Purpose of this Policy
The Internet is an amazing tool. With only a few mouse-clicks, you can follow the news, look up facts, buy goods and services, and communicate with others from around the world. It's important to Citrine Estates to help our customers retain their privacy when they take advantage of all our Website has to offer.
Your privacy is important to you and to us. We have structured our Website so that you can visit us on the Internet without identifying yourself or revealing any personal information.
Once you choose to provide us with personal information, we will protect such information and use it only in the ways as described below.
We are committed to respecting and protecting your privacy at all times. Any information about any person visiting our Website will not be sold, rented, transferred, or otherwise made available to others, except as expressly provided for in this Policy.
This Policy explains how we look after your personal data (in all situations where we collect your data) and sets out your privacy rights and also explains how the law and our approach to privacy and personal data protect you.
We process your personal data in an appropriate and lawful manner, in accordance with applicable data protection regulations and the General Data Protection Regulation EU 2016/679 (the “GDPR”) which is in force as of 25 May 2018.
We will comply with local data protection laws in jurisdictions we operate in and to do so the personal information we hold about you must be:
- used by us lawfully, fairly and in a transparent way;
- collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes;
- relevant to the purposes we have told you about and limited only to those purposes;
- accurate and kept up to date;
- kept only as long as necessary for the purposes we have told you about; and
- kept securely.
This Policy supplements any other privacy notice that we may provide to you at the point that we collect data from you and should be read in conjunction with those notices.
Personal Data We Collect From You
We will collect and process the following personal data about you:
1. Information You Give Us
These are personal details and include your first name, last name, email address and phone number (“Identity & Contact Data”). They will also include information on which services you are interested in or details about your enquiry. The information you give us may also include data about any marketing preference.
Such information may be provided by you in the following circumstances: (i) by filling in an enquiry form on the Website; (ii) by corresponding with us by post, phone, e-mail or otherwise when you apply for our services; (iii) subscribe to our services or publications; (iv) request marketing to be sent to you; (v) give us some feedback; (vi) to conduct business relationship with us in relation to our activities (rent, buy/sell, etc) or (vi) to start negotiations for or entering into a contract to supply services to us.
To the extent you engage our services you may be required to provide further information. Where you are a business user, we may also require further information before we enter into a commercial relationship with you.
Such further information may include payment details such as banking information, VAT number in order for us to process payments in relation to our services (“Financial Data”). We may also require you to provide us with information that might be needed to establish and serve as proof of your identification such as copies of your passport or national ID (“Identity Data”).
Where we are collecting or processing further information we will provide you with separate Privacy Notices which further describe how and why we are using your personal data.
Where we are required to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the services as agreed or we may not be able to enter into a contract with you but we will notify you if this is the case at the time. We may have to terminate that contract with you as a result.
2. Information We Collect About You From Our Website
Whenever you visit our Website we will automatically collect the following:
a. Technical information: including the IP address used to connect your computer to the Internet, your login information, browser type and version, the full Uniform Resource Locators (URL), clickstream to, through and from our Website (including date and time) as well as other information regarding your experience on our Website such as page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page.
b. Location Information: We may receive information about your location. We may determine your location through your IP address and, when accessing the Website through a mobile device, by using the data that we collect from this device. This includes information about the wireless networks or cell towers near your mobile device at the time of access.
3. Information we receive from other sources
We may receive personal data about you from various third parties and publicly available sources as set out below:
a. Technical Data from Google Analytics Advertising Features, including Google AdWords, Facebook Pixel’s, Google Tag Manager, Amiando, Microsoft Dynamics, LinkedIn, Gmail and other Adhoc paid media partnerships.
b. Identity, Contact and Background Data from publicly available sources, compliance databases and/or compliance and due diligence service providers within and outside the EU so we can confirm you are a suitable client of or supplier to us.
It is important that the data that we hold about you is accurate and up to date. In the event that your data changes please notify us so that we can update our records.
How We Use Your Information
We may hold and process personal data that you provide to us in accordance with the GDPR.
1. Information you give to us
We shall use this information:
a. to facilitate the provision of services which you request and where we need to perform the contract we are about to enter into or have entered into with you;
b. where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests;
c. where we need to comply with a legal or regulatory obligation;
d. to resolve any issues which you have reported and provide support related services; or
e. manage the supplier relationship you have with us.
2. Information we collect about you from our Website
We shall use this information:
a. to administer our Website and for internal operations, including troubleshooting and in order to keep our Website safe and secure;
b. to improve our Website to ensure that content is presented in the most effective manner for you; and
c. to ensure that content displayed on the Website is presented in a user-friendly manner.
3. Information we receive from other sources
We will combine information we receive from other sources with information you provide to us and information which we collect from you. We will use your information only for purposes as described in the paragraphs above.
Legal Basis For Processing
We shall only process your personal data insofar as this is necessary for us to be able to provide the services we offer and/or for the purposes indicated in this Policy.
Generally we do not rely on consent as a legal basis for processing your personal data. However, where your consent is required we will provide you with a consent form requesting explicit consent to do so.
Where we collect your data for marketing purposes we will always request your consent, at the point the data is collected, to use your data for that purpose.
We will always obtain your prior consent to sharing your personal data with any third party for their marketing purposes. This may be to enable relevant third parties to advise you of products or services that may be of interest to you.
We will only use your personal data for a reason other than the purpose for which it was originally obtained if we consider that we need to use it for that other purpose and have a legitimate interest in doing so, and your interests and fundamental rights do not override those interests.
We may also process your personal data on the basis of any legitimate interest or in order to comply with any legal obligations at law. This may include the exercise or defense of legal claims or in order to comply with an order of any court, tribunal or authority or disclosure to a government or regulatory entity.
You will receive marketing communication if you have requested such marketing information from us by providing us with your details through this Website and have consented and opted-in to receiving such information. Where we have entered into a contract or other business relationship with you we may further inform you about our activities, offers or other information which we believe would be useful to you in accordance with our legitimate interest.
We will not share your personal data with any third party for marketing purposes without your explicit consent.
Withdrawal Of Consent
You have the right to withdraw or vary consent or to object to receive marketing information as well as to withdraw or vary any consent provided by you in relation to your personal data/information (i.e. collection, processing, transfer) or even withdraw your consent to this Policy at any time by contacting firstname.lastname@example.org.
If you choose not to consent or to object to any one of the purposes listed herein or withdraw your consent at any time, we will still be able to provide our services, however, we would not be able to provide you with the full range of services which we offer and it may affect the efficiency with which we provide the services you request.
The withdrawal of any consent will not affect the lawfulness of processing which we carried out on the basis of such consent before its withdrawal. Once we have received notification that you have withdrawn your consent, we will no longer process your information for that purpose unless we have another legitimate basis for doing so in law.
Withdrawal of consent to this Policy will result in us having to terminate our services immediately.
Disclosure Of Your Information
There are a range of circumstances where we may disclose your data to third parties. These include:
(b) Our Service Providers/Suppliers: We may disclose your data to third parties that are involved in the fulfillment of our services to you.
(c) Data Controllers or Data Processors: We may disclose your personal data to any third party that may act as joint data controllers or data processors to Citrine Estates which will be the data controller for your data when you obtain our services and/or may provide administration, controls and reporting services. All parties that act as joint data controllers or data processors to Citrine Estates respect and protect the security of your personal data in accordance with the applicable law (including the GDPR) and apply the security measures and safeguards as described below.
We may require to share your data with service providers in their capacity as data processors, which is necessary for us to provide the services you request, who will store and process your data on the basis of strict confidentiality and subject to the appropriate security measures and safeguards in place as described below.
We may share your data with other third parties in their capacity as data controllers such as notaries, auditors and other advisors and service providers or third parties providing services or goods to you such as real estate agencies/owners/developers who you might wish to engage with under separate terms and conditions between you and such third parties. These third parties will be processing your data in their own right as data controllers and their data protection policies and processes shall be become applicable
(d) Third party marketing. Where you have consented for us to do so, we may provide your data to selected third parties who may contact you about their goods or services that you may be interested in.
Please be advised that we do not reveal information about identifiable individuals to our advertisers, but we may, on occasion, provide them with non-personal data such as Aggregated Data which is data that may be obtained from your personal data, but which does not directly or indirectly identify you. This may include data detailing how you use our Website and the features and areas that you have interacted with Aggregated Data about our Website visitors and customers.
If you do not want us to share your data with third parties you will have the opportunity to withhold your consent to this when you provide your details to us on the form on which we collect your data, or you can do so by writing to us at the address detailed above or sending us an email to Kypros.email@example.com at any time.
Transfers Of Data To Third Parties
Where we share your personal data with internal or external third parties, this may involve transferring your data outside the European Economic Area (EEA). We will transfer your personal data in accordance with standard contractual clauses (European Commission: Model contracts for the transfer of personal data to third countries) to ensure your personal data is protected and transferred securely in compliance with applicable law, including the GDPR.
Third Party Access To Your Personal Data
We work closely with third parties in order to provide you the services you request on our Website. These third parties include cloud storage providers, analytics providers and search engine information providers. We will only work with third party providers that comply with applicable laws in the jurisdictions which we operate and abide by the GDPR and, if applicable, agree to be bound by the standard contractual clauses to adequately protect and safeguard your personal data.
We have put in place appropriate security measures to prevent your data from unlawful or unauthorised processing or accidental loss or damage or disclosure. Once we have received your personal data, we will use strict procedures and security features to try to prevent unauthorised access.
The transfer of information between our Website and your device is protected with TLS (Transport Layer Security) certificates. When the Website is accessed using compatible browsers, that technology protects personal information using both server authentication and data encryption to ensure that personal information is safe and secure while in transit. The mainstream browser versions compatible with that technology are the Internet Explorer from version 11, the Mozilla Firefox from version 27, the Google Chrome from version 32 and the Apple Safari from version 7.
All personal data is stored in a secure server environment that uses a firewall and other advanced technology to protect against interference or unauthorized access. Servers are located in Sydney, Australia. Usernames and passwords are issued to persons authorized to access the personal data, such as our employees, who are bound by confidentiality not to disclose any personal data.
No method of transmission of data is one hundred percent (100%) secure and absolute security cannot be guaranteed.
In the event of a data breach we will notify the competent authorities and we will also notify you in the event that the breach results in any likelihood of loss or damage to you.
Data Storage And Minimisation
The length of time that we retain and store your data depends on the purpose for which it was collected. We will only store data for as long as is required to fulfill that purpose or for the purpose of satisfying legal, accounting or reporting requirements.
In any case, retention of data shall not exceed 10 years from the date of termination or completion of the services. This period of retention enables us to use the data for defending potential legal claims, taking into account the applicable limitation periods under relevant laws, as well as, if applicable, to comply with Anti-Money Laundering/KYC laws and regulations, Anti-Bribery/Corruption law provisions and regulations, accounting and tax laws, applicable to certain jurisdictions which we operate in.
Whenever and to the extent possible, we anonymize the data which we hold about you when it is no longer necessary to identify you from the data which we hold about you.
The GDPR gives you a range of rights in relation to the personal data that we collect from. You have the right to:
(a) Access your personal data/information: This right is commonly known as the “Data Subject Access Request” and enables you to receive a copy of the personal data/information we hold about you, as well as information on if, how, why and by whom your data is processed. You will not need to pay a fee to access your personal data (you shall receive one electronic copy via e-mail) unless we can justifiably demonstrate that the request is unfounded, repetitive or excessive in which case we may also refuse to comply with your request in these circumstances. We will respond to all legitimate data access requests within one month, but we may need to obtain further information from you in order to confirm your identity and the legitimacy of the request.
(b) Request update of the personal data: This enables you to obtain correction of any inaccurate to update your data, to have any inaccurate data corrected and to have incomplete personal data completed, including by means of providing a supplementary statement.
(c) Object to processing of your personal data: You may object to processing of your personal data where we are relying on consent or our legitimate interests (or those of a third party) as the justification for processing the data. Unless we have a legitimate interest that overrides your interest, we will stop processing your personal data.
In the case of processing your data for marketing purposes, we will stop processing the personal data for such purposes, if requested by you.
(d) Erasure of your personal data (right to be forgotten): This enables you to ask us to delete personal data in the following circumstances:
- where there is no justifiable and/or lawful reason for us continuing to retain and process it (i.e. where the processing of the data is no longer necessary for any of the reasons the data was collected or the deletion is required by the law);
- where you have successfully objected to the processing of the data by the Website
- where your personal data have been unlawfully processed.
We may not always be able to delete the data such as if there is an ongoing contractual relationship between us or if we are legally required to retain the data, etc.
(e) Restrict the processing of your personal data: you shall have the right to obtain from us restriction of processing where one of the following applies:
- the accuracy of the personal data is contested by you, for a period enabling us to verify the accuracy of the personal data;
- the processing is unlawful and you oppose the erasure of your personal data and request the restriction of their use instead;
- we no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims;
- you have objected to processing pursuant pending the verification whether our legitimate grounds override those of yours.
(f) Request the transfer of your personal data to you or to a third party (Right of Data Portability): We will provide to you, or a third party you have chosen, your personal data in a structured, machine-readable format.
(g) Withdraw consent: Where we are relying on consent to process your personal data you may withdraw that consent. For more details in relation to this right, please see above in “Withdrawal Of Consent”.
You can exercise these rights at any time by writing to us at the address detailed above, or by email to firstname.lastname@example.org
Third party links
You might find links to third party websites on our website. If you click a link to a third-party website and visit that site, you may be allowing that site to collect and share certain data about you. These websites should have their own privacy policies, which you should check. We do not accept any responsibility or liability for their policies whatsoever as we have no control over them.
Quality Of Website And Overall Experience
So as to improve the quality and overall user experience of the Website as well as facilitate event bookings and client event registrations, we are using Google Analytics Advertising Features, including Amiando and Microsoft Dynamics.
If you would like to opt-out of Google Analytics for display advertising, you may do so by using the Ads Preference Manager.
In addition, there is also a Google Analytics Opt-Out browser add-on that you can download at https://tools.google.com/dlpage/gaoptout.
You may withdraw your consent given for any of the purposes listed above at any time. This does not affect the lawfulness of your personal data for these purposes prior to your withdrawal. You may send us an email at email@example.com indicating your withdrawal of consent and specify which processing activities such withdrawal relates to.
We welcome any comments, complaints and queries in relation to data protection. As indicated above you may contact our Data Protection Officer at firstname.lastname@example.org and we shall try our best to deal with any issue or concern you may have.
If we fail to address your concerns, you have the right to lodge a complaint with the Office of the Commissioner for Personal Data Protection at email@example.com, as the relevant national supervisory authority on all data protection matters (www.dataprotection .gov.cy).
You must give your express consent in order to access and browse our Website. If you do not accept the provisions of this policy, you must exit our Website immediately.
What cookies are and what are used for
A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer or your mobile device, if you agree, and that uniquely identify your browser or device. Our Website sends information to your browser which then creates a text file. Every time the user goes back to our Website, the browser retrieves and sends this file to our Website's server. A cookie, enables the website to remember users that have already visited it. Without a cookie, every time you open a new web page, the server where that page is stored will treat you like a completely new visitor. Cookies can be used to help understand how the website is being used, help you navigate between pages efficiently, help remember your preferences, and generally improve your browsing experience. Cookies allow us to remember your custom preferences such as your language preference and allow you to complete tasks without having to re-enter your information when browsing in order to make browsing on our Website easier.
What types of cookies we use
1. Strictly Necessary Cookies:
These types of cookies are essential for the operation of our Website, as they include cookies that enable you to move around the Website and use its features, such as accessing secure areas of our Website and making use of its check-out functionally.
2. Performance/Analytical Cookies:These cookies collect information about how you have used the Website. We use these cookies to track aggregate Website usage and experiment with new features and changes on the Website (i.e. to recognise and count the number of visitors and to see how visitors move around our Website when they are using it). The information collected is used to improve how the Website works (i.e. by ensuring that users are finding what they are looking for easily).
3. Functionality Cookies: These cookies allow us to recognise when you return to our Website, whether you made an edit to an article on the Website while logged out, the state or history of Website tools you’ve used. These cookies also allow us to tailor the Website to provide enhanced features and content for you, greet you by name and remember your preferences (i.e. your choice of language or region). The information these cookies collect may be anonymous, and they are not used to track your browsing activity on other sites or services.
4. Targeting Cookies: These cookies record your visit to the Website, the pages you have visited and the links you have followed. These cookies cannot determine who you are though, as the data collected is never linked to your profile. We will use this information to make the Website and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose.
5. Session Cookies: These cookies, also known as in-memory cookies, transient cookies or non-persistent cookies, exist only in temporary memory while the user navigates our Website. They contain encrypted information to allow our system to uniquely identify you while you are logged in. Session cookies exist only during an online session. They disappear from your computer when you close your browser software. These allow us to process your requests and help us make sure you are who you say you are after you’ve logged in.
The website uses the following cookies:
|Google Analytics Tracking Cookie
||Global Site Tag
How to control and delete cookies
You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies), you may not be able to access all or parts of our Website. Moreover, some parts of our Website may not function properly if you choose not to accept cookies.
Except for essential cookies, all cookies (apart from third party cookies over which we have no control) will expire after 30 days.
Visit the “options” or “preferences” menu on your browser to change settings in relation to cookies.
Many browsers allow you to browse privately whereby cookies are automatically erased after you visit a site. The following is a list of the most common browsers and the way in which you can activate private browsing:
- Internet Explorer 8 and later versions: In Private
- Safari 2 and later versions: Private Navigation/Browsing
- Firefox 3.5 and later versions: Private Navigation/Browsing
- Google Chrome 10 and later versions: Incognito
You can find out more information about cookies on various sites, such as www.allaboutcookies.org.
Every time you connect to the internet or, if you use an always-on connection, such as broadband or ADSL, when you boot up or restart your computer, you are automatically assigned a unique identifying number known as an IP Address. This IP Address, which contains information regarding the location of your computer on the internet (your country of origin) and the name of your internet service provider (“ISP”), is automatically logged by our site.
You must give your express consent in order to access and browse our Website. If you do not accept the provisions of this policy, you must exit our Website immediately.
What is an IP Address?
When you first started your internet session (i.e. your computer connected to the internet), your computer was automatically assigned a unique number (normally in the region of 9 or 10 decimal numbers), known as an IP Address. This is your computer’s unique address on the internet. Without such an IP Address, websites would not be able to deliver their content to you as they would not be able to find your computer on the internet. Since each time you disconnect and reconnect to the internet a new IP Address is automatically assigned to your computer, IP Addresses are not inherently capable of identifying you as an individual (at least, by themselves).
An IP Address does, however, contain information regarding the location of your computer on the internet (your country) and the name of your ISP.
How Do We Collect Your IP Address
Each time you visit a page on our Website, your computer sends out a message to our Website asking for the content. This message sent by your computer also encloses your IP Address as a form of “return address” so that the Website may find your computer in order to send it the requested content. Our web-server automatically logs all these messages.
What Do We Do With Your IP Address?
When we log your IP Address, the data collected is grouped up with the other logged IP Addresses in order to provide us with the statistics on the geographic location of visitors to our Website, how long they stay on our Website, which are the most viewed pages and for other statistical reasons.
We gather your IP address automatically and store it in log files. These files also contain information relating to your browser type, ISP, operating system, date/time stamp, clickstream data and the files viewed on our Website. Collecting this type of information allows us to generate aggregate information for the purposes of our Website, including in terms of overall user trends and activities online (such as the number of unique visitors, pages access most frequently or the search terms entered). It also allows us to administer our Website, diagnose any potential server problems, analyze visitor trends and statistics, and generally held us to provide you with a better internet experience. IP Addresses are not stored for longer than necessary for the above stated purposes.
We will not use your IP address to identify you, the individual, in any way.
(Version: September 2018)