TORWELL GROUP – PRIVACY NOTICE

This Data Protection Notice provides an overview of how and why personal data of physical persons are collected and processed by TORWELL LTD, Registration No. 355522 (referred to as ‘we’, ‘us’, ‘our’, ‘Torwell’, ‘Company’) and informs you about your rights under the relevant legal framework. 

In TORWELL we are committed to safeguarding the privacy and non-public personal data of our clients, collaborators, employees and associates, in accordance with the General Regulation on the Protection of Personal Data of the European Union (Regulation 2016/679, GDPR) (hereafter referred to as the “Regulation”) and the national law providing for the protection of natural persons with regard to the processing of personal data and for the free movement of such data (Law 125(I)/2018).

Please read our privacy practices carefully to understand our policies regarding your data and how we treat them, and do not hesitate to contact us for any questions at the following contact details:

Email: [email protected] 
Tel: +357 26911294 

1. DEFINITIONS

Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; 

Data Subject means the individual who is the subject of the relevant Personal Data. 

Personal Data means any data which identify or may identify a natural person (‘data subject’) and which may include, for example, your name, address, identification number, telephone number, date of birth, occupation, data concerning your health or family status.

Processing means the handling of your Personal Data by us in any way, including collecting, protecting, transmitting and storing your personal data.

Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Website means https://torwellgroup.com/  

2. THE ROLE OF THE COMPANY

According to the Regulation, the Company is the Data Controller for all Personal Data it collects, maintains and processes.

As a Processor, the Company shall process Personal Data as per the means and purposes defined by the Data Controller.

3. HOW WE COLLECT PERSONAL DATA

We obtain your personal data mainly through any information we receive:

• directly from you, through the use of enquiry and registration forms and every time you e-mail us your details or when you are an employee of the Company or a candidate for employment or when you provide services or goods to the Company
• through third parties in the standard course of the business we do in order to provide you with the service you requested.
• We use customer contact information from the registration form to contact the member when necessary and to provide regular information on TORWELL
• from our Website, upon your visit to our Website through the use of cookies. You can read our Cookie Policy at …………...

Our Website may contain links to other sites that are not operated by us. If you click on a third-party link, you will be directed to that third party’s site. We strongly advise you to review the Privacy Policy of every site you visit. We have no control over and assume no responsibility for the content, privacy policies or practices of any third-party sites or services.

Users may opt-out of receiving mailings by clicking on the unsubscribe button at the bottom of this page.

4.  WHAT DATA WE COLLECT

The personal data that we may collect or obtain may vary depending on the service that we may provide to you or the activity that you may participate in and may include data by which subjects may be identified or be considered as sensitive data.  

Personal Data that we collect, process and share, about you and, under certain circumstances, your spouse, civil partner, partner or dependents, may include, non-exhaustively, the following:

2. For Clients:

• Full Name
• Date of Birth
• Gender
• Marital Status
• Postal address (including billing and shipping addresses)
• Telephone number
• Email address
• Organization and job title or function
• Passport or ID Number
• Bank Account Details
• Images of the CCTV system we may have in our premises;
• Financial information such as payment details.
• Any other personal information that you choose to send us

3. For employees or collaborators:

• Basic details such as name, address, date of birth;
• Contact details (phone number, e-mail etc.);
• Curriculum vitae;
• ID number, social insurance number, IBAN number and other financial information;
• Images of the CCTV system we have installed in our premises.

4. For candidates for recruitment

• CV and cover letters that candidates may share with us.

5. For Website visitors

• Cookies 
• Information how the Website is accessed and used (“Usage Data”). This Usage Data may include information such as your computer’s Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.

5. WHY DO WE PROCESS YOUR PERSONAL DATA

We will process your personal data in accordance with the Regulation and the national legal framework for the following purposes: 

• To offer you a personalized service
• For the purposes of complying with the terms of a contract that we have with you 
• For conducting market research surveys.
• For marketing purposes, strictly subject to your explicit consent.
• For the purpose of compliance with our legal obligations based on the applicable legal framework 
• To enforce our terms and conditions
• For safeguarding legitimate interests pursued by us or by a third party, provided your interests and fundamental rights are not overridden by our interests. For example to manage human recourses, to maintain our accounts and records, to defend, investigate or prosecute legal claims, and to consult with external legal and/or tax consultants.
• For functionality and security purposes, namely to identify, prevent, and respond to actual or potential fraud and illegal activities, safeguard the security of our people, premises and assets and prevent trespassing through video surveillance.
• For customer care and management purposes, such as to provide you with notices about the provided services, and/or changes to any services we offer to you and also execute your payments;
• To assist in the general efforts to deal with extreme situations threatening public health, such as a pandemic.
• For any other purpose with your consent. You may withdraw your consent by submitting a relevant enquiry at [email protected] 
• without such withdrawal affecting any processing that was carried out prior to the effective date thereof.

We also use information in aggregate form (so that no individual user is identified):

• to build up marketing profiles
• to aid strategic development
• to audit usage of the website

None of our processes is based on automated decision-making, nor profiling.

6. WHERE DO WE DISCLOSE YOUR PERSONAL DATA

For the purposes of processing your Personal Data as described in this Policy, we may need to share your information with other parties outside the Company, as below stipulated, always subject to ensuring that such parties maintain appropriate measures to protect your Personal Data. 

• With our Affiliates in Cyprus and/or across the world, who may act as joint data controllers or data processors to the company which will be the data controller for your data when you obtain our services and/or may provide administration, controls and reporting services.
• Insurance companies;
• where required by our auditors and accountants, financial and business advisors, legal consultants; 
• with third parties providing services to us such as file storage, archiving and/or records management services.
• To our authorized service providers to whom we may have delegated part of the services that you have requested from us.
• Financial institutions such as banks, insurance and investment companies
• Tax authorities and regulators for reporting purposes
• Official authorities, courts, judicial bodies or other public bodies in order to establish or exercise our legal rights, to defend against legal claims, to comply with applicable law or cooperate with law enforcement, government or regulatory agencies, or to enforce our website terms and conditions or other agreements or policies or as otherwise required by law (including responding to any government or regulatory request). 

• To the extent a disclosure is necessary in connection with efforts to investigate, prevent, report or take other action regarding illegal activity, suspected fraud or other wrongdoing; to protect and defend the rights, property or safety of our company, our employees, or others and maintain and protect the security and integrity of our infrastructure.
• other third parties as may be required by law
• To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation or similar proceeding, in which personal information held by is among the assets transferred.
• To any other party for the purposes described in this Privacy Policy, provided that your consent has been obtained.

7. HOW WE STORE YOUR PERSONAL DATA

The Personal Data that we collect will be stored and processed in Cyprus and/or within the European Union.

8. FOR HOW LONG DO WE RETAIN YOUR PERSONAL DATA

The retention period for which we keep your Personal Data varies and is determined based on the type of record, nature of the services provided, nature of our legal obligations and claims. 

We shall store your non-public Personal Data for a retention period which does not exceed 10 years from the date of termination/ completion of the purposes for which it was collected.

CCTV records are kept for six (6) months after they have been recorded.

For prospective employees’ we shall keep personal data for six (6) months from the date of notification of the rejection of your application or from the date of withdrawal of such application

To the extent we have collected your Personal Data for purposes of provision of services, customer management, and customization of content as described above, we keep your Personal Data for as long as you are associated with us, as needed to provide you with our respective services and in compliance with relevant laws of Cyprus.

Notwithstanding the above, the above retention period may be extended in certain cases to enable us to use the data for defending potential legal claims, taking into account the applicable limitation periods under relevant laws, as well as, if applicable, to comply with Anti-Money Laundering/KYC laws and regulations, Anti-Bribery/Corruption Laws and regulations, accounting and tax laws, applicable to certain jurisdictions which we operate in.

Any personal data collected under the lawful basis of the consent, such as contact details for communication purposes will be deleted when you withdraw your consent by sending a relevant enquiry at [email protected] 

9. HOW WE PROTECT YOUR PERSONAL DATA

Your Personal Data may be kept by the Company in different formats such as:

• hard copies (i.e. forms that you fill out, notes, documents you may have delivered to us);

• digital copies (i.e. hard copies that are scanned into our systems);
• electronic copies (i.e. when we input information about you directly on our computers)

The security of your Personal Data is important to us, but remember that no method of transmission especially over the Internet, or method of storage is 100% secure. While we strive to use commercially acceptable means and take appropriate security technical and organizational measures (including physical, electronic and procedural measures) to safeguard your Personal Data from unauthorized access, unlawful use, intervention, modification or disclosure under the requirements of the Regulation, we cannot guarantee absolute security.

For example:

• only authorized employees are permitted to access Personal Data, and they may do so only for permitted business functions.
• We provide constant education and training to our staff on Data Protection awareness and especially when managing and processing personal data
• We are implementing up to date technological measures, i.e. firewalls and encryption procedures and anti-malware processes to prevent decoding by unauthorized persons and reduce the risk of a data breach.

10. YOUR RIGHTS 

As a Data Subject you have certain rights under the GDPR in regard to your Personal Data (these rights are not absolute and, in some cases, they are subjected to conditions as defined by Law), as follows:

• Right to Access Information

You have at all times the right to obtain confirmation from the Company as to whether or not any Personal Data concerning you are being processed, and, where that is the case, access to the personal data. To obtain such information please contact us at [email protected] 

Upon request, we can send you one electronic copy of the Personal Data we hold, concerning you, via email, without any charge. The Company retains the right to charge a reasonable fee in the event of repetitive or excessive requests.

• Right to rectification 

You have the right to obtain rectification of inaccurate Personal Data about you as well as to have incomplete personal data completed, including by means of providing a supplementary statement.

• Right to erasure

You have the right to request erasure of your Personal Data where:

• Your Personal Data are no longer necessary in relation to the purposes for which they were collected.
• If the processing is based on your consent and you have withdrawn this consent 
• Your Personal Data has been unlawfully processed.
• Your personal data have to be erased for compliance with a legal obligation in Union or Member State law to which we are subject.

• Right to restriction of processing

You have the right to restrict our use of the your Personal Data, where the following reasons apply, unless there are compelling legitimate reasons for processing that override your interests, rights and freedoms:

• You contest the accuracy of the personal data we hold until we verify the accuracy of such personal data.
• The processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead.
• we no longer need your personal data for the purposes stated in this Privacy Policy, but you require it for the establishment, exercising or defending of legal claims or you have objected to our processing pending the verification whether the legitimate grounds of our processing activities overrode those pertaining to you.

• Right to object

You have the right to object at any time, to the processing of your Personal Data, on grounds related to your particular situation unless there are compelling legitimate reasons for processing that override your interests, rights and freedoms. In order to submit an objection, please contact us via email at [email protected] 

• Right to Data Portability 

You have the right to request the transfer of your Personal Data, that you have provided to the Company. These data will be given to you in a format that is structured, widely used and machine readable and, in certain cases you may also have the right to request for us to send the Data to another organization, provided that such a transfer is technically feasible.

If you have any questions in regard to the kind of personal data we hold for you, or if you want to exercise any of your personal data rights, please send a written request to [email protected] or to the postal address provided at the bottom of this Privacy Policy. However, we reserve the right to reject any requests for access or for imposing restrictions or other claims if required or permitted by the law.

11. MISCELLANEOUS

• Changes to Our Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page.

Although we may attempt to notify you when major changes are made to this privacy policy, you are expected to periodically review the most up-to-date version found at our Website  https://torwellgroup.com/ so you are aware of any changes, as they are binding on you.

• No Error Free Performance

We do not guarantee error-free performance under this Privacy Policy. We will use all reasonable efforts to comply with this Privacy Policy and shall take immediate rectification actions when we face a breach of this Privacy Policy. We shall not be liable for any incidental, consequential or punitive damages relating to a breach of this Privacy Policy. 

• Children’s Privacy

Our Website does not address anyone under the age of 18 (“Children”).

We do not knowingly collect personally identifiable information from anyone under the age of 18. If you are a parent or guardian and you are aware that your Children has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from children without verification of parental consent, we take steps to remove that information from our servers.

• Contact Us

If you have any questions about this Privacy Policy, please contact us by visiting this page on our website.

• Complaints

If you feel that your concerns in regard to the use of your personal data or any of your data protection rights have not been addressed by us, you have the right to contact us at [email protected] 

and submit a complaint. 

You also have the right to submit a complaint with the Personal Data Protection Commissioner’s Office at http://www.dataprotection.gov.cy.