Having a customer-oriented philosophy, Ollanet Ltd (hereinafter referred to as “the Company” or “We”) we seek maximum satisfaction of your requirements by offering high-quality telecommunications services at the highest speeds and lowest prices.
It applies even if you’re not one of our customers and you interact with us, such as by:
2. Policy Statement
We take our responsibilities under the General Data Protection Regulation (EU) 2016/679 very seriously and as such we are committed to :
3. When we collect your personal data
There are various instances that we collect your personal data. In some instances, you provide your data to us when you subscribe with us and in some other instances, this is performed automatically through other interactions with us. Below is a list of possible ways we collect your data.
4. Which legal bases we rely on
General Data Protection Regulation (EU) 2016/679 sets out a number of different reasons for which the Company may collect and process your personal data, including: Consent In specific situations, we can collect and process your data with your consent. For example, when you tick a box to receive email newsletters. When collecting your personal data, we’ll always make clear to you which data is necessary for connection with a particular service.
Contractual obligations In most circumstances, we need your personal data to comply with our contractual obligations i.e. to provide to you our services at the quality level we are committed to our customers. For example, if you have made a technical inquiry, we are contractually obliged to inform you of repair of any damage or other matters related to our services and we’ll process your name and address details to do that.
Legal compliance If the law requires us to, we may need to collect and process your data. For example, we can pass on details of people involved in fraud or other criminal activity to the Police
Legitimate interest In specific situations, we require your data to pursue our legitimate interests in a way that might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests.
For example, we will use your viewing history to send you or make available personalized suggestions.
We’ll use your personal data if we consider it is in our legitimate business interests so that we can operate as an efficient and effective business. We use your information to:
5. What personal data do we collect and How we use it
To provide you our services based on terms and conditions We’ll use your personal data to provide you with products and services. This applies when you subscribe to a service from us.
We use the following to provide products and services and manage your account.
We use data (name, contact details, your address and any other qualitative information) to respond to customer inquiries, diagnose problems, rectify technical issues and provide other customer care and support services. This processing is necessary for the performance of the agreement we have with you, as well as to serve our legitimate interests. We record your calls every time you contact our call center in order to train our staff to provide you with the best service. We will always give you the choice to opt-in for recording your call and we will not keep records of your call if you choose not to. Secure our people, operations, network and services We’ll use your personal data to help prevent and detect crime and fraud. We’ll also use it to prevent and detect criminal attacks on our network or against your equipment. We monitor traffic over our network, trace nuisance or malicious calls, and track malware and cyber-attacks. To do that we use the following information, but only where strictly necessary: MAC-address and IP-address
To display the most interesting TV content to you, we’ll use your viewing history and duration. We do so on the basis of maximizing your viewing experience and entertainment.
We use the information for research and to develop aggregate analysis and business intelligence that enable us to operate, protect, make informed decisions, and report on the performance of our business.
If we are asked by law enforcement agencies such as Police, we may provide personal data to help detect and stop crime, prosecute offenders and protect national security. Any information requested will be accompanied by a Court order detailing exactly what information is being requested and for what reason.
Generally, court orders ask for the following details. Your contact details including but not limited to your name, phone number, email address, physical address of installation, billing address, and under special circumstances your passwords and credentials (such as your security questions and answers) needed to confirm your identity and your communications with us. Your payment and financial information. Details of the products and services you’ve bought and how you use them – including your call, browser (including IP address) and TV records.
6. Your Rights and Choices
Under the General Data Protection Regulation (EU) 2016/679 you have rights over the following rights in terms of your personal data we hold about you:
Receive access to your personal data.
This enables you to receive a copy of the personal data we hold about you. In order to receive such a copy, you must request this in writing which can be done electronically at http://www.citycellfiber.com/contacts/ or by sending such requests in writing to:
Leoforos Archiepiskopou Makariou III, 235, Limassol, 3105, Cyprus
Right to rectification
We rely on you to ensure that your personal data is complete, accurate and up to date. Please do inform us promptly of any changes to or inaccuracies in your personal data by contacting us as above.
Right to Erasure
You may ask that we erase your information in certain circumstances (the right to erasure). In some cases, other laws or regulations require us to keep some or all of your personal data on record for a specified period. An example would be the requirement by Cyprus Police Service to retain your data for up to six months.
Right to the restriction of processing your personal data
The right to request that we restrict the processing of your information in certain circumstances. Again, there may be circumstances where you ask us to restrict the processing of your information, but we are legally required to refuse that request.
In cases where we are processing your personal data on the basis of our legitimate interest, you can ask us to stop for reasons connected to your individual situation. We must then do so unless we have a legitimate overriding reason to continue processing your personal data.
Right to data portability
Request to receive a copy of the personal data concerning you, in a format that is structured and commonly used, and transmit such data to a third party where this is technically feasible. Please note that this right only applies to the information which you have provided to us.
Right to Consent
Your Data remains yours at all times, and you have the right to withdraw the consent that you gave us with regard to the processing of your personal data at any time. Note that any withdrawal of consent shall not affect the lawfulness of processing based on consent before it was withdrawn or revoked by you.
You have the right to make a complaint with the Data Protection Commissioner if you think that any of your rights have been infringed by us.
To exercise any of your rights, or if you have any other questions about our use of your personal data, you can send us your request and our Data Protection Officer will be happy to deal with your request without delay, and within one month, however, we will need to verify your identity first.
You can opt-out of receiving direct marketing communications from us by following the instructions included in every email sent to you via the “Unsubscribe” tab. We respect your choice, and we will stop sending you promotional emails once you unsubscribe.
Please note, regardless of your communication settings, we will continue to communicate with you regarding changes to terms and conditions, policy updates, routine customer service messages such as information about service interruptions, data breaches or other significant information about services you are subscribed to.
You can adjust the amount of interest-based advertising you may receive by changing your cookie settings, changing your device settings, and/or opting out of certain advertising networks.
It is our policy to never knowingly collect personal data from anyone under the age of 16 unless we first obtain permission from the child's parent or legal guardian.
7. How we secure your personal data
We ensure that appropriate security measures are taken against unlawful or unauthorized processing of personal data and against the accidental loss of, or damage to, your personal data.
Once we are in possession of your personal data we delicately take care of it and we use an array of technical and organizational measures to safeguard the Confidentiality Integrity and Availability of your data, based on a balance of the state of the art and the risks for your rights and freedoms.
8. With who we share your personal data
There are occasions when we need to share your personal data with a third party data processor.
Our policy is that we will only transfer your personal data to a third party processor who complies with the Company’s security and data protection procedures and policies or if they put in place equivalent measures themselves, which we deem to be acceptable and are at minimum in compliance with the General Data Protection Regulation (EU) 2016/679. Furthermore, we will provide only the information they need to perform their specific services, they may only use your data for the exact purposes we specify in our contract with them and if we stop using their services, any of your data held by them will either be disposed or anonymized.
Examples of the kind of third parties we work with are:
For fraud management, we may share information about fraudulent or potentially fraudulent activity on our premises or systems. We may also be required to disclose your personal data to the police or other enforcement, regulatory or public authorities like income tax authorities upon a valid request to do so. These requests are assessed on a case-by-case basis and take the privacy of our customers into consideration.
9. How we may Transfer personal data outside the EEA
We might send your personal data to other companies based outside the EEA. For example, like many companies, we may use cloud services from suppliers outside the EEA. However, your Personal data will not be transferred to a country outside the EEA unless that country has adequate measures in place to ensure that your rights and freedoms are protected when your personal data is processed (stored for example). Where we transfer your information to companies outside the EEA, we will make sure that mechanisms for adequate safeguards are provided by the processor residing in countries outside EEA. Examples of such mechanisms could include:
10. How long we will keep your personal data
We follow an internal records retention policy based on legal, business and security criteria. We will store personal data for the periods needed for the purposes for which the personal data were collected or in cases there will be requirements to be further processed. There are also occasions a law requiring us to keep it longer. Otherwise, we delete it.
We will keep:
11. How your privacy is established
12. Other privacy information
Online-Payments, when available
It is safe to make payments with us online as it is the Company ‘s policy to protect our Customers’ privacy. This is achieved by making all Customers’ online transactions through JCC.
When you send your payment details, they are encrypted, (changed to unreadable code), on their journey between your computer or mobile device and the Company. This reduces the risk of interception between these two points.
When your payment details arrive they are held securely at our end. Access to your information is carefully monitored and restricted. the Company will only use your card details for the payment concerned. We will not disclose card details to any third parties other than the bank, which processes them for payment.
Once your payment has been authorized, we will provide notification of this confirmation via email or letters.
Cookies We use “cookies” to monitor site user traffic patterns and site usage. This helps us to understand how our customers and potential customers use our website so that we can develop and improve the design layout and functionality of the sites.
13. Frequently Asked Questions
What is PERSONAL DATA?
any information relating to an identified or identifiable to a living individual - natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
What is GDPR? GDPR stands for the General Data Protection Regulation (Regulation (EU) 2016/679). The new European Union Regulation is set to replace the current Data Protection Directive (95/46/EC) as well as the Cyprus Data Protection Law of 2001 The GDPR requires greater openness and transparency from companies on how they collect, store and use personal data and enhances the rights of individuals over their personal data What are SPECIAL CATEGORIES data?
Information about a person’s:
Special categories data can only be processed under strict conditions and will usually require the explicit consent of the person concerned.
What is the processing of personal data?
Any activity which involves the data. It includes obtaining, recording or holding the data or carrying out any operation or set of operations on the data including organizing, amending, retrieving, using, disclosing, erasing or destroying it. Processing also includes transferring personal data to third parties.
Who is a DATA SUBJECT? The individual the data relates to and for the purpose of this policy, data subjects include all living individuals about whom we hold personal data. A data subject need not be a Cypriot national or resident. All data subjects have legal rights in relation to their personal data.
DATA CONTROLLER the Company is a data controller because under GDPR determines the purposes and methods of processing of personal data and
DATA PROCESSOR Any individual or organization which processes personal data on behalf of a data controller. Employees of a Data Controller are not considered to be data processors; however, the definition is likely to include suppliers or service providers which handle personal data on the controller’s behalf.
DATA PROTECTION OFFICER (DPO) This is the new responsibility for organizations introduced by article 37 of GDPR. DPO’s assist in the monitoring of internal compliance, inform and advise on data protection obligations, provide advice regarding data protection risks and acts as a contact point for data subjects and the supervisory authority.
DATA USER Includes employees and other staff members whose work involves using personal data. Data users have a duty to protect the information they handle by following our data protection and security policies at all times.
PRIVACY NOTICE A statement provided to data subjects when or before their personal data is collected which explains, what their information will be used for, to whom it may be disclosed for these purposes (particularly any external third parties) and any other information they may need to know in order to ensure that the processing is fair.
COMMISSIONER FOR PROTECTION OF DATA An independent regulator who reports directly to Parliament. The Commissioner for Protection of data is responsible for regulating and enforcing the GDPR in Cyprus and provides advice and guidance about compliance to organizations and members of the public.
Anonymized data Data that has had all personally identifiable information removed. Anonymized data are not covered by the GDPR
Aggregated data Grouped information, which does not identify customers and they do not contain personal data. They are used for statistical analysis, reporting and research. For example, the total number of calls made in a month or the total number of minutes called.
What are Cookies? A cookie is a piece of information, that's stored on your computer, tablet or phone when you visit a website. It can help identify your device whenever you visit that website. Cookies are a convenient way to carry information from one session on a website to another, or between sessions on related websites, without having to burden a server machine with massive amounts of data storage.