1. Introduction

The Company is committed to collecting and processing your personal data in accordance with the provisions of Regulation (EU) 2016/679 (hereinafter referred to as “GDPR“). The Company as Data Controller informs you on the way it collects and processes information about you in accordance with all applicable European and national laws concerning personal data.

Personal Data is any information relating to natural persons whose identity is known or can be identified (hereinafter referred to as “Personal Data“). Protecting your Personal Data is very important for the Company, which takes steps to this end.

This Policy sets out the kind of information that our Company may collect from you and informs you on how we use this information. When you voluntarily provide us with personal information, such as your name, address, or email address, we use this information in strict confidence. Subject to the specific provisions of this Policy, no Personal Data is rented, sold, publicly posted or disclosed to other companies, organizations or websites.

This Policy applies to the collection and use of your Personal Data by the Company (eg information that identifies a specific person such as full name or email address).

2. What Information We Collect From you

During our business, we collect, as appropriate, the following Personal Data when you provide it to us:

• your Personal Information & Contact Information or information about persons proposed by you, from whom you have obtained explicit consent (full name, telephone numbers, contact address, Email, activity / profession);
• Electronic identification data (when Company is providing services to you);
• Academic data, job history / training information when you submit your CV;
• When you visit the Company’s Website, we may collect personal information from you. This data may include your search history, IP address, screen resolution, the browser you used, your operating system and settings, access times, and your URL. If you use a mobile device, we may also collect data that identifies your device, settings, and location;
• The Company reserves the right to collect anonymous data for Users (browser type, type of computer, operating system, internet providers, etc.) and / or to monitor Internet (IP) addresses using appropriate technologies (cookies). Cookies are small text files that are stored on each User’s hard drive without being possible to access to documents or files stored in User’s computer. They are used to facilitate User access when using certain services and / or pages of the Website, and for statistical purposes. For more information about cookies used by the Website, Users are kindly requested to visit the page Cookies Policy.

3. How We Collect your Personal Data

We collect your Personal Data directly from you in the following ways:

• Through contact forms
• By E-mail
• Through phone calls
• Through Fax
• In the course of our contractual relationship (Service Provider/License Agreement)
• When you express interest in purchasing our marketing and communications  services and for our offers/special deals/services
• Through our authorized Employees / Partners
• Electronically, when we receive job applications
• When you are contacting us via our info e-mail  info@wanax-cy.com or on our social media accounts (you tube, linkedIn) in order to submit questions/requests

By submitting your Personal Data to the Company, you consent to the use of this data in accordance with this Policy. Your Personal Data is not used for any other purpose unless we obtain your permission, or unless required by law or professional standards.

4. Use – Disclosure of Personal Data

We use your Personal Data to respond to your requests for provision of services, to give you update and communicate with you for matters that may be of interest to you, such as offers, new features of our services, to communicate about user-related issues, e.t.c.

We do not disclose your Personal Data to third parties not affiliated with us, unless required to do so by our legitimate professional and business needs, in order to respond to your requests and / or if required or permitted by law or business standards provided we have your express consent to this.

Furthermore, we may transfer your Personal Data to our affiliates, banking institutions, or to business partners of our Company’s providers, such as insurance companies, digital marketing companies, consulting and auditing companies, IT & software companies.

In all the above cases, Company only transfers Personal Data to third parties that meet our strict data processing and security standards and act only as specifically authorized by us. We also ensure that such third parties are fully bound by terms of privacy and confidentiality as provided in the applicable data protection and privacy regulation.

In addition, as provided by law, the Company may disclose your data to public authorities of all kinds (i.e public services, insurance funds, tax authorities, etc.) to judicial, public and independent authorities, competent Ministries, Prefectures, regional health directorates, customs offices, tax offices, health authorities, economic crimes enforcement agencies, police departments, prosecutors, independent auditing companies upon lawful request, if this is absolutely necessary to defend legal rights or fulfill Company’s obligations.

In the event of reorganization or sale of our Company to another organization, the Company may also disclose Personal Data relating to the sale, assignment or other transfer of business.

In addition, the Company may disclose Personal Data, if necessary, during the conduct of audits concerning the protection of Personal Data and system’s security and / or for investigation or response to a complaint or security threat.

5. Transfers of Personal Data to Countries outside the EU and EEA

We may transfer the Personal Data we collect from you to countries outside the country in which the Personal Data were originally collected. These countries may not ensure the same level of protection as the country in which the Personal Data were originally collected. When we transfer your Personal Data to third countries, we take the appropriate measures to protect the Personal Data in accordance with this Policy and all applicable privacy laws and regulations.

6. Legal Basis and Purpose of Use and Processing of your Personal Data.

The Company only collects the necessary Personal Data to address your requests in the course of its commercial activity and operations. In cases where additional, optional information is required, you will be informed at the time of the collection of the Personal Data. As required by the national and European law (including GDPR), we process Personal Data, only for as long as we have the legal basis to do so. Therefore, when we process your Personal Data, we rely on one of the following legal bases:

• To perform a contract: When the processing of your Personal Data is necessary for us to fulfill and comply with our contractual obligations.
• When we have a legitimate interest: We may process data about you when we have a legitimate interest in performing a lawful activity and to ensure continuity of the said activity, as long as it does not override your interests. This may be the case, for example when you ask for information about our products/new products.
• Where there is a legal obligation: We are required to process your Personal Data to comply with a legal obligation, such as keeping records for tax purposes or providing information to a public entity or health authority or complying with other insurance, accounting or tax provisions.
• When We Have your Consent: Occasionally, we may ask you for special permission to process some of your Personal Data, and your Personal Data will only be processed if you agree to this. You may withdraw your consent at any time by contacting the Company at info@wanax-cy.com.

The Company collects “sensitive” Personal Data only when data subjects voluntarily provide these data and have given explicit consent to their processing or when the collection of such data is required by employment or social security laws. The concept of ‘sensitive’ data includes Personal Data relating to a person’s racial origin, nationality, political beliefs, trade union membership, religious or similar beliefs, his or her physical or mental health, his or her sexual health.

7. Information Security

The Company uses commercially reasonable administrative, technical, personnel-related, and physical security measures designed to safeguard the Personal Data in our possession against loss, theft and unauthorized use, disclosure, or modification. Such measures include, where appropriate, the use of firewalls, secure server installations, encryption, implementation of appropriate access rights systems and procedures, implementation of access control policies, careful selection of vendors to process and check compliance with the GDPR and other reasonable organizational and technical measures for providing appropriate protection for your Personal Data, which are updated taking into account the technology developments and the cost of implementing them.

All employees are bound by terms of privacy and confidentiality and your Personal Data is processed only by Company’s specifically authorized personnel.

8. Storage – Protection of Personal Data

The Company has taken appropriate technical and organizational measures to ensure the security and protection of Personal Data by achieving safe storage of the Personal Data and prevention of any accidental loss or destruction and any unauthorized and / or illegal access, use, modification or disclosure. Examples of such measures include:

• physical security measures such as access control and logging, security policies, implementation of document destruction measures, installation of security locks, etc.

Your Personal Data is stored in data centers which are located mainly in Cyprus, where the Company’s data center is located, while the Company’s (primary) backup site is located in the Company in a secure area fulfilling all necessary precautions.

Also some of the stored data may be located in cloud service providers whose datacenters are located in Europe. If you need more information, please can contact the Company at info@wanax-cy.com.

9. Retention Period

We retain your Personal Data both in physical and electronic form, for the period required to perform and complete the purposes stated above, including complying with legal, accounting or information requirements, and fulfilling, to the extent possible, your needs. It is specified that we will keep and process your Personal Data for the duration of our contractual / customer relationship. In the event that the relationship is terminated or interrupted in any way, we will keep your data for as long as required by tax law, the applicable legal and regulatory framework, and the approved codes of conduct. We will also keep your Personal Data:

1. If you send us an e-mail at info@wanax-cy.com submitting a request, your Personal Data is retained for as long as it is required to address you request.
2. If you send us a resume, for as long as it takes for the Company to evaluate your qualifications and abilities and to consider opportunities for collaboration. If you are not finally selected for the post, your CV will be retained in file for future use, for 1 year. 

However, any necessary Personal Data relating to your transactions with the Company as well as notices provided to you about the processing of your data, may remain as client information to ensure that the Company is legally processing your Personal Data, and to secure both parties’ legal claims. Please note that if there is a pending legal dispute between us that go beyond the aforementioned retention periods, we will keep your data until issuance of a final court decision. After the retention period expires, your Personal Data is permanently removed from the Company’s records and information systems or we anonymise them so you can no longer be identified.

10. Your rights regarding the processing of your Personal Data

Whenever we process Personal Data concerning you, we take reasonable steps to ensure that your Personal data is kept accurate and up-to date for the purposes for which it was collected.

Under GDPR (Articles 12 to 22), you have the following rights:

• Request a copy of your Personal Data,
• Withdraw your consent when this is the legal basis for the processing of your Personal Data,
• Request the deletion of the Personal Data you have provided, subject to any restrictions provided by applicable law,
• subject to applicable law, ask for restriction of processing,
• Request the portability of your Personal Data,
• Object to the processing of your Personal Data.

To exercise the above rights, you may contact us at the following e-mail: info@wanax-cy.com or by post or in person at Wanax Limited , 67,Lemesou str. Nicosia, Cyprus, 2121. In case where you exercise one or more of the above rights, we will take all reasonable steps to satisfy your request within a reasonable time, but not later than one (1) month of receipt of the request. The above timeline may be extended by two (2) further months, taking into account the complexity and number of the requests. The Company may retain the minimum Personal Data necessary to safeguard its legitimate interests.

Taking into account the circumstances and the nature of your request, we may not be allowed to give you access to Personal Data or otherwise fully comply with your request, for example, when the exercise of your request may reveal the identity of another person. We reserve the right to charge the appropriate administrative fee to fulfill your request, where permitted by applicable law, and / or to refuse your request in cases where such request is unfounded, excessive or otherwise unacceptable in accordance with applicable legislation.

Finally, each User has the right to ask the Company about the way his / her Personal Data is processed and protected, and if he / she considers that any of his / her rights have been infringed, he / she has the right to file a complaint with the Office of the Commissioner for Personal Data Protection ( https://www.dataprotection.gov.cy/dataprotection/dataprotection.nsf/home_el/home_el?opendocument , Iasonos 1, 1082 Nicosia, Cyprus, P.O.Box 23378, 1682 Nicosia, Cyprus, +357 22818456).

11. Our Children’s Policy

We are committed to protecting the privacy of children. You should be aware that this Website content and services are not intended for, or designed to be addressed to children under the age of 16. No Personal Data should be submitted to the Company through the Website by visitors who are younger than 16 years old. If it comes to our attention that an under 16 years old User of this Website has volunteered Personal Data and/or health-related Personal Data, without the given or authorized consent of the holder of parental responsibility over such child, we will promptly, upon relevant notification or request, delete such Personal Data in accordance with our deletion policy.

12. Social Media Share Button

The Company has official social media accounts, specifically on LinkedIn and YouTube. On its website, the Company incorporates an additional social media share button for LinkedIn and YouTube, inviting Website visitors and users to follow the Company in the respective social media (follow/like) as well as upload posts and comments. During your use of the social media we may collect certain personal data (such as your profile data in the corresponding medium).

Based on European Court of Justice case-law, the Company is considered a Joint Controller for processing your data together with each social medium. Within this context, the Company has posted a link to this Privacy Policy on an easily accessible spot on each corporate social media account, it strictly complies with the obligations relating to the protection of personal data by taking the appropriate technical and organizational measures (such as limiting the number of people with access to corporate social media accounts) in order to ensure the safe processing of data.

The purpose of the data processing is to make visible and promote the Company’s image and services, to provide updates or to communicate with you, responding to the messages/comments you send us.

The legal basis for processing is your consent, which you provide when you actively click on the social media share button, the “like” or “follow” button on the Company’s social media. You can withdraw your consent at any time in the same manner in which you provided it, i.e. by clicking “unlike” or “unfollow”.

The Company is not responsible for how each social medium processes your data and it is your responsibility to be informed about it by reviewing the respective Privacy Policy of each social medium .

Finally, while the Company wishes and encourages users to comment on posts and/or pages it maintains on social media, it informs users that any post or comment uploaded should respect the basic rules of politeness, decency and respect to different views, ensuring a safe online environment and will remove any content deemed to violate the terms of use   of the   Website, such as insulting, pornographic, or threatening content or content violating intellectual property rights, and may block users who violate these terms.  In any case, if you consider that content posted on Company’s official social media accounts violates the terms of use, please contact us  immediately.

13. CalOPPA Do-Not-Track Notice

Company does not track its users over time and across third party websites and therefore does not respond to Do Not Track (DNT) signals. Company does not authorize third parties to collect Personal Data directly from our users on our web site, such as through the use of third party advertisements.

14. Privacy Policy Updates

Company may, at any time, revise this Policy by updating this posting.  Please check the Date of Implementation of the Policy at the top of the Policy to see when it was last updated. The updated privacy policy will become effective as soon as it is published at the Website.

If we make substantive changes to this Policy that broaden our rights to use the Personal Data that we have already collected from you, we will inform you and provide you with a choice for the future use of these data.