Loading...
 
SUPPORT
 
HOME  /  Privacy Notice

Privacy Notice

1. Introduction 

This Privacy Notice explains how IBSCY Ltd and its affiliated or subsidiary companies ("we", "us", "company", or "IBS") handle data, including personal data related to individuals such as clients, intermediaries, third parties  IBSCY LTD interacts with, or anyone connected to those parties. It also applies when you visit our website, regardless of your location, and outlines your privacy rights and relevant legal protections. 

The information provided is primarily intended for individuals who are current or prospective customers of IBSCY LTD, or who serve as authorised representatives, agents, or beneficial owners of legal entities, as well as for those who previously had a business relationship with the company. 

For data about individuals, this document describes the rights of those individuals regarding their personal data. 

2. Who we are 

Established in 2004 by a dedicated team of Information Technology professionals, IBSCY LTd was founded to deliver comprehensive IT expertise and knowledge to organisations of all sizes and sectors across Cyprus. Over time, the company has evolved into a highly respected full-service IT provider with an extensive client base spanning the European Union, the Middle East, and the United Staes. 

As a leading provider of IT solutions and services in Cyprus, IBSCY Ltd specialises in cloud services and applications, system itnegration, IT infrastructure, collaboration, management, and security solutions. The company is also recognised as one of the largest Microsoft cloud providers in Cyprus and its neighbouring regions. 

In April 2015, IBSCY Ltd was acquired by MTN Cyprus Ltd and became part of the MTN Group. On 24th of May 2019, the original shareholders reacquired the company. 

Continuing its trajectory of growth, IBSCY Ltd expanded its presence in 2023 by establishing a new office in Athens, Greece. This strategic expansion enables the company to provide efficient and reliable IT services to a diverse range of clients within the Greek market. The opening of the Athens office forms an integral part of IBSCY Hellas's strategy to deliver comprehensive, high-quality IT solutions and services throughout Greece. 

Our mission is to enable clients to focus on their core business objectives while we manage their IT operations and strategy. By leveraging our expertise, clients benefit from enhanced efficiency, cost effectiveness, and expedited return on investment (ROI). 

To uphold our commitment to privacy, we have appointed a Data Protection Officer (DPO) responsible for supervising all matters related to this privacy notice. For any inquiries regarding this privacy notice or to exercise your legal rights, please contact our DPO at [email protected]

3. The type or Personal Data we collect and process

The categories of data that we may collect, use, store, and transfer include: 

  • Contact information, such as first and last names, postal or delivery addresses, billing addresses, email addresses, and telephone or fax numbers. 
  • Information provided during the course of IT and consulting services, which may encompass details about your network, passwords, IP addresses, open ports, as well as location and access rights to files, folders, and various software applications. 
  • Financial data, including payment-related details sch as bank account numbers and payment card information. 
  • Transactional data, including payment-related details such as bank account numbers and payment card information. 
  • Transactional data, covering information regarding payments to adn from you and third parties with whom you may conduct transactions. 
  • Technical data, which may consist of browser type and version, time zone settings and location, browser plug-in types and version, time zone settings and location, browser plug-in types and versions, operating system and platform, and other technology associated with devices supported under our maintenance contracts. 
  • Marketing and communications data, including your preferences for receiving marketing communications from us and our third-party partners, as well as your communication preferences. 
  • In specific circumstances, depending on the contracted services, we may collect and process "Special Categories of Personal Data". This may include information regarding race or ethnicity, religious or philosophical beliefs, sexual orientation, political opinions, trade union membership, health data, genetic and biometric data used for unique identification, or information related to criminal records or alleged criminal activity. Please note that such data may be stored on our file servers, backup servers, or mail servers as part of our Software as a Service offering. Our engineers do not have access to this data unless access is explicitly granted by you during the support process. 
  • Signatures on proposals and contracts. 
  • Professional interests and events attended. 
  • Records of meetings attended and visits to our offices. 
  • Any additional information you choose to provide to us. 

4. HOW, WHY and on WHAT legal basis we collect and process Personal Data 

HOW: Data we collect may come from clients, intermediaries, data subjects themselves, third parties connected to the data subject (such as their employer of another service provider), or open-source materials. 

We use various methods to gather data, including: 

  • Direct Interactions: Individuals may provide Identity, Contects, and Financial data by completing forms or communicating with us via post, phone, email, or other means. 
  • Automated technologies or interactions: During IT Audits, we may collect Technical Data regarding equipment, browsing actions, and patterns. 
  • Third parties or publicly available sources: We may receive personal data from third parties and public sources, such as the Department of Registrar of Companies and Official Receiver, press, media, and the Internet, which we lawfully obtain and are permitted to process. 
  • Provision of data to one IBSCY LTd employee may allow access to that data by other company members. 
  • Efforts are made to ensure data access is limited to those who require it for relevant purposes. 

Requests to restrict access should be sent to [email protected]. These requests will be considered and actioned where possible according to legal and regulatory obligations.  

Why: We process your personal data strictly in accordance with applicable laws. Typically, we use your personal data under the following circumstances: 

  • When it is necessary to fulfil a contract either already in place or about to be established with you. 
  • When processing is essential for our legitimate interests (or those of a third party), provided such interests are not overridden by your own rights and interests. 
  • When required to coply with legal or regulatory obligations. 

In general, we do not rely on consent as the legal basis for processing your personal data, except when dealing  with "Special Categories of Personal Data" or when sending third-party direct marketing communications across our various channels. 

Legal Basis: We process Personal data for a range of legitimate purposes, such as providing and enhancing our services, managing our relationship with you and our business, supporting marketing initiatives, and fulfilling our legal rights and obligations. Additional detail regarding these legitimate interests is outlined below: 

  • To establish and manage your account, deliver technical and customer support and training, verify your identity, and communicate important information related to accounts, subscriptions, and our services. 
  • To administer our relationships with you, our businessm and third-party service providers (e.g. issuing invoices). 
  • To tailor your experience with our services, including sharing Personal Data across our platforms to facilitate smoother interactions and reduce repetitive data entry. 
  • To contact you regarding surveys or polls you elect to participate in, and to analyse collected data for market research. 
  • For internal research and development aimed at improving, testing, and enhancing the features and functionalities of our services. 
  • To provide you with marketing communications strictly per applicable laws. 
  • To meet internal and external audit requirements, including information security compliance. 
  • To enforce our terms and conditions. 
  • To safeguard our rights, privacy, safety, networks, systems, and property, as well as those of others. 
  • For the prevetion, detection, or investigation of criminal activity or other legal violations, as well as loss prevention and fraud (including hacking). 
  • To comply with requests from courts, law enforcement, regulatory agencies, and other public authorities, including those located outside your country of residence. 
  • To excercise our rights, defend against claims, and ensure compliance with applicable laws and regulations relevant to us or our partners. 
  • To participate in, or be subject to, any sale, merger, acquisition, restructuring, joint venture, assignment, transfer, or other disposition of all or part of our business, assets, or equity (including proceedings related to bankruptcy or similar events). 

Where we rely on legitimate interests as the basis for processing your Personal Data, we carefully balance these against your interests, fundametal rights, and freedoms. If you require further details about our balancing assessment, please contact our Data Protection Officer at [email protected]

 5. Your obligation to provide us with your Personal Data 

If you do not provide requested information, we may be unable to fulfil our contractual obligations to deliver services, and it could also hinder out ability to comply with legal requirements. 

6. Consent requirement and your right to withdraw consent 

In cases where consent has been provided for the collection, processing, and transfer of your personal data for a particular purpose, you retain the right to withdraw your consent for that specific processing at any time. To do so, please contact our Data Protection Officer at [email protected].  Upon notification of your withdrawal of consent, we will discontinue processing your data for the relevant purpose(s), unless there is another lawful basis to continue such processing. 

 7. Change on Purpose

7.1. Personal Data will only be used for the purposes for which it was collected, unless there is a reasonable need to use it for another purpose that is compatible with the original intent. If Personal Data needs to be used for an unrelated reason, notice will be provided along with an explanation of the legal basis of such use. 

7.2.  Personal Data may be processed without knowledge or consent, in accordance with applicable rules, when required or permitted by law. 

8. Sources and Recipients of Personal Data during the performance of our contractual and statutory obligations. 

During the fulfilment of our contractual and statutory responsibilities, your personal data may be shared with relevant departments within the Company as well as with affiliated or subsidiary entities. Additionally, select service providers and suppliers may access your personal data to facilitate the execution of our obligations. These parties are bound by contractual agreements with the Company requiring adherence to confidentiality and data protection standards in accordance with applicable data protection and the GDPR. 

Please note that we may disclose your information for the purposes outlined above, where legally mandated, authorised by contractual or statutory requirements, or with your explicit consent. All data ricessirs engaged to process personal data on our behalf are contractually obligated to comply with GDPR. 

The following is a list of potential recipients of data, which may include respective employees, directors, and officers: 

  • Other professional advisers or service providers acting as processors or joint controllers (such as lawyers, legal consultants, banks or other financial institutions, auditors/ accountants, financial or business advisors, and consultants regarding matters for which IBSCY LTD is engaged), where disclosure to such parties is necessary to fulfil the stated purposes. 
  • Distributors, suppliers, sub-contractors, agents, or service providers of IBSCY LTD (for example, couriers). 
  • Third parties engaged by IBSCY LTD for the hosting of events or other marketing activities, including website and advertising agencies. 
  • Regulators or other governmental or supervisory bodies that have a legal right to or legitimate interest in the material. 
  • Any registrar or public register where data is required to be included in a public or resticted access registy. 
  • Third parties engaged by IBSCY LTD for the hosting of events or other marketing activities, including website and advertising agencies. 
  • Regulators or other governmental or supervisory bodies that have a legal right or legitimate interest in the material. 
  • Any registrar or public register where data is required to by included in a public or restricted access registry. 
  • Third parties to whom IBSCY LTD may sell, transfer, or merge parts of its business or assets. Alternatively, IBSCY LTD may acquire or merge iwth other businesses. In the event of any business change, new owners may use personal data as described in this privacy notice. 
  • Share and stock investment and management companies. 
  • Debt collection agencies. 
  • Fraud prevention agencies. 
  • File storage, archiving and/ or records management companies, and cloud storage providers. 
  • Companies that provide technological expertise, solutions, and support, or facilitate payments to assist in the effective provision of services. 

All third parties are required to maintain the security of personal data and handle it in compliance with applicable law. Third-party service providers are not permitted to use personal data for their own purposes and may only process such data for specific purposes in accordance with the instructions provided. 

9. Sharing of Personal Data with other entities in the Group 

Personal Data may be shared with other entities within our group for regular reporting on company performance, business reorganization or group restructuring activities, system maintenance support, and data hosting purposes. (See point 3 for details). 

10. Transfers of Personal Data to a thrid country or to an international organization

A number of our external third-party partners are located outside the European economic Area EEA), which means that processing your personal data may entail data transfers beyond the EEA. 

When transferring your personal data outside the EEA, we ensure an equivalent level of protection by implementing at least one of the following safeguards: 

  • The non-EU country has data protection laws comparable to those of the European Union and/or has been recognised by the European Commission as providing adequate protection for personal data. For further details, refer to European Commission: Adequacy of the protection of personal data in non-EU countries. 
  • The recipient of the service provider has entered into specific contractual agreements approved by the European Commission, ensuring personal data receives the same protection as it would within Europe. We also take reasonable steps to confirm that third parties implement measures safeguarding data against unauthorised or accidental use, access, disclosure, damage, loss, or destruction. Further information is available at the European Commission: Model contracts for the transfer of personal data to third countries. 
  • We have obtained your explicit consent for such data transfers, 
  • Where transfers are made to providers in the United States, these occur not only if the provider participates in the Privacy Shield framework, which requires them to afford similar protections to personal data exchange between Europe and the US. See European Commission: EU- US Privacy Shield for more information. 
  • In cases where data transfer is mandated by governmental authorities and legally required (such as tax reporting obligations), the Commissioner of Personal Data Protection in Cyprus will be notified in advance for configuration. 

Should you require additional information regarding the specific mechanisms we employ when transferring your personal data outside the EEA, please contact us. 

11. How is Personal Data treated for marketing purposes? 

11.1 Marketing purposes 

We are committed to offering you options concerining the use of your Personal Data, especially in relation to marketing and advertising activities. 

PROMOTIONAL OFFERS FROM US 

We may process your identity, contact, technical usage, and profile data to assess your interests and requirements, enabling us to determine which products, services, or offers may be most relevant to you (referred to as marketing). 

You will receive marketing communications from us if you have requested information, made purchases of goods or services, or provided your details during participation in a competition or registration for a promotion, and have not opted out of such communications. 

OPTING OUT 

You may request that we discontinue sending your marketing communications at any time by emailing  [email protected], by following the opt-out instructions included in any marketing message you receive, or by contacting our Data Protection Officer at  [email protected].

Please note that opting out of marketing communications will not affect Personal Data provided to us in connection with a product or service purchase, warranty registration, product or service experience, or other transactions. 

12. Data Security 

12.1. Measures have been implemented to safeguard the security of your information. Further details regarding these measures are available [upon request]. 

12.2. Third parties will process your Personal Data only in accordance with our instructions and under conditions that ensure confidentiality and security. 

12.3. Appropriate security protocols are in place to prevent accidental loss, unauthorised use or access, alteration, or disclosure of your Personal Data. Access is stricly limited to employees, agents, contractors, and other third parties with a legitimate business need. Such individuals will process your Personal Data solely as instructed and are bound by confidentiality obligations. [For further information on these measures, please contact our Data Protection Officer at [email protected]]

12.4. Procedures have been established to address any suspected breaches of data security, and notification will be provided to you and any relevant regulatory authority where required by law. 

 13. Retention of Data Subjects' Personal Data 

13.1. We retain your Personal Data only for as long as is necessary to accomlish the purposes for which it was collected, including fulfilling legal, accounting, or reporting obligations. Details regarding specific retention periods for various aspects of your Personal Data are outlined in our retention policy, which may be obtained from our DPO at [email protected].

13.2.  In establishing the appropriate retention period for Personal data, we evaluate the volume, nature, and sensitivity of the data; the potential risk of harm from unauthorised use of disclosure; the objectives for processing the data and whether those objectives can be met by alternative means; as well as all applicable legal requirements. 

13.3. Under certain circumstances, we may anonymise your Personal Data so that it no longer identifies you, allowing us to utilise such information without further notification. When your relationship with the company as a client, employee, worker, or contractor concludes, we will retain and securely dispose of your Personal Data in accordance with our data retention policy of applicable laws and regulations. 

14. Data Subjects' data protection rights 

14.1. In accordance with applicable law, you may have the right to: 

  1. Request access to your Personal Data (commonly referred to as a "data subject access request"). This allows you to obtain a copy of the Personal Data we maintain about you and verify its lawful processing. 
  2. Request correction of your Personal Data held by us, enabling you to ensure that any incomplete or inaccurate information is rectified. 
  3. Request erasure of your Personal Data, allowing you to ask for deletion or removal where there is no valid reason for continued processing. You may also request deletion when you have exercised your right to object to processing (as outlined below). 
  4. Object to processing of your Personal Data where processing is based on legitimate interests (whether ours or those of third parties) and your specific circumstances give rise to such objection. Additionally, you have the right to object if your Personal data is being processed for direct marketing purposes. 
  5. Request restriction of processing of your Personal Data, which permits you to ask us to suspend processing, for example, while verifying its accuracy or the basis for its processing. 
  6. Request the transfer of your Personal Data to another entity. 

14.2. Please note that these rights are not absolute and may not apply in all circumstances. 

14.3. Upon receiving your request, we may require identity verification and additional information to clarify your inquiry. Should we be unable to comply with your request in full or in part, we will provide an explanation. 

14.4. To review, verify, correct, request erasure of your Personal Data, object to its processing, or request its transfer to another party, please contact our Data Protection Officer at [email protected] in writing. 

15. Your duty to inform us of changes 

 The Personal Data we maintain about you must remain accurate and up to date. Kindly notify us promptly of any changes to your Personal data throughout the course of your employement with us. 

16. No fee usually required 

There is no fee required to access your Personal Data or to exercise any other rights. However, if an access requst is clearly unfounded or excessive, we may charge a reasonable fee or decline to comply with the request under such circumstances. 

17. Right to lodge a complaint 

If, after exercising any or all of your data protection rights, you believe that your concerns have not been adequatetly addressed by our organization, you are entitled to submit a complaint at any time to the Office of the Commissioner of Personal Data Protection. 

18. Changes to this privacy notice 

We may update this privacy notice at any time and will revise the date indicated at the bottom of this page accordingly. 

We recommend that you periodically review this statement to remain informed about the ways in which we process and safeguard your personal data.