A minimum of 3 characters is required

Privacy Notice

Infocredit Group Ltd (hereinafter referred to as “the Company” or “Infocredit”) engages in the collection, archiving and re-use of data related to individuals or enterprises with the aim to provide business intelligence information to business and individuals worldwide, having its main office at 5a Philippou Chatzigeorgiou Str., Nicosia, Cyprus.

 

This Notice is addressed to natural persons, who are:

- Current or potential customers of the Company or its clients,

- Officers or beneficiaries of legal entities

- Been recorded in the Bankruptcy Registry

- Are the subject of a debt collecting procedure initiated by us on behalf of any of our clients

 

This text aims at providing you with intelligible, transparent and direct information about the processing of your personal data - how we collect and process your personal data in the context of fulfilling our business activities explaining the procedures that we have in place to safeguard your privacy according to the rules and provisions ascribed by the General Data Protection Regulation (“GDPR”).

 

Further Processing Notices may be delivered to you at a later stage underlining specific uses of your personal information.

 

This Notice shall apply to all data that we collect in the course of our business and which according to GDPR’s provisions are deemed to be personal data.

 

Information is collected for the purpose of conducting a business relationship with a said individual, the company he is employed at or for providing the below solutions:

• Credit Risk Solutions

• Regulatory Compliance

• Debt Recovery & Call Centre

• System solutions and Training

• Corporate Governance

• Marketing

 

Within the scope of the provision of our services to our clients, we will come across personal data of individuals who have no direct relationship with us. All data we use are either publicly available and collected from public sources or are provided to us directly by our clients.

 

Through this statement, we inform the said individuals that their data, mentioned below per solution will be collected and processed by the Company for the purpose of executing our obligation to our clients. This data will be safely processed and stored and the subject individuals have the same rights like all other individuals of whom we process their data as per paragraph 6 Your reinforced rights. Moreover, should you need any additional information of assistance we invite you to contact our Data Protection Officer (“DPO”) directly at the contact details mentioned below. (“DPO”).

 

Additionally, processing of personal data can occur during other purposes such as contacting of companies for promoting of the products and services of the Company.

 

1. The information we collect and how we use it

 

Credit Risk Solutions

Credit risk management is the practice of determining creditworthiness – assessing new and existing customers for their financial health, which can indicate their ability to pay on time. It’s important that suppliers perform their due diligence to manage the risks that come with extending business credit. In this scope our clients request from us information for the financial standing of companies and assessment of the risk associated in trading with the said companies. During the course of this assessment we collect information on the physical entities associated as directors, secretary and shareholders of companies.

 

The data we collect will include:

• Registration details (Registered Name, Registered Address, Registration Number etc.)

• Director, Secretary and Shareholder information (Name, Surname, Identity Card/ Passport/ARC number and the issuing country, Address, Occupation, Nationality, Date of Birth, date of appointment, information on the shares held, Position held in the   company or companies)

• Capital (Issued, No. of Shares, Nominal, Value etc.)

• Payment records and Charges (Current and Historic)

• Negative information and bankruptcies of the entity and its related legal entities

• Financial Statements (when available) • Credit scoring assessment based on financial and non-financial variables

• Company operational histories, subsidiaries, affiliates, and lines of business;

• Business compliance information from public source government and professional records, media and business publications;

• Newspaper and media reports

• Bankruptcies information as retrieved from the Official Receiver

 

Infocredit does not seek to collect any information in relation to a European resident’s race or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, sex life or sexual orientation, genetic or biometric data.

 

Our data originates from Public & other sources:

• Public sector information (e.g. Company Registrars and Official Receiver)

• Governmental and administrative public records such as business registrations, company filings, court and bankruptcy filings

• Organisations providing information directly to us

• Straight from the Data Subject

• Regulatory bodies and law enforcement agencies

• Media sources

 

Regulatory Compliance

In Cyprus and the other jurisdictions in which we operate, laws and regulations are designed to combat money laundering. Broadly, money laundering can arise if a person acquires, retains, transfers, uses or controls the proceeds of a crime or the benefit of a criminal activity. References to money laundering includes references to terrorism.

 

In order to fulfil their obligations our clients are obliged to verify the identity of new clients, and in certain circumstances existing clients. In addition, their internal requirements from time to time may require that they conduct background checks on new or existing clients. These may necessitate verification procedures of the identity and good standing of clients, one or more of their directors or employees or other representatives and others and the identity of clients’ or potential clients’ shareholders, beneficial owners, management, directors or officers and/or other relevant information, possibly including evidence of the source of funds, at the outset of, and possibly from time to time throughout, their relationship with clients, which they may request and/or may obtain from third party sources namely Infocredit Group.

 

In cases where we are performing the above investigations on behalf of our clients, we may request from them to provide us with copies of evidence of identity of their clients or their representatives or any other details they have which will assist us in fulfilling this investigation.

 

The data we collect may include and will depend on the scope of the investigation requested.

 

• Relationships as a Director, Secretary and Shareholder (Name, Surname, Identity Card/ Passport/ARC number and the issuing country, Address, Occupation, Nationality, Date of Birth, date of appointment, information on the shares held, Position held in the company or companies)

• Relationships of the individual with other physical entities

• Photos

• Negative information of the entity and its related legal entities

• Source of Funds/Wealth if required

• ID/Passport copy

• Company operational histories, subsidiaries, affiliates, and lines of business;

• Business information such as memberships in professional bodies and other authorities

• Newspaper and media reports

• Bankruptcies information as retrieved from the official sources

Infocredit does not seek to collect any information in relation to a European resident’s race or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, sex life or sexual orientation, genetic or biometric data.

 

Our data originates from Public & other sources:

• Public sector information (e.g. Company Registrars and Official Receiver)

• Governmental and administrative public records such as business registrations, company filings, court and bankruptcy filings

• Organizations providing information directly to us

• Creditors and suppliers of an organization

• Regulatory bodies and law enforcement agencies

• Media sources

 

Debt Recovery & Receivables Management

We offer debt collection services and receivables management to our clients where they assign the process of debt collection or receivables management to us. This entails the processing of personal data of the debtors. These personal data are provided by our clients and the processing is limited to the sole purpose of collecting the debt. Additionally, data may be collected straight from the data subject during our contact with them.

 

Type of Information

Debtor is individual

Debtor is company

Name and Surname

Yes

Yes

Position

No

Yes

ID/Passport or ARC number

Yes

No

Address

Yes

Of the company

Contact numbers

Yes

Business numbers

Email

Yes

Business email

Client/claimant

Yes

Yes

Amount of the debt

Yes

Yes

Case/Invoice number

Yes

Yes

Date of last payment

Yes

Yes

Description of service

Yes

Yes

Other details necessary to the execution of the contract

Yes

Yes

 

Call Centre

We provide call center services to our clients for Promotion and Customer Service. The personal data are either provided by our clients or retrieved during the communication with a company and are limited to the below:

• Name and Surname

• Position

• Telephone numbers

• Business

 

Email Our data originates from Public & other sources:

• Public sector information (e.g. Company Registrars and Official Receiver)

• Organisations providing information directly to us

• Straight from the Data Subject

• Internet (e.g. yellow pages)

 

Infocredit does not seek to collect any information in relation to a European resident’s race or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, sex life or sexual orientation, genetic or biometric data.

 

Training

To register as a delegate for an event or training you must complete a registration form. During registration you are required to give your contact information (such as name, address, phone number and email address and optionally company name and position). This information enables us to process and fulfil your enrolment online so that we can contact you about the events and trainings for which you have expressed interest.

 

Should the training or seminar be HRDA subsidized you will be required to provide more information to HRDA according to their requirements in order to receive subsidization from HRDA. Infocredit does not seek to collect any information in relation to a European resident’s race or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, sex life or sexual orientation, genetic or biometric data.

 

Our data originates from Public & other sources:

• Public sector information (e.g. Company Registrars and Official Receiver)

• Organisations providing information directly to us

• Straight from the Data Subject

 

Other purpose for processing personal data

We may also use aggregate information and statistics for other purposes. These statistics will not include any information that can be used to identify any individual.

 

We may automatically collect technical information when you connect to our site that is not personally identifiable. This includes for example the type of Internet Browser you are using, the type of computer operating system and the domain name of the website from which you are linked to our site. Additionally, in case you connect to our system we collect your IP address.

 

When you register for any of our services, we may require details including:

• Last Name

• First Name

• Company and your position

• VAT Number

• Address details

• Telephone number

• Fax

• Email

 

Our data originates from Public & other sources:

• Straight from the Data Subject

 

2. Lawfulness of Data Processing

 

- Credit Risk Solutions

Infocredit processing is essential for the conclusion of the purpose and the provision of the activity as set hereinabove. The said processing is necessary for the performance of a task carried out for public interest since this enables organizations as well as people to manage and protect their business from potential uncertain threads when conducting business, allowing them to act proactively.

 

As ascribed in Art. 13 of the Open Data directive and the re-use of public sector information DIRECTIVE (EU) 2019/1024, the further use of Public Sector information Law of 2015 L. 205(Ι)/2015 information regarding legal entities should be available to facilitating the re-use of documents issued or held by public sector bodies. A view that is embraced by the GDPR and illustrated in Art. 89, in which stated that Processing for archiving purposes among others for the public interest, shall be acceptable given the appropriate safeguards, in accordance with this Regulation, have been adopted for the rights and freedoms of the data subject.

 

Data are collected from public sources that are given access by - Creative Commons Attribution 4.0 International (CC BY 4.0). The lawfulness of the processing is based on α.11 of the Charter of Fundamental Rights of the European Union and the a. 19 of the constitution of the Government of Cyprus and the article 6(1) (f) of the GDPR and the legislation Ν 205(Ι) 2015

 

- Regulatory Compliance

Consent, Legal Obligation, Legitimate Interest of third party

- Debt Recovery & Receivables Management

 

Legitimate interest of third party

- Call Centre

Consent, Legitimate interest of third party -

 

Training

Consent -

 

Other purpose for processing personal data

For the fulfilment of a contract

 

3. Recipients and Transfer of Data outside the European Economic Area (EEA)

 

- Credit Risk Solutions - Data Transfer agreements

- Regulatory Compliance - Consent, Data Transfer agreement

- Debt Recovery & Receivables Management - We do not transfer out of the EEA

- Call Centre - We do not transfer out of the EEA

- Training - We do not transfer out of the EEA

- Other purpose for processing personal data - We do not transfer out of the EEA

 

In each transmission to third parties every measure shall be taken beforehand so that only the necessary data shall be transmitted for the implementation of the contract, along with the effective requirements for their legitimate and lawful processing; moreover, the organizations to which the data are being transmitted shall undertake a written commitment that they shall on their part comply with the provisions of the General Data Protection Regulation. Exempt are those cases in which the communication of the data is affected due to some legal or statutory obligation.

 

In cases where it is necessary to communicate your personal data to countries outside the European Union, which do not offer adequate guarantees for the protection of your personal data, our company shall be obliged and hereby undertakes the responsibility to conclude contractual clauses in the form of a Data Transfer Agreement between our Company and the Company to which the data are communicated, in order to safeguard the information transmitted.

 

4. Retention Period for your Personal Data

 

Due to harmonization with the Regulation, we have determined the time periods for the retention of your personal data, depending on the processing to which they are being subjected.

The parameters that have been taken into consideration for the determination of the time periods are your better service, our operational needs, our legal obligations and the safeguarding of our legal interests.

 

- Credit Risk Solutions

For information under Credit Risk Solutions we keep the data appearing in our reports for 5 years, showing the last date that it was updated. In case these data are not updated within a further of 5 years we delete them completely from our database. The overall retention period does not exceed 10 years.

 

- Regulatory Compliance

3 months after the report was completed and provided to the client. The overall retention period does not exceed 4 months.

 

- Debt Recovery & Receivables Management

o In case the debt was collected we anonymize all data 2 months after the collection the debt

o In case of no collection, we anonymize all data 12 months after the assignment of the debt to us. The overall retention period does not exceed 12 months.

 

- Call Centre

30 Days after the finalization of the project. The overall retention period is 2 months.

 

- Training

o HRDA documents are kept based on various regulations

o For the trainers we keep the data for 3 years after the last cooperation with the trainer

o For any other processing we delete the information as soon as the project is completed

 

- Other purpose for processing personal data

o For invoices and data retained for accounting purposes its based on the Tax Legislation

o For any other processing based on consent the individual can always withdraw their consent.

 

5. Security Measures

 

Infocredit applies throughout the data processing procedure, the appropriate technical, physical, and administrative security measures for the protection and security of the personal data from loss, misuse, damage or modification, unauthorised access and disclosure, in compliance with article 32 of the GDPR 679/2016, in order to ensure the appropriate security level against those risks.

 

Key security measures applied by Infocredit: -

Infocredit has ISO 27001/2013 Certification

- Infocredit maintains a dedicated information security team that plans, implements and provides surveillance of our information security program

- The company performs ongoing infrastructure checks to detect weaknesses and potential intrusions, vulnerabilities in systems etc.

- The company uses https protocols for secure and encrypted client communication

- The company uses Firewalls

- The company operates an ISMS - Information Security Management System to reduce Cyber-Security Risks.

- Confidentiality clauses in our agreements with suppliers, and employees

- Adequate training is provided to all employees that handle personal data

 

6. What are your reinforced rights

 

The General Data Protection Regulation defines your rights in regard to your personal data. On account of this, our Company has developed a mechanism for the satisfaction of requests concerning your personal data, that can be retrieved on the link https://www.infocreditgroup.com/access-your-data and includes the following:

 

1. Right to access: You have a right to access your data maintained by us and you may at any time obtain a copy thereof provided we possess them in electronic form.

 

2. Right to rectification: You have a right to access and rectify your personal details. You may at any stage of our relationship check and update your personal data, always presenting the necessary documentation and requesting the rectification or completion of inaccurate information.

 

3. Right to be forgotten: You have the right to ask for the erasure of the whole or part of the data that concern you that are no longer necessary in relation to the purposes for which they are controlled or otherwise processed. Hence, in the cases where Infocredit retains and process personal data in accordance with the provisions of Article 6(1)(c) of the GDPR, Infocredit may object to such a request and may keep the relevant personal data that are required in order for Infocredit to comply with its legal obligations.

 

4. Right to restriction: You have the right of restricting processing where the accuracy of the personal data is contested by you, the processing is unlawful and there is pending verification as to whether the legitimate grounds of Infocredit override those of your rights.

Therefore, we ensure that Infocredit has in place a procedure where you have the right to restrict the processing of your personal data.

 

5. Right to object: You may at any time whatsoever raise objections about the processing of your personal data. In case you make use of this right, the processing shall immediately cease, unless the Company can prove the existence of legal interest or the need to use the data in support of a legal/judicial case.

 

6. Right to data portability: You have the right to portability, that is, to transfer your personal data to another organization in a legible and commonly used form. The said data shall be erased as specified in the erasure policy of the Company.

 

7. Right to recall consent: You have the right any time to withdraw your consent to the processing of your personal data, without however affecting the legality on which our policy was based prior to your withdrawal. We would like to inform you that the recall of your consent may possibly lead to the termination of the relevant services.

 

8. Right to launch complaint: You have the right to launch a complaint with the Commissioner for the Protection of Personal Data, regarding the processing of your personal data.

 

7. Our use of cookies

 

When you view one of our websites, following consent, we may store information on your computer. This information will be in the form of a “Cookie” or similar file and can help us in many ways. For example, cookies allow us to tailor our website to better match your interest and preferences. With most Internet browsers, you can erase cookies from your computer hard drive, block all cookies or receive a warning before a cookie is stored. Please refer to your browser instructions or help screen to learn more about these functions.

 

8. Your consent

If we change our Privacy Notice we will post the changes on this page so that you may be aware of the information we collect and how we use it at all times. Continued use of the service will signify that you agree to any such changes.

 

9. Data Protection Responsibilities

 

For the purposes of this Privacy Notice we act as “data controllers” when we determine the purposes for which and the manner in which any personal data are, or are to be processed. Furthermore, we act as “data processors” when we obtain, record or hold the information or data or carry out any operation or set of operations on the information or data.

 

Data Protection Officer contact details:

A. & E. C. Emilianides, C. Katsaros & Associates LLC

192 Ledras, 3rd Floor,

1011 Nicosia, Cyprus

Tel: + 357 22 676752

Fax: + 357 22 676754

Email: [email protected]

 

10. How to lodge a complaint

If you have exercised some or all of your rights to data protection and you still feel that your concerns about the way we process your personal data have not been fully addressed by us, you have the right to file a complaint to the Office of the Personal Data Protection Commissioner. You will find information on how to file complaints on the relevant website: (http://www.dataprotection.gov.cy)

 

Updated: March 1st 2020

 

Supreme