This Privacy Notice sets out how BOLTON TECHNOLOGIES LIMITED (the “Company”), as a data controller, processes data of persons visiting our premises, whether on individuals (including personal data in respect of individuals who are clients, intermediaries or other third parties that the Company interacts with, or any individual who is connected to those parties) or otherwise. Where the data held are on individuals, this document also sets out the rights of those individuals in respect of that personal data.
This Privacy Notice has been prepared in accordance with the provisions of the EU General Data Protection Regulation (“GDPR”).
Any questions relating to this Privacy Notice or requests in respect of personal data should be directed to email@example.com
Who we are?
Bolton Technologies expertly provides an array of services that enable organizations operating in a number of different industries to perform as competitively as possible. A solid technology foundation, whether in terms of digital services or physical infrastructure, is the cornerstone for a Company’s longevity, adaptability and innovation. We possess both the vision and expertise to provide clients with solutions that fit their specific needs and help them throughout the implementation process as well as with any support services that may be needed after the project had reached the final segment of its implementation cycle.
Our Company strives to protect personal data and apply high standards of conduct when it comes to privacy issues. We ensure that we provide our employees and staff with the appropriate training in order to handle personal data promptly and in accordance with the laws. Furthermore, we endeavor to ensure that any parties with whom we co-operate apply the same high standards when it comes to data protection and privacy as we do.
What data do we hold?
The Company processes data in the context of mainly for security purposes. The categories of data we may collect and process, according to the particulars of each case, include:
- Identity and Contact details (including full name, postal and mailing addresses, email addresses and telephone numbers);
- Meetings attended and visits to our offices including attendance time;
- Image through CCTV monitoring;
- Any other information you may provide to us.
Important notice on Special Category Data
In certain instances, the personal data we process may include “Special Category Data” (which includes information on a person’s race, ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic or biometric data processed for the purpose of uniquely identifying a natural person, health data, data on a person’s sex life or sexual orientation or data relating to a person’s criminal record or alleged criminal activity). In such instances, legal bases for processing that data may include explicit consent (where the Special Category Data has been provided to the Company by the data subject for any of the above-listed purposes) or the processing is being necessary for compliance with a legal obligation or for the purposes of legal proceedings or legal advice.
Purpose of the Collection
We collect your personal data mainly for security purposes and generally for the following purposes:
a) Performance of contract;
b) Pursuing a legitimate interest;
We do not collect, and we do not use any personal data other than that specifically mentioned above without your explicit consent unless you ask us to do so.
You do not have an obligation to provide us with your personal data, but if you don’t, we will not be able to provide you with our services or allow access to our premises.
We don’t use automated decision-making processes or profiling while processing your personal data.
Why do we need them?
The Company ensures that the data collected and processed is relevant to one or more processing activities and that the Company does not collect or process more or less data than what is reasonably required for achieving the purpose of each processing activity. Furthermore, for each purpose of processing there is always at least one lawful basis to secure that the rights of individuals are safeguarded by all means. The purposes of processing and the lawful basis of each processing activity are the following:
- To carry out our obligations as a result of any contract entered into between you and us and to provide you with the information and services that you request from us;
- For identity verification and record and for maintaining lists of visitors for incident management and security control;
- To ensure the security of the Company’s system, staff and premises (including the use of CCTV equipment);
- To follow up on comments, enquiries and complaints
- As part of our efforts to keep our products and/or services safe and secure;
- to ensure the effective operation of software and IT services procured by us (including disaster recovery);
- Any other purpose(s) which has been agreed by or notified to you.
For further information on the use and storage of your data, please contact us at firstname.lastname@example.org.
Sources and Recipients of data
The sources of data may include clients, intermediaries, data subjects directly, third parties connected to the data subject (for example, their employer or another service provider who provides services to the data subject) or open-source material.
Reasonable endeavours are made to ensure that data is only accessible by those with a need for access to fulfil the purposes set out above. Requests for access to be restricted in any particular manner should be made to email@example.com and will be considered and, where possible with reference to legal and regulatory obligations, actioned.
The following is a list of potential recipients of data (in each case including respective employees, directors and officers):
- employees of the Company;
- IT Support and Maintenance Department of Bolton Technologies
- any sub-contractors, agents or service providers of the Company;
- courts or tribunals;
- law enforcement agencies where considered necessary for the Company to fulfil legal obligations applicable to it;
- any registrar of a public register where the data is to be included in a public registry.
Unless expressly declared in this Privacy Notice or with the prior consent of the individual, personal data collected from an individual will not be disclosed to any third party other than the above-named parties.
Where the Company is entering into an engagement with a third party pursuant to which data may be processed by that third party, we will seek to enter into an agreement with that third party setting out the respective obligations of each party and we will seek to be reasonably satisfied that the third party has measures in place equal to those of the Company to protect data against unauthorised or accidental use, access, disclosure, damage, loss or destruction.
In the event that any such third party is outside of the European Union and where the data being transferred would include personal data which would be protected under applicable Data Protection regulation, we will ensure we meet the relevant requirements of that Data Protection regulation prior to carrying out any such transfer. This may include only transferring the data where we are satisfied that:
- the non-European Union country has Data Protection laws similar to the laws in the European Union;
- the recipient has agreed through contract to protect the information in the same Data Protection standards as the European Union;
- we have obtained consent from relevant data subjects to the transfer;
- if transferred to the United States of America, the transfer will be to organizations that are part of the Privacy Shield.
Rights of Data subjects
Data subjects in the European Union (or any jurisdiction with equivalent legislation to the European Union General Data Protection Regulation) have certain rights in respect of their personal data. Any such data subject wishing to exercise any rights under applicable data protection laws (including the right to withdraw any consent to processing previously given; the right of access to data; or to have data corrected, updated, rectified or erased; or for access to data to be restricted or provided to any third party; or to object to any particular processing; or to lodge a complaint with the relevant supervisory authority; or the right o data portability) should send the request in the first instance to firstname.lastname@example.org.
In response to such requests, the Company reserves the right to require the individual making the request to provide certain details about himself/herself so that the Company can validate that the individual is indeed the person whom the data refers to. The Company is required to respond to the request of the individual within 40 days and it will endeavour to do so wherever possible. The Company reserves the right to charge a reasonable fee to cover any expenses that may arise from the request.
In any case in which a data subject chooses not to provide any personal data, or where any of the rights set out above are exercised to limit the processing of personal data, the Company may be unable to provide relevant services, or there may be restrictions on the services which can be provided.
Retention of data
The Company retains personal data in accordance with the Data Retention Policy. Any personal data provided to the Company is kept for as long as it is necessary to fulfil the purposes for which the data was collected. After the fulfilment of the purposes for which the personal data was collected, such data will be destroyed, unless destruction is prohibited for legal, regulatory or technical reasons.
Any requests for further information in relation to the continued processing of specific data and requests for destruction of data should be made to email@example.com. For more details relating to the retention and destruction processes of the Company, please contact firstname.lastname@example.org
Use of Personal Data in Legal Proceedings
If it becomes necessary that we have to take action against you for any reason whatsoever, including but not limited to recovering from you any money you owe to us, you expressly agree that the personal data provided by you can be relied upon in identifying and taking legal action against you.
Changes to this Privacy Notice
We keep this Privacy Notice under review in order to ensure that it in line with any changes to the laws relating to privacy and personal data. Any updates will appear on our website at www.bts.com.cy.
This Privacy Notice was last updated on 10 May 2018.
The Company has a Data Protection Officer and all enquiries in respect of this Privacy Notice or any requests to exercise any of the rights set out above should be directed to email@example.com or by post at: Bolton Technologies Limited, Neocleous House, 195 Makarios III Avenue, Limassol, Cyprus.