APS CY, respects and complies with the General Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (“GDPR”), under which you have the right to be informed of the data that are processed with respect to you, and your rights in relation to these data.
For the purposes of the GDPR and only our relationship with the Bank, we wish to clarify, that the Bank is the controller (“Controller”) and we are the processor (“Processor”) in relation to the processing of personal data (“Data”).
The Controller authorized the Processor to process Data for the main purpose of managing the Bank’s properties and therefore, the Processor represents and warrants the following:
(i) it shall process Data for these purposes, and for no other purpose, always in compliance with the GDPR and, where applicable, the binding corporate rules applicable to processor’s group of undertakings as approved by the Commissioner for Personal Data Protection and/or any other competent supervisory authority within EU (“PBCR”); and
(ii) it shall ensure that any third party to whom the Bank’s Data are disclosed shall Process such data for these purposes, and for no other purpose, in compliance with the GDPR and any applicable PBCR.
This page also includes an FAQ on GDPR, where we answer the most frequently asked questions that we receive on the subject of the treatment of personal data. Finally, the page is rounded off with our ‘GDPR Notification’. This notification explains what GDPR means for you and your personal data, as well as how you may expediently ensure that you are compliant with the GPDR.
Please do not hesitate to contact directly our Data Protection Officer either in writing, or via e-mail or telephone on the below contact details, for any questions related to our terms & conditions or the GDPR:
Address: APS DEBT SERVICING CYPRUS LTD, at 20 Amfipoleos, 2025 Nicosia, Cyprus
Telephone: +35722690378 or +35725882635
This document describes how APS group uses the personal data that they receive about you and / or about your assets as part of, derived or used in your debt recovery activity or in the course of any other activity within which you have encountered APS. This notification is in accordance with the General Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR), under which you have the right to be informed of the data that different processors have and process with respect to you and your rights in relation to these data.
1. PERSONAL DATA PROCESSING
(i) The personal data that are being processed are the following:
(ii) Identification information (Name, surname);
(iii) Contact information (e-mail address, postal address, phone number),
(iv) Information on your utilization of our products and services, including information in your requests for products and services;
(v) Information from our personal, telephone and electronic communication with you;
(vi) Information from internet browser that you use or mobile applications;
(vii) Financial standing and credibility,
(viii) as well as any information which the Controller processes in relation to the contract fulfilment, legal obligation and for the purposes of the Controller’s legitimate interest.
(the Personal Data).
2. SOURCES OF THE PERSONAL DATA
The Personal Data are being obtained directly from you.
3. PURPOSE OF PROCESSING
The Controller processes the Personal Data for the purpose of debt recovery and offering the products and services of the Controller and its affiliated and cooperating persons/entities.
4. HOW ARE THE PERSONAL DATA PROCESSED?
The processing of your Personal Data may be manual but also automated. However, none of the collected Personal Data are used for automated decision-making. Your Personal Data are being processed mainly by the designated employees of the Controller, but also by third parties being the processors with whom the Controller has conclude the data processing agreement which contains all necessary guarantees for the Personal Data processing.
5. WHAT ARE THE LEGAL GROUNDS FOR PROCESSING OF PERSONAL DATA?
Legal grounds for processing of the Personal Data is set by Article 6(1) of GDPR pursuant to which the processing is lawful, if it is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
6. WILL WE TRANSFER PERSONAL DATA TO THE THIRD COUNTRY OR INTERNATIONAL ORGANISATION?
We will not transfer any Personal Data to the countries outside the European Union nor European Economic Area, neither to any international organisation.
7. RIGHTS RELATING TO THE PROCESSING OF THE PERSONAL DATA
The Controller ensures that your Personal Data are processed in secure and accurate manner. You may exercise all the rights described in this clause with the Controller.
How can you exercise your rights?
You may exercise each individual right via sending an email to firstname.lastname@example.org or by calling to +35722690378 / +35725882635 or eventually by sending a written request to the address of the Controller.
A statement or information on measures adopted shall be provided to you by the Controller as soon as possible, but not later than within 1 month from receipt of the request. The Controller is entitled to extend this period by 2 months taking into account complexity of the issue and number of requests submitted. The Controller will inform you on such an extension.
7.1 Right to be informed - at least about:
(i) the identity and the contact details of the Controller and of the Controller's representative;
(ii) the contact details of the DPO;
(iii) the purposes of the processing of the Personal Data as well as the legal basis for the processing;
(iv) the legitimate interests pursued by the Controller or by a third party, if applicable;
(v) the recipients or categories of recipients of the Personal Data;
(vi) if applicable, the fact that the Controller intends to transfer Personal Data to a third country or international organisation and the existence or absence of an adequacy decision by the European Commission, or reference to the appropriate or suitable safeguards and the means by which to obtain a copy of them or where they have been made available.
7.2 Right of access
You may request access to your Personal Data and obtain information what Personal Data concerning your person are being processed, and access the following information:
(i) the purposes of the processing;
(ii) the categories of Personal Data concerned;
(iii) the recipients or categories of recipient to whom the Personal Data have been or will be disclosed, in particular recipients in third countries or international organisations;
(iv) the envisaged period for which the Personal Data will be stored, or, if not possible, the criteria used to determine such period;
(v) the existence of the right to request from the Controller rectification or erasure of the Personal Data or restriction of processing of the Personal Data concerning you or to object to such processing;
(vi) the right to lodge a complaint with a supervisory authority;
(vii) where the Personal Data are not collected from you, any available information as to their source; and
(viii) the existence of automated decision-making, including profiling, and meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you.
The Controller shall provide a copy of the Personal Data undergoing processing. For any further requested copies, the Controller may charge a reasonable fee based on administrative costs. The DPO or other authorized person may decide that you should be asked to cover the costs or that your request can be rejected. Where the request is made by the electronic means, and unless otherwise requested by you, the information shall be provided in a commonly used electronic form.
7.3 Right to rectification
(i) You have the right to request the Controller to rectify your inaccurate Personal Data.
(ii) You have also right to have your incomplete Personal Data completed, including by means of providing a supplementary statement. While executing this right, the purposes of the processing must be taken into account and the DPO shall decide whether it is appropriate or not.
7.4 Right to erasure
You have the right to ask the Controller to erasure your Personal Data. The Controller shall have the obligation to erase your Personal Data where one of the following grounds applies:
(i) the Personal Data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
(ii) you object to the processing and there are no overriding legitimate grounds for the processing;
(iii) you revoke the consent and there is no other reason for the processing;
(iv) the Personal Data have been unlawfully processed;
(v) the Personal Data have to be erased for compliance with a legal obligation in a European Union or Member State law to which the Controller is subject.
Right to erasure shall not apply to the extent that processing is necessary for the establishment, exercise or defence of legal claims.
7.5 Right to restriction of processing
You have the right to restrict the processing where one of the following applies:
(i) you contest the accuracy of the Personal Data, for a period enabling the Controller to verify the accuracy of the Personal Data;
(ii) the processing is unlawful and you oppose the erasure of the Personal Data and request the restriction of its processing instead;
(iii) the Controller no longer needs the Personal Data for the purposes of the processing, but you require it for establishment, exercise or defence of legal claims;
(iv) you have objected to processing pending the verification whether the legitimate grounds of the Controller override those of yours.
7.6 Right to object
You have the right to object, on grounds relating to the particular situation, at any time to processing of your Personal Data, including profiling.
The Controller shall no longer process the Personal Data unless the Controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
7.7 Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority (Data Protection Commissioner in Cyprus), of the alleged infringement if you consider that the processing of the Personal Data infringes your rights.
7.8 Right to portability
In relation to the Personal Data that you have provided to the Controller and that is subject to automatized processing, you have the right to receive it in a structured, commonly used and machine-readable format and the right to transmit this Personal Data to another controller without hindrance from the Controller.
8. HOW MAY YOU CONTACT US?
In case of any questions regarding processing of your Personal Data you may contact directly our DPO either in writing, or via e-mail or telephone on the below contact details:
Address: APS DEBT SERVICING CYPRUS LTD, at 20 Amfipoleos, 2025 Nicosia, Cyprus
Telephone: +35722690378 or +35725882635
9. GENERAL INFORMATION
The Controller may change, amend, repeal or replace this notification any time if necessary while the updated Notification must be published at least 30 days before its effect.
The list of affiliated and cooperating persons/entities of the Controller, and 3rd party data processors can be provided on request.