WEBSITE Privacy Policy

 

1.Introduction

At H.M.D Careline24 LRD (hereinafter “we”, “us” or “our”), we are committed to protect our clients’ privacy and handle their personal data in an open and transparent manner.

The purpose of this privacy policy ("Policy") is to provide a clear explanation of when, why and how we collect and use personal data. We have designed it to be as user friendly as possible and have separated it in sections to make it easy for you to find the information that is most relevant to you.

The new European Union (EU) Data Protection Law, the General Data Protection Regulation (“GDPR”), came into effect on the 25th of May 2018. The GDPR (EU) 2016/679 gives individuals in the EU more control over how their data is used and places certain obligations on businesses that process the information of those individuals. Our Privacy Policy conforms to the requirements of the GDPR.​

2. Who we are

H.M.D Careline24 Ltd (‘’the Company’’) is a Cyprus-based company that is engaged in the design, trading, installation, integration, operation and maintenance of security systems telecare products and services.​

3. Whom this privacy policy is directed to

This privacy policy is directed to natural persons (hereinafter our “clients”) who are either past, current or potential clients or are authorized representatives/agents of past, current or potential clients.​

4. Identity and contact details of the Data Controller and Data Protection Officer

(a) Data Controller

H.M.D Careline24 Ltd, a Cyprus private limited liability company, having registration number HE 401988, is the "Data Controller” pursuant to the GDPR, and related Cyprus Law and determines how your personal data is kept and processed.

The main establishment and the central administration of the Data Controller is situated at 65 Michael Zavou street, Agios Athanasios, 4107, Limassol, Cyprus. 

(b) Data Processor

In certain cases, H.M.D Careline24 LRD is the "Data Processor” pursuant to the GDPR and related Cyprus Law and deals with personal data as instructed by data controller for specific purposes and services offered to the controller that involve personal data processing. 

(c) Data Protection Officer (DPO)

We have designated a Data Protection Officer (DPO), who is responsible to monitor compliance with this privacy policy as well as the applicable Laws and liaise with the Cyprus Supervisory Authority, namely the Office of the Commissioner for Personal Data Protection.

The DPO may be contacted directly with regards to all matters concerning this policy and the processing of your personal data including the enforcement of all applicable and available rights.

Official requests may be made by post at 65 Michael Zavou street, Agios Athanasios, 4107, Limassol, Cyprus, Cyprus or electronically at dpo@eyescan.com.cy.

5. What is personal data?

Personal data means any information relating to an identified or identifiable natural person (‘data subject’). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

  

6. What are special categories of personal data?

Special categories of data include information about an individual’s racial or ethnic origin, political opinions and affiliation, religious or similar beliefs, trade union membership, physical or mental health or condition, criminal offences or related proceedings and genetic and biometric information — any use of special categories of personal data shall be strictly controlled in accordance with this Policy.

7. What are the Data Protection Principles?

We will comply with applicable data protection law. This says that the personal data we hold about you must be:

  1. used lawfully, fairly and in a transparent way;

  2. collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes;

  3. relevant to the purposes we have told you about and limited only to those purposes;

  4. accurate and to the extent appropriate, kept up to date;

  5. kept only as long as necessary for the purposes we have told you about; and

  6. kept securely.​

8. How do we collect your Personal Data?

We collect personal data directly from you in order to provide you with our products and or services, to market our products and or services and to improve our website. Our clients are mainly individuals, but they may also be legal persons. When clients are individuals, they provide their personal data directly themselves. When customers are legal persons, they have representatives, employees and customers whose personal data are provided to us after they have confirmed that they are authorised to do so and allow us to use them in accordance with this Policy.

We collect personal data by corresponding with us via our online services, by telephone directly or through our 24-hour Alarm Receiving Centre, e-mail or otherwise. We ask you to disclose only as much data as is necessary to provide you with our services and to submit a question/suggestion/comment in relation to our products or our services. We also collect personal data from you through filling in forms and through your acceptance of sales orders and sales invoices.

In addition to the information you provide to us directly, we may collect personal data through messages and alarms originating from the Careline24 devices used by you or the person(s) for whom you subscribed to our telecare services.

9. Cookies

We collect and process certain personal data from cookies, which are pieces of data stored directly on the computer or mobile device that you are using. Cookies allow us to collect data such as browser type, time spent on the website, pages visited, referring URL and other aggregated traffic data. We use the data for security purposes, to facilitate navigation, to display data more effectively and to collect statistical data. At this time, we do not respond to browser “Do-Not-Track” signals. 

10. What categories of Personal Data we collect and process?

We collect the following Personal Data from our clients which can include, but is not limited to, your name and surname, address, telephone number, email, signature, financial information, such as bank account number or credit card details, IP Address and, in certain cases, after your consent has been obtained, your or of the person(s) you subscribe for to Careline24 services photographs and other personal testimonials that are used for providing our services and/or  may be used for helping you and/or other entities legally provide (tele)care services to you or the person(s) for whom you subscribe to Careline24 services.

Should there be a need to further process the personal data for a purpose other than that for which they were initially collected, you will be informed in advance about the additional purpose and the relevant details in respect to the further processing.

 

With your explicit consent, we may collect special categories of personal data. Pursuant to the definition given by the GDPR, these data may include racial or ethnic origin, political opinions, religious or philosophical beliefs, health data, trade union membership, the processing of genetic data, biometric data, data concerning health, sex life or sexual orientation and criminal records.

In case that you submit Personal Data about other people to us including their name and surname, address, telephone number, you confirm that you have the authorisation to do so and allow us to use their personal data in accordance with this Policy. You also agree to inform these individuals about the content of this Privacy Policy. 

If you do not provide us the necessary information, we may not be able to enter into an agreement with you, or the legal person you represent, for the requested services and or products and/or we may be unable to fulfil our obligations on the basis of our agreement. ​

11. What lawful reasons do we have for processing personal data? 

In order to proceed with a business relationship, our clients must provide to us their personal data which are necessary to operate our business and provide our services.

In accordance with GDPR, we may rely on the following lawful reasons when we collect and use personal data to operate our business and provide our products and services:

  • Compliance with legal obligations – We may collect and process personal data in order to meet legal and other regulatory obligations.

  • Contract – We may process personal data in order to perform our contractual obligations towards you.

  • Consent - We may rely on your freely given consent to keep and process your personal data. You have the right to withdraw consent at any time.

  • Legitimate interests – We may rely on legitimate interests based on our evaluation that the processing is fair, reasonable and balanced. A legitimate interest is when we have a legal, business or commercial reason to use our clients’ information. Instances of such processing activities can include, but not limited to initiating legal claims, preparing our defense in litigation procedures, etc. 

12. How do we use your Personal Data

H.M.D Careline24 Ltd undertakes to ensure that all processing of personal data is lawful, fair and transparent. Data will only be collected for a specific, explicit and legitimate purpose and collecting and processing will not go beyond what is necessary for the purpose of the processing. The processing shall always be adequate, relevant and limited to what is necessary for the purpose for which they are processed. We use your Personal Data and, where applicable, the Personal Data of the person(s) for whom you subscribed to Careline24 services for the following purposes:

  • To communicate with you including responding to your queries or requests in relation to our products and services.

  • To set up you as a client in our systems.

  • Process sales orders and invoices and payments from you.

  • To market our products and services through our website and social media accounts.

  • Administer or otherwise carry out our obligations in relation to any agreement you have with us such as monitoring and maintenance of your systems.

  • Anticipate and resolve problems with any services and or products supplied to you. 

13. Do we share personal data with third parties?

In the course of our business relationship, our clients’ personal data may be provided to various departments within our Company including our Alarm Receiving Centre. In addition, the following third parties may also be the recipients of the personal data under the certain circumstances:

  • Public authorities, whereby a statutory obligation exists that we are subject to or where we are required to do so, as part of any legal care services, search, investigation or proceedings.

  • Hospital, Medical, Police forces and Fire & Rescue services and other legal entities where these may be requested by you and or the person(s) for whom you subscribed to careline24 services and or in response to messages/alarms generated by the Careline 24 devices and services you subscribe to and or by the Careline24 Telecare Centre.

  • Financial institutions in the context of receiving and making payments.

  • Any other service providers or professionals that we engage in the normal course of our business, such as service providers, auditors, lawyers, etc.

Third parties to whom we may disclose Personal Data may have their own privacy policies which describe how they use and protect Personal Data. If you want to learn more about their privacy practices, we encourage you to visit the websites of those third parties. 

14. Do we transfer your personal data outside the European Economic Area?

We store personal data on servers located in the European Economic Area (EEA). We may transfer personal data to reputable third party organisations situated inside or outside the EEA when we have a business reason to engage these organisations or where it is needed to fulfil our services such as the use of cloud services. Each such organisation is required to safeguard personal data in accordance with our contractual obligations and data protection legislation.​

15.Personal data security.

We have put in place appropriate technical and organisational measures including physical, electronic and procedural measures to protect personal data from loss, misuse, alteration or destruction. We restrict access to information at our offices so that only officers and/or employees and/or associates who need to know the information have access to it. Those individuals who have access to the data are required to maintain the confidentiality of such information. In addition, we have trained our employees and associates on how to handle, manage and process personal data, applied upgraded technical measures and transformed our policies and procedures in a way that will comply with the GDPR.

Please be aware that the transmission of data via the Internet is not completely secure. Users should also take care with how they handle and disclose their personal data and should avoid sending personal data through insecure email.​

16. Retention of personal data.

We will keep our clients’ personal data for as long as we have a business relationship.

Once our business relationship has ended, we will hold your personal data on our systems for the longest of the following periods:

a) any retention period that is required by law or regulations;

b) the end of the period in which litigation or investigations might arise in respect of the services or

c) as directed by our own internal retention policies or practices, the length of which may vary depending on the nature of the information that is held.

The personal data processed for the purposes of sending newsletters shall be kept with us until you notify us that you no longer wish your personal data to be used for this purpose. 

17. Do we change this privacy policy?

We may modify or revise our privacy policy from time to time to reflect our current privacy practices. When we make changes to the privacy policy, we will revise the "updated" date at the top of this page. We encourage you to periodically review this Privacy policy that can be found at our website to be informed about how H.M.D Careline24 Ltd is protecting your Personal Data. ​

18. What are your data protection rights?

Subject to the provisions of the GDPR, you have certain rights regarding the Personal Data we collect, process or disclose and that is related to you and or the person(s) for whom you subscribe to Careline24 services, including the right:

  • To receive access to your and or their personal data (right to access).

  • To rectify inaccurate personal data concerning you and or them (right to data rectification);

  • To request deletion/ erasure of your and or their personal data (right to erasure/deletion, “right to be forgotten”);

  • to receive the Personal Data provided by you and or them in a structured, commonly used and machine-readable format and to transmit those Personal Data to another data controller (right to data portability);

  • to object to the use of your and or their personal data where such use is based on our legitimate interests or on public interests (right to object);

  • in some cases, to request the restriction of processing of your and or their personal data (right to restriction of processing);

  • To withdraw the consent given to us with regard to the processing of your and or their personal data at any time. Note that any withdrawal of consent will not affect the lawfulness of processing based on consent before it was withdrawn.

We may need to request specific information from you to help us confirm your identity and or the identity of the person(s) for whom you subscribe to Careline24 services and ensure your right to access the information or to exercise any of your other rights. This helps us to ensure that personal data is not disclosed to any person who has no right to receive it. No fee is required to make a request unless your request is clearly unfounded or excessive. Depending on the circumstances, we may be unable to comply with your request based on other lawful grounds, we will try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.​

19. How to raise a complaint

To exercise any of the above rights or for any questions or complaints about our use of your personal data, please contact our Data Protection Officer, either by post at 65 Michael Zavou street, Agios Athanasios, 4107, Limassol, Cyprus, Cyprus or electronically at dpo@careline24.com.cy

Complaints may also be lodged to the supervisory authority in Cyprus (Office of the Commissioner for Personal Data Protection, by post at 1 Iasonos Str. 1082, Nicosia, Republic of Cyprus. More information can be found at http://www.dataprotection.gov.cy.