D.A. BLUE ORANGE PROPERTY MANAGEMENT SERVICES LTD (the “Company”) takes the privacy of every person seriously. We are committed to safeguarding the privacy and non-public personal data of our users, clients, employees and associates, in accordance with European and International practices for privacy and data protection.
The General Data Protect Regulation – GDPR, regulation 2016/679 of the European Parliament and Council of the 27 April 2016 (hereinafter referred to as the “GDPR”), as well as the Law 125/I/2018 of the Republic of Cyprus have recently been implemented and provides more strict guidelines to further enhance the data protection policies that the corporations who act as data controllers are following and more rights to individuals over how information about them is stored and used by organisations.
This policy applies where the Company is acting as data controller for non-public personal data, as per the provisions of the GDPR and the National Law.
If you have legal interest in any matter relevant to the present policy or would like to contact our Data Protection Officer, please send us an email on firstname.lastname@example.org.
Our website incorporates privacy controls which affect how we will process your personal data. By using the privacy controls, you can specify whether you would like to receive direct marketing communications and limit the publication of your information.
- THE COMPANY
The Company is constituted and operate in the Republic of Cyprus in the property management sector.
Your non-public personal data is controlled by D.A. BLUE ORANGE PROPERTY MANAGEMENT SERVICES LTD, a company duly incorporated under the laws of Republic of Cyprus, with registration number HE 35684.
Depending on the services requested by you, your information is accessible to all group entities and processed by any one or more of such group entities.
The Company and its Affiliates adhere to appropriate safeguards in line with GDPR for the processing of non-public personal data.
- DATA SUBJECTS
As a Controller we collect limited information and only in case it is necessary (if there is a legal basis) to do so. We collect information by:
- Any person interested on our services and or communicating with us on his/her own initiative.
- Our clients /and or under certain circumstances people directly connected with you as a client or people designated by you.
- Clients of our business collaborators in the real estate sector.
- Suppliers or service providers or third parties acting on behalf of our business collaborators.
- Our staff or persons interested to be employed by us (candidates).
- Visitors of our web-site or when connected with our Wi-Fi.
3. WHAT DATA DO WE COLLECT
Depending on the nature of services you require from us, the non-public personal data that we may collect about you and, under certain circumstances, your spouse, civil partner, partner or dependants is information that identifies you as an individual, and it may non-exhaustively include the following:
- Full Name
- Date of Birth
- Marital Status
- Postal address (including billing and shipping addresses)
- Telephone number
- Email address
- Organization and job title or function
- Passport or ID Number
- Criminal Record only when the processing is authorised by the Laws of the Republic of Cyprus
- Bank Account Details and depending the situation full credit or debit card details
- TAX identification numbers
- Login ID or password for access to certain content on our websites
- Terms and amounts of our agreements
- Your requests or suggestions and /or problems occurred
- Any other personal information that you choose to send us
We collect personal information from you through the use of enquiry and registration forms and every time you e-mail us your details.
We also collect information automatically about your visit to our site. The information obtained in this way, which includes demographic data and browsing patterns, is only used in aggregate form.
We use your IP address to help diagnose problems with our server, and to administer our web site.
We use customer contact information from the registration form to contact the member when necessary and to provide regular information on the Company.
From our employees we collect more personal data to follow our obligations. Our employees are internally informed about this through specific information.
4. HOW WE COLLECT INFORMATION
- Information given by you
We collect personal information from you through the use of enquiry and registration forms and every time you e-mail us your details.
- Information collected from our website
- Information on the basis of carrying out a contract /
- Other Sources
We collect personal information through your advisors, agents or other third parties in the standard course of our business only for the purposes of providing you certain services that you have requested and under the legal basis of carrying out our contract responsibilities.
- Through the Wi-Fi
We collect some information when you are connected with our Wi-Fi and specifically IP address, Mac address, Device Name, Wi-Fi Access Point that does not is saved and it is not retained after de-connection.
5. PURPOSE OF COLLECTING PERSONAL INFORMATION
We may use the non-public personal information we collect for several purposes as described below:
- For providing a personalized service.
- For the purposes of complying with the terms of a contract that we have with you or with any other third party without compromising your rights and interests.
- To protect our legitimate interests or those of a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data.
- For conducting market research surveys.
- For marketing purposes, strictly subject to your explicit consent.
- To comply with any laws and regulations or other legal obligations to which we are subject.
- For providing you with information about products and services we offer.
- To detect, prevent, and respond to actual or potential fraud, illegal activities, or intellectual property infringement.
- We also use information in aggregate form (so that no individual user is identified):
- To build up marketing profiles
- To aid strategic development
- To audit usage of the site
Except for the purposes mentioned above, we may collect non-public personal information for any other legal purpose, provided your explicit consent has been obtained.
DISCLOSURE OF NON-PUBLIC PERSONAL INFORMATION
The Controller respects all Principles relating to processing of personal data as referred to Article 5 of the GDPR.
Depending on the services you request from the Company and provided your consent has been obtained, we may disclose the non-public personal information that we collect as described below:
- With our Affiliates in Cyprus who may act as joint data controllers or data processors to the company which will be the data controller for your data when you obtain our services and/or may provide administration, controls and reporting services.
- Professional advisors such as lawyers, accountants, auditors, financial advisors and training organisations only for the absolutely necessary part of data.
- Financial institutions such as banks and insurance.
- Tax authorities and regulators for reporting purposes
- Governmental agencies or entities, regulatory authorities or other persons in line with any applicable law, regulations, court order or official request.
- To our authorized service providers to whom we may have delegated part of the services that you have requested from us.
7. STORAGE OF NON-PUBLIC PERSONAL DATA
The non-public personal data that we collect, will be stored and processed in Cyprus.
We store personal data for as long as required by the respective processing purpose and any other permitted linked purpose. Data collected on the basis of contractual and legal obligations shall be retained after the expiry of the contractual and legal obligations as provided by the relevant institutional framework.
Bid data not leading to a cooperation agreement as well as personal data you send us as candidates shall be kept 1 year.
Specifically for the personal data we process based on your consent (eg for marketing purposes), this is kept from obtaining the consent and until it is revoked.
Please visit our cookies policy to be informed about cookies storage and the way you may change the settings in your browser according your preferences.
Notwithstanding the above, the above retention period may be extended in certain cases to enable us to use the data for defending potential legal claims, taking into account the applicable limitation periods under relevant laws, as well as, if applicable, to comply with Anti-Money Laundering/KYC laws and regulations, Anti-Bribery/Corruption Laws and regulations, accounting and tax laws, applicable to certain jurisdictions which we operate in.
In an effort to minimize the non-public personal data we collect which may identify you, we anonymize the data in the cases where it is no longer necessary to identify you from the data we hold.
As a data subject you have certain rights under the GDPR, as follows:
- Right to be informed
Through the present policy we answer this particular right. You may also ask our policy in a written form by contacting us in the contact details provided hereafter.
- Right to Access Information
You have at all times the right to obtain confirmation from the Company as to whether or not any non-public personal data concerning you are being processed, and, where that is the case, access to the personal data. To obtain such information please contact us at email@example.com .
Upon request, we can send you one electronic copy of the personal data we hold, concerning you, via email, without any charge. The Company retains the right to charge a reasonable fee in the event of repetitive or excessive requests.
- Right to rectification
You have the right to obtain rectification of inaccurate personal data about you as well as to have incomplete personal data completed, including by means of providing a supplementary statement.
- Right to erasure
You have the right to obtain erasure of personal data we have concerning you when your personal data is no longer required where:
- Your non-public personal data are no longer necessary in relation to the purposes for which they were collected.
- you withdraw your consent to us processing your personal data;
- Your personal data has been unlawfully processed.
- Your personal data have to be erased for compliance with a legal obligation in Union or Member State law to which we are subject.
- You contest the accuracy of the personal data we hold until we verify the accuracy of such personal data.
- The processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead.
- Right to object
You have the right to object at any time, to the processing of personal data concerning you, on grounds related to your particular situation as well as to the processing of personal data for marketing purposes. In order to submit an objection, please contact us via email at firstname.lastname@example.org.
We will consider any requests or complaints which we receive and provide you with a response in a timely manner. If you are not satisfied with our response, you may take your complaint to the Data Protection Commissioner Office, the Republic of Cyprus’ supervisory authority at:
1 Iasonos Street,
1082 Nicosia, Cyprus
Tel.: +357 22 818 456
Fax: +357 22 304565
If you are applying for a job in the Company, the collection and use of your non-public personal data shall be governed by a separate policy, which you can obtain by our Data Protection Officer.
- TECHNICAL AND ORGANISATIONAL MEASURES
We have taken reasonable technical and organizational measures to the extent practicable to protect the data we collect, especially with regards to special categories of personal data.
We follow international standards and practices to ensure the security of our network.
We ensure that your personal data are subject to a safe and legal processing through the implementation of policies and the development and implementation of procedures.
For example, the following safety measures are taken for the protection of personal data against undue or other unauthorized processing:
- Our premises are secured by taking reasonable measures.
- Access to personal data is restricted to a specific number of authorized persons, for the specified purposes and any required transfer of data is done through secured procedures.
- Our personnel is bound by confidentiality rules, having restricted access (role-based) to necessary data only.
- For the special categories of personal data, there is only authorized electronic access. Additionally, such data are filed in locked cabinets where only authorized individuals can access.
- We choose reliable collaborates who commit in writing according to the provisions of article 28 of the GDPR, with the same obligations regarding the protection of personal data. We also retain an auditing right over such, according to Article 28, para 3, point (h).
- In computer systems used for the processing of personal data, all technical measures shall be taken to the extent practicable to prevent unauthorized access or other processing.
In addition, access to the said συστήματα πληροφορικής, is monitored on o permanent basis, in order to detect and prevent illegal processing or use at an early stage.
Although it cannot be guaranteed that the movement of data through the internet or a website shall be protected from cyberattacks, we work towards retaining physical, electronic and procedural safety measures for the protection of your data.
Some of the measures taken are not announced for obvious reasons.
In the event of a violation of the security and integrity of personal data held by us, the Company will take the following measures (in accordance with Articles 33 and 34 of the Regulation):
- Examine and evaluate the procedures needed to limit the violation.
- Assess the risk and its impact on the rights and freedoms of data subjects.
- Will try to reduce the potential damage that may or may be caused.
- Notify the Office of the Commissioner for Personal Data Protection within 72 hours, as soon as it becomes aware of the violation, if necessary.
- It will immediately notify the Commissioner for personal data protection if the Company is the Processor.
- Assess the impact on privacy and take appropriate measures to avoid a repeat of the violation.
Such modifications or updates will appear on this page and may be notified to you via email however you are expected to visit our website periodically and be updated about any changes.
13. NO ERROR FREE PERFORMANCE
14. CONTACT US