Recently viewed

Sign in |Register

800+ Cyprus Properties for Sale - Altamira Real Estate (Cyprus)

Contacto 8000 8200

Contacto+357 22 696500

Privacy Policy

A. Overview

On the 25th of May 2018, the new European data privacy law, known as the General Data Protection Regulation (“GDPR”), has come into force. GDPR defines a specific framework and set of rules for the protection of individuals within the European Economic Area (EEA) with regard to the processing of their personal data.

Any physical or legal person, be it an individual, a company or an organization that collects, stores, manipulates or otherwise processes personal data (hereafter collectively referred to as “processing”) is affected, and is required to adopt appropriate technical and organizational measures that make such processing compliant to the provisions of the GDPR. GDPR affects therefore any physical or legal person or body who performs processing irrespective if they are established within or outside the European Union, so long as such physical or legal persons perform processing of personal data for individuals who are in the European Union.

This Privacy Policy has been prepared by Altamira Asset Management (Cyprus) Ltd (hereafter referred to as “AAM”), with the objective of assisting our customers, employees, vendors, partners and all other interested parties that may be affected, gain an understanding of the measures we have adopted and operate, as part of our own GDPR compliance program and practices. When we mention AAMwe”, “us” or “our” in this Privacy Policy, we are referring to Altamira Asset Management (Cyprus) Ltd which is the relevant legal entity responsible for processing your data.

B. AAM as a Data Controller or Data Processor

In the context of the GDPR, AAM is a Data Controller (for example in relation to its own employees and external contractors and partners) and a Data Processor in relation to the access and processing of personal data of our customers’ borrowers. AAM is committed to performing all personal data processing in transparent and fair ways, based on processes which are private by design and using appropriate technical and organizational measures in support of security and privacy objectives. This commitment is applicable throughout the lifecycle of personal data processing, including during collection, transmission, use and storage.

AAM also commits to taking all reasonable steps to ensure that personal data processing is based on a valid legal basis . When AAM is the Data Processor, this commitment typically means that we rely on the Data Controller in each case, to establish a valid legal basis 1 for the processing we perform in that capacity. We also depend on the respective Data Controllers to notify us in a timely manner when any changes to the status of such legal bases occur.

In certain other cases, the processing we perform – in particular when we are the Data Controller - is dictated by legislation. Alternatively, personal data processing may be performed in order to fulfil a contract between AAM and the individuals involved; or may be based on the consent of affected individuals. In specific cases personal data processing may be based on our legitimate interests, especially those which emanate from our professional obligations and responsibilities and / or other regulatory frameworks subject to which we perform our work.

C. What is the Basis on Which we Justify Processing of Your Personal Data

In accordance with Article 6 of the GDPR, personal data processing is lawful if at least one of the processing bases described below applies:

  • the existence of evidenced consent of the data subject (i.e. the physical living person), whose personal data is processed

  • processing is necessary in order to enter into a contract to which the data subject is a contractual party or to take action at the request of the data subject before or after a contract is entered into force

  • processing is necessary to comply with a statutory obligation of the Data Controller or the Data Processor

  • processing is necessary for the purposes of the legitimate interests pursued by the Data Controller or Data Processor as relevant, unless such interest overrides the interest or fundamental rights and freedoms of the data subject who require the protection of personal data, in particular if the subject of the data is a child

  • processing is necessary to safeguard the vital interest of the data subject or other natural person

  • processing is necessary for the performance of an obligation performed in the public interest or in the exercise of public authority assigned to the Company.

Based on the above, AAM seeks to ensure that each type of personal data processing we perform is supported by one or more of the above legal bases. With very few exceptions, the legal bases applicable to our operational routines and the resulting personal data processing we conduct are those described in the first four bullets listed above.

In the great majority of cases, we receive the personal data from our customers (for example Banks or other Financial institutions), for the benefit of which, we provide debt recovery and related services. In other cases, we receive personal data directly from the affected individual (i.e. the “data subject”). Typically, such personal data is requested when we initiate a relationship with the data subject, or in some cases at a later stage, after we commence interacting with the data subjects. There are various means via which we receive personal data including electronic records (e.g. those received from a Bank), paper-based forms, electronic self-service functions (e.g. in a website), or through email communications or physical exchange of contact information (such as a business card).

We may also collect personal data via automated means when data subjects interact with resources we provide (website logs, email submission tools, mobile applications, access control systems, time and attendance applications, CCTV systems, etc.). Our processes may also result in enhancements to the personal information we process about data subjects, as a result of the interactions and / or transactions between the data subjects and AAM.

Finally, in a comparatively limited number of cases, we get personal information for the data subjects from 3rd party sources, other than our customers. Key examples include references from previous employers during an employment application process, lawful 3rdparty databases during Know Your Customer (KYC) checks we may perform, and other lawful services of similar nature. If the data subject is a representative of one of the borrowers of a loan falling under our debt recovery services, we may receive their personal information directly from their employer / principal, or from other colleagues of the data subjects.

D. How Do we Collect Personal Data

In the great majority of cases, we receive the personal data from our customers (for example Banks or other Financial institutions), for the benefit of which, we provide debt recovery and related services. In other cases, we receive personal data directly from the affected individual (i.e. the “data subject”). Typically, such personal data is requested when we initiate a relationship with the data subject, or in some cases at a later stage, after we commence interacting with the data subjects. There are various means via which we receive personal data including electronic records (e.g. those received from a Bank), paper-based forms, electronic self-service functions (e.g. in a website), or through email communications or physical exchange of contact information (such as a business card).

We may also collect personal data via automated means when data subjects interact with resources we provide (website logs, email submission tools, mobile applications, access control systems, time and attendance applications, CCTV systems, etc.). Our processes may also result in enhancements to the personal information we process about data subjects, as a result of the interactions and / or transactions between the data subjects and AAM.

Finally, in a comparatively limited number of cases, we get personal information for the data subjects from 3rd party sources, other than our customers. Key examples include references from previous employers during an employment application process, lawful 3rdparty databases during Know Your Customer (KYC) checks we may perform, and other lawful services of similar nature. If the data subject is a representative of one of the borrowers of a loan falling under our debt recovery services, we may receive their personal information directly from their employer / principal, or from other colleagues of the data subjects.

E. Why we Process Personal Data

Personal data may be maintained by us in physical and / or electronic form and be processed in ways designed to respect the principles of purpose limitation; data minimization; data accuracy; integrity and confidentiality; and retention limitation.

Specifically with regards to retention, the technical and organizational measures operated by AAM are designed to result in personal data being kept only for as long as required to fulfil our statutory, contractual, professional and / or regulatory obligations, and – if for longer periods - in accordance with the provisions of the specific legal basis of processing relating to each category of affected persons.

At the end of the retention periods applicable in each case, defined operational processes or routines shall result in personal data being deleted or destroyed in controlled ways, in electronic and physical form, as appropriate. In some circumstances we may anonymise your personal information (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

E. Why we Process Personal Data

Personal data may be maintained by us in physical and / or electronic form and be processed in ways designed to respect the principles of purpose limitation; data minimization; data accuracy; integrity and confidentiality; and retention limitation.

Specifically with regards to retention, the technical and organizational measures operated by AAM are designed to result in personal data being kept only for as long as required to fulfil our statutory, contractual, professional and / or regulatory obligations, and – if for longer periods - in accordance with the provisions of the specific legal basis of processing relating to each category of affected persons.

At the end of the retention periods applicable in each case, defined operational processes or routines shall result in personal data being deleted or destroyed in controlled ways, in electronic and physical form, as appropriate. In some circumstances we may anonymise your personal information (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

F. How Long we Keep your Personal Data

Personal data may be maintained by us in physical and / or electronic form and be processed in ways designed to respect the principles of purpose limitation; data minimization; data accuracy; integrity and confidentiality; and retention limitation.

Specifically with regards to retention, the technical and organizational measures operated by AAM are designed to result in personal data being kept only for as long as required to fulfil our statutory, contractual, professional and / or regulatory obligations, and – if for longer periods - in accordance with the provisions of the specific legal basis of processing relating to each category of affected persons.

At the end of the retention periods applicable in each case, defined operational processes or routines shall result in personal data being deleted or destroyed in controlled ways, in electronic and physical form, as appropriate. In some circumstances we may anonymise your personal information (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

G. Sharing of Personal Data

Within AAM, your personal information can be accessed by or may be disclosed internally on a need-to-know basis, based on user access rights management processes.

Your personal information may also be accessible and / or accessed by third parties, including suppliers and advisers, as those are outlined below. When this happens, we take specific measures and steps to protect such shared information, as described in more detail in section “SUB-PROCESSORS TO AAM” of this Privacy Policy. In summary, such measures and steps include requiring all such 3rd parties to respect the security of your personal information and to treat it in accordance with applicable laws and the GDPR. We do not allow our 3rd party service providers to use your personal information for their own purposes and only permit them to process your personal information for specified purposes and in accordance with our instructions. The types of 3rd parties that may typically be involved in processing of your personal data include:

  • Service providers to AAM acting as Data Sub-Processors based in the EEA who provide IT, system administration services, payment providers to facilitate financial transactions, fulfilment providers, marketing and communications services providers in order to personalise your experience and communicate with you.

  • Professional advisers to AAM including lawyers, bankers, auditors and insurers based in the EEA who provide consultancy, banking, legal, insurance or accounting services.

  • Tax and Customs authorities, regulators, law enforcement bodies and other authorities acting as processors or joint controllers based in the EEA who have the right to require reporting of processing activities in certain circumstances and otherwise in defense of legal claims.

  • Market researchers, fraud prevention agencies and data analytics providers.

  • Specifically with regards to HR data, these may be shared with Payroll & Provident Fund Providers; Accountants & Auditors; Recruitment Agencies; Call Centre Providers; and HCM Consultants.

In addition, there are circumstances where we may need to disclose your personal information to 3rd parties to help manage our business and deliver our services. In this context, we may disclose your personal information:

  • to 3rd parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If such a change happens to our business, then the new owners may use your personal information in the same way as set out in this Privacy Policy

  • to 3rd parties when we are under a duty to disclose or share your personal information in order to comply with any legal or regulatory obligation, or in order to enforce or apply our legal rights, in which case we may share your personal information with our regulators and law enforcement agencies in the EEA, or to our legal advisers and

  • when it is necessary in order to protect the rights, property, or safety of AAM, in which case we may disclose your personal information to our legal advisers and other professional services firms.

We may also disclose your personal data to national authorities and government bodies if legislation allows or compels us to do so.

H. Categories of Personal Data Processed

As part of our operational business processes and routines and depending on the specific relationship and or commercial or other engagement in place, we may process personal data for one or more data subject categories, as those are tabulated below (not a definitive or exhaustive list).

#

Business Relationship

Type of Processed Personal Data

Legal Basis

a.         

Corporate Borrowers and / or Guarantors

The information listed below relates to business to business relationships between AAM and Corporate Borrowers and / or Guarantors, which includes, results or requires personal data processing of Directors, Officers and personnel of Corporate Borrowers’ and / or Guarantors’ employees or legal representatives involved in the relationship, as well as other physical persons who have responsibility for managing or executing dealings between the two parties.

  • Full name

  • Gender

  • Age and birthday

  • Identify and position / role information

  • Location information (physical address and electronic location data)

  • Business eMail address and phone numbers

  • Identification numbers such as National IDs, Passports, Driver Licenses, memorable words that support authentication processes (electronic or physical)

  • Mobile phone numbers (corporate or personal)

  • Authority to negotiate and bind the borrower to legally enforceable decisions, make financial inquiries, execute financial transactions, etc.

  • Vetting data (in specific cases only)

Contract

b.        

Retail Borrowers and / or Guarantors

In the context of retail Borrowers’ and / or Guarantors’ personal data processing, especially in relation to the debt restructuring services of AAM, the following personal data is processed:

  • Full name

  • Gender

  • Age and birthday

  • Employment information such as occupation, professional or other qualifications, employer, title and position

  • Mobile, work and home phone numbers

  • Location information (physical address and electronic location data), home, delivery, work

  • Electronic identifiers such as IP addresses, usernames, emojis

  • Identification numbers such as National IDs, Passports, Driver Licenses, memorable words that support authentication processes (electronic or physical)

  • Economic (such as value of assets, or guarantees, or salary, earnings ranges)

  • Physiological and / or health or medical information, such as physical disabilities (which under GDPR are special categories, and for which specific measures are operated to establish a valid, legal basis of processing)

  • Nationality data (which under GDPR are special categories, and for which specific measures are operated to establish a valid, legal basis of processing).

Contract

c.         

Applicants

  • CV information

  • Contact details

  • Previous employment records

  • Referee

  • Clear Police / Criminal Record

  • Work permit information

  • Skills & Professional and Academic Achievements (e.g. languages, academic degrees

  • Medical information (for specific vacancies / jobs only)

Consent

Legitimate Interest (for application information voluntarily submitted by the applicant to us, unsolicited by AAM

d.        

Employees, Contractors & Workers

  • “Master Data” [full name, ID, Social Security number, address, marital status, children, age, gender, personal emails]

  • “Recruitment Data” [academic records, experience, previous employers, references]

  • Evaluation & Performance Information [salary, appraisals, promotions, disciplinary data, complaints and resulting investigations, appeals against HR decisions]

  • Occupational data [languages, special skills, driver license]

  • Operational data [sales, locations of travel, training records, leave of absence, timesheets / arrival and departure times, passports and IDs in support of business travel arrangements]

  • Financial data [payroll, payroll-related, life insurance details, family status, bank account details]

Contract

e.         

Former Employees, Contractors and Workers

For former employees, contractors or workers, the personal data types listed in (b) above are processed with the following differences:

  • Financial data are kept for a period of 14 years after termination or resignation, for tax and regulatory purposes

  • All other data are kept for a period of 10 years after resignation or termination for the purposes of archiving and / or providing references

Employment and Social Insurance Legislation

Employment / Work Contracts

f.          

Next of Kin and Dependents

  • Full name, mobile phone details, relationship with employee, contractor or worker (next of kin)

  • Full name, gender, age and birthdate

Employment / Work Contracts

g.        

Board members and Directors

Executive - as per Employees above; and also regulatory data such as registration with any applicable regulatory authority, your regulated status and any regulatory references

Non-Executive – full name, mobile phone details, personal email, CV information, other full or part time employment / service positions, financial information such as bank accounts details, regulatory data such as registration with any applicable regulatory authority, your regulated status and any regulatory references

Legislation

Legitimate interest

h.        

Suppliers and subcontractors

The information listed below relates to business to business relationships between AAM and its suppliers (for example Collection Agents and / or Real Estate Agents), which includes, results or requires personal data processing of Directors, Officers and personnel of the AAM’s suppliers’ personnel involved in the relationship, as well as other physical persons who have responsibility for managing or executing dealings between the two parties.

  • Identify and position / role information

  • Location information (physical address and electronic location data)

  • Business eMail address and phone numbers

  • Mobile phone numbers (corporate or personal)

  • Authority to place orders, make financial inquiries, execute financial transactions, etc.

  • Vetting data (in specific cases only)

Contract

Legitimate Interest

i.          

Real Estate Buyers

Under its services, AAM is responsible to operate and manage processes via which real estate assets are offered for sale to interested buyers and via various means, concludes such sales.  As part of these processes, AAM executes personal data processing of the following:

  • Full name

  • Gender

  • Age and birthday

  • Employment information such as occupation, professional or other qualifications, employer, title and position

  • Mobile, work and home phone numbers

  • Location information (physical address and electronic location data), home, delivery, work

  • Electronic identifiers such as IP addresses, usernames, emojis

  • Identification numbers such as National IDs, Passports, Driver Licenses, memorable words that support authentication processes (electronic or physical)

  • Economic (such as value of assets, or guarantees, or salary, earnings ranges)

  • Physiological and / or health or medical information, such as physical disabilities (which under GDPR are special categories, and for which specific measures are operated to establish a valid, legal basis of processing)

  • Nationality data (which under GDPR are special categories, and for which specific measures are operated to establish a valid, legal basis of processing).

 

j.          

Onsite Visitors & Guests

  • Full name

  • Employer

  • Person(s) to visit

  • Entry and exit time

  • Vehicle registration number

  • Signature

  • Pass number used and access logs

  • Camera / CCTV recordings

Legitimate Interest

k.         

Event Attendees

  • Full name

  • Employer

  • Work position and title

  • Work / office location

  • Work and Mobile Phone numbers

  • eMail address (work and / or personal)

  • Photos and images

Consent

l.          

General Public

  • Full name, eMail, phone numbers, employer, title (for cases where you initiate an electronic communication and / or correspondence with us)

  • Photos and images of you from CCTV cameras we operate

  • Vehicle registration number

Legitimate Interest

m.       

Website Users

  • Full name

  • Gender

  • eMail address (business or personal)

  • Mobile, and work phone numbers

  • Location information (physical address and electronic location data)

  • Electronic identifiers such as IP addresses, usernames, emojis

Consent

Contract (where this information is collected for the purpose of entering into a contract with you)

I. Technical & Organisational Measures Protecting Personal Data

GDPR imposes obligations to Data Controllers and Data Processors which in several cases are dependent upon consistent implementation of relevant measures and controls across their own operations as well as those of their Data Processors. Our policy is to process personal data with due regard to the security, privacy and protection of the data we receive, store and process. This privacy policy explains the types of such technical and organizational measures that we employ so as to enhance the level of protection of personal data that we process. These measures are also designed to maximise the control over privacy in accordance to GDPR and have the objective of providing a level of security that is appropriate to the related risks.
It is important to note that the nature of our business model dictates that AAM invariably uses its customers’ (i.e. the Banks’) systems and technologies. Whenever this happens, the relevant technical and organizational measures outlined below are managed and operated and under the complete control and responsibility of those customers. To this end, for all personal data processing achieved partially or wholly via the use of such systems and technologies, AAM relies and depends on the design adequacy of the related mechanisms and controls, as well as on their operational effectiveness as they affect AAM’s day to day operations.

  • As part of our overall data protection framework, AAM has appointed a Data Protection Officer (DPO), in accordance with the requirements of GDPR. Our DPO can be contacted at dpo@cy.altamiraam.com.

  • All our personnel, including service agents and / or relationships managers and handlers periodically observe GDPR-specific awareness sessions so as to maintain the currency of their understanding of GDPR and how it may impact our various operations that affect personal data we process.

  • We support the implementation of 3rd party entities’ (such as Banks and other customers of ours) lawfully issued instructions to us, in relation to data subjects for whom such 3rd party entities are Data Controllers, exercising their rights under GDPR, so long as such instructions do not come in conflict with our own legal, professional or regulatory obligations. In such cases, we shall seek to notify the 3rd party entity of the options available to them.

  • We seek to ensure that 3rd parties who support AAM operations or systems or who are otherwise involved in our personal data processing operations, have and operate necessary technical and organizational measures for protecting the security and privacy of personal data.

  • Our Incident Response Management and breach notification procedures, are designed to include escalation of identified incidents to our Data Protection Officer, who is authorized and experienced to involve related executives when such incidents involve personal data of one or more of AAM affected entities and / or persons.

  • Our internal policies stipulate that cross-border data transfers of personal information to which we have access and / or process during any customer engagement, are not allowed. If such cross-border data transfers are or become necessary, we shall seek to ensure that a valid lawful basis for such transfers evidently exists, in accordance with GDPR.

  • Our recruitment and ongoing personnel training and development, as well as the evaluation and disciplinary processes we operate, are designed to promote and maintain a high standard of professional ethics and competency at all levels of AAM, which is in line with industry standards and our professional and legal responsibilities.

  • In addition, AAM operates several complementary technical and organisational measures, designed to protect the privacy of personal information that we collect, store and process. Such measures include logical access controls and user rights management with the objective of minimising access to personal (and other AAM) information and data, only to authorised AAM personnel. We also utilise user access credentials management with enforced frequent changes, password complexity and maximum / minimum lengths, restrictions on reuse of same passwords, etc., complemented by a structured process for periodic review and confirmation of continued business need to such personal data.

  • Furthermore, AAM uses purpose-specific technologies and tools (such as firewalls, intrusion prevention, mail security gateways, sandboxing technologies, etc.), all designed to monitor and manage the security of its electronic perimeter. AAM also has in place an active and ongoing patch management program across security, server and endpoint devices for addressing newly released threats, and benefits from the use of endpoint malware protection at laptop, servers and desktop level. Finally, we also utilize technologies that deliver encryption for data in motion and at rest to protect against privacy risks in cases of hardware theft or loss.

  • A significant part of our operations involves 3rd parties (legal or physical persons) who are involved and / or provide support in many aspects including invariably in personal data processing. The related technical and organizational measures which we apply and operate with the objective of enhancing and maintaining privacy are described in the next section.

J. Sub-Processors to AAM

Like almost all organizations, AAM utilizes 3rd parties as part of its business operations and routines. Such 3rd parties include legal and / or physical persons who provide services and / or products relating to technology, debt recovery, human resource management, marketing, facilities management, accounting, legal and other areas which may have an impact on personal data processing (including processing as specified in this Privacy Policy).

When necessary in the context of such personal data processing, our selection process and criteria for cooperation with 3rd parties (suppliers, vendors or other advisors), incorporates consideration and evaluation of those 3rd parties’ level of GDPR readiness and compliance. In this respect, we seek to ensure that 3rd parties who support AAM operations or systems or who are otherwise involved in our personal data processing operations, have and operate necessary technical and organizational measures for protecting the security and privacy of personal data. Whenever relevant therefore, our contracts with 3rd parties include specific provisions designed to:

  • identify the respective role of the 3rd party as a Data Processor or Sub-processor to AAM

  • define the 3rd party’s GDPR-related obligations towards AAM, including:

        •  enforcement of AAM’s Data Retention Periods (which themselves reflect those of our customers as explained in this Privacy Policy)
        •   integration of the 3rd party’s Incident Response Management Process into that of AAM
        •   stipulating allowable access and connectivity methods for remote support (where relevant and necessary)
        •   definition of the processes via which AAM shall issue relevant instructions to the 3rd party in relation to the expected and required processing of personal information (where applicable), under each respective agreement
        •   stipulation of the technical protection methods and treatment of software system replicas by the 3rd party where relevant (for example for QA and / or development purposes), including encryption and / or pseudonomisation of personal data
        •   prohibition for conducting cross border data transfers by the 3rd party, except with the express, prior written permission of AAM (which itself is subject to, must be in line with and in compliance to, AAM’s contractual and other obligations to affected data subjects).

  • conferring to AAM the right to conduct periodic audits (including surprise audits) against the execution of GDPR related processes which the 3rd party supports and / or operates on AAM’s behalf.  In this context, AAM also seeks to implement review processes with the 3rd party sub-processors so as to jointly monitor on a periodic basis the effectiveness of execution of privacy processes and routines, in order for such processes to become and continue to be “Private by Design”, as relevant.

Individuals whose data are processed, have defined rights under the GDPR. Specifically, GDPR requires Data Controllers and Data Processors to implement the necessary processes and mechanisms in support of data subjects’ exercising the following rights, the exact definitions of which have the meanings assigned to them by the GDPR:

  • Right to information as to the personal data processing being performed and the rationale of such processing

  • Right to access to the personal data being processed for his / her person

  • Right to rectification allowing individuals to request the correction or amendment of their data

  • Right to object to a specific type of processing, under specific circumstances

  • Right to object to automated processing or profiling in cases where automated processing results in decisions that, in the opinion of the affected data subject, do not adequately reflect the unique characteristics of the case involved

  • Right to withdraw consent allowing a data subject under specific circumstances to give notice and withdraw a previously given consent for a specific type of processing

  • Right to data portability allowing the transfer of personal data processed by a Data Controller to the data subject or directly to another Data Controller in electronic, machine readable format

  • Right of Erasure (“right to be forgotten”) entitling a data subject – under certain circumstances - to request the deletion of their personal data.

You will not have to pay a fee to access your personal information (or to exercise any of the other rights as listed above). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. In extreme cases, we may even refuse to comply with your request in such circumstances.

K. Your Rights

Individuals whose data are processed, have defined rights under the GDPR. Specifically, GDPR requires Data Controllers and Data Processors to implement the necessary processes and mechanisms in support of data subjects’ exercising the following rights, the exact definitions of which have the meanings assigned to them by the GDPR:

  • Right to information as to the personal data processing being performed and the rationale of such processing

  • Right to access to the personal data being processed for his / her person

  • Right to rectification allowing individuals to request the correction or amendment of their data

  • Right to object to a specific type of processing, under specific circumstances

  • Right to object to automated processing or profiling in cases where automated processing results in decisions that, in the opinion of the affected data subject, do not adequately reflect the unique characteristics of the case involved

  • Right to withdraw consent allowing a data subject under specific circumstances to give notice and withdraw a previously given consent for a specific type of processing

  • Right to data portability allowing the transfer of personal data processed by a Data Controller to the data subject or directly to another Data Controller in electronic, machine readable format

  • Right of Erasure (“right to be forgotten”) entitling a data subject – under certain circumstances - to request the deletion of their personal data.

You will not have to pay a fee to access your personal information (or to exercise any of the other rights as listed above). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. In extreme cases, we may even refuse to comply with your request in such circumstances.

L. Queries & Complaints

AAM is committed to acknowledge, consider and respond to all queries and complaints that it receives from any natural person who believes is affected by AAM’s processing of his / her data. To communicate such queries or complaints please contact us on dpo@cy.altamiraam.com, and we shall seek to respond to the substance of your query as soon as practical, within a 30 day window as stipulated by GDPR.

If despite our responses and actions to address your concerns, you are not satisfied, you have the right to address the matter to the Cyprus Data Protection Commissioner whose offices are at Jason street 1, 2nd Floor, Nicosia 1082. The Commissioner’s office can be reached on +357 22818456 and their email address is commissioner@dataprotection.gov.cy.

M. Other Important Information

This Privacy Policy does not alter in any way other than explicitly defined herein, the obligations and responsibilities of AAM or its customers, employees, vendors or partners, all of which are governed by the respective contracts (where applicable) and related arrangements between AAM and each of those customers, employees, vendors or partners.

N. Cookies Policy

1. What are Cookies?

The website of ALTAMIRA ASSET MANAGEMENT (Cyprus) Ltd, uses cookies and other files of similar functionality (hereinafter, the "Cookies").
Cookies are small data files that are sent to the User's computer, mobile phone or other access device when you visit a Web and that allow you to obtain information related to your browsing or a code that allows you to uniquely identify the user.

2. Typology of Cookies and purposes of use

When browsing this website, session Cookies and persistent Cookies are used, which in turn can be your own or third-party Cookies.
Session Cookies are cookies designed to collect and store data while the user accesses a website. They are usually used to store information only related to the provision of the service requested by the user in a single occasion.

Persistent cookies are a type of cookies in which the data is stored in the terminal and which can be accessed and processed during a period defined by the person responsible for the cookie, which can range from a few minutes to several years.

  • OWN COOKIES: Those created or managed by the person responsible for the website of Altamira Asset Management (Cyprus) Ltd uses persistent proprietary cookies for the purpose of analysis. The information collected is used to measure the activity on the website for the creation of user navigation profiles and in order to introduce improvements based on the analysis of the data used by the users of the service.

  • THIRD PARTY COOKIES: Those managed by advertising service providers, social networks and analysis, unrelated to Altamira Asset Management (Cyprus) Ltd.
    Below are more details relating to third parties who can configure and access Cookies (not exempt from information and consent) of their equipment and the purposes with which the information stored is used:

Below are more details relating to third parties who can configure and access Cookies (not exempt from information and consent) of their equipment and the purposes with which the information stored is used:

Purpose

Third

More information

Personalization:  They allow the user to access the service with some predefined general characteristics such as language, browser type, number of results per page and user geolocation.

Facebook

https://dataprotection.ie/documents/press/Facebook_Ireland_Audit_Review_Report_21_Sept_2012.pdf

Youtube

Analysis: Cookies that allow the tracking and analysis of the behavior of website users. The information collected is used to measure the activity of the website for the creation of user navigation profiles, in order to introduce improvements based on the analysis of the data used by the users of the service.

Sharethis

https://www.google.es/intl/es/policies/technologies/types/

Techniques: Are those that allow the user to navigate through the Web, and the use of different options or services that exist in it, for example, identify the session, access restricted access parts, make the purchase process of an order or use security elements during navigation. Social content technical cookies are also used for tracking (plug-in social networks).

Facebook

https://support.google.com/adsense/answer/2839090?hl=en

Youtube

Behavioral Advertising: Are those that allow us to manage the most effective way possible of our advertising, adapting its content to the user's preferences, to the type of terminal from which the user accesses the service, to the characteristics of the user's use of services, etc. To do this, we analyze your browsing habits on the Internet to offer you advertising related to the interests of your browsing profiles.

Doubleclick

https://support.sharethis.com/customer/portal/questions/721127-cookies#sthash.vzO7b6rZ.ClsOiAuo.dpbs

3. Deactivation or elimination of Cookies

Most web browsers allow you to manage, at any time, the User's preferences regarding the use of Cookies. The User may adjust his browser to reject Cookies or delete certain Cookies at his discretion.

For the configuration of Cookies the User can access to:

  • Google Chrome: Tools » Settings » Show advanced options » Content settings » Cookies » Block data from third-party sites and cookies.

  • Mozilla Firefox: Tools » Options » Privacy » History » Use a custom configuration for the history (uncheck all the boxes).

  • Microsoft Edge: More (...) » Settings » Delete browsing data » Choose what to delete (Check the box next to each type of data to be deleted).

  • Internet Explorer: Tools » Internet Options » Privacy » Settings for the Internet zone (upload the navigation bar to Block all cookies).

  • Safari: Edit » Preferences » Privacy » Block cookies (select" "always" ").

  • Opera: Menu » Settings » Privacy and security » Cookies section (select Block third-party cookies and site data).

The User can revoke his consent for the use of cookies in his browser through the above indications or through the installation of a rejection system ("opt-out") in his web browser. Some third parties facilitate this rejection through the following links:

The User must bear in mind that some features of the contents of this website, are only available if the installation of Cookies in your browser is allowed. If you decide not to accept or block certain Cookies (depending on their purpose), this may affect, in whole or in part, the normal functioning of the website or prevent access to some of its services.

4. Updates and changes in the Cookies Policy

Altamira Asset Management (Cyprus) Ltd can modify this Cookies Policy based on new legislative or regulatory requirements, or with the purpose of adapting said policy to the instructions issued by the Cyprus Data Protection Commissioner.

When significant changes are made to this Cookies Policy, the user will be informed either by means of an informative notice on our website or via email for registered users.

If you want more information about what use we make of Cookies, you can contact us through the address dpo@cy.altamiraam.com.

O. Glossary & Useful Definitions

Term

Definition

1. Personal Data

Also referred to as “personally identifiable information (or “PII”), personal data is any information relating to an identified or identifiable living natural person (the “data subject”)

2. Legal Basis of Processing

The basis on which the processing of personal data may be based and may be one of the following:

  • the consent of the data subject to the processing of his / her personal data

  • processing is necessary in order to enter into a contract to which the data subject is a contractual party or to take action at the request of the data subject before or after a contract is entered into force
  • processing is necessary to comply with a statutory obligation of the Data Controller or the Data Processor as the case may be
  • processing is necessary for the purposes of the legitimate interests pursued by the Data Controller, unless such interest overrides the interest or fundamental rights and freedoms of the data subject who require the protection of personal data, in particular if the subject of the data is a child

  • processing is necessary to safeguard the vital interest of the data subject or other natural person

  • processing is necessary for the performance of an obligation performed in the public interest or in the exercise of public authority assigned to the Company.

3.Legitimate Interest

Our lawful interests in conducting and managing our business to enable us to give you the best services and / or products and secure and private by design experience.  In choosing to perform personal data processing under the legal basis of legitimate interest, we seek to ensure that we consider and balance any potential impact on you (both positive and negative) and your rights before doing so.  

As a general principle, we do not use your personal information for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).

4.Data Controller

The natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data.

5. Data Processor

A natural or legal person, public authority, agency or any other body which processes personal data on behalf of a Data Controller.

6.Data Protection Officer

A Data Protection Officer (or “DPO”) is a security leadership role required by the GDPR.  The DPO is responsible for (a) overseeing data protection strategy and implementation within an organization; (b) ensuring compliance with GDPR requirements; (c) the provision of advice to the Data Controller or the Data Processor and their staff in relation to personal data processing; and (d) to cooperate with Data Protection Authorities and supervisory bodies in all privacy and data protection matters.

7.Cross-border Data Transfers

Transfers of personal data outside the European Economic Area in physical and / or electronic form