INFORMATION NOTICE

ON THE PRINCIPLES OF DATA PROCESSING  

The information below fulfils the obligation in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) (“GDPR”) and with the Law providing for the Protection of Natural Persons with regard to the Processing of Personal Data and for the Free Movement of Such Data of 2018 (N.125(I)/2018), as amended from time to time.  

1. Personal Data Controller

The personal data controller is ABRIS CEE HOLDINGS LIMITED with its registered seat in Cyprus, Prodromou & Dimitrakopoulou 2 (5th Floor), 1090 Nicosia, Cyprus (hereinafter: “Controller”).

You can contact the Controller in writing to the address: 

ABRIS CEE HOLDINGS LIMITED
Prodromou & Dimitrakopoulou 2 (5th Floor) 1090 Nicosia

a) by electronic means to the following e-mail address: GDPR.Cyprus@abris-capital.com.

2. Personal data processing.

  1. Candidates for employees – the aim of personal data processing is the recruitment process of potential employees. The processing of personal data of job candidates takes place in connection with an intent to enter into an agreement or on the basis of their consent. Making available of personal data is voluntary, however, in the case of failure to make personal data available it will not be possible for a candidate to participate in the recruitment process. Data necessary for the recruitment process to be conducted are: name, surname, residential address, details concerning education and experience. Other particulars provided by a candidate for an employee may also be processed, such as contact details in the form of a telephone number, e-mail address or image in the form of a photograph attached to the CV.

    Data storing period: up to 6 months after the end of the recruitment process. In the case of granting consent for data processing during further recruitment: up to 5 years.

  2. Candidates for business associates – the aim of personal data processing is the recruitment process of potential business associates, i.e. persons acting directly in the interests of Abris CEE Holdings Limited on the basis of civil law agreements. The processing of personal data of candidates takes place in connection with an intent to enter into an agreement or on the basis of their consent. Making available of personal data is voluntary, however, in the case of failure to make personal data available it will not be possible for a candidate to participate in the recruitment process. Data necessary for the recruitment process to be conducted are: name, surname, residential address, contact details, details concerning education and experience. Other particulars provided by a candidate for a business associate may also be processed, e.g. their image (photograph in the CV).

    Data storing period: up to 6 months after the end of the recruitment process. In the case of granting consent for data processing during further recruitment: up to 5 years.

  3. Persons contacting Abris CEE Holdings Limited - the aim of personal data processing is to communicate with persons contacting the Controller. The legal basis for personal data processing is the legitimate interest of the Controller consisting in allowing:

    • (i) communication with the person contacting the Controller, 
    • (ii) initiation of a relationship with the person contacting the Controller, 
    • (iii) provision of the necessary information to such person. 

    The processed personal data are: name, surname, electronic address, telephone number, correspondence address and other information provided by the person contacting the Controller. Making available of personal data is voluntary, however, in the case of failure to make available all the details significant in specific circumstances, the communication process may be hindered or impossible to conduct.

    Data storing period: as long as necessary to pursue the legitimate interest of the Controller or a third party.

  4. Contractors and representatives of contractors - the aim of personal data processing is conclusion and/or implementation of the agreement and maintaining relationships with contractors, i.e. service providers and business partners of the Controller. The processing of personal data of contractors and persons appointed by them (including, their employees and business associates) takes place in order to conclude or perform an agreement or on the basis of a legitimate interest of the Controller, i.e. facilitation of communication and maintenance of relations with the contractor and performance of the agreement. The processed personal data are: name, surname, electronic address, telephone number, workplace, position, business activity address, tax identification number, statistical number, personal number, bank account details and other particulars necessary to enter into and/or perform the agreement and maintain relations with contractors Making available of personal data is necessary in order to maintain a relationship or conclude/implement an agreement, when a given relationship already exists (or if the agreement is concluded) with a natural person. As regards persons who represent a legal entity, providing their data is not necessary, however, it makes contact with the Controller possible.

    Data storing period: the term of the agreement made with the contractor and the period necessary to facilitate the seeking by the parties of claims arising from such agreement, not shorter, however than for a period arising from provisions of law or as long as necessary to pursue a legitimate interest of the Controller or a third party.

  5. Own marketing of the Administrator - the aim of personal data processing is own marketing of the Controller, in particular, communication with recipients, maintaining the  website and accounts on social media, event organization, sending commercial and advertising information, offers and invitations to the events organized, as well as correspondence regarding the day-to-day activity of the Controller. The legal basis for personal data processing is the consent of the data subject or legitimate interest of the Controller, consisting in conducting marketing activities, maintaining relationships with the data subjects and providing them with necessary information. The processed personal data are: name, surname, e-mail address, telephone number, workplace, position, business activity address. Providing personal data is voluntary, however, it is necessary in order to make it possible to send correspondence and contact with the persons interested.

    Data storing period: until the consent is withdrawn or as long as necessary to pursue the legitimate interest of the Controller or a third party.

3. Disclosure of personal data

Your data may be made available to entities and bodies authorized to process such data on the basis of legal regulations. Your personal data may also be transferred to the entities with which the Controller is affiliated, to their contractors (and their representatives), as well as business partners and service providers of the Controller, in particular advisors, law offices, notarial and tax advisory offices, IT service providers, marketing service providers (e.g. event/PR agencies, photography studios, printing shops), services in the scope of archiving and destruction of documents, finance and accounting services and insurance services, whereas such entities process data on the basis of an agreement with the personal data controller and in accordance with its order. 

4. Transfer of data outside the European Economic Area (EEA)

Your personal data will be transferred to third countries situated outside the European Economic Area. Such transfer shall take place in accordance with the permitted transfer mechanisms regarding the protection of personal data, in particular on the basis of standard clauses of protection adopted by the European Commission.

5. Rights of the data subjects

In connection with personal data processing, the persons whose data are processed shall have the right to (respectively):

  • request that the Controller provide access to the personal data being processed,
  • request that the Controller rectify the personal data being processed,
  • request that the Controller erase the personal data being processed, 
  • request that the Controller restrict the processing of personal data
  • object to the processing of personal data,
  • portability of personal data,
  • withdraw his or her consent for the processing of personal data, whereas its withdrawal shall not affect the legality of processing executed on the basis of such consent before its withdrawal,
  • lodge a complaint to a data protection authority (the Commissioner for Personal Data Protection appointed pursuant to the provisions of Article 19 of the Cypriot Law).

6. Source of obtaining personal data

If we received personal data from the entities other than the data subject, it shall mean that we received them from other entities, with which the Controller is affiliated, their contractors (and/or their representatives), Controller’s contractors (and their representatives),, from social media, Internet or other publicly available sources.

7. Automated decision-making

Personal data shall not be processed in an automated manner to make decisions, including in order to perform profiling.

8. Cookies

At the website http://www.abris-capital.com/ (“Website”) the Controller uses cookies, i.e. small text information stored on the end device of a user, i.e. their computer, telephone, tablet, etc. The Controller may collect data concerning the visit of the user such as: the IP address, type of the browser used, operating system, etc.

The cookies are used exclusively in order to ensure better operation of the Website for the user, in particular to:

  • adjust the Website to the needs and preferences of the user, 
  • ensure a more efficient operation of the Website by maintaining a user session, save their settings and choices on a short-term basis,
  • keep statistics, examine the popularity of particular functionalities and tabs.

By using the Website, users grant their consent for using cookies. In the case of failure to grant consent for using cookies by the Controller, users have a possibility to block them in the settings of their browser. By default internet browsers allow storage of cookies on a user’s device, so by using the Website, the user grants their consent for using cookies. By changing settings on their Internet browser, the User has a right to block automatic storage of cookies by the Controller and in a manner appropriate to their needs configure the use of cookies by the Website.

9. Updates to the information notice

This notice is subject to updates. The current notice shall each time be published at the website.