Embria logo

Privacy policy • Embria

Privacy policy

Embria Projects Ltd, a company registered in the Republic of Cyprus, under registration number HE 356550 as a limited liability company, having its registered office at 28th October street, 359 B1, WTC Cyprus-Trust Re Building, Floor 1, Office 1, Limassol, Cyprus (referred to as “Embria” or “we” or “us” or “our”) is the owner and operator of the www.embria.com website (the “Website”). We are committed to protecting and respecting your privacy and handling your personal data in an open and transparent manner. The personal data that we collect and process may vary depending on your use of the Website.

This privacy policy:

  • Provides an overview of how we collect and process your personal data, and informs you about your rights under the EU General Data Protection Regulation (“GDPR”) and any national law supplementing or implementing the GDPR
  • Contains important information about, among others, the collection and use of personal data; the legal grounds for the processing of that data; disclosures of that personal data to third parties and the use of cookies on the Website

For the purposes of this privacy policy:

  • When we refer to “personal data” we mean data which identifies or may identify you as an individual and which may include, for example, your name, address, identification number, telephone number, date of birth, occupation and family status
  • When we refer to “processing” we mean the handling of your personal data, including collecting, protecting, and storing your personal data

Our Data Protection Principles

We adhere to the principles relating to processing of personal data set out in the GDPR which require personal data to be:

  • Processed lawfully, fairly and in a transparent manner (Lawfulness, Fairness and Transparency)
  • Collected only for specified, explicit and legitimate purposes (Purpose Limitation)
  • Adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed (Data Minimisation)
  • Accurate and where necessary kept up to date (Accuracy)
  • Not kept in a form which permits identification of data subjects for longer than is necessary for the purposes for which the data is processed (Storage Limitation)
  • Processed in a manner that ensures its security using appropriate technical and organisational measures to protect against unauthorised or unlawful processing and against accidental loss, destruction or damage (Security, Integrity and Confidentiality)
  • Not transferred to another country without appropriate safeguards being in place (Transfer Limitation)
  • Made available to data subjects and data subjects are allowed to exercise certain rights in relation to their personal data (Data Subject’s Rights and Requests)
  • We are responsible for and must be able to demonstrate compliance with the data protection principles listed above (Accountability)

Privacy Policy

Date May 4, 2023

1. Data Controller

We are acting as a data controller with respect to your personal data collected through the Website, and therefore we determine the purposes and means of the processing of that personal data in accordance with applicable law

2. How We Collect Your Personal Data

We obtain your personal data mainly through any information you provide directly to us or automatically when you use features of our Website. Below is a list of ways in which we collect your personal data.

Personal data collected directly from you, including:

  • When you enter and use our Website, and/or when performing contractual obligations
  • When you complete a questionnaire for potential partnership or contact us for any enquiries, complaints or for any other reason

Personal data collected from other sources, including:

  • Automatically collected information, including device and usage information

3. Personal Data We Use, Purposes And Legal Grounds

We may collect the following personal data from you depending on the Website features you use and the service we provide to you. We will only process your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

Type of information Purpose Legal basis of processing

Data about your use of our Website.

IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views, website navigation paths, timing, frequency, pattern of your service use.

To analyse the operation of our Website and services.

Legitimate interests in monitoring and improving our Website and services.

Profile data.

Your name, position, address, telephone number, email address, gender, date of birth.

Operating our Website, providing our services, communicating with you. Fulfilment of KYC/AMLprocedures.

Consent.
Legitimate interests in the proper administration of our Website.

Publication data.

Information that you provide via questionnaire for potential partners.

Operating our Website, providing our services, communicating with you. Fulfilment of KYC/AMLprocedures.

Consent.
Legitimate interests in the proper administration of our Website.

Inquiry data.

The inquiry data may be processed for the purposes of fulfilment of our KYC and AML obligations.

Legitimate interest for the purpose of preventing fraud, protecting the reputation of Embria, comply with the applicable law.

Notification data.

The notification data may be processed for the purposes of sending you the relevant notifications and/or newsletters.

Consent.

Correspondence data.

The communication content and metadata associated with the communication.

The proper performance of our contractual obligation before you.

Consent.

Any of your personal data identified in this Privacy Policy.

Exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure, the protection and assertion of our legal rights, your legal rights and the legal rights of others.

Legitimate interests to protect our legal rights.

Any of your personal data identified in this Privacy Policy.

Obtaining or maintaining insurance coverage, managing risks, or obtaining professional advice.

Legitimate interests to protect our rights and business.

4. Information We May Provide To Third Parties

We may disclose your personal data to the third parties listed below. When we do so, we require those third parties to have appropriate technical and organisational measures in place to protect your personal data. We will not share any of your personal data for any purpose other than the purposes described in this Privacy Policy, nor will we sell your personal data to anyone.

4.1 Any member of our group of companies (this means our subsidiaries, our ultimate holding company and all its subsidiaries) insofar as reasonably necessary for the purposes, and on the legal basis, set out in this Privacy Policy.

4.2 To our insurers and/or professional advisers insofar as reasonably necessary for the purposes of managing risks, obtaining professional advice, or the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.

4.3 Governmental and regulatory bodies, including law enforcement authorities, in connection with enquiries, proceedings or investigations by such parties or in order to enable Embria to comply with its legal and regulatory requirements.

4.4 Partners, contractors and/or vendors in order to perform processing on our behalf.

5. Your Data Protection Rights

You have the following rights with respect to the personal data we hold about you:

The right to be informed.

Embria is publishing this Privacy Policy to keep you informed about why we collect and how we process your personal data. This information concerns, among other things, the data categories we process, for what purposes we process them, the origin of the data if we did not acquire them directly from you and, if applicable, the recipients to whom we have sent your data.

The right to access.

You have the right to receive a copy of the personal data we hold about you and to check that we are lawfully processing it. You can obtain a copy of your data from us free of charge. If you are interested in additional copies, we reserve the right to charge you.

The right to correction (rectification).

You can request that we correct your data. We will take appropriate measures to keep the data that we continuously process correct, complete, and up to date, based the latest information available to us.

The right to erasure

(right to be forgotten).

YYou can request that we delete your data, provided the legal requirements have been met. In accordance with Article 17 the GDPR, this can be the case if:

  • the data are no longer required for the purposes they were acquired or otherwise processed;
  • you revoke your consent, which is the basis of the data processing, and there is no other legal basis for the processing;
  • you object to the processing of your data and there are no legitimate reasons for the processing or you object to data processing for the purposes of direct advertising;
  • the data have been processed illegally.

Where the processing is not necessary:

  • To ensure adherence to a legal obligation that requires us to process your data;
  • In particular with regard to legal retention periods;
  • To assert, exercise or defend against legal claims.

The right to restrict processing.

You can request that we restrict the processing of your data if:

  • You dispute the correctness of the data – for the period of time we need to check the correctness of the data;
  • The processing is illegal, but you do not wish to have your data deleted and request a restriction of use instead;
  • We no longer need your data, but you need them to assert, exercise or defend against legal claims;
  • You have filed an objection to the processing, though it has not yet been decided whether our legitimate grounds outweigh yours.

The right to data portability.

At your request, we will transfer your data -where technically possible- to another responsible entity. However, this right only applies if the data processing is based on your consent or is required to fulfill a contract. Instead of receiving a copy of your data, you can ask us to send the data directly to another responsible entity that you specify.

The right to object.

You can object to the processing of your data at any time for reasons that arise from your special situation provided the data processing is based on your consent or our legitimate interest or that of a third party. In this case, we will no longer process your data. The latter does not apply if we are able to prove there are compelling, defensible reasons for the processing that outweigh your interests or we require your data to assert, exercise or defend against legal claims.

The right to withdraw consent.

You have the right to withdraw the consent you gave us, with regard to the processing of your personal data for certain purposes, such as to allow us to promote our products and services to you.

The right to complain.

Embria takes your rights very seriously and will take all actions required to address your concerns. However, if you are of the opinion that we have not dealt with your complaints adequately, you have the right to submit a complaint to the data privacy protection authorities responsible. You can visit their website to find out how to submit a complaint (http://www.dataprotection.gov.cy).

6. International Transfers Of Your Personal Data

6.1 We may transfer your personal data to our offices outside the Republic of Cyprus, where the European Commission has determined that the relevant jurisdiction provides adequate protection for the privacy rights of individuals. We will only do so when it is necessary for one of the purposes set out in this Privacy Policy.

6.2 We do not envisage that any of your personal data will be transferred to any other countries outside the European Economic Area (EEA).

6.3 In the event that this changes in the future and one or more recipients of your personal data are located outside the EEA, where data protection laws may be of a lower standard than in the EEA, we will impose the same data protection safeguards that we deploy inside the EEA to ensure that your personal data are always protected.

7. Retaining And Deleting Personal Data

7.1 We will keep your personal data for as long as is necessary for the purpose for which we initially collected them. Once such period has ended, we will keep your personal data for the longest of the following periods: a) any retention period set out in our retention policy which is in line with regulatory requirements relating to retention; or (b) the end of the period in which legal action or investigations might arise in respect of the services provided.

7.2 Once the retention period of your personal data lapses, we will ensure that your personal data are either irreversibly anonymised or securely destroyed.

8. Confidentiality And Security

8.1 We deploy various security measures, such as encryption and authentication tools to protect and maintain the security, integrity and availability of your personal data.

8.2 100% protection against unauthorised access in the case of data transfers across the internet or a website cannot be guaranteed, nevertheless we and our service providers and business partners do our utmost to protect your personal data in line with the data protection legislation by means of physical and electronic precautions. Among other things, we use the following measures:

  • Strict criteria for authorisation to access your personal data on a “need-to-know” basis only and exclusively for the specified purpose;
  • Transfer of acquired data in secured form;
  • Storage of confidential data in our secure servers;
  • Firewall safeguarding of IT systems to provide protection against unauthorised access;
  • Continuous monitoring of access to IT systems to detect and prevent the misuse of personal data.

8.3 If you have received a password from us in order to be able to access certain parts of our Website, you are responsible for keeping this password confidential and for complying with all other security procedures which we notify you of from time to time. We ask you not to share your password with anyone.

9. Cookies

Our Website may use cookies to help us ensure its smooth operation and in order to improve your experience. For more details, please read our Cookie Policy.

10. Changes To This Privacy Policy

We may update this Privacy Policy from time to time by publishing a new version on our Website. We will amend its revision date so that you know when we last amended it. We encourage you to review this Privacy Policy periodically to always be informed about how we are processing and protecting your personal data.

11. Contacts

If you have any questions about our Privacy Policy, wish to obtain more details in relation to the personal data we process about you, or wish to exercise any of your rights set out in section 5 above, please contact us via email at: inbox@embria.com