03 March 2023

Privacy information on the protection of personal data

In connection with the application from 25 May 2018, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter: "GDPR"), we provide you with the following information on how the way we process personal data of contractors, as well as the rights related to processing of this data.

The provision of your personal data is voluntary, but necessary to short-circuit and execution of the contract. If you do not provide this data, the conclusion and execution of the contract is no way. In the remaining scope, your personal data may be processed for on the basis of other conditions for the admissibility of processing specified in Article 6 of the GDPR.

1. PERSONAL DATA ADMINISTRATOR

The administrator of your personal data is COFIX Global Ltd. with its registered office in 56 Stavrou Avenue, Karyatis Centre,  office 107, 2035 Strovolos, Nicosia, Cyprus (hereinafter referred to as: "Administrator").

You can contact the Administrator in the following ways:

  • a) e-mail address: info@cofix.global;

  • b) correspondence address: 56 Stavrou Avenue, Karyatis Centre, office 107, 2035 Strovolos, Nicosia, Cyprus;

2. PURPOSES AND BASIS OF DATA PROCESSING

The Administrator processes your personal data for the following purposes:

  • replies to inquiries, presentation of offers, direct marketing of own services and products,

  • transmission of commercial information by electronic and telephone, conclusion and execution of the contract, fulfillment of legal and tax obligations, defense against claims and to investigate possible claims.

The legal basis for the processing of your personal data is art. 6 (1) lit. (b) and (f) GDPR and other legal acts.

The legitimate interest of the administrator is the processing of data within the framework of the relationship with the contractor and the processing of personal data for direct marketing purposes own products and services.

3. RECIPIENTS OF PERSONAL DATA

In connection with the processing of data for the above purposes, your personal data may be made available to other data processors on behalf of the Administrator, in particular in the field of IT, legal, HR, accounting, personal protection and property or protection of personal data, as well as by entities to which the Administrator makes personal data available on the basis of legal provisions, in particular to law enforcement authorities, supervisory and tax authorities.

The Administrator does not transfer your data outside the European Economic Area, nor to international organizations.


4. DATA RETENTION PERIOD

Your personal data will be processed for the period necessary for the execution of the contract and for the period required by applicable law after its expiration, in inches to archive data or to protect against and pursue claims.


5. RIGHTS RELATED TO DATA PROCESSING

In connection with the processing by the Administrator of your personal data, you have the right:

a) right of access to data content (Article 15 of the GDPR)

This is the right to obtain confirmation from the Administrator whether you are processing personal data and the right to access these data (including obtaining them copy), and in particular to the following information: (i) the purposes of the processing your personal data, (ii) the categories of personal data processed, (iii) information about the recipients or categories of recipients to whom the Administrator has disclosed your personal data or to whom you intend to disclose this data, (iv) the possibility of exercise of rights in the field of personal data protection and how to implement these rights, (v) the right to lodge a complaint with a supervisory authority, (vi) profiling, and the consequences of such processing for you.

b) right to rectification (Article 16 of the GDPR)

This is the right to demand from the Administrator an immediate rectification of your personal data that are incorrect and to request completion incomplete personal data.

c) right to erasure (Article 17 of the GDPR)

This is the right to request from the Administrator the immediate removal of your personal data (also called the "right to be forgotten").

In such a situation, the Administrator is obliged to delete your personal data, under provided that one of the following conditions is met: (i) the personal data are not is no longer necessary for the purposes for which it was collected, (ii) the consent on which it is based has been withdrawn and the Administrator has no other legal basis for the processing, (iii) the personal data have been processed unlawfully, (iv) the personal data must be removed to comply with a legal obligation.

It is not possible to exercise the right to delete personal data if:

The Administrator is obliged under the law to further processing of personal data to the extent specified by the relevant legislation rights or for the purposes necessary to establish, exercise or defend claims.

d) right to restriction of data processing (Article 18 of the GDPR)

This is the right to request the Administrator to restrict the processing of your personal data in the following cases when: (i) you dispute the accuracy of the personal data processed by the Administrator, (ii) the processing of your personal data is unlawful and has been objected to delete your personal data, (iii) The Administrator no longer needs your personal data, but you need them to establish, investigate or defense against of claims.

In case of exercising the right to restrict the processing of personal data,The Administrator may process your personal data, except for their storage, solely with your consent or for the purpose of determining, investigating or for the defense against of claims or for the protection of the rights of another natural or legal person, or for important reasons of public interest.

e) right to object to data processing (Article 21 of the GDPR)

You have the right to object to the processing at any time data based on the legitimate interest of the Administrator (i.e., on the basis of Article 6 (1) (b) (f) of the GDPR). In this case, the Administrator will no longer be able to process data for these purposes, unless there are valid legitimate grounds or data they are needed by the Administrator to pursue claims.

The right to object to data processing does not apply in where:

(i) the processing of personal data is based on consent – in such a situation, however, you can withdraw your consent, (ii) the data processing is necessary for the performance of the contract to which you are a party,

(iii) the processing is necessary for the Administrator to fulfill a legal obligation.

f) right to data portability (Article 20 of the GDPR)

It is a right to receive in a structured, commonly used format the personal data provided to the Administrator by you and request the transfer of this personal data to another data controller, if there is technically possible. This right applies if the data are processed in connection with a deal.


6. MANNER OF EXERCISING RIGHTS

You are entitled to report the exercise of your rights referred to in point 5 as follows: 

a) e-mail address: info@cofix.global;

b) correspondence address: 56 Stavrou Avenue, Karyatis Centre,  office 107, 2035 Strovolos, Nicosia;


7. COMPLAINT TO A SUPERVISORY AUTHORITY

In cases of recognition that the processing of your personal data by the Administrator violates the provisions of the GDPR, you have the right to file a complaint with the supervisory authority, i.e., the Office of Commissioner for Personal Data Protection to the address of the authority, i.e., P.O.Box 23378, 1682 Nicosia, Cyprus.


8. AUTOMATED DATA PROCESSING

The Administrator does not take decisions concerning you an automated manner purely, based on profiling in particular.


Cyprus, 2023