INFORMATION MEMORANDUM

 

 

 CONTENTS

 

 

  1. What is the purpose of this document?

  2. What is personal data?

  3. What is a Data Subject?

  4. What is defined as processing?

  5. Who is responsible for processing my personal data?

  6. How can I contact the data controller?

  7. What categories of personal data will be processed?

  8. On what legal basis will personal data be processed?

  9. For what purpose will my personal data be processed?

  10. Where will my personal data be stored?

  11. Apart from The Company, who will have access to my personal data?

  12. Will my personal data be transferred outside the Cyprus?

  13. How long will my personal data be stored by your company?

  14. What are my rights in connection with the processing of personal data?

  15. How can I exercise my rights?

  16. What should I do if I suspect that my personal data has been processed in violation of the law, or the General Data Protection Regulation?

  17. Does the processing of my personal data involve automated decision-making, including profiling?

 

 1) What is the purpose of this document?

 

The purpose of this document is to provide you with information about the terms under which your personal data will be processed.

 

This memorandum applies to you if you are

 

  • Job applicant for a Company position

  • Employee of the Company;

  • Business partner and affiliate of the Company

  • Client of the Company

 

of BRIDGE GLOBAL SOLUTIONS SERVICES LIMITED, based at Klimentos 41-43, KLIMENTOS TOWER, Flat/Office 21, P.C. 1061, Nicosia, Cyprus, Registration No.: HE 131634 (“Company”):

 

Elsewhere in the text if this memorandum uses the term “us”, this term refers to the Company.

 

2) What is “Personal Data”?

 

Personal Data is any information which in itself or with other information may directly or indirectly result in the identification of data subjects. Personal data includes first name and surname, if stated together with the address. Information is not classed as personal data if a disproportionate amount of time, effort and material resources is needed to determine the identity of data subject.

 

  1. What is a Data Subject?

The Data subject is the individual to which the personal data relates.

 

  1.  What is defined as “Processing”?

 

“Processing” is a very wide definition which includes the collection, storage, filing, structuring, transmission, consultation, use etc. of data, and even includes destruction of such personal data.

 

  1.  Who is responsible for processing my personal data?

 

The personal data controller responsible for duly processing your data is the Company with which you are in a contractual relationship or with which you are negotiating a contractual relationship.

 

  1.  How can I contact the personal data controller?

 

The contact details for the company are as follows:

- Address: Klimentos 41-43, KLIMENTOS TOWER, Flat/Office 21, P.C. 1061, Nicosia, Cyprus

- Tel.: 22460811

- Email: nicolaides@gsstrust.com

 

  1.  What categories of personal data will be processed?

 

The Company processes the following categories of personal data:

 

  1. Job applicants: Name, Address, Telephone, Email, Qualifications, Work experience, Date of birth, Family status, City, Position for work application, Date of availability to start employment, Nationality

  2. Employees:

Identification details: Name, Address, Date of birth, Identification Number, Passport Number Country of origin

Contact details: Telephone Number, Email

Bank details: Name of bank and account number

Details of the contractual relationship and its implementation: date of employment contract, date of starting employment, employment conditions, salary, place of employment and position, number of days of  annual leave, Social insurance Number,  Tax Identification Number, Deduct able amounts, calculation of tax and documents for evidence hours of employment, additions or deductions to paid salary, full or part time, Tax amounts, Amount paid by employer, amount paid from employee, Duration of leave, medical documents, deductions due to leave me, contributions, contributions to medical funds

  1. Independent business partners and affiliates of the Company, their employees and co-workers:

Identification details: Name, Address, Date of birth, Identification Number, Passport Number Country of origin

Contact details: Telephone Number, Email

Bank details: Name of bank and account number

Details of the contractual relationship and its implementation: date of contract of cooperation, remuneration, contract conditions, license number (if applicable).

  1. Clients- shareholders, beneficial owners, directors:

Identification details: Name, Address, Date of birth, Identification Number, Passport Number Driving License Number, Country of origin, CV, Source of wealth/funds,  Income Tax Statement/Payslip of individual

Bank details: name of bank and account number

Details of the contractual relationship and its implementation

 

  1.  On what legal basis is personal data processed?

 

The Company processes personal data on the following legal basis

 

a) Compliance with obligations arising from the law

 

The Company processes your personal data as required by the Anti-money laundering legislation and other legislation such as employment law.

 

b) Performance of contract

 

The Company processes your personal data in order to exercise and fulfil the rights and obligations arising from contracts concluded between you and the Company.

 

c) Safeguarding the legitimate interests of the company

 

These are cases where personal data needs to be processed to protect the interests of the controller and your interest in the protection of personal data does not outweigh our interest in the relevant processing.

 

d) Consent to the processing of personal data

 

These are the cases where the Company process your personal data based on your consent.  

 

  1.  For what purpose will personal data be processed?

 

Your personal data will be processed for the following purposes:

 

a) Preparation of contractual documentation, change of documentation during the contractual relationship

 

  • The Company processes the data necessary to prepare or amend contractual documentation.

  • Legal basis for processing: performance of contract.

 

b) Exercising rights and obligations under the contract

 

  • The Company processes your personal data in order to fulfil the rights and obligations arising from existing contractual relationships

  • Legal basis for processing: performance of contract

 

c) Verification of identity and credibility

 

  • Viewing the insolvency register, international sanctions lists, etc.

 

d) Accounting and tax agenda, archiving documents

 

  • Legal basis for processing: compliance with obligations arising from the law, legitimate interest

 

  • Relevant tax laws, social insurance laws

 

e) Protection of the Company property

 

  • The Company premises Klimentos 41-43, KLIMENTOS TOWER, Flat/Office 21, P.C. 1061, Nicosia, Cyprus are monitored by a camera system at the entrance of the building to ensure the security of persons and property.

  • Legal basis for processing: legitimate interest

 

f) Disputed agenda: determining, exercising or defending our legal claims, including debt recovery

 

  • Legal basis: performance of contract, legitimate interest

 

g) Sending commercial offers

 

  • We can use your contact information to send you offers to extend your current cooperation

 

  • Legal basis for processing: legitimate interest

 

  1. Where is my personal data stored?

 

Your personal data is stored in both electronic and physical (print) form. Documents in electronic form are stored on local disks at employee and directors workstations. Documents in physical form are stored in cabinets to which only authorised persons have access.

 

  1. Apart from the Company, who will have access to my personal data?

 

The personal data you have provided us is processed and stored within the Company. If personal data processing is based on the legitimate interests and purposes listed above, your personal data may also be processed by external contractors of the Company, its contractual partners, or other subsidiaries of BRIDGE GLOBAL SOLUTIONS SERVICES LIMITED not included on the list in point 5 of this Memorandum. We carefully select the partners we work with based on safeguards to ensure the technical and organisational protection of the personal data we provide.

 

  1. Will my personal data be transferred outside the Cyprus?

 

The European Economic Area (“EEA”) applies a system ensuring the free movement of personal data and the processing of such data is subject to the same rules as in the Cyprus. In certain cases, our contractual partners may process personal data in third countries (i.e. countries outside the EEA), although always while ensuring compliance with all legislative requirements.

 

  1.  How long will my personal data be stored by your Company?

 

In principle, we process your personal data for the duration of the contractual relationship between the relevant business partner, client, employee and the Company. Upon termination of this contractual relationship, only those documents or personal data for which we have a legitimate interest (possible defence of our interests in the event of a dispute) are retained for a period of 6 years from the termination of the contractual relationship.

 

In order to minimise data, we always only process the personal data necessary for the given purpose and store it only for the necessary length of time. As soon as this time expires, personal data is deleted or anonymised.

 

  1.  What are my rights in connection with the processing of personal data?

 

You have the right to request access to your data at any time - this means that at your request we will provide you with information about how we process your personal data, for what purpose, the sources from which the personal data was obtained, to whom your data has been provided and for how long we plan to store it.

 

You have the right to request that incorrect personal data be corrected and incomplete personal data be supplemented at any time. You also have the right to request the deletion of personal data no longer needed for the purpose for which it was originally collected, or which the controller is no longer entitled to use for other reasons (e.g. the data has been processed unlawfully, its deletion is required by law, etc.).

 

You have the right to request restrictions on the processing of your personal data – this means that you may ask us not to delete your data what we would otherwise be obliged to delete, and you may also request that we cease to work with your personal data until it becomes apparent that the data processed is precise, or whether any objection to the processing of personal data you have filed is justifiable (see the right to file an objection below).

 

You have the right to the portability of your personal data – this means that you may request that we provide you with the personal data we process in electronic form to enable it to easily be transferred to another controller (service provider), or to enable us to transfer it directly to another controller. This right applies only to personal data we have obtained in electronic form, on the basis of your consent or on a contractual basis.

 

At any time, you have the right to file an objection against the processing of your data for direct marketing purposes (sending informative or commercial offers). If you do so, your personal data will no longer be used for that purpose. You also have the right to file an objection against the processing of your personal data based on our legitimate interest – in such a case we will only continue to process your data if there are proven and serious justified grounds for doing so.

 

If your personal data has been processed on the basis of your consent, you have the right to revoke that consent at any time. Your personal data will then immediately cease to be processed.

 

  1.  How can I exercise my rights?

 

You may exercise your right (including the right to file an objection) with the personal data controller (see point 5 of this memorandum). You may contact us in writing, by telephone or by e-mail (the contact details are given in point 6 of this memorandum).

 

  1.  What should I do if I suspect that my personal data has been processed in violation of the law, or the General Data Protection Regulation?

 

In such a case you have the right file a complaint with the Commissioner for Personal Data Protection, address: 1 Iasonos Street, 1082 Nicosia, P.O. Box 23378, CY-1682 Nicosia,

tel.: +357 22 818 456, e-mail: commissioner@dataprotection.gov.cy

website: http://www.dataprotection.gov.cy/

 

  1.  Does the processing of my personal data involve automated decision-making, including profiling?

 

Automated decision-making means decisions made by a machine (computer) without human intervention, and which has the same legal or other such binding consequences for you (e.g. refusing to conclude a contract or withdrawing from a contract). Your personal data is not processed in this manner at the Company; the relevant decisions are always made by a specific employee of the Company.

 

 

LIST OF LEGISLATION

 

EU General Data Protection Regulation

The General Data Protection Regulation (EU) 2016/679 ("GDPR")movement of such data, and repealing Directive 95/46/EC

Cyprus Data Protection Law

The Protection of Natural Persons as to the Processing of their Personal Data and the Free Movement of such Data Law 125(I) of 2018

AML Law

The Prevention and Suppression of Money Laundering and Terrorist Financing Laws of 2007, 2010, 2012 AND 2013

Income Tax Laws

The Income Tax Law of 2002 as amended by 2004

© 2015 by GSS

Contact Us

Email: info@gsstrust.com

Tel:    +357(22) 460 811

Fax:   +357(22) 462 885