Overview / Index / Introduction
The Engineering and Commercial Association Limited (referred to as ‘we’, ‘us’, ‘our’, and together with all its affiliated and associated companies referred to as ‘EKA GROUP’ or the ‘Group’) is committed to protecting your privacy and handling your data in an open and transparent manner. The personal data that we collect and process depends on the product or service requested and agreed in each case.
This Privacy Notice:
- provides an overview of how EKA GROUP collects and processes your personal data and tells you about your rights under the local data protection law and the EU General Data Protection Regulation (‘GDPR’),
- is directed to natural persons who are either current or potential customers of the EKA GROUP, or are authorised representatives/agents or beneficial owners of legal entities or of natural persons which/who are current or potential customers of EKA GROUP,
- is directed to natural persons who had such a business relationship with the GROUP in the past,
- contains information about when we share your personal data with other members of the Group and other third parties (for example, our service providers, contractors, subcontractors or suppliers).
In this privacy statement, your data is sometimes called “personal data” or “personal information”. We may also sometimes collectively refer to handling, collecting, protecting and storing your personal data or any such action as “processing” such personal data.
For the purposes of this statement, personal data shall mean any information relating to you which identifies or may identify you and which includes, for example, your name, address, identification number.
Who we are
- EKA GROUP is a multi-business organization operating in the building materials and systems markets of the construction sector. It was formed in 1946 in Limassol, Cyprus by Michael Th. Loizides and other prominent businessmen of the time and it continues to be a family business 70 years after.
- We have appointed a data protection officer (DPO) to oversee compliance with this privacy notice. If you have any questions about this privacy notice or how we handle your Personal Data, please contact the DPO.
P.O.BOX. 50101, 3601, Limassol
Local Phone: +357 25854444
Fax No: +357 25854545
Other entities of our Group with which we may exchange Personal Data
Address: Eleftherias Street 109, 3042, Limassol
P.O.BOX. 50101, 3601, Limassol
Local Phone: +357 25854444
Fax No: +357 25854545
The type of Personal Data we collect and process
We will use data, contact details (such as name, address, email, contact no., fax no., P.O. BOX, mobile number), Architectural Drawing, in order to prepare proposals upon your requests.
Furthermore, in order to perform our obligations under the contract that we will enter to with you, we will need your ID no. or Company Registration No. (as applicable) and respective bank account details. Financial information, such as payment related information including bank account and payment card details may also be required.
Signatures under proposals and contracts.
Any other information you may provide to us during the course of our contractual agreement.
How, why and on what legal basis we collect and process Personal Data
How: We collect and process Personal Data through email, telephone and text message
Why:In order for us to identify our customers; to be able to carry out contracts and collection purposes as we usually give credit
We use Personal Data for a number of legitimate interests, including to provide and improve our services, administer our relationship with you and our business, for marketing and in order to exercise our rights and responsibilities. More detailed information about these legitimate interests is set out below.
- to set up and administer your account, provide technical and customer support and training, verify your identity, and send important account, subscription and information about our services
- to administer our relationship with you, our business and our third-party providers (e.g., to send invoices)
- to personalize your experience with our services. We may sometimes share your Personal Data across our services so that we can make all of the services we deliver to you more intuitive (e.g., rather than requiring you to enter the same data many times)
- to contact you in relation to, and conduct, surveys or polls you choose to take part in and to analyze the data collected for market research purposes
- for internal research and development purposes and to improve, test and enhance the features and functions of our Services
- to provide you with marketing but only as permitted by law
- to meet our internal and external audit requirements, including our information security obligations
- to enforce our terms and conditions
- to protect our rights, privacy, safety, networks, systems and property, or those of other persons
- for the prevention, detection or investigation of a crime or other breach of law or requirement, loss prevention or fraud
- to comply with requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, including where they are outside your country of residence
- in order to exercise our rights, and to defend ourselves from claims and to comply with laws and regulations that apply to us or third parties with whom we work
- in order to participate in, or be the subject of, any sale, merger, acquisition, restructure, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings)
Where we rely on legitimate interests as a lawful ground for processing your Personal Data, we balance those interests against your interests, fundamental rights and freedoms. For more information on how this balancing exercise has been carried out, please contact our DPO at firstname.lastname@example.org.
Your obligation to provide us with your Personal Data
If you fail to provide certain information when requested, we may not be able to perform the contract we have entered into with you, or we may be prevented from complying with our legal obligations.
Consent requirement and your right to withdraw consent
In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your Personal Data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact our DPO at email@example.com. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
Change on Purpose
- We will only use your Personal Data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your Personal Data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
- Please note that we may process your Personal Data without your knowledge or consent, in compliance with the above rules, where it is required or permitted by law.
How we use particularly Sensitive Personal Data
“Special categories” of particularly sensitive Personal Data, such as information about political opinions, religion, health, racial or ethnic origin, sexual orientation or trade union membership, philosophical beliefs, genetic data, biometric data require higher levels of protection. We need to have further justification for collecting, storing and using this type of Personal Data. We have in place an appropriate policy document and safeguards which we are required by law to maintain when processing such data.
As a rule, we do not process Special Categories of Personal Data other than in the following limited circumstances:
- Where we need to carry out our legal obligations or exercise rights in connection with employment.
Less commonly, we may process this type of information with your consent where it is needed for the purposes of customizing our services to your explicit needs and requirements and/or to protect your interests (or someone else’s interests) during your physical presence at our premises although you may not be capable of giving your consent.
Sources and Recipients of Personal Data during the performance of our contractual and statutory obligations
In the course of the performance of our contractual and statutory obligations your personal data may be provided to various departments within the Company but also to other affiliated and/or subsidiary companies of the Company. Various service providers and suppliers may also receive your personal data so that we may perform our obligations. Such service providers and suppliers enter into contractual agreements with the Company by which they observe confidentiality and data protection according to the data protection law and GDPR.
It must be noted that we may disclose data about you for any of the reasons set out hereinabove, or if we are legally required to do so, or if we are authorized under our contractual and statutory obligations or if you have given your consent. All data processors appointed by us to process personal data on our behalf are bound by contract to comply with the GDPR provisions.
The following is a list of potential recipients of data (in each case including respective employees, directors and officers):
- Other professional advisers or providers of services acting as processors or joint controllers (including lawyers, legal consultants, banks or other financial institutions, auditors/accountants, financial or business advisors, Consultants in relation to any matter on which we are instructed) where disclosure to that provider of services is considered necessary to fulfil the purposes set out above
- Any distributors / suppliers / sub-contractors, agents or service providers of The Engineering and Commercial Association LTD and its subsidiaries (including couriers etc.)
- Regulators or other governmental or supervisory bodies with a legal right to the material or a legitimate interest in any material
- Debt collection agencies
- Credit Risk agencies
- Cloud Storage Companies
- Companies who assist us with the effective provision of our services to you by offering technological expertise, solutions and support and facilitating payments
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
Sharing of Personal Data with other entities in the Group
We will share your Personal Data with other entities in our group as part of our regular reporting activities on company performance, in the context of a business reorganization or group restructuring exercise, for system maintenance support and hosting of data.
Transfers of PersonalData to a third country or to an international organisation
We do not transfer data to any third countries or international organizations however should we or any of our external third parties be based outside the European Economic Area (EEA) in which case processing of your personal data will involve a transfer of data outside the EEA, we will at all times ensure a similar degree of protection is afforded by ensuring at least one of the following safeguards is implemented:
- the non-European Union country has Data Protection laws similar to the laws in the European Union and/or has been deemed to provide an adequate level of protection for personal data by the European Commission. For further details, see European Commission: Adequacy of the protection of personal data in non-EU countries; or
- the recipient/service provider used has agreed through use specific contracts approved by the European Commission which give personal data the same protection it has in Europe and will seek to be reasonably satisfied that the third party has measures in place to protect data against unauthorised or accidental use, access, disclosure, damage, loss or destruction. For further details, see European Commission: Model contracts for the transfer of personal data to third countries; or
- we have obtained your explicit consent to proceed with the said transfer; or
- if transferred to providers based in the United States of America, the transfer is made only subject to them being part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US. For further details, see European Commission: EU-US Privacy Shield; or
- if the data transfer is required by a governmental authority and we are legally obliged to provide it (i.e. reporting obligation under Tax law) in which case the Commissioner of Personal Data Protection in Cyprus will be notified in advance of the transfer for her confirmation.
Please Contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.
How is Personal Data treated for marketing purposes and is profiling used for such purposes?
- Marketing purposes
We strive to provide you with choices regarding certain Personal Data uses, particularly around marketing and advertising.
PROMOTIONAL OFFERS FROM US
We may use your Identity, Contact, Technical, Usage and Profile Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you (we call this marketing).
You will receive marketing communications from us if you have requested information from us or purchased [goods or services] from us [or if you provided us with your details when you entered a competition or registered for a promotion] and, in each case, you have not opted out of receiving that marketing.
We will get your express opt-in consent before we share your personal data with any company outside the EKA group of companies for marketing purposes.
You can ask us or third parties to stop sending you marketing messages at any time [by logging into the website and checking or unchecking relevant boxes to adjust your marketing preferences or by following the opt-out links on any marketing message sent to you or] by contacting our DPO at firstname.lastname@example.org at any time.
Where you opt out of receiving these marketing messages, this will not apply to Personal Data provided to us as a result of a product/service purchase, warranty registration, product/service experience or other transactions.
- ProfilingWe may process some of your data automatically, with the goal of assessing certain personal aspects (profiling), in order to enter into or perform a contract with you.
In some cases, profiling is used (i.e. we process your data automatically) with the aim of evaluating certain personal aspects in order to provide you with targeted marketing information on products.
You have the right to object at any time to the processing of your personal data for marketing purposes, which includes profiling, by contacting at any time our DPO email@example.com.
- We have put in place measures to protect the security of your information. Details of these measures are available [upon request].
- Third parties will only process your Personal Data on our instructions and where they have agreed to treat the information confidentially and to keep it secure.
- We have put in place appropriate security measures to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your Personal Data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your Personal Data on our instructions and they are subject to a duty of confidentiality. Details of these measures may be obtained from our DPO at firstname.lastname@example.org.
- We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
Retention of Data Subjects’ Personal Data
- We will only retain your Personal Data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. We will only keep documents of up to 10 years. In case customer needs replacement materials, he/she needs to keep relevant documents/invoices of items purchased. Details of retention periods for different aspects of your Personal Data are available in our retention policy which is available from our DPO at email@example.com.
- To determine the appropriate retention period for Personal Data, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorised use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements.
- In some circumstances we may anonymise your Personal Data so that it can no longer be associated with you, in which case we may use such information without further notice to you. Once you are no longer a client, employee, worker or contractor of the company we will retain and securely destroy your Personal Data in accordance with our data retention policy and applicable laws and regulations.
Data Subjects’ data protection rights
Under certain circumstances, by law you have the right to:(a) Request accessto your Personal Data (commonly known as a “data subject access request”). This enables you to receive a copy of the Personal Data we hold about you and to check that we are lawfully processing it.
(b) Request correctionof the Personal Data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
(c) Request erasureof your Personal Data. This enables you to ask us to delete or remove Personal Data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your Personal Data where you have exercised your right to object to processing (see below).
(d) Object to processing of your Personal Data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your Personal Data for direct marketing purposes.
(e) Request the restriction of processingof your Personal Data. This enables you to ask us to suspend the processing of Personal Data about you, for example if you want us to establish its accuracy or the reason for processing it.
(f) Request the transferof your Personal Data to another party.
- These rights are not absolute and they do not always apply in all cases.
- In response to a request, we will ask you to verify your identity if we need to, and to provide information that helps us to understand your request better. If we do not comply with your request, whether in whole or in part, we will explain why.
- If you want to review, verify, correct or request erasure of your Personal Data, object to the processing of your personal data, or request that we transfer a copy of your Personal Data to another party, please contact our DPO firstname.lastname@example.org in writing.
Your duty to inform us of changes
It is important that the Personal Data we hold about you is accurate and current. Please keep us informed is your Personal Data changes during your working relationship with us.
No fee usually required
You will not have to pay a fee to access your Personal Data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
Right to lodge a complaint
If you have exercised any or all of your data protection rights and still feel that your concerns have not been adequately addressed by our organisation you have the right to make a complaint at any time to the Office of the Commissioner of Personal Data Protection.
Changes to this privacy notice
We reserve the right to update this privacy notice at any time and we will amend the revision date at the top of this page.
We encourage you to review this statement periodically so as to be always informed about how we are processing and protecting your Personal Data.