Privacy Statement

Privacy Statement

This Privacy Statement describes the method of data collection and its usage by CTC AUTOMOTIVE LTD (the Company).

The processing of personal data is carried out in accordance with the provisions of the General Data Protection Regulation (GDPR 2016/679), the applicable Cypriot legislation on the protection of personal data, any other potentially applicable national and European legislation for certain legal sectors, and for the  Regulation of Electronic Communications and Postal Services (Law 112(I)/2004, as applicable).

What is personal data?

Personal data is information that identifies you directly or indirectly. Indirectly means in combination with other information, such as your name, postal address, email address, and phone number, or a unique device identification number.

Gathering information

The Company may collect the following information:

• information upon the registration of a person as a customer or as a member in a database,
• information upon the registration of a person to receive notifications via e-mail or sms or other commercial communication channels
• when placing an order onhttp://www.iveco.com.cy/(the website),
• information for participation in contests that are held from time to time,
• information when logging on to the website through another platform (applications, IOS, android, Facebook, Google).
• information that is automatically received when a user navigates on the website through the use of cookies and similar technologies (to learn more refer to the cookie policy set out below)
• information when communicating with the Company (e.g. by email, social media, telephone).
• information received during your interaction with advertisements and applications of the Company and/or third parties, where a link is contained to this Statement.

When filling out the order form on our website http://www.iveco.com.cy/, you will be asked to provide:

• name
• address
• post code
• e-mail
• phone
• credit card details
• payment method of the order.

Additional information that may be requested is:

• shipping and delivery details of an order.
• pricing information or details about an offer you have requested.
• other information required for the execution of an order.
• information necessary for the provision of warranty services.

The Company may make use of your data:

• to contact you about (i) the delivery of an order, (ii) for confirmation and identification when required, (iii) for new or alternative products offered, (iv) special offers, (vi) receipt of gifts after a contest draw, (vii) receipt of personalized gifts,
• to comply with regulatory obligations, such as verifying your age and your status as a user of our products, where necessary,
• in the context of providing services to you regarding sales, such as to process your requests and answer any questions you may have, as well as to provide warranty services,
• in the context of selling our products to you, such as to process your orders and process your payments,
• to support all of the above, including managing your accounts, the ability to use contact points, to communicate with you, personalize your experience, and to manage and resolve any issues.
• We may need to use and retain your personal data for legal and compliance reasons, such as for the prevention, detection, or investigation of a crime, prevention of loss, fraud or any other misuse of our services and computer systems. We may also use your personal data for internal and external audit purposes, to secure information, or to protect or exercise our rights of, privacy, security, property or third persons.

Access to Information:

By providing your personal data you consent that your data will be used by the Company’s employees and partners for the reasons mentioned above.

Under no other circumstances may the Company share your personal information with others without your prior consent, unless required through any legal route. Please note that under certain conditions it is permitted, when required by law or on the basis of a court order, to collect, use and disclose of your personal data, which have been collected online without your prior consent (such as the case of a court order).

Use of personal data

Your personal data will be used for the purposes described above. We collect and process as much personal data as is necessary to meet the required purpose. If we will use your personal data that we process with your consent, for purposes other than those disclosed in such consent, we will inform you in advance and, in cases where the processing is based on your consent, we will use your personal data for a different purpose only with your permission.

For existing customers, we may use the information we have received as part of our existing customer relationship to inform you for products or services related to similar products or services that you have previously requested, used, or may be of interest to you. You may, however, object to such use at any time either at the time that your data is collected or whenever you send a message. To stop receiving emails for marketing purposes, follow the instructions in the email you receive.

Transfers of Businesses

In connection with any reorganisation, restructuring, merger or sale or other transfer of assets (known as "Transfer of Businesses"), we will transfer data; including personal data, on a reasonable scale, and as necessary for the Transfer of the Businesses, and provided that the recipient agrees to respect your personal data  in a manner consistent with applicable data protection laws. We will continue to ensure the confidentiality of any personal data and will inform the affected subjects before the personal data becomes the subject of a different privacy policy.

Processing of children's personal data

The Company will not collect or process personal data of children under the age of 16 unless parental consent has been granted, in accordance with applicable local law. If we realise that a child's personal data was accidentally collected, we will delete that data without any delay.

Processing sensitive data

In some cases, we may process specific categories of personal data about you ("sensitive data"). For example, we may process sensitive data that you have made public. We may also process sensitive data, where appropriate, to support, pursue or defend legal claims. We may also process your sensitive data if you have freely given your prior express and separate consent in a specific context for a specific purpose.

Transaction security

The Company is committed to ensuring the security and integrity of the data it collects, regarding the users of its website. The Company has adopted procedures that protect the personal data that users provide on its website or provide it by any other means (e.g. by telephone). These processes protect users' data from any unauthorized access or disclosure, loss or misuse and change or destruction. They also help to certify that these data are accurate and used correctly. Your connection to it is secure because it uses TLS technology with a size of 256bits. TLS technology relies on a key code to encrypt the data before being sent over the (TLS) connection.

The security check between the data and the Server is based on the unique key code ensuring secure communication. The Browsers, Internet Explorer, Mozilla Firefox, Safari support the TLS protocol and it is recommended to use them to connect to the http://www.iveco.com.cy/ website.

We apply the appropriate level of security and have therefore implemented reasonable physical, electronic, and administrative procedures to safeguard the data we collect from accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access to personal data transmitted, stored or otherwise processed. Our information security policies and procedures are closely aligned with widely accepted international standards and are regularly reviewed and updated, where necessary, to meet our business needs, changes in technology, and regulatory requirements.

In the event of a data breach containing personal data, the Company will comply with applicable laws regarding the notification of the breach.

Your legal rights

As a data subject you have specific legal rights relating to the personal data, we collect from you. The Company will respect your rights and will fully respond to any concerns you have as you address it.

The following list contains information about your legal rights arising from applicable data protection laws:

• Right to withdraw consent: Where the processing of personal data is based on your consent, you may withdraw such consent at any time.

• Right to correction: You can ask us to correct your personal data. We make reasonable efforts to retain your personal data that we control or have in our possession and are used on an ongoing basis, accurate, complete, and up to date, based on the latest information available to us. You can also check and correct your personal data by entering your personal account on http://www.iveco.com.cy/
• Right to limitation: You may request from us to limit the processing of your personal data, if
• You question the accuracy of your personal data for the period when we will need to verify the accuracy,
• Processing is illegal and you request that we restrict the processing of your data instead of deleting your personal data
• We no longer need your personal data, but you need it to support, exercise or defend legal claims, or
• You have an objection to the processing of your data for the period when we verify whether our legitimate interests take precedence over yours.
• Right to access: You may ask us for information about personal data that we store for you, including information about the categories of personal data we own or control, for what purpose they are used, from what source they were collected, if not by you directly, and to whom they have been shared, in each case. You can obtain from us free of charge a copy of the personal data we keep for you. We reserve the right to charge a reasonable fee for any further copy you may request.
• Right to transfer: At your request, we will transfer your data to another controller, where technically feasible, provided that the processing is based on your consent or is necessary for the procedure of a contract. Instead of receiving a copy of your personal data, you may ask us to transfer the data to another controller, that you will indicate to us, directly.
• Right to erasure: You may ask us to delete your personal data, where - personal data is no longer necessary in relation to the purposes for which they were collected or processed - you have the right to object to further processing of your personal data and you exercise this right - the processing is based on your consent, you withdraw your consent and there is no other legal basis for processing - your personal data have been processed illegally, except where the processing is necessary - to comply with a legal obligation, which requires processing by us – especially for a legal duty-fulfilling obligation - to support, pursue or defend legal claims
• Right to object: You may object - at any time - to the processing of your personal data due to your particular situation, provided that the processing is not based on your consent but on our legitimate interest or on a legitimate interest of third parties. In this case we will no longer process your personal data unless we can demonstrate compelling legitimate reasons and an overriding interest in processing or supporting, exercising or defending legal claims. If you object to the processing, please specify whether you wish to delete your personal data or restrict our processing.
• Right to lodge a complaint: In the event of an alleged breach of the applicable privacy law, you may lodge a complaint with the data protection supervisory authority in the country where you live or where the alleged infringement occurred.

Please note:

• Time period: We will try to satisfy your request within 30 days. However, the time limit may be extended for specific reasons relating to that legal right or the complexity of your request.
• Restricting access: In some cases we may not be able to provide access to all or some of your personal data under legal provisions. If we refuse your request for access, we will inform you of the reason for this refusal.
• Non-recognition: In some cases, we may not be able to search for your personal data because of the identifiers you provide in your application. Two examples of personal data that we cannot look for when you provide your name and email address are: - data collected through browser cookies, - data collected from social networks if you have posted a comment under an alias not known to us.

In such cases, where we cannot identify you as a data subject, we are unable to comply with your request to enforce your legal rights as described in this article, unless you provide us with additional information that allows you to be identified

Retention of your personal data

In general, we will delete the personal data that we collect from you if they are no longer necessary to achieve the purposes for which they were originally collected. However, we may be asked to store your personal data for a longer period of time due to legislation.

In addition, we will not delete all of your personal data, if you have asked us not to contact you in the future. For this purpose, the Company maintains records containing information about people who do not wish to be contacted in the future (e.g. through group e-mail messages). We categorize your requests as consent for the storage of your personal data for the purposes of maintaining that file, unless you give us different instructions.

Contact Info

Please address any questions on the issue of data protection and any requests to exercise your legal rights to the data controller at dpo@ctcgroup.com.cy

You can also contact the Office of the Commissioner for Personal Data Protection in Cyprus at commissioner@dataprotection.gov.cy

Periodic Changes

The Company continuously updates and improves its website, and its related products and services and also renews this policy. We recommend that you read this policy occasionally in order to be informed of any changes to the content of this privacy policy. This policy will be amended from time to time, without prior notice to users.

Acceptance of the Privacy Procedures applied by the http://www.iveco.com.cy/ If you use the website http://www.iveco.com.cy/ you accept and consent to this Privacy Statement, as well as the terms and conditions of use of the website announced through it.