SECTION 1 – INTRODUCTION
At A.M.Y Realty Ltd and its subsidiaries the protection of your personal data is a top priority. Keeping your data secure and private is part of our philosophy for delivering high standards of services.
SECTION 2 – ABOUT A.M.Y REALTY LTD
Amy REALTY Ltd. is a company registered in the Republic of Cyprus with Registration number HE433754 with its registered office located at Athinon 82, Akinita Ieras Mitropoleos, 2nd floor, Flat/Office 211, 3040 Limassol, Cyprus.
SECTION 3 – DATA PROTECTION LAWS
SECTION 4 – DATA CONTROLLER CONTACT DETAILS
Telephone: +357 99 966 706
SECTION 5 – DATA PROTECTION OFFICER CONTACT DETAIL
The DPO/ Responsible Person for GDPR may be contacted directly with regards to all matters concerning this policy and the processing of your personal data including the enforcement of all applicable and available rights.
If you have a complaint about our persona data processing practices, you should first contact our Data Protection Officer. If you are not satisfied with our responses, you have the right to lodge your complaint with the following supervisory authorities:
Data Protection Commission
Iasonos 1, 1082 Nicosia, Cyprus
Telephone: +357 22818456
If you are located outside of the EU, you may contact your local data protection authority or any assistance.
SECTION 6 – SOURCES OF COLLECTING PERSONAL DATA AND THE DATA WE PROCESS
The Company only process personal data that you provide us with in course of our services being rendered to you as a Property Development Organization. We also process personal data that we receive from affiliated Companies, third parties and agencies. Further to the above we may also collect and process personal data from databases and/or sources that are publicly accessible that will include but is not limited to the Land Registry, the Registrar of Companies, Ariadne, the Official Receiver, the VAT Department and social media platforms, the press and media.
We collect and use several types of information of individuals we co-operate with, our client’s and/or prospective clients, including information by which you may be personally identified and that is defined as personal data under applicable law such as your first and last name, identification number or passport number, bate of birth, city and country of birth address (which may include any utility bill), contact details (telephone, email), identification data (such as copies and/or photographs of your passport, driver’s license or ID), marriage certificate, information relating to your child(ren) (which may include copies of passports and/or birth certificates), authentication data (e.g. signature), bank account details, income and source of income and/or
proof of funds, shareholding statements and certificates and/or audited financials, criminal record, CV and/or any reference letter from third parties.
Please note that the person data we will collect will vary from the services we may provide you with.
SECTION 7 – WHAT LAWFUL REASONS DO WE HAVE FOR COLLECTING, PROCESSING AND DISCLOSING PERSONAL DATA
In order to proceed with a business relationship our clients must provide their personal data to us which are necessary for the required commencement, execution and continuation of a business relationship. This is a requirement under the relevant Anti-Money Laundering Law and the regulations of our Regulator (ICPAC- Institute of Certified Public Accountants Cyprus).
Failure to provide us with personal data prevents us from commencing or continuing a business relationship with the clients.
In accordance with GDPR we may rely on the following lawful reasons when we collect and process personal data to operate our business and provide our services:
(a) compliance with legal obligation: We may process personal data in order to meet legal and regulatory obligations such as Anti-Money Laundering Law, Tax Law and the regulations of various supervisory authorities (e.g. the Institute of Certified Public Accountants Cyprus, IFAC and ACCA) that we are subject to for anti-money laundering purposes and due diligence purposes.
(b) contract: We may process personal data for the purposes of providing our services in accordance with our terms and conditions and/ or any other contract that you have with us.
(c) consent: We may rely on your freely given consent at the time you provided your personal data to us for a purpose of the process other than for the purposes set out hereinabove, then the lawfulness of such processing is based on that consent. You have the right to withdraw consent at any time. However, any processing of personal data will not be affected prior to the receipt of the withdrawal.
SECTION 8 – PERFORMANCE OF OUR SERVICES
To enable the Company to provide you with the necessary services that will be detailed in an Agreement and/or Services Contract, the Company will have to process personal data provided to enable us to fulfill our obligation. Our purpose of processing is adjusted according to the nature of the services provided, such as a purchase of a property, assignment of a property, research in relation to a property.
We need to process your data to:
(a) Customer management: to manage your rental or sale contracts, to provide you with customer support and with notices about your property, including notices about changes to services we offer or provide through it.
(b) Administering, maintaining and ensuring the security of our information systems, applications and websites.
(c) Functionality and security: to detect, prevent, and respond to actual or potential fraud and illegal activities.
(d) Compliance: to enforce our terms and conditions and to comply with our legal obligations as these derive from the applicable laws or our regulators.
SECTION 9 – YOUR DATA IS SHARED WITH
The Company will share your dated within our organization in the course of normal business operations with relevant employees, responsible for the performance of our contractual obligation with you. We may also share your personal data with companies that is part of the A.M.Y Group Ltd.
We may also transfer your personal data to various governmental authorities that will include but is not limited to (District Office, Tax Office, VAT Department, Land Registry, Registrar of Companies, Department of Civil Registry and Immigration, Electricity Authority of Cyprus and the Water Board, CYTA, the bank, our duly appointed legal representative.
We will need you express consent to share your details with other individuals, companies and/or organizations.
SECTION 10 – LEGITIMATE INTEREST
The Company may process your personal data on the basis that it would be a legitimate interest. This will include processing in the following circumstances:
(a) Public and/or market research and you did not object to the processing of same.
(c) In providing information in criminal offences and or the prevention of crime.
(d) In the instance of the Company improving their services.
(e) Complyingwithanti-money laundering.
The Company will only rely on our legitimate interest for the processing of your personal data where:
(a) the processing of your personal data is necessary for the purpose of the legitimate interest.
(b) the legitimate interest is not overridden by the data subject’s interests or fundamental rights
SECTION 11 – HOW LONG DO WE RETAIN YOUR PERSONAL DATA
We will keep our clients’ personal data for as long as we have a legal interest and business relationship and interest and as long as necessary for the purpose it was collected.
Reasons for data retention includes:
(a) Litigation in legal proceedings.
(b) Security Identity investigations.
(c) Regulatory requirements
(c) Accounting and financial – twelve (12) years.
(f) Prospective client details – thirteen (13) months.
The personal data processed for the purposes of sending newsletters shall be kept with us until you notify us that you no longer wish your personal data to be used for this purpose.
SECTION 12 -– TRANSFER
The Company may transfer your personal data to other countries, service providers and third parties. Our information system is hosted on a centrally located server. In the instance that we would need to transfer details in relation to provide you with our services, we may transfer your personal data. The regulations set out in the GDDP is followed in these instances and when we transfer personal data to non- EU countries then we follow localised regulations as to the protection of personal data. The following safeguards are adopted when we transfer personal data:
(a) The transfer will be complaint with your home countries data protection laws.
(b) When the data is transferred to any third party, they will be requested to: (i) to be used only for the purpose it was disclosed (ii) to make use of all technical and organisational measures to secure the data (iii) delete the data when it is no longer required (iv) always
SECTION 13 – AUTOMATED DECISION-MAKING INCLUDING PROFILING
The Company does not engage in any automated decision-making or profiling.
SECTION 14 – COOKIES
SECTION 15 – YOUR RIGHTS
If you are located within an EU member state, you have certain rights in relation to your personal data as follows:
Access: You have the right to obtain access to and a copy of any personal data we hold about you. You also have the right to find out whether your personal data has been transferred outside the EU and any safeguards relating to this transfer.
Rectification: You have the right if you think the personal data, we hold of you are incorrect or incomplete to ask us to correct or complete that personal data.
Erasure: You have the right in certain circumstances to request erasure of your personal data.
Restriction of processing; You have the right in certain circumstances to request us not to
process your person data for certain purposes.
Objection to processing: You have the right in certain circumstances to object in processing
of your person data for certain purposes.
Data portability: You have the right in certain circumstances to request a copy of your
personal data in a structured, commonly used and machine-readable format and manner. us
not to process your person data for certain purposes.
Withdrawing consent: In the event of us processing your personal data due to you consent,
you may at any stage withdraw your consent.
If you are located outside of an EU member state, you would still have rights in relation to your personal data under your local data protection laws. To carry out your right please contact our Data Protection Officer as mentioned in Section 3 hereinabove.
SECTION 16 – HOW TO COMPLAIN
To exercise any of the above rights, or for any questions or complaints about our use of your personal data, please contact our Data Protection Officer/ Responsible Person for GDPR, either by post at Athinon 82, Akinita Ieras Mitropoleos, 2nd floor, Flat/Office 211, 3040 Limassol, Cyprus, or electronically at firstname.lastname@example.org.
Complaints may also be lodged to the supervisory authority in Cyprus (Office of the Commissioner for Personal Data Protection, by post at 1 Iasonos Str. 1082, Nicosia, Cyprus. More information can be found at http://www.dataprotection.gov.cy