This website is not intended for children and we do not knowingly collect data relating to children.
Any reference to ‘we’ or ‘our’ in this policy shall relate to SunriseMezz a public limited liability company registered with the Department of the Registrar of Companies under registration number HE432466, having its registered office at The City House, 17-19 Themistokli Dervi, 1066 Nicosia, Cyprus as well as other subsidiaries or affiliated companies of ours as (1) they may act as a service provider following a contractual agreement with us or (2) have a role or relationship with.
The term ‘personal data’ means any information identifying a data subject or information relating to a data subject that we can identify (directly or indirectly) from that data alone or in combination with other identifiers we possess or can reasonably access. Personal data includes special categories of personal data and pseudonymised personal data but excludes anonymous data or data that has had the identity of an individual permanently removed.
The term ‘data subject’ means a living, identified or identifiable individual about whom we hold Personal Data.
The term ‘special categories of personal data’ refers to information revealing racial or ethnic origin, political opinions, religious or similar beliefs, trade union membership, physical or mental health conditions, sexual life, sexual orientation, biometric or genetic data.
References to ‘you’ or ‘your’, relate to the relevant individual who is the subject of the Personal Data.
You have the right to make a complaint at any time to the Cyprus Office of the Commissioner for Personal Data Protection, the Cyprus supervisory authority for data protection issues (http://www.dataprotection.gov.cy). We would, however, appreciate the chance to deal with your concerns before you approach the Commissioner so please contact us in the first instance.
VISITORS TO OUR WEBSITE
Any further Personal Data collected by us is collected via its voluntary submission by you. Such may include name, title, company address, email address, and telephone and fax numbers from website visitors; for example, when an individual registers to our newsletters and updates.
Visitors are also able to send an email to us through the website. Their messages will contain the user’s screen name and email address, as well as any additional information the user may wish to include in the message.
We ask that you do not provide Special Categories of Personal Data to us when using our website.
Purpose of processing
When you provide Personal Data to us, we may use it for any of the purposes described in this privacy statement or as stated at the point of collection (or as obvious from the context of collection), including the provision of newsletters and updates on our business (where such was the purpose at the point of collection). Should visitors subsequently choose to unsubscribe from mailing lists or any registrations, we will provide instructions on the appropriate webpage, in our communication to the individual, or the individual may contact us by email at email@example.com; to administer and manage our website, including to confirm and authenticate your identity and prevent unauthorised access to restricted areas of the site or premium content; to communicate with you in order to distribute requested materials or ask for further information; to sort and analyse user data (such as determining how many users from the same organisation have subscribed to or are using our websites); to develop our businesses and services, including aggregating data for website analytics and improvements; aggregating data to conduct benchmarking and data analysis including, for example, regarding usage of our websites; to conduct quality and risk management reviews; to understand how people use the features and functions of our websites in order to improve the user experience; to monitor and enforce compliance with our terms, including acceptable use policies; and any other purposes for which you provided the information to us (such as to subscribe you to our updates and newsletters).
Personal Data collected via our websites will be retained by us for as long as it is necessary to fulfil the purposes we collected it for (e.g. For as long as we have a relationship with the relevant individual), including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
PERSONS WHO GET IN TOUCH WITH US
Types of personal data processed in relation to individuals who get in touch with us with a question, complaint, comment or feedback, including prospective clients, may include, subject to the particulars of the relevant correspondence, all or any of the following:
-full name and surname of the individual contacting us, name and surname of other individuals associated with the data subject, whether on a business or private nature and provided that such individuals are relevant to our correspondence with the data subject, contact details (including phone, fax, email), residential address, description of the business activities or of the specifics and nature of the data subject’s inquiry.
Purpose of processing
The collection of personal data by us shall be restricted to the collection of personal data necessary or deemed necessary for the purpose of responding to the inquiry of the data subject.
Legal basis for processing data
The processing is necessary in order to take steps at the request of the data subject prior to entering into a contract for the provision of services requested of us.
We retain the personal data processed by us for as long as is considered necessary for the purpose for which it was collected (including as required by applicable law or regulation). In the absence of specific legal, regulatory or contractual requirements, our baseline retention period for records and other documentary evidence created in the provision of services is 8 years. In relation to the data of persons who get in touch with us with whom we do not eventually enter into a business relationship, will be retained for 6 months.
Personal data may be held for longer periods where extended retention periods are required by law or regulation and in order to establish, exercise or defend our legal rights. Personal data may also be held for longer periods where clients expressly require us to retain / store their records for extended periods of time.
YOUR RIGHTS REGARDING PERSONAL DATA SUBMITTED TO US
Your rights in relation to the personal information we hold about you, are detailed below. Some of these only apply in certain circumstances as set out below. Information on how such rights may be exercised is also included in the table below. Prior to responding to any of your requests please be advised that we may require you to verify your identity. We must respond to a request by you to exercise those rights without undue delay and at least within one month (although this may be extended by a further two months in certain circumstances). To exercise any of your rights, please contact us via email at firstname.lastname@example.org or via telephone at +357 22 022 726.
Right of access
You have the right to know whether we process personal information about you, and if we do, to access information we hold about you and certain information about how we use it and who we share it with.
If you require more than one copy of the information we hold about you, we may charge an administration fee. We may not provide you with certain personal information if providing it would interfere with another data subject’s rights (e.g. Where providing the personal information we hold about you would reveal information about another person) or where another exemption applies.
Right to rectification
The accuracy of the information we hold about you is important to us. Under the GDPR you have the right to access the information we hold about you and have any inaccuracies corrected. where you request correction, please explain in detail why you believe the personal data we hold about you to be inaccurate or incomplete so that we can assess whether a correction is required. please note that whilst we assess whether the personal data we hold about you is inaccurate or incomplete, you may exercise your right to restrict our processing of the applicable data as described below.
Right to erasure
This is also known as the “right to be forgotten”.
ou may request that we erase the personal data we hold about you in the following circumstances:
- you believe that it is no longer necessary for us to hold the personal data we hold about you;
- we are processing the personal data we hold about you on the basis of your consent, and you wish to withdraw your consent and there is no other ground under which we can process the personal data;
- we are processing the personal data we hold about you on the basis of our legitimate interest and you object to such processing. please provide us with details as to your reasoning so that we can assess whether there is an overriding interest for us to retain such personal data;
- you believe the personal data we hold about you is being unlawfully processed by us;
- you object to the processing of your personal data for direct marketing purposes; or
- deletion of your personal data is sought for the purpose of complying with a legal obligation to which we are subject.
Also note that you may exercise your right to restrict our processing the data whilst we consider your request as described below.
Please provide as much detail as possible on your reasons for the request to assist us in determining whether you have a valid basis for erasure. please note, however, that we may retain the personal data if there are valid grounds under law for us to do so (e.g., for the defence of legal claims, where such deletion would obstruct or interfere with the purpose for which your information was collected and processed, where the deletion would impede with our contractual obligations or freedom of expression) but we will let you know if that is the case.
Where you have requested that we erase data that we have made public and there are grounds for erasure, we will use reasonable steps try to tell others that are displaying the data or providing links to the data to erase the data too, however such erasure is not guaranteed nor should it be considered to be up to us.
Right to portability
You have the right to receive a copy of the personal data we collect from you in a structured, commonly used and machine-readable format and a right to request that we transfer such personal data to another party. to exercise this right please send an email to our data protection officer, details of which appear below. When sending an email we suggest using the subject ‘PORTABILITY REQUEST’.
If you wish for us to transfer the personal data to another party, please ensure you detail that party and note that we can only do so where it is technically feasible. We are not responsible for the security of the Personal Data or its processing once received by the third party.
Please be advised that we may not provide you with certain data if providing it would interfere with another’s rights (e.g. where providing the personal data we hold about you would reveal information about another person or our trade secrets or intellectual property).
Right to withdraw consent
Where personal data based is processed on the basis of consent, individuals have a right to withdraw consent at any time. we do not generally process personal data based on consent as we generally rely on alternate legal basis. Please email us at to notify us email@example.com of any consent withdrawals. If you are on our mailing list for the purpose of receiving newsletters and updates then please be advised that by clicking on the unsubscribe link in the relevant email your consent with regard to this type of processing will automatically be considered to have been withdraw and no further email shall be required to be sent.
Restriction of Processing to Storage Only
You have a right to require us to stop processing the personal data we hold about you other than for storage purposes in certain circumstances. please note, however, that if we stop processing the personal data, we may use it again if there are valid grounds under data protection law for us to do so (e.g. for the defence of legal claims or for another’s protection).
You may request we stop processing and just store the personal data we hold about you where:
- you believe the personal data is not accurate for the period it takes for us to verify your claim;
- we wish to erase the personal data as the processing we are doing is unlawful but you want us to retain the personal data for storage but not further process it;
- we wish to erase the personal data as it is no longer necessary for our purposes but you require it to be stored for the establishment, exercise or defence of legal claims; or
- you have objected to us processing personal data we hold about you on the basis of our legitimate interest, and you wish us to stop processing the personal data whilst we determine whether there is an overriding interest in us retaining such personal data.
Right to Object
You have the right to object to the processing of your data when the legal basis for the processing of your data is necessary for a legitimate interest pursued by us or a third party or where processing of your personal details is carried out for direct marketing purposes. Should you exercise your right to object we will take appropriate steps to ensure that your request is complied. To object to our processing please email us at firstname.lastname@example.org.
WHEN AND HOW WE SHARE PERSONAL DATA AND LOCATIONS OF PROCESSING
Personal data collected and processed by us will not be sold, leased or rented to any person. we may however share your personal data with others, provided that we are legally permitted to do so. appropriate contractual arrangements and security measures shall be applied in cases where your data is shared so as to protect your data and to maintain compliance with our data protection policy, confidentiality and security standards.
Personal Data held by us may be transferred to the following categories of recipients:
Third parties providing functionality services to us
- Third parties are widely used by us for the purpose of providing support to us and to generally help us provide, run and manage our internal IT systems. This includes providers of information technology, cloud-based software, website hosting and management providers, data analysis, data back-up, security and storage services, payment providers including banking institutions. The servers powering and facilitating cloud infrastructure are located in secure data centres in Europe, and personal data may be stored in any one of them.
- Third party organisations that otherwise assist us in providing goods, services or information
We may receive requests from law enforcement agencies, regulatory or other public authorities which relate to or require the disclosure of personal data and we may proceed with such disclosures in good faith where we deem such disclosure to be reasonably necessary in order to comply with a legal obligation, to detect, prevent, investigate or otherwise address security, alleged crime, fraud or technical issues, to protect our rights, the rights of our partners, employees or as required by law.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.