Gordian Holdings Limited Privacy Notice
This notice sets out details of how personal information relating to you, as a tenant, adviser, or applicant, as an authorised representative/agent or beneficial owner of legal entities (“Personal Data”) will be handled by [Gordian Holdings Limited] (referred to as ‘we’, ‘us’, ’our’ or ‘the Company’) as controller of the Personal Data and / or on the Company’s behalf by its third party service providers in accordance with the General Data Protection Regulation (“GDPR”) and the Cyprus Data Protection Law 125(I)2018 as amended or replaced from time to time (hereinafter the “Cyprus Data Protection Law”). The Company is committed to protecting your privacy and handling your data in an open and transparent manner.
This privacy statement;
- explains how we collect your personal data and how we use it in the provision of services or the conduct of our obligations to you
- tells you about your rights under the local data protection law and the EU General Data Protection Regulation (‘GDPR’)
- contains information about when we share your personal data with third parties (for example, our service providers or suppliers)
However, if you have any questions or concerns in relation to this Privacy Notice please contact Gordian Holdings Limited at (+357) 77775656 or send e-mail to email@example.com .
This website may include links to third party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their use of your personal data.
1. WHAT INFORMATION WE MAY COLLECT AND HOW WE USE IT
As a business we collect, use, store and transfer different types of personal data depending on who you are.
If you are purchasing, renting or selling a property through us, or purchasing, renting, or selling a property from one of our clients, we collect and use your personal data in order for us to provide you with our services.
We may collect and process personal data which we lawfully obtain from other parties for example credit reference agencies such as Artemis Bank Information Systems Limited, public authorities, trace agencies, adverse media and sanctions databases, lawyers and servicers.
We may also collect and process personal data from publicly available sources (e.g. the Department of Registrar of Companies and Official Receiver, the Land Registry, the Bankruptcy Archive, commercial registers, the press and the Internet).
If you are a tenant in a building owned by the Company, the Company processes your Personal Data, including information provided in the tenancy application and information that was collected or created by the previous landlord(s) and personal information that we collect, generate or observe while administering your mortgage loan. This information will include:
- Information you provided to your previous landlord(s); this may include your name and address (including evidence of name and address), contact details, date of birth, gender, nationality, photograph, signature, occupational history, marital status, dependents, job title, employment history, current income and expenses, other financial information, bank details (including bank account statements), dependent children, personal public service number, tax residence and tax ID, credit reference agency data [e.g. Artemis], residence or work permit in case of non-EU nationals.
Special Categories of Data provided to the Company; this might include health information processed in accordance with Health and Safety regulation or other obligations the Company may have.
- Information that the Company collects, generates or observes; this might include information relating to property management services, emails, call recordings and website usage data. This may also include technical data (cookies, internet protocol address, login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, online identified, location data and other similar identifying information required for the customer’s device(s) to communicate with websites and applications on the internet).
- Information that the Company obtains from third party sources; this might include information procured in accordance with the Company’s obligations under anti-money laundering regulation including any political affiliations you may have and record of any criminal background or financial sanctions, as well as any past or current adverse media in relation to you. For further details on our processing of criminal convictions data please see section 2 (B) below. This might also include information obtained from public websites, adverse media searches and information received from intermediaries.
Such third parties include:
- Credit reference agencies
- Third parties that provide information regarding criminal background, economic sanctions and political associations
- Agencies that perform asset traces or occupancy checks
For Commercial Contacts and Counterparties; in relation to directors, shareholders and primary contacts, identity information which may include name, address (including evidence of name and address), contact details, date of birth, gender, nationality, photograph, signature, job title.
For persons making enquiries or providing contact information on this website: this might include information relating to property management services, emails, call recordings and website usage data. This may also include technical data (cookies, internet protocol address, login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, online identified, location data and other similar identifying information required for the customer’s device(s) to communicate with websites and applications on the internet).
You may give us your Identity, Contact and Financial Data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide:
- When you apply for our services;
- If you create an account on our website;
- When you subscribe to our service or publications;
- When you request marketing to be sent to you;
- If you contact us through social media;
- Telephone our call centre; or
- If you give us some feedback.
2. HOW WE USE YOUR PERSONAL DATA
We will only use your personal data for the legitimate purposes for which we have collected it. If we need to process your personal data for a different purpose that is not compatible with the original purpose that we collected your personal data, we will let you know.
We may process your personal data for a different purpose and without your consent where it is necessary for us to comply with our legal obligations.
Below we summarize the purposes for which we are processing your Personal Data and the legal bases on which we rely in each case.
A. For the performance of a contract
We process personal data in order to perform our duties and meet our obligations to you;
- pursuant to your tenancy agreement
- to enter into negotiations or transactions with you
B. For compliance with a legal obligation
We may have legal obligations that oblige us to collate, retain, process and potentially transfer personal data in relation to you, these include health and safety regulations, anti-money laundering and counter-terrorist financing directives and laws and tax laws. There may also be various supervisory authorities to whose laws and regulations we are subject e.g. the tax authorities, the Unit for Combatting Money-Laundering (MOKAS).
C. For the purposes of safeguarding legitimate interests
We may process personal data so as to safeguard the legitimate interests pursued by us or by a third party. A legitimate interest is when we have a business or commercial reason to use your information.
Examples of such processing activities include:
- Initiating legal claims and preparing our defense in litigation procedures,
- Means and processes we undertake to provide for the Company’s IT and system security, preventing potential crime, asset security, admittance controls and anti-trespassing measures,
- Measures to manage business,
- Sharing your personal data within the Company’s group and shareholder,
- Sharing information with purchasers and potential purchasers of the properties,
- The transfer, assignment and/or sale of assets held by the Company.
D. You have provided your consent
In order to manage and administer your request, either you may provide personal data to us, either on the website, by phone, email or post. This information is collated and processed based on the consent that you provide while submitting this information. You have the right to revoke consent at any time. However, any processing of personal data prior to the receipt of your revocation will not be affected. Also we will no longer be in a position to retain your data in order to provide further services.
Please note that you have a right to object to the processing of your Personal Data where that processing is carried out for our legitimate interests or to withdraw your consent, should we rely upon your consent for processing the special categories of data specified above.
If you do not provide, or if you withdraw your consent for processing special categories of Personal Data, as specified above, we may not be able to manage and administer your loan (or that of the legal or natural persons for whom you are an authorised representative/agent or beneficial owner), security or guarantee and provide you with the services you require, or meet your specific requests. This is particularly relevant in relation to requests for forbearance, for which additional Personal Data may be requested. In all instances in which we request your personal information, we will, where applicable, identify if there is a statutory reason for requesting such information and we will explain the consequences for you if you do not provide it.
You have the right to withdraw your consent for us to use your personal data for marketing purposes at any time. If you do withdraw your consent, this will result in us ceasing to market goods and services to you.
Should we send any marketing messages to you, you can ask us to stop sending you these at any time by:
- Following the opt-out links on any marketing message sent to you;
- Contacting us at any time by emailing to firstname.lastname@example.org or by calling to (+357) 77 77 56 56.
3. DISCLOSURES OF YOUR PERSONAL DATA
We may have to share your personal data with the parties set out below for the purposes set out in “How we use your personal data”. In the course of the performance of our contractual and statutory obligations or the provision of services, your personal data may be provided to relevant service providers and/or other third parties including other companies that support our business. Various service providers and suppliers may also receive your personal data so that we may perform our obligations. Such service providers and suppliers enter into contractual agreements with the Company by which they observe confidentiality and data protection according to the Cyprus Data Protection Law and GDPR.
Under the circumstances referred to above, recipients of personal data may include:
- Service providers acting as processors based in the EU/EEA who provide IT and system administration services, tenancy deposit administrators and services to enable us to perform our contract with you.
- Property developers acting as processors and/or controllers based in Cyprus who process your personal data in order to arrange and facilitate your visit to their marketing suite.
- Professional advisers acting as processors and/or controllers including lawyers, bankers, auditors and insurers based in Cyprus who provide consultancy, banking, legal, insurance and accountancy services.
- Government entities, regulators and other authorities acting as processors and/or controllers based in Cyprus who require reporting of processing activities in certain circumstances.
- Shareholders and investors
- Supervisory and other regulatory and public authorities, for example the Central Bank of Cyprus, tax authorities, criminal prosecution authorities, the Unit for Combatting Money-Laundering (MOKAS)
- Valuators and surveyors
- Our legal advisors
- Our corporate administrators including the company secretary
- Appointed receivers/managers
- Asset trace investigators
- Estate agents
- Potential purchasers and purchasers of assets or loans
- Debt collection agencies
- Auditors and accountants
- Fraud prevention agencies
- File storage companies, archiving and/or records management companies, cloud storage companies
- Purchasing and procurement and website agencies.
4. TRANSFER OF YOUR PERSONAL DATA TO A THIRD COUNTRY OR TO AN INTERNATIONAL ORGANISATION
The disclosure of your Personal Data to the third-party recipients set out above may involve the transfer of data to the USA, and other jurisdictions outside the European Economic Area (“EEA“), which are not the subject of an adequacy decision by the EU Commission. Such countries may not be subject to equivalent data protection laws as countries within the EEA. Any transfer of your Personal Data to jurisdictions outside the EEA may only occur in accordance with the requirements of the GDPR and the Cyprus Data Protection Law.
5. DATA SECURITY
Once we have received your personal data we will use reasonable and necessary procedures and security measures to try and prevent unauthorised access. We limit access your personal data to those individuals and other parties who need to know it and who are subject to a duty of confidentiality.
6. DATA BREACHES
If we become aware of a data breach, we may notify the Office of the Commissioner for Personal Data Protection provided that the breach is likely to result in a risk to you. If we believe that the data breach is more serious and could result in a high risk to you, we may notify you in accordance with our legal requirements.
7. DATA RETENTION
We will keep your personal data for as long as we have a business relationship with you as an individual or in respect of our dealings with a legal entity you are authorized to represent or are beneficial owner and thereafter as required or permitted by law.
Once our business relationship with you (or the legal or natural person which/who you are authorized to represent or are the beneficial owner of) has ended, we may keep your data for up to ten (10) years in accordance with the directive of the Data Protection Commissioner (http://www.dataprotection.gov.cy).
We may keep your data for longer than 10 years if we cannot delete it for legal, regulatory or technical reasons, for example if it is the subject of ongoing litigation or legal enquiry.
8. YOUR LEGAL RIGHTS
- Receive details with regard to the personal data that we hold on you and request access to your personal data. To raise a request please contact us at email@example.com
- Request correction [rectification] of the personal data we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected.
- Request erasure of your personal information. This enables you to ask us to erase your personal data [known as the ‘right to be forgotten’] where there is no good reason for us continuing to process it.
- Object to processing of your personal data where we are relying on a legitimate interest and there is something about your particular situation which makes you want to object to processing on this ground. If you lodge an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms.
- Request the restriction of processing of your personal data. This enables you to ask us to restrict the processing of your personal data, i.e. use it only for certain things, if;
- it is not accurate;
- it has been used unlawfully but you do not wish for us to delete it;
- it is not relevant any more, but you want us to keep it for use in possible legal claims;
- you have already asked us to stop using your personal data but you are waiting us to confirm if we have legitimate grounds to use your data.
- Request to receive a copy of the personal data concerning you in a format that is structured and commonly used and transmit such data to other organisations. You also have the right to have your personal data transmitted directly by ourselves to other organisations you will name.
- Withdraw the consent that you gave us with regard to the processing of your personal data at any time. Note that any withdrawal of consent shall not affect the lawfulness of processing based on consent before it was withdrawn or revoked by you. As noted in Section 2 (D) above, withdrawal of consent may inhibit our ability to manage your loan in accordance with your wishes. To exercise any of your rights, or if you have any other questions about our use of your personal data, please contact firstname.lastname@example.org
- Right to lodge a complaint
If you have exercised any or all of your data protection rights and still feel that your concerns about how we use your personal data have not been adequately addressed by us, you have the right to complain by writing to us as the address on this website or email us at email@example.com
- You also have the right to complain to the Office of the Commissioner for Personal Data Protection. Find out on their website how to submit a complaint (http://www.dataprotection.gov.cy).
9. Changes to this privacy statement
We may modify or amend this privacy statement from time to time.
A current and up to date statement will be available on our website. We encourage you to review this statement periodically so as to be always informed about how we are processing and protecting your personal information.