Privacy Policy

PREAMBLE

GRECA TRANSPORT LTD takes your privacy seriously. Please read the following to learn more about our privacy policy.

The information contained in this document is primarily intended for those of you who, in relation to GRECA TRANSPORT LTD, act as one of the following:

In accordance with the valid legislation, we would like to inform you that GRECA TRANSPORT LTD may process your personal data. This document describes what type of data we process and when and explains important terms and your rights. Please read the document thoroughly.

The processing of your personal data is governed by the following principles:

We only process your personal data for a purpose determined in:

We protect your personal data against:

Who holds your personal data?

GRECA TRANSPORT LTD that received your personal data from you or collected your personal data for one or more purposes shall always be your personal data controller.

The personal data controller will collect and handle your personal data and be responsible for their due and lawful processing. Please contact your personal data controller if you want to exercise any of your rights.

Your data are typically managed by the company that you are a client of or cooperate with, most often the company that you have already signed a contract with.

If you are not sure, contact us.

Who can your personal data be transferred to?

GRECA TRANSPORT LTD may act as controllers and processors of your personal data vis-à-vis each other, especially when you use a large range of our products or you use our products in multiple countries.

By sharing selected personal data with GRECA TRANSPORT LTD, we can ensure that your data always remain up to date. Thanks to that, you will receive quick and high quality services because we will be able to properly identify you and set up the products you use so as to suit your needs (e.g. a well-established billing system).

We may only transfer your personal data outside GRECA TRANSPORT LTD if it is required by the offered service, if it is stipulated by law, or if you allow us to do so. On the other hand, GRECA TRANSPORT LTD may act as data processors for other personal data controllers outside GRECA TRANSPORT LTD (drivers' employers).

Some of our services may be provided in collaboration with entities (companies or individuals - controllers, processors) outside GRECA TRANSPORT LTD. If your personal data are shared with another entity, we always check what type of personal data is provided and why. We also verify whether the other entity is able to provide sufficient guarantees and has sufficient expert knowledge to handle the personal data.

If we entrust another party with the performance of a certain activity that constitutes part of our services, the relevant personal data may be processed in the performance of such activity. In some cases, such suppliers may become personal data processors. The processor may solely handle the data for the purposes for which the processor was authorized by us. In such case, your consent is not required for the performance of the processing activities.

If we use cloud repositories (see the glossary of terms below), we always strive to use those located within the EU and always emphasize ensuring a high level of personal data security.

If you are our client’s employee, typically a driver, GRECA TRANSPORT LTD only acts as the processor of your personal data for your employer who uses our products/services.

The following entities outside GRECA TRANSPORT LTD may particularly act as personal data processors, controllers or joint controllers:

Under certain circumstances, we may be bound to disclose your personal data to various governmental and international authorities, but only to the extent required by the applicable legislation.

Your personal data may be processed on the territory of the Republic of Cyprus and of other countries of the European Union or, where applicable, on the territories of the countries in which GRECA TRANSPORT LTD has its presence. Concerning the countries outside the EU, we provide adequate safeguards of the protection of personal data.

What is our source of your personal data – do you have to provide us with the information?

Most often, we collect your personal data from you because their processing is necessary for the execution and performance of the contract (the provision of products/services), the fulfillment of our legal obligations or the protection of our legitimate interests. Depending on the situation, we may also process personal data that are available from public sources and registers (trades, business, insolvency registers) and, in some cases, data from third parties (about our customers’ employees, such as an accountant’s or dispatcher’s phone number or selected personal data of drivers, as well as data from the state administration, or information from the persons listed as references in your application in the selection proceedings). In all these cases, you are required to provide us with your personal data because we would be unable to cooperate with you without such data.

In some cases, you have provided us with your personal data based on your voluntary consent. A voluntary consent means that you are not required to provide us with your personal data and that you may withdraw your consent at any time.

Persons under the age of 18

Our customers or suppliers regularly do not include persons under the age of 18. Such persons may, however, be willing to join us for internship training period or temporary job. Their personal data are therefore used for restricted purposes.

Why do we hold your personal data and how do we use them?

We can process mainly the following categories of personal data, especially for the purposes listed below. Our processing is governed by the valid legislation and always subject to verification of the legal grounds for processing.

The scope of collected personal data varies according to the purposes for which the personal data are needed. You can learn more from the examples provided further in this document.

Categories and scope of personal data:

1. Basic data = Identification and contact data

We need to identify you to make sure you are the person we are dealing with. That is why we may collect your basic identification and personal contact data via electronic, phone, written or personal communication.

The basic data include especially the following information: first name, surname, other names, date of birth, nationality, address, e-mail address, telephone number, identity card number, identity card photo, bank account number, company identification number, tax identification number, personal number, national identification number, if it has been assigned, vehicle registration plate number and VIN.

Data such as your name, surname, address, e-mail and account number may be part of the agreement you enter into for the use of our products. Your name, surname and phone number may be recorded during a phone call. When setting up an account on the client website, we may, in addition to contact and identification data, also collect the IP addresses or URL. In e-mail communication, we may collect your e-mail address, IP address, or the language you use.

2. Data relating to products/services

We may process personal data that are closely related to the manner in which you use our products/services or the data that you communicate or otherwise make available to us during your use of the products/services and may take this information into consideration in e.g. setting up the payment scheme.

We can, for example, investigate how often you use our services/products and for which fleet, or information about your payment history demonstrating your creditworthiness and reliability.

These may include offers provided to you, financial limits, payment reports and other similar information.

3. Data from our communication

We may collect information about how you access our services, from what devices and for what purpose. This helps us optimize and further develop our platforms, as well as improve the security of communication channels.

These data may include the IP address, device browser and hardware information, your chosen form of communication - phone, email, mail, online chat, Instagram, Facebook, Twitter, LinkedIn, whether it is a response to a business communication, or information from surveys.

We are interested in hearing your opinion; we may therefore collect information that can be used to improve our services, offer you products that are best suited for you and deliver these products in the manner that is most convenient for you.

We can also process feedback, comments, suggestions and results of non-anonymous surveys as personal data.

Such information may include information on the use of our websites and applications, information about our mutual contact via any contact point (for how long, which topic was discussed and which communication channel was used), including settlement of complaints and service requests.

4. Profile data

In automatic data processing mode, we can process your basic characteristics, business information and risk data. These data will enable us to offer you products/services that suit your needs and to ensure both our and your safety.

We can use the data for profiling that involves tracking, analyzing and storing personal data in databases to create personal profiles, even in an automated mode. Thus processed personal data may serve to create business recommendations so that we can offer you tailor-made products and services. Such information, particularly after its generalization, may also be used to create marketing campaigns. Such data also allow us to set up more advantageous services for you. Automated personal data processing does not mean that an automated decision was made having specific consequences for you. Even automated data processing always involves a human factor, either initially when selecting the data or groups of data, or when controlling the output.

Such data may include, for example, the scope of services ordered, payment transactions or financial or cyber risk assessment.

 

What makes us authorized to process your personal data and what particular purposes your data can be processed for

You have signed or plan to sign a contract with us

Conclusion and performance of a contract

Who may be concerned: Customers, suppliers

What type of personal data can be processed for particular types of contracts: 

In addition, depending on the type of service used:

Service requirements and other individual requirement solutions

Who may be concerned: Customers, suppliers

What type of personal data, in particular, we process: financial transaction data, SIM identification from the toll unit, etc.

Processing of cash transactions under a contractual relationship

Who may be concerned: Customers, suppliers

What type of personal data, in particular, we process: name, surname, address, tax identification number and registered office of private entrepreneurs, email, telephone, bank account number, financial transaction data and authorization terminal data, data on the recipient of the funds, amounts, dates of processing, performance, e.g. entering a payment order, where the drawdown was made and how much was drawn, etc.

Ensuring access to our website client (non-public) sections and applications

Who may be concerned: Customers, suppliers

What type of personal data, in particular, we process: name, surname, address, tax identification number and registered office of private entrepreneurs, email, telephone, IP address, access data, etc.

We have a legitimate interest in processing personal data.

Business activities

Collection of receivables and protection of our other rights

Who may be concerned: Customers, suppliers, statutory bodies, employees and co-operating parties of our customers or suppliers

What type of personal data, in particular, we process: name, surname, address, tax identification number and registered office of private entrepreneurs, email, telephone, bank account number, and financial transaction data: amounts, performance, etc.

These are, for example, situations where a customer is in default and in order to recover the amount due, the customer’s identification and financial transaction data serve as a basis for a court action.

Business partner relations management

Who may be concerned: Customers, suppliers

What type of personal data, in particular, we process: name, surname, address, tax identification number and registered office of private entrepreneurs, e-mail, telephone, bank account number, and financial transaction data: amounts, performance, financial limits, billing dates, etc.

We process personal data in order to improve our relationships. These are, for example, situations where we discuss the transition from prepaid services to services paid retrospectively

Telemarketing

Who may be concerned: Customers

What type of personal data: name, surname, business name, telephone.

When customers are contacted via a telephone (voice) line by GRECA TRANSPORT LTD with an offer of our products/services, yet only by the company with which the customer has already been in contact before.

Communicating other important information

Who may be concerned: Customers

What type of personal data, in particular, we process: selected personal data related to business information, such as changes in business conditions, etc.

Security activities / risk management

Assessment of financial risk and creditworthiness

Who may be concerned: Customers, suppliers

What type of personal data, in particular, we process: information from the insolvency register, checking open items in the internal system.

We can validate such data on a continuous basis. If no risk is identified, the data are disposed of after the assessment.

Voice records

Who may be concerned: Customers, suppliers, future employees

What type of personal data, in particular, we process: name, surname, telephone, or more extensive data depending on the particular situation.

Voice recordings are made in selected cases when communicating over the phone; you are always alerted to the possibility that the call can be recorded. The records serve, in particular, to improve the quality of service and to protect both your and our rights.

Profiling for business use

Who may be concerned: Customers

What type of personal data, in particular, we process: name, surname, address, business name, transaction history, vehicle registration plate number, etc.

These are situations where personal data are processed especially for the purposes of analyzing changes in customer behavior. The output of the profiling process itself has no direct impact on the customer and serves, primarily, as the basis for our sales representatives who can, based on such output, tailor the services to your real needs.

Internal processes

Product and service development, simulation and testing

Who may be concerned: Customers, future employees

What type of personal data, in particular, we process: various combinations of personal data needed to set up future products/services or improve current products/services.

Internal analysis and training of predictive models over historical data

Who may be concerned: Customers, suppliers, future employees

What type of personal data, in particular, we process: various combinations of personal data, such as name, surname, tax identification number, vehicle registration plate number, financial transaction, card number.

Accounting and Taxes

Who may be concerned: Customers, suppliers

What type of personal data, in particular, we process: name, surname, address, tax identification number and registered office of private entrepreneurs, e-mail, telephone, bank account number, and financial transaction data: amounts, performance, billing dates, etc.

Other

Communication

Who may be concerned: Customers, suppliers, future employees

What type of personal data, in particular, we process: name, surname, address, tax identification number and registered office of private entrepreneurs, e-mail, telephone, social media profiles, etc.

We can use personal information to answer your questions, requests or complaints. We can use data about your personal visit or records from telephone communication.

Employment

Who may be concerned: future employees

What type of personal data, in particular, we process: name, surname, address, e-mail, telephone, CV data, other persons' data in case of references, information you provide us during the interviews.

We can keep this information for a period until the specific position is occupied and for a period until the selected candidate's trial period expires. We need this information to evaluate your interest in a specific position and to inform you about the course and outcome of the selection process.

We have acquired your consent

If we need your consent, we always explain what type of data we would use and why. Your consent is absolutely voluntary and it is up to you to decide whether you will provide your consent to us. Your failure to provide your consent to such processing shall not affect the scope of services you have ordered from us.

If we ask you to give us your consent to the use of your personal data, you may decide whether the reason for the use of your personal data is important and acceptable to you and, based on the decision, you will/will not give us your consent.

If you grant us your consent, you are entitled to withdraw your consent at any time. The easiest way to withdraw your consent is described below in the section concerning your rights.

Marketing activities

Who may be concerned: Customers

What type of personal data, in particular, we process: name, surname, business name, e-mail, telephone number.

Storing cookies

For this purpose, we process information on the devices from which you electronically access our services, your service setting preferences and the data you fill in on our website in order to ensure your user-friendly and convenient use of our website. We store certain data on your device in the form of “cookies” (see the glossary of terms below). Cookies allow us to respect your choice of language and maintain the data entered by you in our online forms in case you want to return later. You are specifically alerted to our request to process cookies.

Consent to make copies/scans of your identity cards

For some products/services, we may request your consent to obtain a copy or scan of your identity card. You are not obliged to give us your consent; your consent will serve to facilitate the provision of the service, yet will not affect the decision on the actual provision/non-provision or use/non-use of the service.

Employment

Who may be concerned: future employees

What type of personal data, in particular, we process: name, surname, address, e-mail, telephone, CV data, other persons’ data in case of references, information you provide us during the interviews, etc.

If you are not successful in a selection procedure for a specific position, yet you remain interested in potential cooperation with us in the future, we will keep your CV for a period of 3 years or until you withdraw your consent; otherwise, your personal data will be erased upon the expiry of the trial period of the selected candidate as, on that date, our legitimate interest, as described above, will expire.

The processing of personal data is required pursuant to valid legislation

We present below the most important legislation stipulating what type of personal data, how and for how long we may or must process.

Prevention, control, evaluation and detection of money laundering

Who may be concerned: customers, their representatives, members of statutory bodies, actual owners of legal entities

What type of personal data, in particular, we process: name, surname, address, tax identification number and registered office of private entrepreneurs, e-mail, telephone, bank account number and financial transaction data: amounts, performance, performance recipients, etc.

In addition, for this purpose, we collect information about actual business owners, members of the corporate governance structure, customers’ and their related parties’ political exposure; to the extent necessary we also use software tools for information and transaction analyses.

Processing of accounting and tax information

Who may be concerned: customers, suppliers, etc.

What type of personal data, in particular, we process: name, surname, address, tax identification number and registered office of private entrepreneurs, e-mail, telephone, bank account number and financial transaction data: amounts, performance recipients, dates, etc., i.e. information regularly found in invoices, tax returns or transaction statements.

We are obliged to maintain such information for up to 30 years.

HOW LONG WE KEEP THE DATA

We only store your data for the necessary period of time; after the completion of processing, we archive the data in compliance with the requirements of the applicable legislation, delete or anonymize the data. We continually evaluate which data is still needed to be retained. For your information, we state below certain selected periods:

WHAT ARE YOUR RIGHTS RELATED TO PERSONAL DATA PROTECTIONS?

Right to information means that you have the right to receive information about which companies, how and why process your personal data and information about other facts contained in this information memorandum.

Right of access means that you have the right to know what type of information we process about you and why, who they are shared with (if applicable) and what is our source of your personal data.

Right to rectification means that you are entitled to request correction as soon as you find out that we do not have your updated personal data or use inaccurate data (misspelled name, old address…).

Right to erasure also known as the right to be forgotten means that your personal data will be erased as soon as permitted by other legislation, particularly if the purpose for which the personal data were used was met (termination of contract, termination of selection procedure, etc.)

Right to restriction of processing means that we will not process your personal data in the period in which we, at your initiative, investigate the accuracy and completeness of your personal data, or if you explicitly wish that we do not delete your personal data for an important reason. This right may partly be exercised even without your explicit instructions (particularly if we find out that your personal data are not accurate). As soon as the reasons for restriction of processing no longer exist, we will inform you of the same.

Right to portability of data means that, if needed, you can request us to transfer your personal data to you or to another data controller in an electronic form. This only applies to your personal data held in electronic form, which we need to perform a contract with you or for the processing of which we received explicit consent from you.

Right to object against processing. You can exercise this right if you do not wish us to use your personal data for the purposes of direct marketing, or if you believe that we are not entitled to process your data.

Right to withdraw consent. You can use this right at any time if you decide that you no longer wish us to process your data for the purpose for which you gave us your consent. Withdrawal of your consent shall not affect the processing carried out prior to withdrawal of your consent.

Automated decision-making means that you have the right not to be the subject of a decision made without any human intervention, including in profiling.

We will do all that can be reasonably expected from us to allow you to exercise your rights. However, we are unable to meet your requirements in cases where we are unable to allocate the personal data to your person.

HOW CAN YOU EXERCISE YOUR RIGHTS?

You can exercise your rights with GRECA TRANSPORT LTD that carries out your personal data processing. Most often, it is the company that you provided your personal data to.

You can exercise your rights via GRECA TRANSPORT LTD email address: orders@greca.com.cy.

In the event that GRECA TRANSPORT LTD breaches any of your rights relating to personal data protection, you have the right to lodge a complaint with the data protection authority in the relevant country. You can find a list of these authorities at the following link (http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm).

GLOSSARY OF TERMS