Privacy Policy

1. INTRODUCTION

HTTPS://OPA.CY is a website (the “Website”) operated by PROJECT OPA LTD, a private limited company registered under the laws of Cyprus with registration number HE 34236, having its registered office address at 6 Alkidamou, Agios Athanasios Industrial Area, 4101 Limassol, Cyprus (hereinafter referred to as “we”, “us” or “our”).

This privacy policy (the “Privacy Policy”) informs you how information about you is collected, processed, used, protected and disclosed when you visit or use our Website, including any data you may provide through this Website when you contact us, when you register an account or purchase any of our products.  It also provides information on how and for what purposes such information is collected, as well as your rights with regards to such information under applicable laws.

We may provide any other privacy notice or fair processing notice to you on specific occasions at the time of collection or processing of your personal data.  In such case, it is important to read this Privacy Policy in conjunction with such other notice, as this Privacy Policy shall supplement but not override such other notice.

2. APPLICABLE LAW

We shall collect, process and use your personal in accordance with the provisions of Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (the “General Data Protection Regulation” or “GDPR”), the Law for the Protection of Individuals Regarding the Processing of Personal Data and Free Movement of such Data of 2018 (125(I)/2018) (the “Data Protection Law”) and any other applicable legal and/or regulatory obligations, each as amended from time to time.

3. WHAT IS PERSONAL DATA

“Personal Data” under applicable laws and under this Privacy Policy means any information relating to an individual (natural person) from which such individual can be identified, whether directly or indirectly.  Examples of Personal Data include references to personal identifiers such as a name or an identification number, location data, online identifiers, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identify of an individual.

Personal Data does not include data from which any personally identifiable information has been removed (referred to as “anonymised data”).

4. THE DATA CONTROLLER

We are the data controller (as defined under the GDPR) and are responsible for your Personal Data.

If you have any questions or require any further information with regards to the matters governed by this Privacy Policy, you may contact us as follows:

Full name of legal entity: Marcos Stephanou & Sons LTD

E-mail Address: info@opa.cy

Postal Address: 6 Alkidamou, Agios Athanasios Industrial Area, 4101 Limassol, Cyprus

Telephone: 25 324 382

5. CHANGES TO PRIVACY POLICY

We may update our Privacy Policy from time to time. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this Website.

For the avoidance of any doubt, you are responsible for staying informed of any changes.  Each time you access the Website you reaffirm your acceptance of the Privacy Policy applicable at the time.  If you do not agree with the modified terms, you should discontinue using the Website and/or request the removal and/or deletion of your Personal Data.

6. THIRD-PARTY LINKS

This Website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share Personal Data about you. For the avoidance of any doubt, the inclusion of any such link on the Website should not be interpreted as approval by us of the content or information included in such linked websites, nor of their policy or terms with regards to Personal Data.  We have no control over third-party websites and shall not be held liable to you for any consequence resulting from your use of such third-party websites.

7. CHILDREN’S PRIVACY

This website is not intended for children and we do not knowingly collect data relating to any person under the age of 18.  If you are a parent or guardian and you are aware that your underage child has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from underage persons without verification of parental consent, we shall take steps to remove all such information from our servers.

8. HOW DATA IS COLLECTED

While using the Website, we may ask you to provide us with certain Personal Data, such as when signing up and/or registering for an account with the Website and/or when placing an order.  In the context of our relationship we may need to collect personal information by law, or under the terms of a contract we may have with you or for the provision to you of our services and/or the sale of goods to you. Without this data we may not be able to provide to you the services and/or sell to you the products offered on our Website and/or otherwise be able to perform our contractual obligations to you, as the case may be.  This is known as collection of Personal Data by direct interaction, where you may give us your Personal Data by filling in forms or corresponding with us by post, telephone, email or otherwise.

We also use automated technologies such as cookies, server logs and similar tracking technologies to track the activity on our Website and to collect technical data about your equipment, browsing actions and patterns.  For more information on cookies please look at section 16 below.

We may also receive your Personal Data from various third parties such as analytics providers.

For the avoidance of any doubt, data collection that is optional would be made clear at the point of collection.

The type of Personal Data collected is set out in section 9 below.

9. TYPE OF DATA COLLECTED

We may collect, process, store and transfer different kinds of Personal Data about you in the context of our business relationship and/or services provided to you, as follows:

• “Identity Data” includes first name, maiden name, last name, username or similar identifier, title, date of birth and gender.
• “Contact Data” includes billing address, shipping address, email address and telephone numbers.
• “Financial Data” includes bank account and payment card details.
• “Technical Data” includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
• “Profile Data” includes your username and password, purchases of our services, your interests, preferences, feedback and survey responses.
• “Usage Data” includes information about how you use our website, products and services.
• “Marketing and Communications Data” includes your preferences in receiving marketing from us and your communication preferences.

We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we hereby confirm that we treat the combined data as personal data which will be used in accordance with this Privacy Policy.

We do not knowingly collect any “sensitive data” about you, such as details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, genetic and biometric data, or information about criminal convictions and offences.

10. PURPOSES OF AND JUSTIFICATION FOR PROCESSING PERSONAL DATA

We process the aforementioned personal data in compliance with the provisions of GDPR, the Data Protection Law, and any other applicable legislation as amended from time to time.

We may use your Personal Data for the following purposes:

• To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)
• To use data analytics to improve our website, products/services, marketing, customer relationships and experiences
• To comply with a legal obligation: We may process your data to comply with our legal and regulatory obligations, such as preventing, investigating and detecting crime, fraud or anti-social behavior and prosecuting offenders, including working with law enforcement agencies.
• To perform our contractual obligations to you
• To safeguard our legitimate interests, where your data protection rights do not override those interests.

For the avoidance of any doubt, legitimate interest generally means the interest of our business in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience, protecting and defending our rights and/or property, preventing or investigating possible wrongdoing in connection with our Website, protecting the personal safety of users of this Website or the public, and/or protecting ourselves against legal liability.  We shall consider and balance any potential impact on you and your rights before we process your Personal Data for our legitimate interests.

• On the basis of your consent and for the purposes for which such consent has been granted and the data was originally collected, unless it is reasonably necessary to use the data for a different purpose, to the extent that such other purpose is compatible with the original purpose. Any consent granted can be revoked at any time by contacting us.
• For Third-Party Marketing, where we have your express consent to share your Personal Data with any third party for marketing purposes. You may ask us or any third party to stop sending you marketing messages at any time by contacting us or such third party.

11. DISCLOSURES OF YOUR PERSONAL DATA

We may disclose information that concerns you if we are legally required to do so pursuant to the provisions of the GDPR and/or the Data Protection Law, as amended from time to time, and/or the provisions of any other applicable legislation or regulation.

We may disclose your personal data to third parties in order to comply with any legal obligation or in order to enforce or apply our terms and conditions and/or based on your consent/instructions.

Personal data is shared with:

• Our service providers such as IT systems, support and hosting service providers; technical engineers; data storage and cloud providers and similar third-party vendors and outsourced service providers that assist us in carrying out business activities; and
• Governmental authorities and third parties involved in court action.

Where the party to whom we share your personal information is a legal entity, we hereby affirm that we will take all reasonable steps and/or actions to confirm that the employees and/or representatives of such a third party will execute their duties in accordance with the highest industry standards and will comply with all provisions and requirements of the provisions of this Privacy Notice and the applicable laws and regulations on the protection of Personal Data.

12. DATA TRANSFERRED TO A COUNTRY OUTSIDE THE EUROPEAN ECONOMIC AREA

Please note that your Personal Data shall be transferred (where applicable), stored and processed in Cyprus. We do not currently transfer your personal data outside the European Economic Area (“EEA“).

GDRP and the applicable local legislation as amended from time to time prohibits the transfer of Personal Data outside the EEA unless specific requirements are met for the protection of that Personal Data.  More specifically, Personal Data will only be transferred to countries outside the EU or the EEA (i) if it is required by law; or (ii) if you have granted us your consent and/or instructed us to do so.

Please note that if service providers in a third country are used, all reasonable and practicable measures will be taken to ensure that they will comply with the same data protection level as in Europe, in accordance with the GDPR. In addition, any transfers to parties located outside the European Union will be in line with the legal and regulatory provisions of the GDPR and applicable local legislation as amended from time to time.

13. DATA RETENTION

We will keep your personal information as long as necessary to process your purchase order(s) and/or for as long as you maintain an account as a registered user with our Website.

After you stop being a person using and/or having a user account with our Website, we may keep some of your personal information for a period of up to 2 weeks without however processing them. We may keep your data for longer than 2 weeks if we cannot delete it for legal and/or regulatory and/or technical reasons. In such case the storage, processing and use of such Personal Data continues to be governed by this Privacy Policy.

14. YOUR LEGAL RIGHTS

The following are the rights you have pursuant to the provisions of the GDPR and the Data Protection  (as amended from time to time) in relation to the data protection:-

• Request access to your Personal Data.
• Request correction of the Personal Data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
• Request erasure of your Personal Data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. Please note however that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request. In such a case, your data will be stored but not processed until expiration of the retention obligation.
• Object to processing of your Personal Data. Please note that in some cases, we may have compelling legitimate grounds to process your information which we need to comply with.
• Request restriction of processing of your Personal Data (a) if it is not accurate;(b) where processing may be unlawful but you do not want us to erase your data; (c) where you need us to hold the data even if we no longer require it; or (d) where you may have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
• Request the transfer of your Personal Data to you or to a third party.
• Withdrawal of your consent for the processing of the Personal Data. Please note that this will not affect the lawfulness of any processing carried out before you withdraw your consent.

We shall aim to respond to all requests within one month however this length of time may be exceeded in certain circumstances such as where a request is particularly complex or due to the volume of such requests made.  A fair administrative fee may be payable for accessing your Personal Data.

As a security measure, we may require specific information from you in order to verify and confirm that you are indeed the data subject to which such Personal Data relates.

15.  DATA SECURITY

We have put in place appropriate security measures to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties with a specific need to access such data and subject to a duty of confidentiality.

No method of transmission over the internet or electronic storage is 100% secure and while we strive to use commercially acceptable means to protect your Personal Data we cannot guarantee its absolute security.  We have put in place procedures to deal with any suspected security breach and will notify you and any applicable regulator of such a breach as we are legally required to do so.

16. COOKIES

Our website may use technologies such as “cookies” to provide visitors with tailored information upon each visit. Cookies are a common part of commercial websites that allow small pieces of data to be sent by a website, accepted by a web browser and then placed on your hard drive in order to recognise repeat visits to the website. Most browsers support cookies but you can set and/or change your browser settings at any time to notify you before receiving cookies so that you may accept or reject it, or turn off all cookies, which would not restrict your access to the Website but which may potentially lead to reduced functionality such as using certain features, storing your preferences, and displaying pages correctly.

Our website utilises cookies which serve various purposes, but are generally either necessary or essential to the functioning of our site and help us improve the performance of our site. More specifically:

• Strictly Necessary or Essential: These cookies let you move around the website and use essential features. Please note that these cookies do not gather any information about you that could be used for marketing or remembering where you’ve been on the internet.
• Performance: These cookies collect information about how you use our website, for example which pages you visit, and if you experienced any errors. Performance cookies do not collect any information that could identify you. They only used to help us improve how our website works, understand what interests our users and measure how effective our content is by providing anonymous statistics and data regarding how our website is used. Accepting these cookies is a condition of using our site.
• Functionality: These cookies are used to provide services or to remember settings to improve your visit.

The cookie settings on this website are set to ‘accept’ to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings then you are consenting to their use as described herein and in our Privacy Policy.

When accepted, cookies remain until they expire or until you clear your browser. To delete cookies or instruct your web browser to delete or refuse cookies, please visit the documentation pages of your web browser.

In case any Personal Data is collected through the use of cookies, its collection, storage, processing ad usage shall be governed by the provisions of this Privacy Policy.

17.  LODGING A COMPLAIN

Please let us know if you are unhappy with how we have used your personal information. As stated above you can always contact us.

You also have the right to make a complaint at any time to the Commissioner for Personal Data Protection (www.dataprotection.gov.cy) who is the supervisory authority for data protection issues. We would, however, appreciate the chance to deal with your concerns before you approach the Commissioner so please contact us in the first instance.