Privacy Policy:
Purpose of this Policy
The Internet is an amazing tool. With only a few mouse-clicks, you can follow the news, look up facts, buy goods and services, and communicate with others from around the world. It’s important to Residency Group to help our customers retain their privacy when they take advantage of all our Website has to offer.
Your privacy is important to you and to us. We have structured our Website so that you can visit us on the Internet without identifying yourself or revealing any personal information.
Once you choose to provide us with personal information, we will protect such information and use it only in the ways as described below.
We are committed to respecting and protecting your privacy at all times. Any information about any person visiting our Website will not be sold, rented, transferred, or otherwise made available to others, except as expressly provided for in this Policy.
This Policy explains how we look after your personal data (in all situations where we collect your data) and sets out your privacy rights and also explains how the law and our approach to privacy and personal data protect you.
We process your personal data in an appropriate and lawful manner, in accordance with applicable data protection regulations and the General Data Protection Regulation EU 2016/679 (the “GDPR”) which is in force as of 25 May 2018.
We will comply with local data protection laws in jurisdictions we operate in and to do so the personal information we hold about you must be:
used by us lawfully, fairly and in a transparent way;
collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes;
relevant to the purposes we have told you about and limited only to those purposes;
accurate and kept up to date;
kept only as long as necessary for the purposes we have told you about; and kept securely.
This Policy supplements any other privacy notice that we may provide to you at the point that we collect data from you and should be read in conjunction with those notices.
This Policy should also be read in conjunction with our Terms of Use and our IP Address and Cookie Policy.
Controller’s Contact Details
Residency Greece is the controller for the personal information we process, unless otherwise stated. There are many ways you can contact us, including by phone, email and post.
Our postal address:
RESIDENCY GREECE
Personal Data We Collect From You
We will collect and process the following personal data about you:
These are personal details and include your first name, last name, email address and phone number (“Identity & Contact Data”). They will also include information on which services you are interested in or details about your enquiry. The information you give us may also include data about any marketing preference.
Such information may be provided by you in the following circumstances (but not limited to): (i) by filling in an enquiry form on the Website; (ii) by corresponding with us by post, phone, e-mail or otherwise when you apply for our services; (iii) subscribe to our services or publications; (iv) request marketing to be sent to you; (v) give us some feedback; (vi) to conduct business relationship with us in relation to our activities (rent, buy/sell, etc), (vi) to start negotiations for or entering into a contract to supply services to us, (vii) made a complaint and/or an information request to us, (viii) wish to attend or have attended an event, (ix) subscribe to our e-newsletter, or (x) have applied for a job with us.
To the extent you engage our services you may be required to provide further information. Where you are a business user, we may also require further information before we enter into a commercial relationship with you.
Such further information may include payment details such as banking information, VAT number in order for us to process payments in relation to our services (“Financial Data”). We may also require you to provide us with information that might be needed to establish and serve as proof of your identification such as copies of your passport or national ID (“Identity Data”).
Where we are collecting or processing further information we will provide you with separate Privacy Notices which further describe how and why we are using your personal data.
Where we are required to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the services as agreed or we may not be able to enter into a contract with you but we will notify you if this is the case at the time. We may have to terminate that contract with you as a result.
Whenever you visit our Website, we will automatically collect the following:
Including the IP address used to connect your computer to the Internet, your login information, browser type and version, the full Uniform Resource Locators (URL), clickstream to, through and from our Website (including date and time) as well as other information regarding your experience on our Website such as page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page.
We may receive information about your location. We may determine your location through your IP address and, when accessing the Website through a mobile device, by using the data that we collect from this device. This includes information about the wireless networks or cell towers near your mobile device at the time of access. Our Website uses cookies to distinguish you from other users of our Website. This helps ensure that we provide you with a good experience when you browse our Website and also allows us to improve our Website. For detailed information on the cookies we use and the purposes for which we use them see our Cookie Policy (clause 20) below.
The purpose for implementing all of the above is to maintain and monitor the performance of our website and to constantly look to improve the site and the services it offers to our users. The legal basis we rely on to process your personal data is article 6(1)(f) of the GDPR, which allows us to process personal data when its necessary for the purposes of our legitimate interests.
We may receive personal data about you from various third parties and publicly available sources as set out below:
Data Accuracy
It is important that the data that we hold about you is accurate and up to date. In the event that your data changes please notify us so that we can update our records.
We may hold and process personal data that you provide to us in accordance with the GDPR.
We shall use this information:
We shall use this information:
We will combine information we receive from other sources with information you provide to us and information which we collect from you. We will use your information only for purposes as described in the paragraphs above.
We shall only process your personal data insofar as this is necessary for us to be able to provide the services we offer and/or for the purposes indicated in this Policy.
Generally, we do not rely on consent as a legal basis for processing your personal data. However, where your consent is required, we will provide you with a consent form requesting explicit consent to do so.
Where we collect your data for marketing purposes, we will always request your consent, at the point the data is collected, to use your data for that purpose. We will always obtain your prior consent to sharing your personal data with any third party for their marketing purposes. This may be to enable relevant third parties to advise you of products or services that may be of interest to you.
We will only use your personal data for a reason other than the purpose for which it was originally obtained if we consider that we need to use it for that other purpose and have a legitimate interest in doing so, and your interests and fundamental rights do not override those interests.
We may also process your personal data on the basis of any legitimate interest or in order to comply with any legal obligations at law. This may include the exercise or defense of legal claims or in order to comply with an order of any court, tribunal or authority or disclosure to a government or regulatory entity.
There are a range of circumstances where we may disclose your data to third parties. These include:
(a) Regulatory bodies and/or other authorities/organizations/companies: We may disclose your data to regulatory bodies to enable us to comply with the law and to assist fraud protection and minimise credit risk. We may also disclose your data if we are under a duty to disclose or share your personal data to comply with any legal obligation, judgment or under an order from a court, tribunal or authority. We may also disclose your data to enforce our Terms of Use, or to protect our rights, property or safety, that of our partners or other users of our Website. This includes exchanging information with other companies and organizations and authorities for the purposes of Anti-Money Laundering/KYC checks, Anti-Bribery/Corruption law provisions compliance and/or fraud protection.
(b) Our Service Providers/Suppliers: We may disclose your data to third parties that are involved in the fulfillment of our services to you.
(c) Data Controllers or Data Processors: We may disclose your personal data to any third party that may act as joint data controllers or data processors to Residency Greece which will be the data controller for your data when you obtain our services and/or may provide administration, controls and reporting services. We have contracts in place with our data processors. All parties that act as joint data controllers or data processors to Residency Greece respect and protect the security of your personal data in accordance with the applicable law (including the GDPR) and apply the security measures and safeguards as described below.
We may require to share your data with service providers in their capacity as data processors, which is necessary for us to provide the services you request, who will store and process your data on the basis of strict confidentiality and subject to the appropriate security measures and safeguards in place as described below.
We may share your data with other third parties in their capacity as data controllers such as notaries, auditors and other advisors and service providers or third parties providing services or goods to you such as real estate agencies/owners/developers who you might wish to engage with under separate terms and conditions between you and such third parties. These third parties will be processing your data in their own right as data controllers and their data protection policies and processes shall be become applicable
(d) Third party marketing. Where you have consented for us to do so, we may provide your data to selected third parties who may contact you about their goods or services that you may be interested in.
(e) Business sale. We may disclose your personal data outside of our organisation in the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets; and if RESIDENCY GREECE’s business is bought by a third party, in which case personal data held by it about its customers will be one of the assets to transfer to the buyer. However, any such transfer will only be on terms that the confidentiality of your personal data is protected and that the terms of this privacy policy will continue to be complied with by the recipient.
Please be advised that we do not reveal information about identifiable individuals to our advertisers, but we may, on occasion, provide them with non-personal data such as Aggregated Data which is data that may be obtained from your personal data, but which does not directly or indirectly identify you. This may include data detailing how you use our Website and the features and areas that you have interacted with Aggregated Data about our Website visitors and customers.
If you do not want us to share your data with third parties you will have the opportunity to withhold your consent to this when you provide your details to us on the form on which we collect your data, or you can do so by writing to us at the address detailed above or sending us an email to enquiries@residencygreece.com at any time.
Transfers Of Data To Third Parties
Where we share your personal data with internal or external third parties, this may involve transferring your data outside the European Economic Area (EEA). We will transfer your personal data in accordance with standard contractual clauses (European Commission: Model contracts for the transfer of personal data to third countries) to ensure your personal data is protected and transferred securely in compliance with applicable law, including the GDPR.
Third Party Access To Your Personal Data
We work closely with third parties in order to provide you the services you request on our Website. These third parties include cloud storage providers, analytics providers and search engine information providers. We will only work with third party providers that comply with applicable laws in the jurisdictions which we operate and abide by the GDPR and, if applicable, agree to be bound by the standard contractual clauses to adequately protect and safeguard your personal data.
We have put in place appropriate security measures to prevent your data from unlawful or unauthorised processing or accidental loss or damage or disclosure. Once we have received your personal data, we will use strict procedures and security features to try to prevent unauthorised access.
The transfer of information between our Website and your device is protected with TLS/SSL certificates. When the Website is accessed using compatible browsers, that technology protects personal information using both server authentication and data encryption to ensure that personal information is safe and secure while in transit. The mainstream browser versions compatible with that technology are the Internet Explorer from version 11, the Mozilla Firefox from version 27, the Google Chrome from version 32 and the Apple Safari from version 7.
All personal data is stored in a secure server environment that uses a firewall and other advanced technology to protect against interference or unauthorized access.
No method of transmission of data is one hundred percent (100%) secure and absolute security cannot be guaranteed.
In the event of a data breach we will notify the competent authorities and we will also notify you in the event that the breach results in any likelihood of loss or damage to you.
You will receive marketing communication if you have requested such marketing information from us by providing us with your details through this Website and have consented and opted-in to receiving such information. Where we have entered into a contract or other business relationship with you, we may further inform you about our activities, offers or other information which we believe would be useful to you in accordance with our legitimate interest.
We will not share your personal data with any third party for marketing purposes without your explicit consent.
You have the right to withdraw or vary consent or to object to receive marketing information as well as to withdraw or vary any consent provided by you in relation to your personal data/information (i.e. collection, processing, transfer) or even withdraw your consent to this Policy at any time by contacting enquiries@residencygreece.com .
If you choose not to consent or to object to any one of the purposes listed herein or withdraw your consent at any time, we will still be able to provide our services, however, we would not be able to provide you with the full range of services which we offer and it may affect the efficiency with which we provide the services you request.
The withdrawal of any consent will not affect the lawfulness of processing which we carried out on the basis of such consent before its withdrawal. Once we have received notification that you have withdrawn your consent, we will no longer process your information for that purpose unless we have another legitimate basis for doing so in law.
Withdrawal of consent to this Policy will result in us having to terminate our services immediately.
The length of time that we retain and store your data depends on the purpose for which it was collected. We will only store data for as long as is required to fulfill that purpose or for the purpose of satisfying legal, accounting or reporting requirements.
In any case, retention of data shall not exceed 10 years from the date of termination or completion of the services. This period of retention enables us to use the data for defending potential legal claims, taking into account the applicable limitation periods under relevant laws, as well as, if applicable, to comply with Anti-Money Laundering/KYC laws and regulations, Anti-Bribery/Corruption law provisions and regulations, accounting and tax laws, applicable to certain jurisdictions which we operate in.
Whenever and to the extent possible, we anonymize the data which we hold about you when it is no longer necessary to identify you from the data which we hold about you.
The GDPR gives you a range of rights in relation to the personal data that we collect from. You have the right to:
(a) Access your personal data/information: This right is commonly known as the “Data Subject Access Request” and enables you to receive a copy of the personal data/information we hold about you, as well as information on if, how, why and by whom your data is processed. You will not need to pay a fee to access your personal data (you shall receive one electronic copy via e-mail) unless we can justifiably demonstrate that the request is unfounded, repetitive or excessive in which case we may also refuse to comply with your request in these circumstances. We will respond to all legitimate data access requests within one month, but we may need to obtain further information from you in order to confirm your identity and the legitimacy of the request.
(b) Request update of the personal data: This enables you to obtain correction of any inaccurate to update your data, to have any inaccurate data corrected and to have incomplete personal data completed, including by means of providing a supplementary statement.
(c) Object to processing of your personal data: You may object to processing of your personal data where we are relying on consent or our legitimate interests (or those of a third party) as the justification for processing the data. Unless we have a legitimate interest that overrides your interest, we will stop processing your personal data.
In the case of processing your data for marketing purposes, we will stop processing the personal data for such purposes, if requested by you.
(d) Erasure of your personal data (right to be forgotten): This enables you to ask us to delete personal data in the following circumstances:
where there is no justifiable and/or lawful reason for us continuing to retain and process it (i.e. where the processing of the data is no longer necessary for any of the reasons the data was collected or the deletion is required by the law);
where you have successfully objected to the processing of the data by the Website
where your personal data have been unlawfully processed.
We may not always be able to delete the data such as if there is an ongoing contractual relationship between us or if we are legally required to retain the data, etc.
(e) Restrict the processing of your personal data: you shall have the right to obtain from us restriction of processing where one of the following applies:
the accuracy of the personal data is contested by you, for a period enabling us to verify the accuracy of the personal data;
the processing is unlawful and you oppose the erasure of your personal data and request the restriction of their use instead;
we no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims;
you have objected to processing pursuant pending the verification whether our legitimate grounds override those of yours.
(f) Request the transfer of your personal data to you or to a third party (Right of Data Portability): We will provide to you, or a third party you have chosen, your personal data in a structured, machine-readable format.
(g) Withdraw consent: Where we are relying on consent to process your personal data you may withdraw that consent. For more details in relation to this right, please see above in “Withdrawal Of Consent”.
You can exercise these rights at any time by writing to us at the address detailed above, or by email to enquiries@residencygreece.com.
You might find links to third party websites on our website. If you click a link to a third-party website and visit that site, you may be allowing that site to collect and share certain data about you. These websites should have their own privacy policies, which you should check, because this privacy notice does not cover how that organisation processes personal information. We do not accept any responsibility or liability for their policies whatsoever as we have no control over them.
We meet visitors at our offices, including: dignitaries, external training providers, job applicants, suppliers and tradespeople, stakeholders, advisors, customers and organisations we may be interviewing about their processing.
If your visit is planned, we’ll send your name and visit information to reception before your visit – so that we can notify the appropriate personnel for your arrival. We may ask you to sign in and out at reception and show a form of ID. The ID is for verification purposes only, we don’t record this information.
Closed-circuit television (CCTV) operates outside the building and outside our offices for security purposes. The information is viewed by us on a live feed and we record it. The purpose for processing this information is for security and safety reasons. The legal basis we rely on to process your personal data is article 6(1)(f) of the GDPR, which allows us to process personal data when its necessary for the purposes of our legitimate interests.
We have Wi-Fi on site for the use of visitors. We’ll provide you with the address and password. We record the device address and will automatically allocate you an IP address whilst on site. We also log traffic information in the form of sites visited, duration and date sent/received. We don’t ask you to agree to terms, just to the fact that we have no responsibility or control over your use of the internet while you are on site, and we don’t ask you to provide any of your information to get this service. The purpose for processing this information is to provide you with access to the internet whilst visiting our site. The legal basis we rely on to process your personal data is article 6(1)(f) of the GDPR, which allows us to process personal data when its necessary for the purposes of our legitimate interests.
We do not provide services directly to children or proactively collect their personal information. However, we are sometimes given information about children while handling a request or complying to contractual obligations. The information in the relevant parts of this notice applies to children as well as adults.
As part of our functions, we process special category data. We do not process criminal conviction data. These reasons include those of the purposes of performing or exercising obligations or rights which are imposed or conferred by law or by contract or the data subject in connection with employment, social security or social protection. For these types of processing we are required to have an appropriate policy in place setting out the explaining our procedures and policies.
Special category data Special category data is defined at Article 9 GDPR as personal data revealing: – Racial or ethnic origin – Political opinions – Religious or philosophical beliefs – Trade union membership – Genetic data – Biometric data for the purpose of uniquely identifying a natural person – Data concerning health, or – Data concerning a natural person’s sex life or sexual orientation.
Employment, social care and social protection Under Article 9 (2) (b) GDPR, states that we may process special category data and criminal convictions where it is necessary for purposes of carrying out obligations and exercising specific rights of the controller or data subject in the field of employment, social security and social protection law. This must be carried out on the basis of EU or Member State law or a collective bargaining agreement providing for appropriate safeguards for the fundamental rights and the interest of the data subject.
We process for the following purposes:
Our purpose is to investigate and take action in line with our duties. The legal basis we rely on to process your personal data is article 6(1)(c) of the GDPR, which allows us to process personal data when this is necessary to perform our tasks, in line with our corporate services.
We need information from you to investigate (if we are legally bound) or report your complaint properly to a competent authority.
When you contact us to make an enquiry, we collect information, including your personal data, so that we can respond to it and fulfil our responsibilities. The legal basis we rely on to process your personal data is article 6(1)(b and c) of the GDPR, which allows us to process personal data when this is necessary to perform our tasks in line of our corporate services. If the information you provide us in relation to your enquiry contains special category data, such as health, religious or ethnic information the legal basis we rely on to process it is article 9(2)(g) of the GDPR. We need enough information from you to answer your enquiry.
Our purpose for processing this information is to assess your suitability for a role you have applied for. The legal basis we rely on for processing your personal data is article 6(1)(b) of the GDPR, which relates to processing necessary to perform a contract or to take steps at your request, before entering a contract. The legal basis we rely on to process any information you provide as part of your application which is special category data, such as health, religious or ethnic information is article 9(2)(b) of the GDPR, which also relates to our obligations in employment and the safeguarding of your fundamental rights and article 9(2)(h) for assessing your work capacity as an employee.
We’ll use all the information you provide during the recruitment process to progress your application with a view to offering you an employment contract with us, or to fulfil legal or regulatory requirements if necessary. We will not share any of the information you provide with any third parties for marketing purposes. We’ll use the contact details you give us to contact you to progress your application. We’ll use the other information you provide to assess your suitability for the role.
We do not collect more information than we need to fulfil our stated purposes and will not keep it longer than necessary. The information we ask for is used to assess your suitability for employment. You don’t have to provide what we ask for but it may affect your application if you don’t.
We ask you for your personal details including name and contact details. We’ll also ask you about previous experience, education, referees and for answers to questions relevant to the role. Our recruitment team will have access to all this information. You will also be asked to provide equal opportunities information. This is not mandatory – if you don’t provide it, it won’t affect your application. We won’t make the information available to any staff outside our recruitment team, including hiring managers, in a way that can identify you. Any information you provide will be used to produce and monitor equal opportunities statistics.
Our hiring managers shortlist applications for interview. They will not be provided with your name or contact details or with your equal opportunities information if you have provided it. We may ask you to participate in assessment days; complete tests or occupational personality profile questionnaires; attend an interview; or a combination of these. Information will be generated by you and by us. For example, you might complete a written test or we might take interview notes. This information is held by us. If you are unsuccessful after assessment for the role, we may ask if you would like your details retained in our talent pool. If you say yes, we would proactively contact you should any further suitable vacancies arise.
If we make a conditional offer of employment, we’ll ask you for information so that we can carry out pre-employment checks. You must successfully complete pre-employment checks to progress to a final offer. We must confirm the identity of our staff and their right to work in Cyprus, and seek assurance as to their trustworthiness, integrity and reliability. You must therefore provide: proof of your identity – you will be asked to attend our office with original documents; we’ll take copies proof of your qualifications – you will be asked to attend our office with original documents; we’ll take copies a criminal records declaration to declare any unspent convictions (if necessary), your email address, we’ll contact your referees (if any), using the details you provide in your application, directly to obtain references, we’ll also ask you to complete a questionnaire about your health to establish your fitness to work. If we make a final offer, we’ll also ask you for the following: bank details – to process salary payments emergency contact details – so we know who to contact in case you have an emergency at work social security number.
Final recruitment decisions are made by hiring managers and members of our recruitment team. We take account of all the information gathered during the application process.
Our purpose for collecting this information is so we can facilitate the event and provide you with an acceptable service. The legal basis we rely on for processing your personal data is your consent under article 6(1)(a) of the GDPR. When we collect any information about dietary or access requirements, we also need your consent (under article 9(2)(a)) as this type of information is classed as special category data.
If you wish to attend one of our events, you will be asked to provide your contact information including your organisation’s name and, if offered a place, information about any dietary requirements or access provisions you may need. We may also ask for payment if there is a charge to attend.
We use this information to facilitate the event and provide you with an acceptable service. We also need this information so we can respond to you.
If you are not successful in securing a place, we’ll let you know and hold your details on a reserve list in case a place becomes available. If you are allocated places at an event, we’ll ask for information about any dietary/access requirements. We don’t share this information in any identifiable way with the venue, and we delete it after the event. We don’t publish delegate lists for events.
Our purpose for collecting the information is so we can provide you with a service and let you know about upcoming events and projects. The legal basis we rely on for processing your personal data is your consent under article 6(1)(a) of the GDPR. We need your name and email address to use it in order to send you our material. We only use your details to provide the service.
Processing personal data must be lawful, fair and transparent. It is only lawful if and to the extent it is based on law and either the data subject has given their consent for the processing or the processing meets at least one of the conditions in GDPR. We provide clear transparency information to all those who provide personal data to us. In circumstances where we seek consent, we make sure the consent is unambiguous, given by an affirmative action and recorded as the condition for processing.
We process personal data for the abovementioned purposes such as (but not limited to) entering into an agreement, fulfilling an agreement or promoting our services. We are either authorized or obligated by law to process personal data for these purposes. We may process personal data collected for any one of these purposes (whether by us or another controller), for any of the other purposes here, providing the processing is necessary and proportionate to that purpose. If we are sharing data with another controller, we will document that they are authorised by law to process the data for their purpose. We will not process personal data for purposes incompatible with the original purpose it was collected for.
We collect personal data necessary for the relevant purposes and ensure it is not excessive. The information we process is necessary for and proportionate to our purposes. Where personal data is provided to us or obtained by us but is not relevant to our stated purposes, we will erase it.
Where we become aware that personal data is inaccurate or out of date, having regard to the purpose for which it is being processed, we will take every reasonable step to ensure that data is erased or rectified without delay. If we decide not to either erase or rectify it, we will document our decision.
We retain information processed for the periods set out in the corporate retention schedule.
Electronic information is processed within our secure network. Hard copy information is processed within our secure premises. Our electronic systems and physical storage have appropriate access controls applied. The systems we use to process personal data allow us to erase or update personal data at any point in time.
So as to improve the quality and overall user experience of the Website as well as facilitate event bookings and client event registrations, we are using Google Analytics Advertising Features, including Amiando and Microsoft Dynamics.
If you would like to opt-out of Google Analytics for display advertising, you may do so by using the Ads Preference Manager.
In addition, there is also a Google Analytics Opt-Out browser add-on that you can download at https://tools.google.com/dlpage/gaoptout.
You may withdraw your consent given for any of the purposes listed above at any time. This does not affect the lawfulness of your personal data for these purposes prior to your withdrawal. You may send us an email at enquiries@residencygreece.com indicating your withdrawal of consent and specify which processing activities such withdrawal relates to.
We welcome any comments, complaints and queries in relation to data protection. As indicated above you may contact us on enquiries@residencygreece.com and we shall try our best to deal with any issue or concern you may have.
If we fail to address your concerns, you have the right to lodge a complaint with the Office of the Commissioner for Personal Data Protection at commissioner@dataprotection.gov.cy, as the relevant national supervisory authority on all data protection matters (www.dataprotection.gov.cy).
We may update this policy (including our Terms of Use, IP Address Policy and Cookies Policy) to reflect changes to the website and customer feedback as well as to reflect any amendment of any applicable law. Please regularly review these policies to be informed of how we are protecting your personal data and to see any updates or changes to this policy.
We welcome any queries, comments or requests you may have regarding this Privacy Policy. Please do not hesitate to contact us.