General Privacy Notice (“Notice”)
GP GENERAL PROCUREMENT COMPANY LIMITED (GENPRO) recognise and respect the rights and privacy of our applicants, current and former employees, suppliers, and customers.
This Notice explains what we do with your personal data, whether you are applying for employment with us, visiting our premises, continuing your relationship with us, we are providing you with a service or we are receiving a service from you.
It describes how we collect, use and process your personal data, and how, in doing so, we comply with our legal obligations. Your privacy is important to us, and we are committed to protecting and safeguarding your personal data privacy rights.
This Notice applies to the personal data of our Data Subjects, for example, our Employees, Customers, Visitors, Suppliers of goods and services, and other people whom we may contact in order to find out more about our Employees or whom they indicate as an Emergency contact.
This Notice is written to comply with the applicable data protection legislation which includes, but is not limited to, the European Union General Data Protection Regulation (GDPR).
The company responsible for your personal Data (Data Controller)
Name: GP General Procurement Company Limited
Phone: +357 25843100
Address: 21 Spyrou Kyprianou Ave., Yermasoyia 4042 Limassol, Cyprus
How do we use personal data?
GENPRO may process personal data as part of its services, employment, risk management, document processing, marketing, procurement.
What personal data do we collect?
Prospective and current Employees:
In order to consider you for employment, or employ you, we need to process certain information about you. We only ask for details that will help us provide what is required as part of your application process or employment. For example, we need information such as your name, age, contact details, education details, employment history, emergency contacts, next of kin, immigration status, passport size photos, passport copies, bank account details, utility bills and of course other relevant information required for the purposes of your employment or that you may choose to share with us. Where appropriate and in accordance with local laws and requirements, we may also collect information related to your health, diversity information or details of any criminal convictions.
To enable employees to conduct GENPRO’s business, all employees will have access to one another’s business contact information including name, position, office telephone number, work address, work e-mail address, and photograph (if you choose to provide one).
Employees should be aware that photographs and videos are taken on our premises and during events we organise; selections of such material may be used for company marketing purposes (for example on our website or in promotional leaflets or posters) and their image or parts of their image may appear in the material or the background of said material.
Training and maintaining proficient and qualified employees is of great importance to us and as such, various training regimes and campaigns are in place. To this end we use several training systems provided and maintained by third-party providers. These may also include automated survey service suppliers, for feedback purposes not only to improve training but other aspects of employment such as our management system or work practices.
We collect a limited amount of personal data in order to improve your experience when using our website.
This includes information such as the frequency with which you access our website, and the times that our website is most popular.
To enable us to communicate with you and to ensure that we fulfill certain legal requirements such as KYC (know your customer) and AML (anti-money-laundering), we need to have certain details or the details of individual contacts at your organisation (such as their names, telephone numbers and email addresses). We ensure that our marketing communications to you are relevant and timely.
Suppliers of goods and services
We collect a small amount of information from our Suppliers to ensure that operations work properly. We need contact details of relevant individuals at your organisation so that we can communicate with you. We also need other information such as your bank details so that we can pay for the services you provide (if this is part of the contractual arrangements).
As part of due diligence and to protect the vital interests of our Data Subjects we, under certain circumstances, collect emergency contact details.
When visiting our premises, we collect the necessary personal data required for security and notification purposes. For security purposes, we also operate a Closed Circuit Television system (CCTV). The CCTV cameras only operate in common areas of our premises and are positioned so as not to intrude on privacy. The footage is kept for no longer than a month and access is strictly regulated.
Processing relating to endemic infectious diseases
We must protect our employees on our premises from endemic infectious diseases. In the event of an outbreak, we shall take steps to control entry to our offices. Such steps will be in line with local authority requirements and guidelines.
Where it is necessary and proportionate to do so, before you enter our premises, we shall ask you certain screening questions on your recent exposure to any such disease. We shall also check your temperature. We shall use this personal data concerning health to decide whether to allow you to enter our premises.
You can refuse to answer such questions or have your temperature taken. In such cases, we can refuse entry to you on our premises.
We have a legal obligation to protect our employees from such health risks. It is also in the interest of other people who are at risk of becoming infected.
The legal bases we use for lawful processing
In order for GENPRO to conduct business and fulfill its legal, regulatory and contractual obligations, it needs to perform legitimate and fundamental processing. These are:
- Establishing contracts
- Maintaining contracts
- Provision of all contracted services
- Invoicing, remittance, payments, collections
- Non-promotional communications
- Marketing and other promotional communications
- Risk management contract review
- Response to Subject Requests
- Performance measurement
- IT and telecommunication support services
- Business Continuity and Contingency Planning
- Legal and regulatory obligations
- Responding to enquiries, requests and complaints
- Employment processing
- Workforce planning
- Training and certifications
- Emergency communications
- To interact with other organizations, industry groups, professional associations
- Internal ethics reporting, security and investigations
Who will access or receive the personal data?
GENPRO needs to share the personal information it processes with individuals themselves and also with other organisations. Below is a description of the types of organisations with which GENPRO may need to share some of the personal information it processes.
- Agents and brokers
- Business associates, other professional bodies, and advisers
- Central and local government
- Claimants, beneficiaries, assignees, and payees
- Claims investigators
- Complainants, and enquirers
- Courts and tribunals
- Credit reference, debt collection, and tracing agencies
- Current, past, and prospective employers
- Debt collection and tracing agencies
- Education and examining bodies
- Employment and recruitment agencies
- Family, associates, and representatives of the person whose personal data we are processing
- Financial organisations and advisers
- Healthcare professionals, social and welfare organisations
- Insurance providers
- Law enforcement and prosecuting authorities
- Learning management system providers
- Ombudsman and other regulatory authorities
- Open reporting system providers
- Other affiliated companies
- Pension schemes
- Police forces
- Private investigators
- Professional advisers
- Share Administrators
- Suppliers and services providers
- Survey and research organisations
- Training system and software providers
- Unions, trade associations, professional bodies, and employer associations
The countries where personal data will be stored, processed and transferred
Your personal data collected by GENPRO may be stored and processed in the EU or any other country in which GENPRO or associated third parties maintain facilities. Should GENPRO need to transfer your personal data, we will take all reasonable measures to safeguard the transfer of your personal data to third parties in a manner that complies with the applicable data protection laws.
How long the personal data will be retained?
Retention of specific records may be necessary for one or more of the following reasons:
- Fulfilling statutory or other regulatory requirements
- Evidencing events/agreements in case of disputes
- Operational needs
- Historical and statistical purposes
Where we collect personal data for which we subsequently have no use for any business purpose, we then review and may destroy such personal data at our discretion.
The right to withdraw consent
In situations where GENPRO requests and receives your consent to perform processing, we are also obliged to stop such processing if you decide to withdraw your consent. Withdrawing consent is as straightforward as giving consent. Withdrawing consent cannot be back-dated so it has no effect on processing already performed during the period of consent.
The right to access, change, delete, restrict, object, request a copy
Under certain circumstances you have rights regarding the personal data we store on your behalf. These are:
- access to a copy of your personal data
- object to processing that you object to
- stop receiving direct marketing material
- object to decisions being taken by automated means
- have inaccurate personal data rectified, blocked, erased or destroyed
- lodge a complaint with the relevant data protection authority
- claim compensation for damages caused by a breach of the GDPR
What happens if the personal data is not collected?
Your personal data is required for communication and setting up a contractual agreement to provide employment, products, and services. Without this data GENPRO will not be able to communicate with you or enter into a contractual agreement with you. This includes both business and employment contracts.
GENPRO needs personal data to:
- enable consensual bilateral communications
- engage in pre-contractual activities
- honour contractual obligations
- enable it to employ people
Without this personal data, GENPRO will not be able to perform these primary activities.
Automated decision making
GENPRO does not use automated decision making.
A cookie is a small file placed onto internet enabled devices in order to recognise a device upon recurring visits, and in turn enable a website’s features and functionalities. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site.
Cookies may transmit information via a device’s browser with a purpose of authentication or identification via the IP address. For example, cookies enable us to identify a device, secure access to our websites, and keep track of web browsing preferences.
Cookies may also be used for recognising you as the user when you visit our website, remembering your preferences, and overall giving you a more personalised experience that’s in line with your settings.
Essentially there are two types of cookies:
- persistent cookies, and
- session cookies
A persistent cookie helps the website (and third party applications) to recognise you as an existing user, so it is easier to return and continue your existing user experience.
Session cookies are temporary cookies that remain on your device until you leave the website.
Our websites only utilise persistent cookies when any browser loads the site, essentially for keeping track and observing website visitor trends and statistics. This is applicable to various internet enabled devices, e.g. PC’s, smartphones and tablets.
Cookies may also be placed in your browser when visiting our website via third party application plugins or when using third party modules on the website. This applies when using social media “sharing” tools via third party application plugins. We do not, however, have access to details regarding your social media or personal data during this process. We can only see which pages of our website have been shared collectively over social media and how many times.
The table below demonstrates the cookies that we use and explains why we use them.
|_ga||Used to distinguish users.|
|_gid||Used to distinguish users.|
|_gat||Used to throttle request rate.|
|__utmt||Used to throttle request rate.|
|__utmc||Not used in ga.js. Set for interoperability with urchin.js. Historically, this cookie operated in conjunction with the __utmb cookie to determine whether the user was in a new session/visit.|
Controlling Cookies on your Device
Cookies on an Internet device help make the user experience of our websites better.
Most internet browsers are initially set up to automatically accept cookies. You can change the settings to block cookies or to alert you when cookies are being sent to your device, as well as delete them.
There are a number of ways to manage cookies. Please refer to your specific browser instructions or help screen to learn more about how to adjust or modify your cookie browser settings. If you use different devices to view and access this website (e.g. PC, smartphone, tablet, Smart TV) you will need to ensure that each browser on each device is adjusted to suit your cookie preferences accordingly.
For further information on Cookies, such as deleting, disabling or blocking cookies, please visit AboutCookies.org
For more specific information on how to adjust cookie configurations, please refer to your specific browser.
Changes to our Notice (FOR WEBSITE VERSION)
Any changes we make to our Notice in the future will be posted on this page. Please check back frequently to stay informed of any updates or changes.
Where we intend to further process your personal data for a purpose other than that for which the personal data were collected, we shall provide you, prior to that further processing, with information on that other purpose and with any relevant further information.
Changes to our Notice (FOR NORMAL VERSION)
Any changes we make to our Notice in the future will be accordingly communicated to all parties involved.
Where GENPRO intends to further process your personal data for a purpose other than that for which the personal data were collected, GENPRO shall provide you, prior to that further processing, with information on that other purpose and with any relevant further information.