Last update

March 18, 2022

 

Introduction

As of the 25th of May 2018, the General Data Protection Regulation (EU 2016/679), also known as the GDPR, applies, which strengthens the legal framework for the protection of data subjects regarding the processing of personal data in the European Union.

Also, the “Protection of Natural Persons Against the Processing of Personal Data and the Free Circulation of this Data” Law (125(I)/2018) is in force, in adaptation and harmonization with the GDPR. Demetra Holdings PLC, with respect to personal data, complies with the GDPR in the context of its operations and procedures and takes the foreseen and available technical and organizational measures as provided in the regulation, and the legislation in general.

At Demetra Holdings PLC, we are committed to protect the privacy of the information and personal data you entrust to us and to manage your personal information in a fair and transparent manner. The following privacy policy applies to the personal data processed by Demetra Holdings PLC, which is a registered company in Cyprus with registration number HE107777, located at 13 Limassol Avenue, 5th floor, 2112 Aglantzia, Nicosia.

This privacy policy describes what personal data or information we collect from you, when and why we use this information and to whom we share it. In addition, it indicates your rights in relation to your information, as well as to whom you can contact for additional information or any questions you may have.

You can read more about this privacy policy in the following paragraphs:

  1. What type of personal data do we retain about you?
  2. What personal data is collected and how?
  3. How do we use the personal information we retain?
  4. The legal grounds we use for processing your personal information.
  5. To whom we disclose your information.
  6. Protection of your personal information.
  7. How long do we keep your data?
  8. Your rights.
  9. Right to complain.
  10. Changes to this privacy policy.

 

1. What type of personal data do we retain about you?

Demetra Holdings PLC collects different categories of personal data about you, depending on the purpose for which we process it. These are:

  • Identification data (name, surname, identity card number, passport number, telephone number etc.)
  • Demographic data (address, place of residence)
  • Financial data (bank account number)
  • Professional information
  • Education data

The personal data we collect is limited and necessary for the purpose of the processing and is processed with a specific legal basis.

When on this policy we refer to “our Website”, we mean the website http://www.demetra.com.cy.

 

 

2. What personal data is collected and how?

The personal data we collect may include, but is not limited to name, date of birth, ID number, the profession, e-mail address, home address, country, contact numbers, our company’s stocks transactions, professional experience, training, IP address, the type and language of your browser, access times, complaint details and other similar information.

The personal data is collected:

  • Upon receipt of the register of shareholders of the company from the CSE’s Central Depository.
  • When signing rental agreements for the use of offices or apartments of the company.
  • From any proposals we receive for investments and/or cooperation with our company.
  • With the agreements we sign for the provision of services.
  • From the CCTV video surveillance.
  • By submitting applications and CVs for employment in the company.

We may also collect and / or obtain or export your personal data by observing how you interact with us. For example, to enhance your experience when using our website and to ensure that the website works effectively, we (or the service providers) may use cookies (small files stored in your browser) which may collect personal data. More information on how to use cookies and other tracking technologies and how you can control them, can be found in the Cookies Policy posted on our website.

We understand the importance of protecting children’s privacy. Our website is not designed or intended for children. We may process personal data of minors upon receipt of the register of  shareholders of the company. Intentional collection and storage of data for children is not part of our policy. For the purposes of this Privacy Policy, “children” are persons under the age of fourteen.

 

 

3. How do we use the personal information we retain?

We will process your personal data only if it is allowed by the legislation. Usually, we will use your personal information in the following cases:

  • For the interest of the company’s shareholders.
  • To comply with legal obligations.
  • In case you have given us your consent.
  • To sign contracts with you.
  • To evaluate your CV.
  • To process your requests.
  • To contact you.

 

You may withdraw your consent to any such processing at any time by contacting us at dpo@demetra.com.cy or by using the “Unsubscribe” function in any communication for information purposes, including emails, which we will probably send you.

Please note that any processing of personal data prior to the withdrawal of your consent is not affected.

Special categories of data (sensitive data)

To the extent that we process any sensitive personal data relating to you for any of the above purposes, we will do so because either:

  • you have given your explicit consent to the processing of your information,
  • processing is necessary to comply with our obligations under employment, social security, or social protection legislation,
  • the processing is necessary for the establishment, exercise, or support of legal claims, or
  • you have made your data publicly available.

Use of personal data collected through our website

In addition to the above purposes regarding the operation of Demetra Holdings PLC, we may also process your personal data collected through our website:

  • to manage and improve our website,
  • to customize the content of our website to contain information about our announcements, information, actions, and activities that may be of interest to you,
  • to manage and respond to any request you submit to us through our website.

 

4. The legal grounds we use for processing your personal information.

The legal grounds on which we base the processing of personal data are:

  • When you have consented to the processing of your data, for one or more purposes.
  • When processing is necessary to execute a contract to which you are a party.
  • When processing is necessary for our compliance with our legal obligations.
  • When processing is necessary to protect the vital interests of the data subject or of another natural person.
  • When processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
  • When processing is necessary for the purposes of the legitimate interests pursued by the company, except where such interests are overridden by the interests or fundamental rights and freedoms of you, the data subject.

 

5. To whom we disclose your information.

As part of the tasks assigned to them by Demetra Holdings PLC as the “controller” and in accordance with the GDPR, either under a contract or other legal act, the employees and the associates of Demetra Holdings PLC have access to your personal data, as “processors”.

Further information regarding the above transfers and the adequate guarantees used by the company for these transfers (including copies of relevant agreements) can be obtained by contacting the Data Protection Officer of Demetra Holdings PLC at 22 818222 or by e-mail at dpo@demetra.com.cy.

 

 

6. Protection of your personal information.

We have implemented several technical and organizational measures to ensure that your personal data is secure, accurate and up to date. These measures include:

  • Training of our staff to ensure that we know our obligations regarding the protection of privacy and the protection of personal data in their management.
  • Administrative and technical checks and controls to restrict access to personal data based on the “need for knowledge”.
  • Technical checks and controls including protection programs, encryption and anti-virus software.
  • Physical security measures, such as special staff access to our facilities.

 

7. How long do we keep your data?

Demetra Holdings PLC processes your personal data only for the period required for the purposes of the processing. However, we must maintain this personal data for the entire period from the beginning of the cooperation or acquisition of shares of the company. At the end of the cooperation, the personal data are kept for an additional period not exceeding 7 years, in support of the legal interests of the company. A detailed description of the retention period of personal data is described in the Retention Policy of the company.

 

 

8. Your Rights.

Under the General Data Protection Regulation, you have rights regarding the processing of your personal data. More specifically:

  • Access your personal data. You can request a copy of the personal data we hold about you and verify that we process it legally.
  • Request a correction of your personal data that we process. This allows you to correct any incomplete and / or incorrect data held by us.
  • Right to erasure. This right allows you to request the deletion of your personal data (known as the “right to be forgotten”) when there is no reason for us to continue processing it. In addition, you have the right to request the deletion of your data where you have exercised your right to object to the processing (see right to object to the processing below).
  • Right to object to the processing of your personal data, including profiling, when we invoke our legitimate interests (or the interests of others), but there is something special about your situation that makes you oppose the processing of that purpose. You also have the right to object to the processing of your personal data for information purposes by Demetra Holdings PLC.
  • Right to the restriction of processing of your personal data. With this right you can ask us to suspend the processing of your personal data if:
    • your personal data are not accurate,
    • have been used illegally but you do not want us to delete them,
    • are no longer relevant, but you want to keep them to use them for possible legal claims, or
    • you have already asked us to stop processing your personal data, but you wait for us to confirm if we have another legal basis to continue processing them.
  • Ask to receive a copy of your personal data in a structured commonly used format to transfer it on to other organizations. You can request the transfer of your personal data directly from us to another organization (data portability).
  • Revoke your consent to the processing of your personal data for specified purposes at any time. Please note that any revocation of consent will not affect the legality of the processing based on your consent or other legal basis before it is revoked by you.

Some of the data subject’s rights may not be exercised if there are reasons as stated in Article 23 of the GDPR.

To exercise any of your rights or if you have any other questions regarding the processing of your personal data by us, you may email to the DPO at dpo@demetra.com.cy or write to us at:

Data Protection Officer Demetra Holdings PLC,

13, Limassol Avenue,

5th floor,

2112 Aglantzia Cyprus

You may also use the above contact details to file a complaint regarding the processing and the protection of your personal data.

 

 

9. Right to complain.

If you are not satisfied with the way we handled your personal data or any of your questions or requests, you have the right to file a complaint with the Office of the Personal Data Protection Commissioner in Cyprus. If you would like to contact the Commissioner’s office, please contact us for assistance.

 

 

10. Changes to this privacy policy.

We may modify this privacy policy from time to time. To let you know when we make changes to this privacy statement, we will amend the revision date at the top of the first page. The new modified privacy policy will apply from that revision date. Therefore, we encourage you to periodically review this policy to be informed about how we are protecting your information.