INTRODUCTION

This is the website Privacy Policy of Spinwood Trading & Consulting Ltd.

We take your data protection seriously. Please read the policy below as this contains important information on how and why we collect, store, use and share your personal data, as well as explaining your relevant rights relating to this collection and processing.

Personal data processing is in accordance with the General Data Protection Regulation (GDPR) 2016/679 and with local legislation applicable to Spinwood Trading & Consulting Ltd.

NAME AND ADDRESS OF CONTROLLER

The Controller is:

Spinwood Trading & Consulting Ltd
22 Spyrou Kyprianou
Pippiros Building 2nd Floor
3070 Limassol – Cyprus

Postal Address:
P.O.Box 58059
3730 Limassol – Cyprus

E-Mail: office@spinwood.eu

COLLECTION OF DATA

We may collect and use the following personal information about you in order to be able to provide our services to you:

• Your name, date of birth, ID or passport number, nationality.
• Telephone number, address, email, fax.
• Billing / transaction / payment information/ bank details
• Business activities / occupation / employment details
• Source of wealth / source of funds / estimated turnover
• CV

The provision of personal data is necessary to conclude a services agreement with you which must subsequently be processed by us. The non-provision of your personal data may have the consequence that the agreement between us cannot be concluded.

Some of the above data is processed by us in our capacity as processors and not controllers as for example, when this is requested by banking institutions in order to provide you with bank account opening services.

HOW & WHY WE USE YOUR PERSONAL DATA

We process personal information about our clients and employees to enable us to do the following:

• For the performance of our services agreements.
• To maintain our accounts and records
• To provide information required by or related to audits or enquiries/ investigations by regulatory bodies.
• For conducting checks to verify our clients’ identity or undertake credit reference checks
• To support and manage our employees.

We collect information from data subjects directly e.g. from information given through our service agreements or entered into forms and indirectly e.g. when you browse our site, such as your IP address.

The storage is necessary for the provision of our services and performance of our contract, for any compliance with a legal obligation to which we are subject and for our legitimate interests i.e. to carry out our business, for accounting purposes, for corresponding with you.

WHO WE SHARE YOUR PERSONAL DATA WITH

All information that we receive from you is confidential and will not be disclosed to third parties except as may be necessary to provide the services for which we are engaged or as authorized by you, or as required by law. We may share your personal data with third parties such as business associates and other professional advisers. We may also provide your personal data to our service providers and suppliers or financial organizations.

We make sure that our service providers take appropriate measures to protect your personal data and impose on them relevant contractual obligations.

WHERE YOUR PERSONAL DATA IS HELD

Your personal data is kept at our offices both in hard copy and electronically. It is also stored online within the European Union.

PERSONAL DATA RETENTION PERIOD

All personal data is kept for as long as we have a business relationship with you. Once this has ended, your data will be kept for a period of 6 years and will then be securely deleted. In the event that legal or regulatory reasons necessitate a longer period, you will be notified accordingly.

YOUR RIGHTS

The right to be informed
You have the right to obtain confirmation as to whether or not your data is being processed.

The right of access
At any time, you have the right to obtain free information about your personal data stored and a copy of this information. You also have the right to obtain information as to whether your personal data is transferred to a third country.

The right to rectification
You have the right to rectification of inaccurate or incomplete personal data concerning you.

The right to be forgotten
You have the right to request the deletion of your personal data. It may be that your request for deletion cannot be met, if there are overriding legal reasons. If this is the case, you will be notified accordingly.

The right to restrict processing
Where a statutory reason applies, you have the right to obtain restriction of processing.

The right to data portability
You have the right to receive the personal data provided to us in a structured, commonly used and machine-readable format.

The right to object
You have the right to object, at any time, to the processing of your data on grounds relating to your particular situation.

The right to withdraw your consent
You shall have the right to withdraw your consent to the processing of your data at any time by contacting our Data Protection Office, taking into account that we may no longer be able to continue providing you with our services.

LEGAL BASIS FOR PROCESSING

The legal basis for processing shall be where:

• It is necessary for the performance of the contract with you or in order to take steps prior to entering into a contract with you
• You have consented to such processing for one or more specific purposes
• It is necessary for compliance with a legal obligation to which the Controller is subject
• It is necessary for the purposes of the legitimate interests pursued by the Controller

SECURITY OF YOUR PERSONAL INFORMATION

As controller, we have implemented the appropriate technical and organisational measures to ensure that your personal data is not lost, accessed or used in any unauthorised way. Anyone processing your information is authorised to do so and is subject to a confidentiality duty. In the event of a suspected data security breach we have procedures in place that deal with this.

AUTOMATED DECISION-MAKING & PROFILING

We do not process personal data for automated decision- making or profiling.

TRANSFERS

We do not transfer your personal data to third countries. If such transfer should occur we shall ensure that either the European Commission has made a finding of adequacy for transfer to such a country or that such transfer is subject to an approved contract for the safeguarding of your privacy rights.

COOKIES

Our website uses cookies. Please refer to our cookie policy for more information.

DATA PROTECTION OFFICER

If you need to contact us relating to an issue regarding your personal data or if you want to exercise any of your rights, you may contact our Data Protection Officer directly on dpo@spinwood.com.cy

COMPLAINTS - NAME & ADDRESS OF SUPERVISORY AUTHORITY

If you have any complaints about your rights or the relevant law on the processing of personal data, you have the right to lodge an official complaint with the Office of the Personal Data Protection Commissioner (P.O. Box 23378, 1682 Nicosia) which is the supervisory authority in Cyprus overseeing the Controller.

CHANGES TO THIS NOTICE

This notice was last updated on 12 October 2018. We may change this policy by updating this page to reflect changes in the law or our privacy practices. We will not use your personal data in any new ways without your consent.

APPLICABLE LAW

This policy is governed by and interpreted according to Cyprus law. All disputes arising under this notice will be subject to the exclusive jurisdiction of the Cypriot courts.