee the security of the networks and IT systems - (legitimate interest),
- for direct promotional activities relating to products and/or services analogous to those purchased (considering 47 GDPR) - (legitimate interest);
- to prevent fraud - (legitimate interest);
data will be processed for the above purposes without your express consent pursuant to article 6.1 b), c) and f) GDPR.
The Controller does not ask data subjects to provide so-called “sensitive” data, in other words data which, according to article 9 GDPR, reveal 'the racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation'. Should the processing concern such data, it would only be carried out with your express consent.
Please note that, for the purposes of the processing illustrated above, the provision of data is mandatory and failure to do so or the provision of partial or inaccurate data may lead to the impossibility to meet the prescribed contractual obligations.
B) only with your specific and express consent in accordance with article 6.1 a) GDPR, for the additional following purposes:
- to send you (via e-mail, post, SMS, phone contacts etc., also through specialised firms), newsletters, sales communications and/or publicity material on products or services other than those offered by the Controller, invitations and inscriptions to events at which the Controller participates or are organised by the latter
- to send you (via e-mail, post, SMS, phone contacts etc.) newsletters, sales and/or promotional communications of third parties (such as other affiliated companies or other business partners)
- for statistical surveys and market research carried out directly by the Controller or on behalf of the latter by specialised firms
- to determine the level of customer satisfaction with regard to the products and/or services offered in relation to their purchasing habits or choices.
The provision of data for the aforementioned purposes is optional, and if you refuse to allow them to be processed, this will not compromise the continuation of your relationship and the consistency of the data processing. Your consent to the use of your personal data for marketing purposes may be revoked at any time.
If the data subject providing data is below the age of 16, such processing is lawful only if and to the extent that consent is given or authorised by the holder of parental responsibility over the child whose identification data have been acquired.
3. Methods of data processing
Your personal data may be processed using manual and/or IT or online instruments. All processing will be carried out in compliance with the manners referred to in articles 6 and 32 GDPR and adopting appropriate security measures as prescribed.
4. Data storage
In compliance with article 5.1 e) GDPR, we will store your data only for the time necessary for the purposes for which the personal data are processed. If we process the data for several purposes, they will be automatically deleted or saved in a format that does not enable any direct conclusions to be drawn in relation to your identity, as soon as the last specific purpose has been fulfilled. In line with the provisions regarding data storage obligations of documents for accounting purposes and the general provisions relating to the ordinary limitation period for contractual deeds, we will delete any data relating to the contractual relationship after the lapse of the time-limit of ten years prescribed by law. On the contrary, if you have consented to the processing of your data for marketing purposes, we will keep the data only for the time needed to achieve the purposes for which they have been collected.
5. Communication, transfer and dissemination
Your data will be processed only by personnel who have been expressly authorised by the Controller and, in particular, by the following categories of personnel: agents, marketing office staff, administration office staff, other employees or collaborators duly authorised in compliance with the provisions of article 29 GDPR. Your data may be passed onto third parties appointed as data processors, in particular to: consultants and freelance professionals (also In partnership), banks and credit institutions, providers (for websites, e-payment services, cloud etc.), suppliers, technicians in charge of hardware and software assistance, shipping agents and couriers etc. They may also be passed onto Public Administration bodies and Authorities to which the data must be communicated by Law, by a regulation under Community legislation. Your personal data will be managed and stored in Europe, on servers of the Controller and/or of third parties assigned and duly appointed as data processors. The data will not be transferred to countries outside the EU. Your personal data will not be disseminated, in any case. The up-to-date list of the data processors, persons-in-charge of processing and any other parties to whom the data are passed on will be kept at the registered office of the Data Controller.
6. 1. Rights of the data subject
As a data subject, you may exercise the following rights at any time:
a. right of access to your personal data (obtain confirmation as to whether or not personal data concerning him or her are being processed, even it they have not yet been registered, and to receive them in an intelligible form);
b. right to obtain the correction or deletion of the data (right to be forgotten) or the restriction of processing that concerns them (providing the relative legally prescribed conditions are met);
c. right to object to the processing;
d. right to data portability;
e. right to revoke consent, where prescribed (the revocation of consent does not compromise the lawfulness of the processing based on consent given prior to the revocation);
f. to submit a complaint to the supervisory authority (Data Protection Supervisor; contact details available on: http://www.garanteprivacy.it/web/guest/home/footer/contatti). .
7. Contacts and other information
If you wish to receive more information and/or exercise your rights, please contact the Controller:
• by sending an e-mail to: firstname.lastname@example.org
• by calling the number: + 357-22665309
• by sending a letter to: Velmont Group (Cyprus) Ltd 20, Homer Av., Off. 101, 1097 Nicosia Cyprus
Please note that this privacy statement may be updated from time to time, in which case any changes will be duly notified.