How we use and protect your personal data
Association of Credit Acquiring Companies and Credit Servicers (CACs & CSCs) is committed to respect your privacy and comply with applicable laws on data protection. Any reference to ‘us’, ‘our’ or ‘we’ in this Privacy Policy is a reference to CACs & CSCs Association. Similarly, any reference to ‘you’, ‘your’, ‘yours’ or ‘yourself’ in this Privacy Policy is a reference to any of our past, prospective, or current member, employee, government, agency, partner, media or other public or industry contacts. Collectively “data subjects”.
CACs & CSCs Association is an association of the Credit Acquiring Companies and Credit Servicers Companies authorised in Cyprus under Law 169(Ι)/2015. This Privacy Policy (the “Notice”) describes the processing of personal data by the CACs & CSCs Association, which acts as Controller regarding the personal data it processes. This Notice describes your rights, the information or “Personal Data” we would usually collect and use and how we would protect it.
We confirm that any data processed by the CACs & CSCs association is:
- Processed lawfully, fairly and in a transparent manner;
- Processed in accordance with the applicable laws, regulations and guidelines and the provisions of our contractual relationship;
- Used only for legitimate purposes and to the extent that this is necessary to fulfil our obligations as per our agreement and/or the law;
- Processed in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, by using appropriate technical or organizational measures;
What is personal data?
According to Article 4(1) of the General Data Protection Regulation, ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
How is the personal data obtained?
We obtain this information in several ways, for example:
- Through your dealings with us, including through onboarding membership process, enquiry forms, and from information provided in the course of ongoing correspondence.
- When you correspond with us by phone, email or otherwise. This includes information you provide when you wish to report a complaint, subscribe to our training, events and/or services, complete a survey, sign up to a newsletter, post material on our site, report a problem with our site, or request further services.
- When applying for a role or position within CACs & CSCs Association either online, via third party sites and/or direct contact made with the CACs & CSCs Association.
Regarding each of your visits to our site we may collect the following information:
technical information and information about your visits, including cookies, the Internet protocol (IP) address, login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform.
Information received from events, training and working groups / committees
- We may collect data about you when you attend any of our events, training sessions and/or CACs & CSCs Association’s working groups / committees. This may be collected via business card information you have provided to a CACs & CSCs Association’s employee or where you have been invited, nominated, or otherwise requested to attend one of our events, training sessions and/or working groups / committees. This information may include your name, job title, company, business or personal email address, phone numbers (business or personal).
Information received from other sources
- We may receive information from other sources, such as from our members, associate members, government officials, law enforcement and fraud prevention agencies, regulatory bodies, our other partners for the purpose of providing services to our members. This includes supporting members and law enforcement and fraud prevention agencies to combat, prevent and detect economic criminal activity. The information received may include names, address, bank account details, transaction information, criminal convictions and cautions and indications of potential or actual criminal,
- Offers and promotions to you via our site, any other websites we operate or other services we provide, advertising networks and analytics providers or publicly accessible data.
What do we use your personal information for?
- To carry out our obligations arising from any agreements entered between you and us and to provide you with the information, products, and services that you request from us, including providing membership services to you, including events, training, and working groups.
- To ensure that content from our site is presented in the most effective manner for you and for your computer or device or to provide you with content which we feel may interest you, where (if required to do so) you have consented to be contacted for such purposes;
- to allow you to participate in interactive features of our services, when you choose to do so; and
- to notify you about changes to our services.
What are the purposes of the processing?
The purposes of the personal data processing by CACs & CSCs Association concern CACs & CSCs Association’s main activities, and include the following:
- interaction with its members, including its members’ representatives and/or committee members,
- raising awareness on the secondary market for loans, banking, and finance issues, discussing policies, organising trainings and seminars etc.,
- for the performance of a contract or for the provision a service,
- administrative or operational purposes, e.g. employee’s management, recruitment, to respond to or handle inquiries and complaints, and to send information directly or indirectly related to any contractual or other relationship with CACs & CSCs,
- for physical security and IT security purposes,
- for preventing fraud and detecting any unlawful or undesirable activities as required by law,
- to defend or uphold the Associations’ legal rights.
The lawful basis CACs & CSCs Association uses to process your data
Processing of your data is based on one of the following lawful legal bases:
- performance of contract;
- legitimate interest;
- consent;
- compliance with a legal or regulatory obligation;
- to protect the vital interests of the data subject or of another natural person;
- public interest.
Disclosure of information
It is noted that personal data may be disclosed to law enforcement authorities without your consent if required by law, following a reasonable request to prevent, investigate or act against actual or suspected illegal activity, physical harm or financial loss.
Security
CACs & CSCs Association has taken all the appropriate technical and organizational measures in order to safeguard your personal data. Those measures are periodically assessed.
Third parties that process data for the CACs & CSCs Association
Your personal data are mainly accessed by our employees, which are bound by confidentiality clauses. The recipients of your data may be individual experts, external consultants, research institutions, event organizers, travel agencies, software providers as well as marketing and communication companies.
Please note that all CACs & CSCs Association’s affiliated/contracted companies and collaborators are contractually committed to take the appropriate technical and organizational measures to protect confidentiality, integrity and availability of your data.
INTERNATIONAL TRANSFERS
We do not transfer your personal data outside the European Economic Area (EEA).
When do we delete your data?
Your personal data are retained only for as long as it is required according to the relevant legislation. Moreover, we delete the personal data that you provide to us if there is no legal basis or other requirement for keeping your data.
Your rights towards your personal data
You can exercise your rights towards the processing of your personal data and specifically:
- Request access to your data;
- Request the correction of your data, in cases where the data we hold about you are incorrect or insufficient;
- Request to erase your data, if there is no legal obligation for us to keep them;
- Withdraw your consent, in cases where consent is the lawful basis for the processing of your data;
- Object to processing for a specific reason;
- Request restriction of processing;
- Request to transfer your data to another Controller;
You can make a request or exercise these rights by sending an email at the following email address: info@associationcacs.com.cy
We will try to respond to all requests within 1 (one) month. Occasionally, it may take us longer than 1 (one) month if your request is particularly complex or you have made a number of requests. In this case, we will notify you within 1 (one) month of the receipt of your request and keep you updated.
If you are not satisfied with our response to your complaint, you have the right to lodge a complaint with the Cyprus Data Protection Commissioner. You can find details about how to do this on the following website: http://www.dataprotection.gov.cy/dataprotection/dataprotection.nsf/page1i_gr/page1i_gr?opendocument
Automated decision-making
We do not use automated decision-making.
Security of your personal data
We always take appropriate technical and organisational measures to ensure that your information is secure. In particular, we train our employees who handle personal data to respect the confidentiality of information and the privacy of individuals. We regard breaches of your privacy very seriously and will impose appropriate penalties, including dismissal where necessary. The transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of the data transmitted to our site therefore any transmission of your data is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
Changes to our Privacy Policy/Notice
Any changes we may make to the Privacy Notice in the future will be posted on this page and, where appropriate, notified to you by email. We encourage you to frequently review this policy so as to be informed about any possible changes with regard to processing of your personal data.
Links to external websites
Our sites may, from time to time, contain links to and from the websites of our partner networks, members, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies or how such websites collect and use your data. Please check these policies before you submit any personal data to these websites.