1. Customer Data
CYTACOM collects customer data for providing and operating integrated electronic communication solutions and/or products requested by the customer. Customer’s data includes the customer’s (natural person) name, address, telephone number(s), contact number, email address, billing address. This data is processed by CYTACOM throughout the validity period of the customer’s contract in order to deal with customers’ services and products, customer’s billing, customer’s complaints and/or requests and/or enquiries, or fraud related matters.
The following data is not erased:
(a) Data maintained for law enforcement purposes when lawfully requested to do so by a Court of law (Law 183(I)/2007),
(b) Data maintained for the purposes of taxation legislation (Law 95(I)/2000 and Law 4/1978), which are maintained for a period of six (6) years,
(c) Data processed for the purposes of legitimate interest (e.g an action against a customer), which are maintained until the legitimate purpose is completed
(d) Payment information referring to SEPA Direct Debit payments and information referring to the corresponding invoices settled which shall be maintained for a period of thirteen (13) months as per the SEPA rules.
2. Traffic and Billing data
CYTACOM processes traffic and billing data for the purposes of providing services and/or products to its customers, for billing purposes to comply with CYTACOM’s legal obligations. This data includes products (software or hardware) ordered, recipient’s telephone numbers for sending a text message, date and time of a text message and email addresses of the customer. Furthermore, CYTACOM takes all necessary steps to safeguard the confidentiality, integrity and availability of its products and services etc. Traffic data is stored by CYTACOM for a period of six (6) months as provided by law. After the lapse of the six (6) month period this data is erased.
The following data is not erased:
(a) Data maintained for law enforcement purposes when lawfully requested to do so by a Court of law (Law 183(I)/2007) and
(b) Data processed for the purposes of legitimate interest (e.g an action against a customer), which are maintained until the purpose is completed.
CYTACOM does not intercept or monitor the content of the customer’s sms’s.
CYTACOM uses customer data, traffic and billing data for promoting similar services to the services ordered by the customers. These promotions shall be posted online or shall be in the form of posts, via apps, via email or by phone. When a customer orders a service or a product from CYTACOM he/she will be requested to choose if he/she wishes to be contacted for other marketing purposes such as campaigns of CYTACOM. Customers may object to such promotions at any time by contacting CYTACOM at 70006000.
4. Mobile Applications and Internet Applications
CYTACOM customers or users who download any CYTACOM mobile or internet applications (“apps”) are requested to verify their account details (where applicable). In this case, CYTACOM shall process their their IP numbers, any websites visited (where applicable) and the customers’ spending amount for billing purposes or for providing the services requested by the customer. Furthermore when a mobile or internet app creates a profile on customer’s preferences, customers shall be informed about it before downloading such an app and shall have the right to object to any future profiling.
5. Cookies Policy
6. General Customers’ Rights According to European Regulation 2016/679, (“GDPR”) as from 25/5/2018
6.1 Right of Access
Customers may be informed in more detail about the Personal Data CYTACOM processes about them by submitting an application form at CYTACOM offices or by visiting CYTACOM’s Privacy page at www.cytacom.com/privacy-policy. The right of access is subject to the provisions of the Cyprus data protection legislation, and the authentication of the legal customer.
6.2 Right to Erasure (“Right to be Forgotten”)
Customers may request the erasure any of their Personal Data that is no longer necessary for CYTACOM’s purposes by submitting an application at CYTACOM’s offices or by visiting CYTACOM’s Privacy page at www.cytacom.com/privacy-policy .The right to erasure is subject to the provisions of the Cyprus data protection legislation and the authentication of the legal customer.
6.3 Data Portability
Customers may exercise the right to data portability by submitting an application form at CYTACOM’s offices. Data portability is subject to the provisions of the Cyprus data protection legislation and the authentication of the legal customer.
6.4 Right of Updating, Rectification or Minimization of Personal Data
Customers may update their Personal Data or request the correction of any inaccurate Personal Data or data minimization, by submitting an application form at CYTACOM offices. These rights are subject to the provisions of the Cyprus data protection legislation and the authentication of the legal customer.
7. Business Products and Confidentiality
Personal Data is data related to a natural person. However, some of CYTACOM’s business products designed for business customers (companies, enterprises, public authorities, governmental departments etc), such as web development services, may contractually (through the terms and conditions of the service) give CYTACOM the right to undertake the storing and/or otherwise the processing of Personal Data related to natural persons on behalf of the business customer and upon the business customer’s written instructions. In such a case the business customer remains the Data Controller of its Personal Data and CYTACOM acts only as a Processor of this Personal Data. CYTACOM as a Processor is committed to maintain the confidentiality of this Personal Data subject to the business customers’ instructions, the terms and conditions of the service ordered.
8. Duration of Personal Data Storage
CYTACOM stores customers’ Personal Data for as long as mandated by the Laws of the Republic of Cyprus and/or throughout the validity period of the customer’s contract. Certain Personal Data may be stored after the termination of the customer’s contract according to the provisions of the applicable Cyprus legislation (paragraphs 1 and 2 above).
9. Transfers Outside the EU (European Union) and/or the EEA (European Economic Area)
Customers are informed that certain CYTACOM suppliers, subcontractors and product partners are based outside the EU and/or the EEA. These partners are contractually committed to CYTACOM to provide appropriate security safeguards, to maintain the confidentiality of CYTACOM’s and CYTACOM’s customers’ Personal Data and are subject to the obligations of the GDPR (Articles 44 and 45).
10. CYTACOM contact information/Complaints
11.1 “Controller”: means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State Law.
11.2 “Personal Data”: means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
11.3 “Processing”: means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
11.4 “Processor”: means a natural or legal person, public authority, agency or other body which processes Personal Data on behalf of the Controller.