Clients' Privacy Policy of the Center

Για την Ελληνική έκδοση της Πολιτικής Προστασίας Προσωπικών Δεδομένων των Πελατών παρακαλώ ακολουθείστε αυτό το σύνδεσμο.

09/10/2019 ver 1.03

1. INTRODUCTION

This Privacy Policy (the “Policy”) set out below will govern the protection and processing of your personal data which is collected and processed by A.D.R. Cyprus Center Ltd (“we” or “us”) in case you are a Client or Prospective Client (“you”).

A.D.R. Cyprus Center Ltd is a limited liability company registered at Kyriakou Matsi 16, Eagle House, 8th Floor, 1082, Agioi Omologites, Nicosia, Cyprus.

Please read this Policy carefully. By accepting the provision of legal services from us and by signing any relevant documents directing you to this policy, you are deemed to have read, understood, agreed to and consented to this Policy.

Controller

Any information (including personal data) submitted to us by a Client or Prospective Client, will be handled by us and transmitted to us.

Definitions

Client means a trader or consumer who has applied for any ADR procedure with the us.

Prospective Client is a trader or consumer who has not yet accepted the conduct of an ADR procedure whom we have collected personal data either directly or through another party.

Personal data includes personal data of a Client, a Prospective Client or any person authorising the Client or Prospective Client to disclose such data.

 2. DATA PROTECTION PRINCIPLES

We will comply with data protection law. This says that the personal information we hold about you must be:

  1. Used lawfully, fairly and in a transparent way.
  2. Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
  3. Relevant to the purposes we have told you about and limited only to those purposes.
  4. Accurate and kept up to date.
  5. Kept only as long as necessary for the purposes we have told you about.
  6. Kept securely.

3. COLLECTION OF PERSONAL DATA

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

  • Where we need to perform the contract we are about to enter into or have entered into with you.
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
  • Where we need to comply with a legal obligation.
  • Where the processing is necessary to protect your vital interests

We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.

Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.

Data retention: How long will you use my personal data for?

We will only retain your personal data for as long as reasonably necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

Purpose/Activity Type of Data Lawful Basis Retention Period
Receiving Personal Data from a Prospective Client Any data submitted by the Client including special categories of data. (Please see under title Special Categories of Data in this Section) (a) Necessary in order to take steps at the request of the data subject prior to entering into a contract Up to two years provided that the Prospective Client does not become a Client
Contacting a Prospective Client First and Last name, e-mail address, Subject, message (a) Necessary in order to take steps at the request of the data subject prior to entering into a contract Up to two years provided that the Prospective Client does not become a Client
Opening a File for a Client Name, surname, address, telephone, email and fax as well as the type of case we will be handling, when you sign our New Client Form. (a) Processing is necessary for the performance of a contract to which the data subject is party

(b) Processing is necessary in order to protect the vital interests of the data subject.

(c) Processing is necessary for the purposes of the legitimate interests pursued by the controller

(d) processing is necessary for compliance with a legal obligation to which the controller is subject (namely under Law 85(I)/2017

10 years after the completion of the ADR procedure provided payment has been made in full

.

Receiving information from a Client in relation to an ADR Dispute. We cannot list the exact data which we will receive from the Client as these cannot be standardised. Personal data relating to the case at hand such as data relating to a:

  • Arbitration
  • Conciliation
  • Mediation

Such data will include:

Type of ADR procedure, Name, Surname, email, Country of residence, Address, E-mail of the person against whom the the ADR procedure is sought, Telephone of the person against whom the the ADR procedure is sought, Brief Summary of the Dispute, Value of Goods or Services relating to the dispute, Whether there is an agreement to use a settlement procedure other than the one applied, Whether there is an agreement regarding time limits for conducting or completing the ADR Process, Whether there is any agreement in relation to the language to be used in the mediation process, whether there is any agreement in relation to the location of the physical meetings between the parties or the conduct of the online process. Any relevant files uploaded and whether the party applying wishes the dispute to be resolved through mandatory settlement.

(a) Processing is necessary for the performance of a contract to which the data subject is party

(b) Processing is necessary in order to protect the vital interests of the data subject.

(c) Processing is necessary for the purposes of the legitimate interests pursued by the controller

(d) processing is necessary for compliance with a legal obligation to which the controller is subject (namely under Law 85(I)/2017

10 years after the completion of the ADR procedure provided payment has been made in full
Receiving data of Prospective students Name, Surname, Email, Profession, telephone number, whether the prospective student wishes to renew license as mediator or become a mediator for the first time. ‘’(a) Processing is necessary for the performance of a contract to which the data subject may become a party

(b) Processing is necessary for the purposes of the legitimate interests pursued by the controller

(c) processing is necessary for compliance with a legal obligation to which the controller is subject (namely under Law 159(I)/2012

Up to 2 years provided that the Prospective Student does not become a student.
Contacting a Prospective Student Name, Surname, Email, Telephone number, (a) Processing is necessary for the performance of a contract to which the data subject may become a party

(b) Processing is necessary for the purposes of the legitimate interests pursued by the controller

(c) processing is necessary for compliance with a legal obligation to which the controller is subject (namely under Law 159(I)/2012

Up to 2 years provided that the Prospective Student does not become a student.
Using data of Student for Teaching Name, Surname, Email, Telephone number, any other information used for the purpose of teaching. (a) Processing is necessary for the performance of a contract to which the data subject is a party

(b) Processing is necessary for the purposes of the legitimate interests pursued by the controller

(c) processing is necessary for compliance with a legal obligation to which the controller is subject (namely under Law 159(I)/2012

Up to 7 years from concluding the lessons or payment of the invoice whichever happens last

Marketing

We will not use your personal data for any marketing purposes.

Change of purpose

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

Special Categories of Data

We may collect special categories of data in case these relate to the services we may provide such as data about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data).

For example we may:

  • collect medical data in case your claim or defense is based on personal injury or
  • we may use information in relation to trade union membership in case we are representing you in an employment law dispute or we are advising you on employment law issues or
  • we may use your race, ethnicity, religious, philosophical beliefs, sex life, sexual orientation, political opinions data in case we are representing you in a claim for discrimination

The above list is by way of example only as we cannot predict the full spectrum of cases where we will be processing special categories of data.

Furthermore we may collect data about your criminal convictions or offences in case we are representing you in criminal litigation and the convictions relate to the legal services we offer or in where the representation results in your conviction. This is because the data may be used in order to represent you in further proceedings against you as provided by the laws of the Republic of Cyprus.

How is your personal data collected

We use different methods to collect data from and about you including through:

  • Direct interactions for Prospective Clients: You may give us your name, surname, telephone, email by contacting us through the post, telephone, e-mail or through any other means. This includes personal data you provide when you communication with us.
  • Direct interactions for Clients: You may give us your name, surname, address, telephone, email and fax as well as the type of case we will be handling.

 

4. DISCLOSURES OF YOUR PERSONAL DATA

We may share your personal data with the parties set out below for the purposes set out in the table above:

  • Any employee or service provider which provides services/manpower necessary for performance of our services.
  • Cloud Service Providers. We currently use the cloud services offered by Microsoft Corporation such as OneDrive and the Microsoft Exchange mail servers to store all of the data mentioned above and in order to communicate with you through the email. Microsoft Corporation only stores the data, backs them up, and allows us to retrieve them. In this respect Microsoft Corporation is our data processor. We use Microsoft in order to keep your data safe and secure.
  • Third parties, to whom we may choose to sell, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy policy.
  • Any Arbitrator, Mediator or Conciliator who is appointed through us. We will share your information with such persons in order for us to be able to perform our duties under the Law.
  • The party and/or the legal representatives against whom you have brought your complaint.

 

5. INTERNATIONAL TRANSFERS

We take care so as not to transfer any of your data outside the European Economic Area. In case we do transfer your data outside of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least that we use specific contracts approved by the European Commission which give personal data the same protection it has in Europe.

Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.

 6. DATA SECURITY

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

 7. CHANGES TO THE POLICY

We reserve the right, at our discretion, to make changes to any part of this Policy. Should this Policy be amended, we will publish details of the amendments on the Website.

8. SEVERABILITY

If this Policy or any part of it should be determined to be illegal, invalid or otherwise unenforceable under the laws of any country in which this Policy is intended to be effective, then to the extent that it is determined to be illegal, invalid or unenforceable, it shall in that country be treated as severed and deleted from this Policy and the remaining terms of this Policy shall survive and remain in full force and effect and continue to be binding and enforceable in that country.

9. EVENTS BEYOND OUR CONTROL

We are not responsible for any breach of this Policy caused by circumstances beyond its reasonable control.

10. YOUR RIGHTS

 If you submit or have already provided us with personal data about you, then you have the following rights under this Policy and the relevant legislation on the protection on personal data.

You may at any time cancel the consent you have given us to process your personal data:

You may at any time send us any of the following requests:

  • A request for us to permanently delete all or some of your personal data from our records.
  • A request for you to access your personal data that are in our records.
  • A request for us to provide you with a copy of your personal data that are in our records, in digital or hard copy form.
  • A request for us to update or correct your personal data that are in our records.
  • A request for us to forward to another party of your choosing, a copy of all or some of your personal data that are in our records.
  • A request for us to limit what we do with your personal data or to stop all processing of your personal data.

If you wish to exercise any of the above rights or if you wish to notify us of a breach of your personal data you will be able to do so by contacting us at any of the following:

Address: Kyriakou Matsi 16, Eagle House, 8th Floor, 1082, Agioi Omologites, Nicosia, Cyprus.

Tel: +357 22519741

Fax: +357 22318214

Emailsecretariat@adrcyprus.com

You also have a right to lodge a complaint with the supervisory authority, The Office of the Commissioner for the protection of personal data, however we would appreciate the chance to deal with your concerns before you approach the supervisory authority.

At any time after providing your consent, you will have a right to withdraw it by visiting any of our stores or by contacting us electronically or in writing using the above contact details.

 11. CONTACTING OUR DPO OR THE OFFICE OF THE COMMISSIONER

Our appointed Data Protection Officer is Mr George Antoniades who can be contacted at:

Address: Kyriakou Matsi 16, Eagle House, 8th Floor, 1082, Nicosia, Cyprus

Tel: +357 22510165

Emailgeorgea@dhadjinestoros.com

The competent authority in Cyprus for the enforcement of personal data protection legislation is:

The Office of the Commissioner for the protection of personal data

Address: Iasonos 1, 1082 Nicosia Cyprus or P.O.Box 23378, 1682 Nicosia Cyprus

Telephone: +357 22818456

Fax: +357 22304565

Emailcommissioner@dataprotection.gov.cy