Privacy Notice
1. GLORIA MEDICAL IMPORTERS CO. LIMITED Statement
At GLORIA MEDICAL IMPORTERS CO. LIMITED the protection of your personal data is a top priority. Keeping such data secure and private is part of our philosophy to deliver high standards of services. These values are the cornerstone of our business culture and for this purpose it is our commitment to process your personal data as follows:
• Fairly and lawfully.
• In an appropriate manner.
• For limited purposes and not longer than necessary.
• For the purpose required and not in an excessive way.
• Keep them up-to-date and accurate.
• Processed in line with your individual rights and in accordance with applicable Law.
• In a secure way avoiding unauthorized or unlawful processing.
• Protected against breach, accidental loss, destruction, or damage by using appropriate technical and organizational measures.
• Not transferred to third parties or organizations without adequate protection.
During providing our services, we will collect, use, store, distribute and generally process your personal data. Subsequently, all data users in our company are obliged to comply with the provisions of this privacy notice and our internal data management and protection policies when processing your personal data.
This notice will describe how we use and collect personal data and it provides for information about individual’s rights. It will apply to personal data provided to us, both by the individuals themselves or by third parties, upon our request, such as governmental authorities and/or other organizations as required by applicable law. All provided data may be used for any of the purposes described in this privacy notice or as otherwise mentioned at the time of collection.
It should be noted that personal data is described as any information connected to an identified or identifiable person and we will process such data for a number of specified limited purposes whereas the basis such for processing, use, disclosure and retention period may differ.
This privacy notice was drafted in compliance with EU Regulation 2016/679 for the protection of natural persons with regard to the processing of personal data and on the free movement of such data (“GDPR”), and the Cyprus’ Processing of Personal Data (Protection of Individuals) Law, N.138(I)/2001, as amended.
2. Identity and contact details of the Data Controller and Data Protection Officer
(a) Data Controller
Isia.com.cy is operated by GLORIA MEDICAL IMPORTERS CO. LIMITED, which is a company registered in the Republic of Cyprus and operates under Cyprus law. Company Reg. HE7654 T.I.C. No 12007654R is the “Data Controller” pursuant to EU Regulation 2016/679 for the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and the Cyprus Processing of Personal Data (Protection of Individuals) Law, (N. 138(I)/2001, as amended. The main establishment and the central administration of the company is situated at TIRTEOU 5, FLAT 401, 1087 -NICOSIA.
(b) Data Protection Officer (“DPO”)
The Data Controller has designated a Data Protection Officer (“DPO”), with the task to monitor compliance with the applicable Laws and to liaise with the Cyprus Supervisory Authority.
The DPO may be contacted with regards to all matters related to the processing of personal data including the enforcement of all applicable and available rights.
Official requests may be made electronically at info@isida.com.cy
3. Collection/ Source of Personal Data
GLORIA MEDICAL IMPORTERS CO. LIMITED, collects personal data to operate effectively and to provide the highest quality of services. Having in mind the range of the provided services, our processes and forms are carefully drafted with a view to request only a specific and a limited set of personal data to allow the company to comply with its contractual and statutory obligations.
It is our policy to request only the personal data that are necessary for the provided services and for these purposes we request from our customers to only share with us the personal data concerning those services only.
In addition to the above, the categories of personal data which might be processed will include any or all the following:
• Contact details;
• Business details;
• Order History
• Personal information;
Should there is a need to further process the personal data, for a purpose other than that for which they were initially collected, then you will be informed about the additional purpose and the relevant details in respect to the further processing.
Depending on the requested services, the basis for collecting the personal data would be your express written consent (where applicable), our contractual commitment to provide the requested services, as well as our legal obligation to comply with the rules and regulations required by our statutory obligations.
Where the basis is statutory or contractual requirement, or a requirement necessary to enter a contract, failure to provide the required data will result to our denial in providing the requested services.
4. Use of Personal Data
GLORIA MEDICAL IMPORTERS CO. LIMITED, is committed to use the personal data for the following purposes only:
(a) Providing the requested services
Based on the requested services, we will use the respective personal data only in respect of providing proper advice and our professional services.
(b) Administration/ Management/ Business development
Personal data will be used by us with the purpose of managing the business relationship with the customer, to develop our services, including the provision of statistical analytics and for our archiving and IT backup and security policies.
(c) Compliance Purposes
GLORIA MEDICAL IMPORTERS CO. LIMITED, is a subject to legal, professional, and regulatory compliance obligations.
As part of the above compliance requirements, GLORIA MEDICAL IMPORTERS CO. LIMITED, is required under certain conditions to be prepared to disclose specific personal data to supervisory and governmental authorities.
(d) Automated decision-making/profiling
Depending on the requested services, we may use an automated decision-making system to evaluate, analyze or predict aspects concerning our ability to provide the services in question.
5. Recipients and Users of personal data-processing
We will only share personal data with third parties for legitimate purposes. Save any applicable legal standing for which the data processing is taking place, personal data may be also shared with the following categories of recipients and/or users:
(a) GLORIA MEDICAL IMPORTERS CO. LIMITED affiliate companies
Depending on the requested services and the basis for processing personal data, we may share all necessary information with other affiliate companies within GLORIA MEDICAL IMPORTERS CO. LIMITED for administrative purposes and to achieve delivery of our services to you.
(a) Third Party Processors
Data processing may be carried out on behalf of us by third party data processors and for these purposes we have taken all necessary steps, including the implementation of appropriate technical and organizational measures, in such a manner that the involved data processing will meet all applicable statutory requirements, ensuring the protection of your rights.
(b) Supervisory/ Governmental Authorities/ Organizations
As part of our compliance with the applicable laws or regulations, we may be officially requested to disclosure or share specific personal data by a supervisory or governmental authority.
6. Data Retention
We will retain your personal data for as long as the requested services are provided; hence the purpose for which the personal data were collected, and for as long as it is required by applicable law or regulation.
Pursuant to the laws mentioned in paragraph 3 of this privacy notice and notwithstanding any other legal, regulatory or contractual requirement to the contrary, we are required to retain your personal data for a period of seven (7) years after the provision or termination of the requested services.
In respect to any personal data used for marketing and/or other commercial purpose, we will keep it with us until you notify us that you no longer wish to receive such information.
7. Security
Here at GLORIA MEDICAL IMPORTERS CO. LIMITED, security of personal data is taken very seriously. Either referring to hard copy processing or by electronic means, we have developed data management systems to hold any type or form of data confidential and secure.
Additionally, it is a part of our in house policy to periodically review the aforementioned measures and implement changes by taking into consideration all technological developments.
8. Rights of individuals
Individuals enjoy several rights concerning their personal data and for this reason we are obliged to fulfil those rights when asked to do so. You may exercise your right or request more information about the contents of this notice, by placing a written request before our company’s DPO, electronically at info@isida.com.cy.
Such requests will be processed without delay and in any case within one (1) month of receipt of the signed written form. That period may be extended under certain circumstances by two (2) further months.
(a) Right of Access
You have the right to enquire and to obtain information from the DPO as to whether or not your personal data are being processed, including additional information in regards the purposes and legal standing of the processing, the categories of data, the recipients or group of recipients and where possible, the envisaged period for which the personal data will be stored.
Should this be applicable, you may also enquire in respect of any transfer of personal data to a third country or international organization as well as to obtain more information about our existing security measures/ safeguards governing such transfer.
A copy of the personal data undergoing processing will be provided free of charge, nevertheless, for each further copy, we may charge a reasonable administrative fee.
(b) Rectification/ Amendment
We aim in having up-to-date personal data kept in our records. Any inaccurate or incomplete personal data may be updated or rectified pursuant to a formal request to the DPO.
(c) Right of erasure (“right to be forgotten”)
Save any limitations provided by express legal or regulatory provisions, including our policies for data retention, you have the right to request your personal data to be erased from our database, should any of the following occur:
• The personal data are no longer necessary in relation to the purposes for which they were initially collected;
• There is a withdrawal or objection to the further processing;
• The personal data have been unlawfully processed;
• The personal data should be erased for compliance with legal obligation;
(d) Restriction of data processing
Provided that no exceptions are applicable, as described in GDPR, should any of the following applies, then you have the right to request from the DPO to restrict the further processing of your personal data:
• There is a dispute as to the accuracy of the personal data;
• The processing is unlawful, and the erasure right was not requested;
• The personal data will be used to establish, exercise or defend of legal claims
(e) Withdrawal of consent/ Right to object
Where the personal data processing is based exclusively on consent, you have the right to request from the DPO, to withdraw such consent at any given time. Nevertheless, such withdrawal, will not affect the lawfulness of any data processing based on that ground prior to your withdrawal.
Should there is a distinct processing operation based on consent, we will take all necessary steps to ask for your separate consent.
A right of objection may also be exercised against the receipt of commercial/ marketing information and materials
(f) Right of portability
In case where the processing is based on consent or for the performance of a contract, as to personal data which are processed by automate means, then you have the right to receive the personal data in question in a structured, commonly used and a machine-readable form. In addition, and where it is technically feasible, you have the right to request the personal data to be transmitted directly from one data controller to another: thus, from one organization to another. Such right may also be enforced by you before the closing of an account.
Subject to any statutory requirement, the right of portability will not extend to personal data which is inferred or derived by us, activity registry or other results of algorithmic analysis.
(g) Right to contest automated decisions/ profiling
Should an automated decision making, including profiling, applies and producing legal effects, then you have the right to contest the decision at issue by means of requesting human intervention and expressing your point of view, including the right to enquiry about how such decisions are made, their significance and consequences.
9. Amendments to the Privacy Notice
We reserve the right to amend and change this privacy notice at any time. Under such circumstances, you will be promptly notified about the changes by the DPO either by mail or by electronic means.
In a situation where the basis for processing the personal data is consent, then should the elements of this privacy notice altered, in a way that is radically changing the purpose for which the initial consent was given, then the DPO will be obliged to ask for your separate consent for the amended privacy notice/ purpose.
10. Complaints
Complaints about the processing of any personal data may be communicated directly before our DPO, electronically at info@isida.com.cy.
Complaints may also be lodged before the Cyprus’ Supervisory Authority, the Office of the Commissioner for Personal Data Protection, by post at
1 Iasonos str., 1082 Nicosia
P.O.Box 23378, 1682 Nicosia
Tel: +357 22818456
Fax: +357 22304565
Email: commissionerdataprotection.gov.cy