This Policy is a privacy statement and aims to inform you about the way in which we collect and process your personal data, the purpose of the processing as well as your legal rights as data subjects, in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and the relevant legislation.
According to the above Regulation ‘personal data’ is any information related to a person that can be identified, for example: full name and ID number.
2. WHO ARE WE?
Novofin Audit & Consultancy Limited is an audit company with registration number HE408923 (referred as “we” or “us” or “our”).
The address of its office is at 12, Chrysanthou Mylona Street, Harmonia Building Block 1, Office 15, 3030 Limassol.
3. HOW WE COLLECT YOUR PESONAL DATA
We collect and process various types of personal data that we receive from you on the basis of contract necessity, or through our clients on the basis of legal obligation or legitimate interest.
If you are an employee or have applied for employment, we collect your personal data during the recruitment process and/or throughout your employment.
We may also collect personal data from other publicly available sources (e.g. the Internet) which we lawfully obtain and are allowed to use.
4. WHAT PERSONAL DATA WE COLLECT
If you are a client or a potential client, the personal data we collect may include: full name, home address, contact details, date of birth, ID or passport number, nationality, occupation, social insurance number, tax identification number, marital status, number of dependents, assets and sources of income.
If you are an employee of a client of ours, the personal data we collect are: full name, contact details, date of birth, ID, ARC or passport number, job position, social insurance number, tax identification number, marital status earnings and contributions.
If you are a prospective employee, the personal data we collect may include: full name, contact details, academic qualifications, professional experience and other information that you voluntarily provide to us through your CV.
If you are an employee or former employee, in addition to the above-mentioned, we may collect: home address, date of birth, marital status, ID number, social security number, tax identification number, earnings and contributions, leave status and bank account number.
5. WHY WE NEED YOUR PERSONAL DATA AND ON WHAT LEGAL BASIS
As mentioned above, we are committed to protecting your privacy and to handling your data transparently and in accordance with the GDPR and the relevant legislation for one or more of the following reasons:
A. Contract necessity
We process personal data to provide you with the services you have requested.
B. Legal obligation
There are cases where we process personal data to fulfill our obligations under the Law e.g. the Prevention and Suppression of Money Laundering and Terrorist Financing Law.
C. Legitimate interest
We process personal data in order to safeguard the legitimate interests pursued either by us or by our clients or other third party. Legitimate interest arises when we have a business or commercial justifiable reason to use your personal data, as long as this is necessary and is not done unfairly against your interests, rights and freedoms.
6. WHO WE SHARE YOUR PERSONAL DATA WITH
We do not share your personal data to third parties except in the below cases:
A. Courts, governmental and/or public authorities
After a court decision or due to compliance with the law.
B. External partners
In case of payments we may transfer personal data to the banks. In the event of a claim covered by insurance, we may transfer personal data to our insurer.
7. FOR HOW LONG WE RESERVE YOUR PERSONAL DATA
Your personal data will be stored throughout the duration of our contractual relationship. Upon termination of this relationship, we erase all relevant information after the lapse of 6 years, unless there is a justifiable reason not to do so.
In relation to applications for employment, we erase all relevant information 6 months after submitting an employment application.
As far as employees are concerned, we erase all relevant information 2 years after termination of employment.
8. YOUR DATA PROTECTION RIGHTS
Right to be informed. You have the right to be informed about the collection and use of your personal data.
Right of access. You may ask for a free copy of your personal data that is being used.
Right of rectification. You may ask to rectify inaccurate or incomplete personal data we hold in relation to you.
Right to erasure (right to be forgotten). You may ask us to delete your personal data where there is no justifiable reason for us to continue the processing.
Right to restrict processing. You can limit the purposes for which the processing is carried out.
Right to object to processing. You have the right to object to processing when we rely on a legitimate interest. In such a case we shall no longer continue to process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your rights and freedoms.
Right to data portability. You can also ask us to transfer your personal data directly to another business.
Right to withdraw consent. You may withdraw the consent you have given us at any time.
Right to report a complaint. If you have concerns about the way we use your personal data, you may contact our Data Protection Officer (DPO). You also have the right to lodge a complaint with the Commissioner of Personal Data Protection via the website http://www.dataprotection.gov.cy.
9. CONTACT DETAILS
f you wish to exercise any of the above rights, ask any question and/or receive additional clarifications concerning the way we use your personal data, you may contact us at firstname.lastname@example.org or at the postal address: 12, Chrysanthou Mylona Street, Harmonia Building Block 1, Office 15, 3030 Limassol.