Loading...
 
SUPPORT
 
HOME  /  Privacy Notice

Privacy Notice

1. Introduction 

This Privacy Notice will inform you as to how IBSCY LTD and any affiliated and/or subsidiary companies thereof (referred to as "we", "us", "our", "company", or "IBS") process data, whether on individuals (including personal data in respect of individuals who are clients, intermediaries or other third parties which whom IBSCY LTD interact with, or any individual who is connected to those parties) or otherwise, as well as when you visit our website (regardless of where you visit it from) and tell you about your privacy rights and how the law protects you. 

This Privacy Notice is mainly directed to natural persons who are either current or potential customers of IBSCY LTD or are authorized representatives/ agents or beneficial owners of legal entities or of natural persons who had such a business relationship with the Company in the past. 

Where the data held are on individuals, this document also sets out the rights of those individuals in respect of the said personal data. 

2. Who we are 

IBSCY Ltd was created in 2004 by a team of young Information Technology professionals to provide a wider range of expertise and knowledge to companies of all sizes and sectors in Cyprus. Over the years, the company has become one of the most respected full-service IT companies in Cyprus and Europe with clients throughout the European Union, Middle East and US. 

IBSCY Ltd is a leading IT solutions and services provider in Cyprus, with expertise in cloud services and applications, system integration, IT infrastructure, collaboration, management, and security solutions. IBSCY Ltd is one of the largest Microsoft cloud providers in Cyprus and the surrounding area. 

IBSCY Ltd was acquired by MTN Cyprus Ltd in April 2015 and operated under the MTN Group. On the 24th of May 2019, IBSCY Ltd was bought back by the original shareholders. 

In 2023, IBSCY Ltd continued its strong growth by opening a new office in Athens, Greece. This strategic move aims to offer fast and reliable services to customers of different sizes and sectors in the Greek market. The launch of this new office is part of IBSCY Hellas's overall strategy to provide comprehensive and high-quality IT solutions and services across Greece. 

 Our intention is to provide IT services in order to allow you to focus on your business and not on IT problems or IT strategy of your company. Using our services and expertise, our clients can work more effectively and cost-effective, in result, faster ROI (Return of Investment) for their business. 

We have appointed a Data Protection Officer (DPO) who is responsible for overseeing questons in relation to this privacy notice. 

If you have any questions about this privacy notice, including any requests to exercise your legal rights, please direct them for the attention of our DPO at [email protected] in the first instance. 

3. The type or Personal Data we collect and process

The type of data we may collect, use, store and transfer include: 

  • Contact details (i.e. first, last names, postal/delivery addresses, billing addresses, email addresses and telephone/ fax numbers).
  • Information provided during the provision of IT and consulting services (for example, information of your internal network, passwords, IP address, and ports opened, as well as location and access rights to files/folders and different software). 
  • Financial information, such as payment related information including bank account and payment card details. 
  • Transaction data including details about payments to and from you and other third parties with whom you intend to enter into a transaction. 
  • Other technical data which might include browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices we support through our maintenance contracts. 
  • Marketing and Communications data including your preference in receiving marketing from us and our third parties and your communication preferences. 
  • Under very special circumstances, subject to the services contracted, personal data collected and processed may include "Special Categories of Personal Data" about you (this includes details about your race or ethnicity, religious or philosophical beliefs, data on person's sex like or sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data processed for the purpose of uniquely identifying a natural person or data relating to a person's criminal record or alleged criminal activity). Note that the aforementioned data can be stored on our file servers, in our backup servers, or mail servers as a service we provide to you (Software as as service). Our engineers do not  have access to those data, and are explicitly given access during the support process by you, our customer. 
  • Signatures under proposals and contracts. 
  • Professional interests and events attended. 
  • Meetings attended and visits to our offices. 
  • Any other information you may provide to us. 

4. HOW, WHY and on WHAT legal basis we collect and process Personal Data 

How: The sources of data collected by us may include clients, intermediaries, data subjects directly, third parties connected to the Data Subject (for example, their employer or another service provider who provides services to the Data Subject) or open-source material.

We use different methods to collect data from and about you including through: 

  • Direct interactions. You may give us your Identity, Contact and Financial Data (as above described) by filling in forms or by corresonding with us by post, phone, email or otherwise. 
  • Automated technologies or interactions. As part of an IT Audit, we may automatically collect Technical Data (as above described) about your equipment, browsing actions and patterns. 
  • Third parties or publicly available sources. We may receive personal data about you from various third parties and public sources (i.e. the Department of Registrar of Companies and Official Receiver, the press, media and the Internet) which we lawfully obtain, and we are permitted to process. 
  • The provision of data to one employee of IBSCY LTD may result in that data being accessible by all other members of the Company. 
  • Reasonable endeavours are made to ensure that data is only accessible by those with a need for access to fulfil the purposes set our below and above. 

Requests for access to be restricted in any particular manner should be made to [email protected] and will be condisered and, where possible with reference to legal and regulatory obligations, actioned. 

Why: We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances: 

  • Where we need to perform the contract, we are about to enter or have entered into with you. 
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. 
  • Where we need to comply with a legal or regulatory obligation. 

Generally, we do not rely on consent as a legal basis for processing your personal data other than in relation to "Special Categories of Personal Data" or sending third party direct marketing communications to you via any of our communication channels. 

Legal Basis: We use Personal Data for several legitimate interests, including to provide and improve our services, administer our relationship with you and our business, for marketing and in order to exercise our rights and responsibilities. More detailed information about these legitimate interests is set out below. 

  • to set up administer your account, provide technical and customer support and training, verify your identity, and send important accounts, subscription and information about our services. 
  • to administer our relationship with you, our business and our third-party providers (e.g. to send invoices).
  • to personalize your experience with our services. We may sometimes share your Personal Data across our services so that we can make all the services we deliver to you more intuitive (e.g. rather than requiring you to enter the same data many times) 
  • to contact you in relation to, and conduct, surveys or polls you choose to take part in and to analyze the data collected for market research purposes. 
  • for internal research and development purposes and to improve, test and enhance the features and functions of our Services.
  • to provide you with marketing but only as permitted by law.
  • to meet our internal and external audit requirements, including our information security obligations. 
  • to enforce our terms and conditions. 
  • to protect our rights, privacy, safety, networks, systems and property, or those of other persons. 
  • for the prevention, detection or investigation of a crime or other breach of law or requirement, loss prevention or fraud (hacking e.t.c.)
  • to comply with requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, including where they are outside your country of residence.
  • in order to exercise our rights, and to defend ourselves from claims and to comply with laws and regulations that apply to us or third parties with whom we work.
  • in order to participate in, or be the subject of, any sale, merger, acquisition, restructure, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings) 

Where we rely on legitimate interests as a lawful ground for processing your Personal Data, we balance those interests against your interests, fundamental rights and freedoms. For more information on how this balancing exercise has been carried out, please contact our DPO [email protected]. 

 5. Your obligation to provide us with your Personal Data 

If you fail to provide certain information when requested, we may not be able to perform the contract we have entered into with you for the provision of services, additionally we may be prevented from complying with our legal obligations. 

6. Consent requirement and your right to withdraw consent 

In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your Personal Data for a specific purpose, you have the right to withfraw your consent for that specific processing at any time. To withdraw your consent, please contact our DPO [email protected].  Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law. 

 7. Change on Purpose

7.1 We will only use your Personal Data for the purposes of which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your Personal Data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. 

7.2 Please note that we may process your Personal Data without your knowledge or consent, in compliance with the above rules, where it is required or permitted by law. 

8. Sources and Recipients of Personal Data during the performance of our contractual and statutory obligations. 

In the course of the performance of our contractual and statutory obligations your personal data may be provided to various departments within the Company but also to other affiliated and/or subsidiary companies of the Company. Various service providers and suppliers may also receive your personal data so that we may perform our obligations. Such service providers and suppliers enter into contractual agreements with the Company by which they observe confidentiality and data protection according to the data protection law and GDPR. 

It must be noted that we may disclose data about you for any of the reasons set out hereinabove, or if we are legally required to do so, or if we are authorized under our contractual and statutory obligations or if you have given your consent. All data processors appointed by us to process personal data on our behalf are bound by contract to comply with the GDPR provisions. 

The following is a list of potential recipients of data (in each case including respective employees, directors and officers): 

  • Other professional advisers or providers of services acting as processors or joint controllers (including lawyers, legal consultants, banks or other financial institutions, auditors/ accountants, financial or business advisors, Consultants in relation to any matter on which IBSCY LTD is instructed) where disclosure to that provider of services is considered necessary to fulfil the purposes set out above. 
  • Any distributors/ suppliers/ sub-contractors, agents or service providers of IBSCY LTD (including couriers etc). 
  • Third parties with whom IBSCY LTD engages for the hosting of events or other marketing initiatives and including website and advertising agencies. 
  • Regulators or other governmental or supervisory bodies with a legal right to the material or a legitimate interest in any material.
  • Any registar of a public register where the data is to be included in a public or restricted access registry. 
  • Third parties to whom IBSCY LTD may choose to sell, transfer, or merge parts of its business or assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice. 
  • Share and stock investment and management companies. 
  • Debt collection agencies 
  • Fraud prevention agencies 
  • File storage companies, archiving and/or records management companies, cloud storage companies 
  • Companies who assist us with the effective provision of our services to you by offering technological expertise, solutions and support and facilitating payments.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions. 

9. Sharing of Personal Data with other entities in the Group 

We will share your Personal Data with other entities in our group as part of our regular reporting activities on company performance, in the context of a business reorganization or group restructuring exercise, for system maintenance support and hosting of data. (Please refer to point 3)

10. Transfers of Personal Data to a thrid country or to an international organization

Many of our external third parties are based outside the European Economic Area (EEA) so their processing of your personal data will involve a transfer of data outside the EEA. 

Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented: 

  • The non-European Union country has Data Protection laws similar to the laws in the European Union and/or has been deemed to provide an adequate level of protection for personal data by the European Commission. For further details, see European Commission: Adequacy of the protection of personal data in non-EU countries; or 
  • The recipient/ service provider used has agreed through use specific contracts approved by the European Commission which give personal data the same protection it has in Europe and will seek to be reasonably satisfied that the third party has measures in place to protect data against unauthorized or accidental use, access, disclosure, damage, loss or destruction. For further details, see European Commission: Model contracts for the transfer of personal data to third countries; or 
  • We have obtained your explicit consent to proceed with the said transfer; or 
  • If transferred to providers based in the United States of America, the transfer is made only subject to them being part of the Privacy Shield which requires them to provide similar protection to personal data shared between Europe and the US. For further details, see European Commission: EU-US Privacy Shield; or 
  • If the data transfer is required by governmental authority and we are legally obliged to provide it (i.e. reporting obligation under Tax law) in which case the Commissioner of Personal Data Protection in Cyprus will be notified in advance of the transfer for confirmation. 

Please Contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA. 

11. How is Personal Data treated for marketing purposes? 

11.1 Marketing purposes 

We strive to provide you with choices regarding certain Personal Data uses, particularly around marketing and advertising. 

PROMOTIONAL OFFERS FROM US 

We may use your identity, Contact, Technical, Usage and Profile Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you (we call this marketing). 

You will receive marketing communications from us if you have requested information from us or purchased [goods or services] from us [or if you provided us with your details when you entered a competition or registered for a promotion] and, in each case, you have not opted out of receiving that marketing. 

OPTING OUT 

You can ask us to stop sending you marketing messages at any time by sending an email to [email protected] requesting to stop or by following the opt-out links on any marketing message sent to you by contacting our DPO [email protected]  at any time. 

Where you opt out of receiving these marketing messages, this will not apply to Personal Data provided to us as a result of a product/ service purchase, warranty registration, product/service experience or other transactions. 

12. Data Security 

12.1. We have put in place measures to protect the security of your information. Details of these measures are available [upon request]. 

12.2. Third parties will only process your Personal Data on our instructions and where they have agreed to treat the information confidentially and to keep it secure. 

12.3. We have put in place appropriate security measures to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your Personal Data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your Personal Data on our instructions and they are subject to a duty of confidentiality. [Details of these measures may be obtained from our DPO at [email protected].]

12.4. We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so. 

 13. Retention of Data Subjects' Personal Data 

13.1. We will only retain your Personal Data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. [Details of retention periods for different aspects of your Personal Data are available in our retention policy which is available from our DPO at [email protected].

13.2. To determine the appropriate retention period for Personal Data, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorized use of disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements. 

13.3. In some circumstances we may anonymize your Personal Data so that it can no longer be associated with you, in which case we may use such information without further notice to you. Once you are no longer a client, employee, worker or contractor of the company we will retain and securely destroy your Personal Data in accordance with [our data retention policy OR applicable laws and regulations]. 

14. Data Subjects' data protection rights 

14.1 Under certain circumstances, by law you have the right to: 

  1. Request access to your Personal Data (commonly known as a "data subject access request"). This enables you to receive a copy of the Personal Data we hold about you and to check that we are lawfully processing it. 
  2. Request correction of the Personal Data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you is corrected. 
  3. Request erasure of your Personal Data. This enables you to ask us to delete or remove Personal Data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your Personal Data where you have exercised your right to object to processing (see below). 
  4. Object to processing of your Personal Data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your Personal Data for direct marketing purposes. 
  5. Request the restriction of processing of your Personal Data. This enables you to ask us to suspend the processing of Personal Data about you, for example if you want us to establish its accuracy or the reason for processing it. 
  6. Request the transfer of your Personal Data to another party. 

14.2. These rights are not absolute, and they do not always apply in all cases. 

14.3. In response to a request, we will ask you to verify your identity if we need to, and to provide information that helps us to understand your request better. If we do not comply with your request, whether in whole or in part, we will explain why. 

14.4. If you want to review, verify, correct or request erasure of your Personal Data, object to the processing of your personal data or request that we transfer a copy of your Personal Data to another party, please contact our DPO at [email protected] in writing. 

15. Your duty to inform us of changes 

 It is important that the Personal Data we hold about you is accurate and current. Please keep us informed if your Personal Data changes during your working relationship with us. 

16. No fee usually required 

You will not have to pay a fee to access your Personal Data (or to exercise any of the other rights). However, we may charge a reasonable fee if you request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances. 

17. Right to lodge a complaint 

If you have exercised any or all of your data protection rights and still feel that your concerns have adequately addressed by our organisation you have the right to make a complaint at any time to the Office of the Commissioner of Personal Data Protection. 

18. Changes to this privacy notice 

We reserve the right to update this privacy notice at any time and we will amend the revision date at the bottom of this page.

We encourage you to review this statement periodically so as to be always informed about how we are processing and protecting your Personal Data.